Security Roundup - 2016-03-02
Yesterday a new TLS vulnerability called DROWN was revealed, using weaknesses in SSLv2 to attack TLS. Cloudflare has already announced that anyone using their platform is protected.
Speaking of Cloudflare, they have decided to become their own registrar, with extra security built in. They have also built a handy ‘best practices’ checker for DNS security, which contains some interesting things people might want to consider doing.
In the growing trend of hospital hacks, the Independent Security Auditors group recently released a report on Hacking Hospitals. They found that the primary focus is on protecting PII and PHI information, and less on protecting devices that are keeping lots of people alive.
When everything is connected, can you even trust your car? Nissan Leaf owners who use a companion app were open to hijack of some functions, retrieve trip logs and user identities. The app used the VIN for identification, so bad actors can even do drive by detection. Nissan has currently shut down the app while they work on a fix. In a recent report, car manufacturers are three years behind current cybersecurity threats.