IBM Tivoli Storage Manager Operations Center CVE-2016-6044 Security Bypass Vulnerability
 
Multiple Samsung Galaxy Product Information Disclosure Vulnerability
 
IBM Tivoli Storage Manager Operations Center CVE-2016-6046 Cross Site Scripting Vulnerability
 
Autodesk Design Review Multiple Remote Code Execution Vulnerabilities
 
Avira Free Antivirus Local Memory Corruption Vulnerability
 
Oracle MySQL CVE-2016-6664 Local Security Vulnerability
 
RETIRED: Oracle MySQL CVE-2016-5616 Local Security Vulnerability
 
Tiki Wiki CMS Groupware CVE-2016-9889 Multiple Cross Site Scripting Vulnerabilities
 
[SECURITY] [DSA 3744-1] libxml2 security update
 
Cloud Foundry UAA CVE-2016-6659 Privilege Escalation Vulnerability
 
libming CVE-2016-9827 Heap Buffer Overflow Vulnerability
 
Sophos XG Firewall '/userportal/Controller' Endpoint SQL Injection Vulnerability
 
Appweb CVE-2014-9708 Null Pointer Deference Denial of Service Vulnerability
 
NTP CVE-2016-7434 Local Denial of Service Vulnerability
 
NTP CVE-2016-9311 NULL Pointer Dereference Denial of Service Vulnerability
 

Enlarge

The past five years have witnessed a seemingly unending series of high-profile account take-overs. A growing consensus has emerged among security practitioners: even long, randomly generated passwords aren't sufficient for locking down e-mail and other types of online assets. According to the consensus, these assets need to be augmented with a second factor of authentication.

Now, a two-year study of more than 50,000 Google employees concludes that cryptographically based Security Keys beat out smartphones and most other forms of two-factor verification.

The Security Keys are based on Universal Second Factor, an open standard that's easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a "cryptographic assertion" that's just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms.

Read 8 remaining paragraphs | Comments

 
Xen CVE-2016-9932 Information Disclosure Vulnerability
 
QEMU 'VIRTIO_GPU_CMD_SET_SCANOUT()' Function Out of Bounds Read Denial of Service Vulnerability
 
QEMU 'virtio-gpu-3d.c' Denial of Service Vulnerability
 
Internet Storm Center Infocon Status