Loading

Security of Health Information

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the US Centers for Disease…

Let’s Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately,…

Wi-Fi Chip Vulnerability

There's a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones,…

Hacking McDonald’s for Free Food

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once…

Voatz Internet Voting App Is Insecure

This paper describes the flaws in the Voatz Internet voting app: "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections." Abstract: In…

Loading

Critical Windows Vulnerability Discovered by NSA

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could…

Election Machine Insecurity Story

Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge's race showed one…