Stories by Lucian Constantin

Satellite communication systems rife with security flaws, vulnerable to remote hacks

By Lucian Constantin | 19 April, 2014 03:20

Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.

Tor anonymity network to shrink as a result of Heartbleed flaw

By Lucian Constantin | 18 April, 2014 03:15

The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.

Facebook users targeted by iBanking Android trojan app

By Lucian Constantin | 17 April, 2014 21:59

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

Lavaboom builds encrypted webmail service to resist snooping

By Lucian Constantin | 17 April, 2014 02:27

A new webmail service called Lavaboom promises to provide easy-to-use email encryption without ever learning its users' private encryption keys or message contents.

VMware promises Heartbleed patches for affected products by the weekend

By Lucian Constantin | 16 April, 2014 00:48

VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.

TrueCrypt source code audit finds no critical flaws or intentional backdoors

By Lucian Constantin | 15 April, 2014 23:28

The source code of TrueCrypt, a popular disk encryption tool, is not the most polished work of programming, but it has no critical flaws or intentional backdoors, security testers concluded in a report released Monday.

AT&T hacker Weev released from prison after appeals court overturns conviction

By Lucian Constantin | 14 April, 2014 22:08 | 1 Comment

Andrew Auernheimer, known online as "weev," has won an appeal against his conviction for exploiting a vulnerability in AT&T's website to collect the email addresses of Apple iPad users. The 2010 incident earned him a 41-month prison sentence.

Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say

By Lucian Constantin | 11 April, 2014 23:34

Website operators should assess their whole Web infrastructure when patching the critical Heartbleed flaw in OpenSSL, otherwise they risk leaving important components open to remote attacks, despite fixing the problem on their publicly facing servers.

Website operators will have a hard time dealing with the Heartbleed vulnerability

By Lucian Constantin | 11 April, 2014 06:55 | 1 Comment

Website and server administrators will have to spend considerable time, effort and money to mitigate all the security risks associated with Heartbleed, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.

Security update for BlackBerry 10 OS fixes remote code execution vulnerability

By Lucian Constantin | 11 April, 2014 00:54

BlackBerry released a security update for its BlackBerry 10 OS to address a critical vulnerability that could allow remote attackers to execute arbitrary code on affected devices.

Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest

By Lucian Constantin | 09 April, 2014 22:28

Adobe Systems released security updates for Flash Player and AIR in order to address four critical vulnerabilities that could lead to arbitrary code execution and information disclosure.

Cybercriminals use sophisticated PowerShell-based malware

By Lucian Constantin | 09 April, 2014 06:21

Cybercriminals have been developing increasingly sophisticated malware that make use of Windows PowerShell scripts in an attempt to fly under the radar.

Yahoo email anti-spoofing policy breaks mailing lists

By Lucian Constantin | 08 April, 2014 22:40

In an attempt to block email spoofing attacks on yahoo.com addresses, Yahoo began imposing a stricter email validation policy that unfortunately breaks the usual workflow on legitimate mailing lists.

Low adoption rate of HSTS website security mechanism is worrying, EFF says

By Lucian Constantin | 08 April, 2014 00:52

Almost a year and a half after the HTTP Strict Transport Security (HSTS) mechanism was established as a standard, its adoption rate by websites remains low because developers are not aware of its benefits and Internet Explorer still doesn't support it, according to advocacy group the Electronic Frontier Foundation.

XSS flaw in popular video-sharing site enabled DDoS attack through visitors' browsers

By Lucian Constantin | 05 April, 2014 04:02

Attackers exploited a vulnerability in a popular video-sharing site to hijack users' browsers for use in a large-scale distributed denial-of-service attack, according to researchers from Web security firm Incapsula.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Trust Authority

Reduce complexity and increase trust for public cloud service providers and their customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.