Windows 10 Certificate Validation Bug Exposes a Fundamental Weakness

The announcement Tuesday from the NSA about the new cryptographic vulnerability in the Microsoft Windows operating system sent ripples of shock through our entire community. In case you missed it, this devastating vulnerability (CVE-2020-0601) allows attackers to bypass trust mechanisms to falsify certificates, making them appear to come from a trusted source. It also allows attackers to falsely authenticate themselves on vulnerable HTTPS...

Read More

When the Security Researchers Come Knocking, Don’t Shoot the Messenger

Our own Jonathan Butts and Billy Rios were interviewed this month on the CBS Morning News about their research showing that medical devices like pacemakers and insulin pumps can be hacked by… basically anybody.  These devices all contain embedded controllers, but unlike most modern computer technologies, they haven’t been designed with security in mind.

Read More