Encryption flaws found in popular HTTPS sites
An alarming number of the web’s most popular HTTPS sites suffer from TLS vulnerabilities, leaving them open to hackers, researchers say. Transport Layer Security (TLS) is a defence that encrypts data between your browser and web servers to protect your personal information, passwords and search history.
A padlock at the start of a web browser’s address bar indicates that it’s active. However, a surprising number of encrypted websites are leaving these connections exposed, according to researchers in Venice and Austria. The teams analysed the web’s top 10,000 HTTPS sites, as ranked by Amazon’s Alexa analytics company (www.alexa.com), and found that 5.5% had potentially exploitable TLS vulnerabilities.
The cause was a combination of issues in how sites implemented TLS encryption schemes, as well as a failure to patch known bugs. The most troubling aspect of the flaws, however, is that the padlock still appears in the browser, giving users a false sense of security. “These are things that are not fixed and are not even noticed,” said one researcher. bit.ly/https473
Smart-home devices are “easy prey” for hackers
The number of malware threats affecting Internet of Things (loT) devices more than doubled last year as smart-home appliances grew in popularity. Cybercriminals consider these devices “easy prey”, because most of their exploits rely on poor security practices.
Despite detecting just five significant threats in 2017 and three in the previous year, researchers at F-Secure Labs spotted 19 new security risks targeting loT devices in 2018, including the notorious VPNFilter. Most of the threats took advantage of weak or default credentials, unpatched software vulnerabilities or a combination of the two.
“The explosion of loT devices in people’s homes and offices is attracting attention from cybercriminals,” the report said. “And thanks to the security problems commonly found in these devices, they present attackers with low-hanging fruit to pick:’ Researchers said that routers, cameras and digital video recorders (DVRs) are among the most obvious targets for hackers. Embedded computers in washing machines and fridges are also increasingly vulnerable. bit.ly/iot473