Online skimming is just like physical skimming: your card details are stolen so that other people can spend your money. However, online skimming is more effective because a) it is harder to detect and b) it is near impossible to trace the thieves.
An audit of open source file and disk encryption package VeraCrypt turned up a number of critical vulnerabilities that have been patched in the month since the assessment was wrapped up.
The audit, which began Aug. 16, was funded by the Open Source Technology Improvement Fund (OSTIF) and executed by two researchers at Quarkslab.
The examination was carried out against VeraCrypt 1.18; VeraCrypt is a fork of TrueCrypt, the once-popular and de facto standard for free FDE, which was abandoned in 2014 under mysterious circumstances as the project’s maintainers said the code was no longer safe to use. TrueCrypt was soon thereafter audited by the Open Crypto Audit Project and a number of vulnerabilities were uncovered, but no backdoors as was feared in the aftermath of the initial Snowden leaks.
Nokia has achieved a connection speed of 5Gbps—about 625MB/sec—over 70 metres of conventional twisted-pair copper telephone wire, and 8Gbps over 30 metres. The trial used a relatively new digital subscriber line (DSL) protocol called XG.fast (aka G.fast2).
XG.fast is the probable successor of G.fast, which was successfully trialled in a few countries over the past couple of years and will soon begin to commercially roll out. (In an unusual turn of events, the UK will probably be the first country with G.fast.)
Fundamentally, both G.fast and XG.fast are best described as "VDSL on steroids." Basically, while a VDSL2 signal frequency maxes out around 17MHz, G.fast starts at 106MHz (it can be doubled to 212MHz) and XG.fast uses between 350MHz and 500MHz. This means that there's a lot more bandwidth (the original meaning of the word), which in turn can be used for transferring data at higher speeds.
By way of example, VDSL2 can do around 100Mbps over that 17MHz channel; G.fast can do about 700Mbps at 106MHz; and XG.fast can go all the way up to 10Gbps at 500MHz with two bonded telephone lines.
Open-source and Java components used in applications remain a weak spot for the enterprise, according to a new analysis.
Java applications in particular are posing a challenge, with 97 percent of these applications containing a component with at least one known vulnerability, according to a new report from code-analysis security vendor Veracode.
Veracode's annual security report is based on 300,000 assessments it has run on enterprise applications over the 18 months to March 31, 2016, and includes software from open-source projects, commercial vendors, large and small businesses, and software outsourcers.
Researchers are encouraging developers who use Magento to remain vigilant about securely configuring their sites, as attackers have been embedding credit card swipers in sites running the open source e-commerce platform.
The swipers, or scrapers, are bits of malicious code that collect credit card numbers, login details and other information and forward it to attackers. While criminals have been targeting sites running the platform for months, they’ve only just recently started embedding that information in obscure image files.
In an even more confounding twist, in one recent instance an image that was hiding stolen credit card numbers was legitimate and publicly viewable, meaning an attacker wouldn’t even have to go to the trouble of accessing the site to get the information. They could simply view or download the image from the affected site.