Security Alerts & News
by Tymoteusz A. Góral

History
#1857 Web security and the OWASP top 10: The big picture
OWASP Top 10 "The Big Picture" is all about understanding the top 10 web security risks we face on the web today in an easily consumable, well-structured fashion that aligns to the number one industry standard on the topic today.
#1856 HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks
Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.

The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.

Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.
#1855 Designer launches fabric to bamboozle facial recognition
Adam Harvey, the facial-recognition thwarting artist/technologist who brought us neon-blue hair hanging in our eyes and graphic black smears of makeup, admits that it can be, shall we say, aesthetically challenging to conceal a face.

Tell it to the Privacy Visor guys from Tokyo’s National Institute of Informatics (NII) who came out with the Privacy Visor. That nose/eye concealing face gadget was about as aesthetically pleasing as bug eyes with segmented antennae.

Harvey’s latest project is far more wearable. It’s called HyperFace, and it involves printing patterns of pixels on to clothing or textiles that look, to computers, like they could be faces, with eyes, noses, mouths and ears.
#1854 The FTC’s Internet of Things (IoT) challenge
One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).

The FTC’s IoT Home Inspector Challenge is seeking ideas for a tool of some sort that would address the burgeoning IoT mess. The agency says it’s offering a cash prize of up to $25,000 for the best technical solution, with up to $3,000 available for as many as three honorable mention winner(s).
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12