A government position paper, published by the Ministry of Security and Justice on Monday and signed by the security and business ministers, concludes that “the government believes that it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption within the Netherlands.” The conclusion comes at the end Read more about Dutch govt says no to backdoors, slides $540k into OpenSSL without breaking eye contact[…]

An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday. The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Read more about Database of 191 million U.S. voters exposed on Internet[…]

The official Twitter account for myGov – a portal for accessing government services online – told Aussies this week: “Going overseas this summer? If you’re registered for myGov security codes make sure you turn them off before you go.” The startling tweets come complete with professional cartoon graphics, clearly suggesting that rather than a civil Read more about Australian government urges holidaymakers to kill two-factor auth[…]

And that password is:

The energy-time entanglement technology for quantum encryption studied here is based on testing the connection at the same time as the encryption key is created. Two photons are sent out at exactly the same time in different directions. At both ends of the connection is an interferometer where a small phase shift is added. This Read more about Swedish researchers reveal (fixable) security hole in quantum cryptography[…]

When a user opens an Outlook email or previews the email in one of the Outlook panels, the OLE mechanism will automatically read the embedded Flash object and try to execute it, to provide a preview. Since most Flash exploits only need to be executed to work, and because there’s a flaw in the Outlook Read more about BadWinmail (Flash) Microsoft Outlook Bug Can Give Attackers Control Over PCs[…]

A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery. The database houses 3.3 million accounts, and has ties to a number of other Hello Kitty portals. The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), Read more about Database leak exposes 3.3 million Hello Kitty fans[…]

ouch Source: Important Announcement about ScreenOS® – J-Net Community

FireEye sell security appliances to enterprise and government customers. FireEye’s flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet. Source: Project Zero: FireEye Exploitation: Project Zero’s Vulnerability of the Beast All you need to do is send the jar Read more about Project Zero: FireEye security appliance Exploited by passing jar file through it[…]

A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer. Source: Back to 28: Grub2 Authentication Read more about Grub2 Authentication Bypass: press backspace 28 times[…]

Apparently people hate the software as well Source: MacKeeper valt eindelijk door de mand

Vuvuzela relies on dummy traffic to hide the real connections Before it’s decided where to store its content, the message goes through different servers, which send out dummy traffic to all interconnected users. The server notifies the recipient that there’s a message for them, the user then goes to retrieve it, also passing through different Read more about MIT Creates messaging system which becomes unsniffable through chaffing data: Vuvuzela[…]

Transport and energy companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity grid management, is robust enough to withstand cyber-attacks, under new rules provisionally agreed by internal market MEPs and the Luxembourg Presidency of the EU Council of Ministers on Monday. […] Read more about First ever EU rules on cybersecurity[…]

A litany of unsecured portals with generic usernames, sometimes no passwords at all, personnel allowing views of unencrypted Google docs with passwords… Source: Epic failure of Phone House & Dutch telecom providers to protect personal data: How I could access 12+ million records #phonehousegate | Weblog | Sijmen Ruwhof

Nasty maintenance software allows all kinds of privilege escalation. Please uninstall! Source: Lenovo: Verwijder onze bloatware

A hacker is releasing customer records after a bank in the United Arab Emirates refused to pay a ransom of $3 million in bitcoins. Most of the bank’s customers, however, did not learn that their data had been stolen and published online until the newspaper contacted them. Files purporting to come from the hacker, and Read more about Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom[…]

What a wonderful thing working in the cloud is! Source: Part of the world’s IT brought down by Azure Active Directory issue

App Engine task queue tasks sloo…ooww for ~10% of instances Source: Google in 24-hour cloud brownout

PHP continues to be one of the main sources for many security bugs With a huge fanbase and used in countless of apps and websites around the Internet, PHP is ranked the worst when it came to command injection bugs, but also came close to the top when it came to SQL injections, cross-site scripting Read more about Top Programming Languages That Generate Software Vulnerabilities (Hint: PHP)[…]

If storing the personal data of almost 5 million parents and more than 200,000 kids wasn’t bad enough, it turns out that hacked toymaker VTech also left thousands of pictures of parents and kids and a year’s worth of chat logs stored online in a way easily accessible to hackers. On Friday, Motherboard revealed that Read more about Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech[…]

And now here’s how you can really destroy it Source: Superfish 2.0 worsens: Dell’s dodgy security certificate is an unkillable zombie

Laat de voertuigbeveiliging installeren door een erkend inbouwbedrijf. U ontvangt dan een VbV-SCM certificaat en uw auto wordt voorzien van een keurmerksticker. De registratie wordt door VbV – SCM vastgelegd.. Source: Doe de kentekencheck – Laat je auto niet hacken.nl Who thinks these things up?