ISPs ‘likely’ helped infect targets of state surveillance

A spying tool known as FinFisher is involved in a seven-country campaign that most likely involves “complicit” internet providers helping to infect targets of surveillance, according to researchers with the cybersecurity firm ESET. “In two of the campaigns, the spyware has been spread via a man-in-the-middle attack and we believe that major internet providers have played the … Read more

Lenovo Faces No Significant Penalty for Security-Destroying Superfish Debacle

The shovelware PC OEMs ship on their hardware is definitionally terrible; the handful of exceptions to this only serve to prove the rule. In early 2015, however, news broke that Lenovo hadn’t simply shipped poor bundled software, but had fundamentally destroyed internet security on its products in the process. Read full news article on Extreme … Read more

Watch out: don’t lose your passwords when you sign up online

Who would have thought that by providing registration information on one site, you could make other online accounts vulnerable? That’s exactly what Dr Nethanel Gelernter and other researchers at the Israeli College of Management Academic Studies demonstrated via their paper The Password Reset MitM Attack presented at the 38th IEEE Symposium on Security and Privacy. … Read more