Nightwatch Security has discovered a bug in Amazon’s Chrome-based, Kindle-loaded Silk browser that “ignored” SSL-security standards, ZDNet reports. The group reported their findings in a public security disclosure published July 25. “All searches via the browser's omnibox are done without HTTPS resulting in ability of malicious third parties to monitor user's search engine traffic," Nightwatch said in the disclosure. The company notified both Amazon and Google of their discovery. “A day later, the Nightwatch security team received a generic response from Amazon, and a fix was issued and verified in July before public disclosure,” the report states. “A CVE assignment for the security flaw is pending.”
Full Story
Comments
If you want to comment on this post, you need to login.