Google Project Zero published a blog about the FunctionSimSearch open-source library which is capable to find similar functions in the assembly.
They are using it to detect code statically-linked vulnerable library functions in executables.
London's police is testing facial recognition technology in central London this week. Feel free to get your face scanned and processed for the bright future.
Facebook gave Spotify and Netflix access to a users' private messages. Also shared user information with Microsoft, Amazon, Yahoo without explicit consent.
Researchers published results of an investigation into Russian election interference on behalf of the US Senate Intelligence Committee. They have analyzed data sets from Facebook, Twitter, Google.
Adam Langley wrote about their further Google Chrome TLS experiments with the post-quantum lattice based cryptography.
Matthew Green wrote his thoughts on GCHQ’s latest proposal for surveilling encrypted messaging and phone calls.
Tencent Blade Team discovered a remote code execution vulnerability in SQLite. It was already fixed in Chromium.
Good story about the investigation of the Chinese industrial espionage.
University of California, Berkeley researchers are building open-source secure enclave using RISC-V.
Well-known cypherpunk movement founder Timothy May passed away.
Microsoft introduced Windows Sandbox for applications.
Interesting paper on systematic parsing of X.509 certificates with strong termination guarantees: "Systematic Parsing of X.509: Eradicating Security Issues with a Parse Tree".
A Dive into Cypherlock, a tool that could prevent forced decryption.
Instant, re-usable, generic MD5 collisions over different file formats. https://github.com/corkami/pocs/blob/master/collisions/README.md
Tesla model S is using a 40bit challenge response scheme broken back in 2005. Researchers stole a car in ~6 seconds with precomputed tables.
This kind of bug is an law enforcement dream.
Very interesting read from Troy Hunt on the effectiveness of negative media coverage and shaming of bad security.
Researchers say that the developers of Adware Doctor, the fourth highest ranking paid app in the Mac App Store, have found a way to bypass Apple restrictions and sends the browsing history of its users to a server in China. Apple already removed the application from the Mac Store.
Apple has also removed most of the popular security applications offered by cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent.
European Court of Human Rights rules that GCHQ Data collection violates the human rights charter.
The Iran government, at least since 2016, is is spying on its citizens, Kurdish and Turkish natives, and ISIS supporters, using mobile applications with a malware.
The operation has been named Domestic Kitten.
Researchers introduced previously overlooked side-channel attack vector called Nemesis that abuses the CPU’s interrupt mechanism to leak microarchitectural instruction timings from enclaved execution environments such as Intel SGX, Sancus, and TrustLite.
India’s controversial Aadhaar identity database software was hacked, ID database compromised.
The vulnerability could allow someone to circumvent security measures in the Aadhaar software, and create new entries.
Criminals are faking Google Analytics script to steal credential and stay under the radar.
The OpenSSL team released version 1.1.1. There are a lots of new features like TLS 1.3 support, side-channel hardening, new RNG, SHA3, Ed25519 support.