Code News, Articles and Updates

Mozilla patches unsanitised output flaw in Firefox

Mozilla patched an unsanitised output flaw in its Firefox browser user interface that could lead to arbitrary code execution.

£20 million Institute of Coding to be built, PM announces at Davos

A consortium of more than 60 universities, industry experts and businesses is set to receive £20 million to create the Institute of Coding to help create the next generation of digital specialists, according to Prime Minister Theresa May.

Blender 3D open source platform plagued with arbitrary code vulnerabilities

Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

Smartphone sensors exploited to steal login PINs

Researchers from Nanyang Technological University in Singapore developed a technique to leverage a phones sensors to guess a user's PIN code.

Backdoor ships SMS data back to China

A firmware code created by a Chinese company called Adups has been found to be collecting vasts amount of user information and sending it to servers located in China according to US cyber-security firm Kryptowire.

Researchers call bull on Dirty Cow Patch, find flaw

Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

Kaspersky transparency initiative to share code, updates to build trust

Following the US Federal ban on Kaspersky Lab products the company has launched a Global Transparency Initiative, providing its source code for third-party review and opening three transparency centres internationally.

CRASH report: UK comes last in analysis of secure coding practises

An analysis of over one billion lines of code finds the UK ranks last for the security of its code and finds that teams of 10 do better than teams of 20 or more.

Margaret Sale: keeping the memory of WWII codebreakers alive for 25 years

This week marks the 25th anniversary of the Save Bletchley Park Campaign. The National Museum of Computing (TNMOC) is paying tribute to all campaigners, especially Margaret Sale who has given 25 years of service ensuring the memory of the Second World War codebreakers.

Crippling bug in Linux crashes system with a single tweet

A bug in Linux has been discovered that could allow a hacker to crash a system with just 48 characters of code.

Developer's 11 lines of deleted code 'breaks the internet'

Web development around the world was disrupted when a 28-year-old man deleted 11 lines of his code from npm.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

Juniper Networks backdoor password 'hackable' within six hours

Juniper Networks own ScreenOS software harboured unauthorised code, questions of possible use by NSA.

Algebraic Eraser, the algorithm running the 'Internet of Things' is broken...again

A team of mathematicians were able to break a key used as part of the encryption system that secures many of the most critical IoT technologies internationally.

Ashley Madison's source code reveals poor security practices

Security credentials hard coded into repositories could have helped hackers, according to research by security consultant Gabor Szathmari.

Amazon launches open source TLS implementation "s2n"

Amazon manages to cram OpenSSL alternative into just 6,000 lines of code

Bletchley Park cyber security centre opens

Bletchley Park, the forerunner to GCHQ and synonymous with the Enigma code breakers of WWII, opened its international cyber-security exhibition earlier this week.

Portcullis shuts down Sophos antivirus bug

UK-based security services firm Portcullis has discovered a flaw in Sophos Antivirus that could allow attackers to inject malicious code and disable the software.

Open Heartbleed surgery - securing against further vulnerabilities

David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.

Qualys launches business edition of BrowserCheck download

Qualys has launched a business version of its BrowserCheck plug-in to help users identify and fix browser security issues.