security

A key security feature in Windows doesn't work as planned. It's not a vulnerability in itself, but means that hackers who find bugs in software are much more likely to be able to do damage. The problem is with Address Space Layout Randomization ... (ASLR). It deals with the way a computer organizes different programs in memory. As an analogy, it's like organizing vehicles of different sizes and makes in a parking lot. Most operating systems support ASLR, which means that when a program starts up and needs to use the computer's memory, it's assigned a random location. In the analogy, think of cars ... (view more)

More than 400 leading websites could be compromising user security by collecting everything the user types - whether or not the user is aware. A Princeton University study also found the collected information was not always adequately protected and ... anonymized. The problem highlighted by the study was the use of third-party tools that website owners can use to find out more about how people navigate their site. These tools often track precisely where the user moves a mouse cursor along with information they type in, even if they then delete it. In principle these "session replay" tools can be ... (view more)

One of the key security protections in WiFi has a serious vulnerability, a researcher has revealed. The exploit has to do with the protocol "WPA2" - currently considered the most secure protocol commonly used on WiFi routers and hotspots. Here's ... what you need to know about the WPA2 exploit. What's the problem and what does it affect? Security researcher Mathy Vanhoef has published a demonstration for what he's called "KRACKs," short for key reinstallation attacks. That's a way of exploiting a weakness in WPA2 (WiFi Protected Access II), the security system that is most ... (view more)

Yahoo has admitted that a hacking incident in 2013 affected three billion user accounts. That's three times more than it originally disclosed and means every account was affected. The incident was one of two Yahoo hacks revealed last year. The ... first, announced in September, involved 500,000 accounts being hacked in 2014 . The second, announced in December, was said to have involved a hack of a billion accounts in 2013 . It's the 2013 attack that Yahoo now says it believes "all Yahoo user accounts were affected." It's keen to stress that it only recently discovered that the number was bigger ... (view more)

Around 465,000 pacemakers have been 'recalled' over hacking fears. However, the St Jude Medical brand devices will be patched with a software update rather than removed and replaced. The pacemakers are radio controlled to allow doctors to alter the ... specific rhythm they aim for when regulating a heart beat. This radio control means doctors can adjust to the patients changing needs without the need to remove the pacemaker for alterations. That's important as the surgery for such a removal is inherently risky. No Signs Of Hack Attacks While the precise details haven't been revealed for obvious ... (view more)

More than 700 million email addresses and passwords have been leaked online. While many are bogus, enough appear to be genuine that security experts have advised users to change their email passwords. The collection of account details does not ... appear to have been used for identity theft or other fraud. Instead, the collection has been marketed as a way to send spam messages. The idea is that spammers can login to the compromised accounts in order to send their unsolicited emails. This effectively flies under the spam radar, as most spam comes from IP addresses without any reputation. In this ... (view more)

According to Facebook's head of security Alex Stamos, the security industry needs to do more to solve problems that affect ordinary people in their everyday lives. He says researchers are often too obsessed with technical detail because they lack ... empathy. Stamos spoke at Black Hat, a conference that brings together security professionals, researchers, self-described hackers and those with an interest in the topic. (Source: bbc.co.uk ) He said the security community had proven justified in many of its warnings about flaws in systems and networks, but that it hadn't done enough to find ... (view more)

Apple is working on facial recognition as an iPhone security measure. It's said to be have it ready for this year's iPhone 8, but may wait until the feature has been fully tested and complete. The idea is to replace fingerprint scanning for ... unlocking the phone. It's not yet confirmed if and when the facial recognition would be extended to other uses, such as using Apple Pay rather than have to type in card details or a PIN code. According to a Bloomberg source, the face unlock takes less than half a second to scan a face, confirm its identity and unlock the phone. The feature ... (view more)

Microsoft has issued three updates to fix flaws in older, unsupported versions of Windows. It's an unusual move that follows the discovery that both the National Security Agency (NSA) and outside hackers are exploiting the flaws , similar to the one ... that allowed the WannaCry Ransomware worm to spread just a few weeks ago. The updates cover both Windows and Windows Server editions going right back to XP . They'll be issued through the usual automated updates, which means people on Windows 8.1 and later shouldn't need to do anything. Those on earlier systems may need to manually ... (view more)

Infopackets Reader Howard N. writes: " Dear Dennis, In regard to the WannaCry Internet worm which can infect all Windows PCs that have not yet been patched using Windows Updates - how can I make sure that my Windows Update is operating properly, and ... that I am receiving my updates automatically? I enjoy your newsletter - please keep it up and have a nice day! " My response: Generally speaking: you should be able to go to the "Windows Update" service within Windows, and it should tell you when updates were last received. If you haven't received any updates for a while - or if you have your ... (view more)