Facebook has set the date: on September 30, the ancient and creaking SHA-1 hashing algorithm will make its tumbril trip and get the chop. SHA-1, designed by the NSA in 1995, is a one-way algorithm: a block of data is turned into a message digest. The digest can’t be turned back into the original message, but serves as a digital signature confirming the authenticity of (for example) the software you’ve downloaded....
The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations. The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products. Dubbed “BERserk”, this vulnerability allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites utilizing SSL/TLS....
Symantec is overhauling its Norton security software, going from nine products to just one as the company turns its attention to smartphones and connected devices. The new product, called Norton Security, doubles down on the company’s renewed focus on subscription models. In its most recent quarter, when Symantec reported a $236 million profit on a 2% gain in revenue to $1.74 billion, the company said it planned to optimize the Norton business while streamlining product support....
So many Facebook scams in 2014 have been a little worrying even though at first they all seem innocent enough, but these are social scams to lure users in to gain money or access to computers. One particular Facebook scam this year was the “Robin Williams goodbye video”, which was apparently made before his death. This fake BBC News video is a scam and no such video exists. The “Robin Williams goodbye video” started to circulate on Facebook and asks users to share the video before they can watch it, DO NOT click on it....
A couple days ago, NBC News ran a report pegged to the Sochi Olympics about Russian hacking. In it, correspondent Richard Engel uses a “brand new” smartphone to test out the Russian internet while hanging out in a Moscow cafe. “Almost immediately,” he says in the segment, “we were hacked.” Naturally, as the security consultant NBC hired for the segment explained today, it’s not true. The consultant, Kyle Wilhoit, a senior threat researcher at Trend Micro, set the record straight today in a blog post on the Trend Micro site and an accompanying white paper....
REDMOND, WASHINGTON (The Borowitz Report)—Bill Gates’s first day at work in the newly created role of technology adviser got off to a rocky start yesterday as the Microsoft founder struggled for hours to install the Windows 8.1 upgrade. The installation hit a snag early on, sources said, when Mr. Gates repeatedly received an error message informing him that his PC ran into a problem that it could not handle and needed to restart....
The Federal Bureau of Investigation is willing to pay top dollar for the malicious, infectious software the rest of us pay to keep out of our computers, according to the Federal Business Opportunities website. A Monday price quote request by the Investigative Analysis Unit of the agency’s Operational Technology Division is asking computer security developers and retailers to help the agency build a library of malware for an undisclosed reason, letting the companies name their price....
Since yesterday, some Avira Internet Security users have only been able to use their web browsers if they first disable Avira Web Protection. According to Avira, some customers are getting a “data structure error” that requires a complete uninstall and fresh installation of the program. However, users in the Avira forum are saying that reinstalling does not solve all their problems: activating IPv6 support and the Drive-by protection causes new browsing issues – this appears to be a Java-related problem, particularly if the latest version, Java 7, is installed....
Cross-posted from H-Online: Google has released the stable version 28 of its Chrome browser. It is the first version to use the new Blink engine for rendering web pages and it appears that the new engine will allow web pages to be loaded about ten per cent faster. The developers say that the increased speed is also thanks to the new threaded HTML parser, which frees up the JavaScript thread, allowing DOM content to be displayed faster....
BetaNews: Mozilla has released Firefox 22.0 FINAL for Windows, Mac and Linux. The update includes some platform-specific improvements — Firefox following display scaling options in Windows, and providing download progress indicators in its dock application icon in OS X — plus a number of other tweaks and improvements. Other new features include the ability for users to now manage their social API plug-ins via the Add-ons menu (select Services in the left-hand menu to do so), while users can now adjust the playback rate of HTML5 audio and video files (right-click the playback screen and choose Play Speed to do so)....