Goto

Collaborating Authors

Two Tor zero-days disclosed, more to come

ZDNet

The Internet of Things is creating serious new security risks. We examine the possibilities and the dangers. Over the past week, a security researcher has published technical details about two vulnerabilities impacting the Tor network and the Tor browser. In blog posts last week and today, Dr. Neal Krawetz said he was going public with details on two zero-days after the Tor Project has repeatedly failed to address multiple security issues he reported throughout the past years. The researcher also promised to reveal at least three more Tor zero-days, including one that can reveal the real-world IP address of Tor servers.


Multiple Tor security issues disclosed, more to come

ZDNet

The Internet of Things is creating serious new security risks. We examine the possibilities and the dangers. Over the past week, a security researcher has published technical details about two vulnerabilities impacting the Tor network and the Tor browser. In blog posts last week and today, Dr. Neal Krawetz said he was going public with details on two alleged zero-days after the Tor Project has repeatedly failed to address multiple security issues he reported throughout the past years. The researcher also promised to reveal at least three more Tor zero-days, including one that can reveal the real-world IP address of Tor servers.


The Law Comes for John McAfee

WIRED

In a week that Covid-19 continued its invasion of the White House, the biggest security questions continue to center on Donald Trump himself. With just a few weeks remaining until the election, the president continues to question the integrity of the process, which in turn threatens to undermine faith in the democratic process. But don't worry, we also have stories about hacking and such! Apple's T2 chip exists to add an extra layer of security to the company's Mac line. Which is why it's especially unfortunate that it has an unfixable flaw that leaves it vulnerable to hackers.


Rite Aid surveilled customers using facial recognition tech with links to China

Mashable

The next time you pop into your local drugstore to grab a gallon of milk, remember there's a chance the store is secretly analyzing your face. A new report from Reuters uncovered facial recognition cameras throughout dozens of Rite Aid locations in largely low-income, non-white neighborhoods in New York and Los Angeles. Furthermore, the investigation also discovered that the facial recognition firm has ties to the Chinese government. According to the report, Rite Aid has rolled out hundreds of facial recognition systems in its stores across the U.S. since around 2012, making it "one of the largest rollouts of such technology among retailers in the country." Rite Aid utilized its facial recognition technology to match customers faces with facial recognition scans of those "previously observed engaging in potential criminal activity." When a match was made with a current customer, store security would be alerted.


Hackers rushed in as Microsoft raced to avert cyberattack

The Japan Times

It was late February, and Microsoft Corp. engineers had been working for weeks on a handful of alarming weaknesses in the company's popular Exchange email service. They were rushing to send out a fix, targeting the second Tuesday of March -- part of a monthly ritual known in cybersecurity circles as "patch Tuesday." The hackers got a head start. Following weeks of discreet attacks, Chinese hackers shifted into high gear. The result was a sprawling campaign that engulfed thousands of organizations in a matter of days. What is normally a relatively smooth process -- the one Microsoft uses regularly for identifying and fixing weaknesses in its popular software -- has morphed into a global cybersecurity crisis now consuming the attention of the White House.