Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found. The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said. The threat stems from a flaw in the transport layer security protocol that websites and mail servers use to establish encrypted connections with end users.

Ver detalle..

PHOTO: The Google logo is seen inside the companys offices on March 23, 2015 in Berlin, Germany.

Using one guess, an attacker has a 19.7 percent chance of guessing an English speaking user loves pizza, according to Google's findings, which looked at hundreds of millions of questions and answers for account recovery claims. While the questions are meant to provide an extra layer of security, Google found easy-to-guess answers were a problem around the world.

Ver detalle..

mobile security

Computer security experts said they've found a new encryption flaw closely related to one found earlier this year that puts Web surfers' data at risk. The flaw, called LogJam, can allow an attacker to significantly weaken the encrypted connection between a user and a Web or email server, said Matthew D. Green, an assistant research professor in the department of computer science at Johns Hopkins University.

Ver detalle..

syn ssdp attacks chart

At the start of 2014, attackers' favorite distributed denial of service attack strategy was to send messages to misconfigured servers with a spoofed return address – the servers would keep trying to reply to those messages, allowing the attackers to magnify the impact of their traffic. As those servers got patched, this strategy became less and less effective. But now it's back, according to a new report from Akamai. Except this time, instead of hitting data center servers or DNS servers, the attackers are going after personal computers on misconfigured home networks.

Ver detalle..