Explore top 10 tips to secure your open-source projects now. Read More
×Have you heard that Amazon- and Google-approved apps are turning voice-controlled devices into "smart spies"? Learn more about this serious privacy threat: . By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever —and the sounds the devices capture can be used in criminal trials . Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords. . Uncover the security risks associated with smart devices like Alexa and Google Home, which can be exploited by harmful applications that listen in and harvest sensitive information.. Amazon Alexa, Google Home, Smart Devices, Eavesdropping Threats, Privacy Risks. . LinuxSecurity.com Team
In yet another case of unpatched consumer devices representing a threat to the security and privacy of users, thousands of MikroTik have been uncovered which are eavesdropping on users.. The routers have been hijacked through the CVE-2018-14847 security vulnerability, a known bug which impacts the MikroTik RouterOS operating system. The link for this article located at ZDNet is no longer available. . The routers have been hijacked through the CVE-2018-14847 security vulnerability, a known bug which . another, unpatched, consumer, devices, representing, threat, security, privacy. . LinuxSecurity.com Team
Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.. The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. . The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) an. hundreds, source, packages, ubuntu, debian, distributions, linux. . LinuxSecurity.com Team
If you work in an office that uses the popular CiscoUnified IP Phone 7900 Series, prepare to feel violated. A couple of security researchers have published details on a security vulnerability that allows a nefarious hacker to turn the phones into eavesdropping devices. The hack allows people to listen in on private phone calls as well as to nearby conversations.. The hack is executed with a small piece of hardware plugged into the local serial port of the Cisco phone. Once the device is connected to the phone, the hacker is able to execute code allowing them to remotely monitor phone calls and turn on the phone The link for this article located at Technabob is no longer available. . The hack is executed with a small piece of hardware plugged into the local serial port of the Cisco . office, popular, ciscounified, phone, series, prepare. . LinuxSecurity.com Team
The Senate on Friday reauthorized for five years broad electronic eavesdropping powers that legalized and expanded the President George W. Bush administration. The FISA Amendments Act, (.pdf) which was expiring Monday at midnight, allows the government to electronically eavesdrop on Americans The link for this article located at Wired is no longer available. . The FISA Amendments Act, (.pdf) which was expiring Monday at midnight, allows the government to elec. senate, friday, reauthorized, years, broad, electronic, eavesdropping, powers, legalize. . LinuxSecurity.com Team
The Supreme Court on Monday will hear arguments on whether it should halt a legal challenge to a once-secret warrantless surveillance program targeting Americans. The hearing will mark the first time the Supreme Court has reviewed any case touching on the eavesdropping program that was secretly employed by the George W. Bush administration in the wake of the September 11, 2001 terror attacks, and largely codified into law years later. The link for this article located at Wired is no longer available. . The High Court is preparing to examine a lawsuit concerning a covert monitoring initiative targeting U.S. citizens, marking a crucial juncture.. Warrantless Surveillance, Supreme Court Case, Eavesdropping Law. . Dave Wreski
Whatever assurances have been given about the security of GSM cellphone calls, forget about them now. Speaking at the Chaos Computer Club (CCC) Congress here Tuesday, a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network . While such capabilities have long been available to law enforcement with the resources to buy a powerful network-sniffing device for more than $50,000 (remember The Wire?), the pieced-together hack takes advantage of security flaws and shortcuts in the GSM network operators The link for this article located at Wired is no longer available. . Investigations reveal that $15 devices can compromise GSM safety, uncovering flaws that permit simple interception.. GSM Hacking, Cellphone Security, Eavesdropping Techniques, Network Sniffing, Telecom Vulnerabilities. . LinuxSecurity.com Team
Norwegian computer scientists have perfected a laser-based attack against quantum cryptography systems that allows them to eavesdrop on communications without revealing their presence.. One of the biggest commercial uses for quantum cryptography to date has been to securely exchange keys. Unlike traditional key distribution techniques, using quantum mechanics offers a seemingly foolproof upside: any attempt by an attacker to measure quantum data disturbs it -- per the Heisenberg uncertainty principle -- which a quantum cryptography system can detect, thus ensuring that communications remain secure. Enter the laser. The team of researchers from the Norwegian University of Science and Technology (NTNU), the University of Erlangen-N The link for this article located at Information Week is no longer available. . One of the biggest commercial uses for quantum cryptography to date has been to securely exchange ke. norwegian, computer, scientists, perfected, laser-based, attack, against, quantum, cryptography, syste. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.