Security Alerts & News
by Tymoteusz A. Góral

#1778 Dirty COW vulnerability patched in Android security bulletin
The Dirty Cow vulnerability lived in Linux for close to a decade, and while it was patched in October in the kernel and in Linux distributions, Android users had to wait for more than a month for their fix.

Today, Google included a patch for CVE-2016-5195 in the monthly Android Security Bulletin, the final one for 2016. The Dirty Cow patch is one of 11 critical vulnerabilities, all of which are in the Dec. 5 patch level; a separate Dec. 1 patch level was also released today that included patches for 10 high-severity vulnerabilities.

In last month’s bulletin, Google partially addressed Dirty Cow with a supplemental firmware update for Nexus and Pixel handsets, while Samsung was the lone handset maker to release a patch in November.
#1777 Google preparing "Invisible ReCAPTCHA" system for no user interaction
Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all.

Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology.

Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers.
#1776 Thieves can guess your secret Visa card details in just seconds
Thieves can guess your secret Visa payment card data in as little as six seconds, according to researchers at Newcastle University in the UK. Bad actors can use browser bots to distribute guesses across hundreds of legitimate online merchants.

The attack starts out with a card's 16-digit number, which can be obtained in a variety of ways. Attackers can buy numbers on black-market websites, often for less than $1 apiece, or use a smartphone equipped with a near-field communication reader to skim them. The numbers can also be inferred by combining your first six digits—which are based on the card brand, issuing bank, and card type—with a verification formula known as the Luhn Algorithm. Once an attacker has a valid 16-digit number, four seconds is all they need to learn the expiration date and the three-digit card-verification value that most sites use to verify the validity of a credit card. Even when sites go a step further by adding the card holder's billing address to the process, the technique can correctly guess the information in about six seconds.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12