06-08-2011 – 31-7-2011

Hackers unlock and start Suburu Outback

 Posted by Caspertwin on August 5, 2011 at 6:25 AM Comments comments (0)
Two researchers demonstrated Wednesday how they were able to send commands, via a laptop, to unlock the doors of a Subaru Outback, and then, awing the audience, actually start the car. The researchers, Don Bailey and Matthew Solnik, security consultants at iSec Partners and speaking at the Black Hat conference in Las Vegas, used a technique they have dubbed ?war texting? to tap into a system used to remotely control the cars. The researchers did not disclose the name of the affected syst… Read Full Post »

Bitcoin botnet mines over Twitter

 Posted by Caspertwin on August 5, 2011 at 6:25 AM Comments comments (0)
An innovative botnet was using Twitter to control “mining” operations for the Bitcoin virtual currency. “Botnet masters use other people’s computers to mine Bitcoins for them,” said chief research officer for F-Secure, Mikko Hypponen, in a blog post. He said incentives were offered to create botnets because Bitcoin could be mined by solving difficult cryptographic proof-of-work calculations and then exchanged for cash. It was identified as Trojan . Generic . KD. But Symantec rese… Read Full Post »

Mobile devices cause a rise in data breaches

 Posted by Caspertwin on August 5, 2011 at 6:25 AM Comments comments (0)
A survey of 100 British companies by Good Technology has found the number of consumer devices entering the workplace doubled in six months, while 42 percent of IT managers have seen unauthorised consumer devices cause data breaches. Andrew Jacques, vice president and general manager at Good Technology, said IT managers were under pressure to familiarise themselves with new devices, “constantly changing data plans, new platforms and apps and the security issues associated with them?. A rec… Read Full Post »

Microsoft prepping 13 patches for 22 flaws

 Posted by Caspertwin on August 5, 2011 at 6:25 AM Comments comments (0)
Microsoft on Tuesday is planning to release 13 patches to fix 22 vulnerabilities, the software giant announced Thursday. In its advance notification, Microsoft said the monthly update will address flaws in Windows, Internet Explorer (IE), Office, .NET and Visual Studio. Two of the 13 bulletins drew a “critical” rating. One of those addresses bugs in IE 6, 7, 8 and 9 across all supported versions of Windows. The patches are due Tuesday around 1PM EST. August’s release follows last mon… Read Full Post »

Insulin pumps can be hacked

 Posted by Caspertwin on August 5, 2011 at 6:15 AM Comments comments (0)
A Type 1 diabetic said Thursday that hackers can remotely change his insulin pump to levels that could kill him. Jay Radcliffe, a security researcher, demonstrated to the crowd at the Black Hat conference in Las Vegas how he is able to send commands to and wirelessly disable (within about 150 feet) the insulin pump he has been wearing since he was 22, when he was diagnosed with the autoimmune disease after dealing with extreme weight loss and an unquenchable thirst. Radcliffe, now 33, expl… Read Full Post »

Google blasts Apple, Microsoft for patent gang-up

 Posted by Caspertwin on August 5, 2011 at 6:15 AM Comments comments (0)
Claims to be hampered in the smartphone arena. Google, fresh off losing a bid to buy thousands of valuable patents from bankrupt Nortel, accused its biggest rivals on Wednesday of banding together to block the search giant in the red-hot smartphone arena. In a rare public outburst, Google chief legal officer David Drummond blasted Microsoft, Apple, Oracle and “other companies” for colluding to hamper the increasingly popular Android mobile software by buying up patents, effectively imposin… Read Full Post »

When hacking Chrome, it’s all about your data

 Posted by Caspertwin on August 5, 2011 at 6:10 AM Comments comments (0)
AS VEGAS–Google touts the Chrome OS as being free from traditional security concerns like malware, but it’s still vulnerable to entirely different kinds of attacks, two researchers from the firm WhiteHat Security told Black Hat attendees here today. The Chrome OS is unlike any other desktop system currently available, said Matt Johansen, WhiteHat Security’s team lead. “It’s more similar to mobile devices and apps, where to get more out of the device you’re going to need to install extensions,”… Read Full Post »

HTTPS Everywhere opens to all

 Posted by Caspertwin on August 5, 2011 at 6:10 AM Comments comments (0)
The security add-on for Firefox called HTTPS Everywhere (download) that forces HTTPS encryption on numerous popular Web sites has graduated to its first stable release, about a year after it was released into public beta. (Credit: EFF.org) The tool does not let you force HTTPS (Hypertext Transfer Protocol Secure) willy-nilly on Web sites. Instead, it includes a series of rules that supports sites that allow HTTPS encryption. The Electronic Frontier Foundation said in the blog post announcing t… Read Full Post »

Researchers find avenues for fraud in Square

 Posted by Caspertwin on August 5, 2011 at 6:00 AM Comments comments (0)
LAS VEGAS–Researchers at the Black Hat security conference today revealed two ways the Square payment system, which turns any iPhone, iPad or Android into a point-of-sale credit card processor, could be used for fraud. Adam Laurie and Zac Franken, directors of Aperture Labs, discovered that they can transfer money from a stolen card into their bank account associated with Square without having to swipe a card through the Square dongle card reader. To do this, they used code written by Laur… Read Full Post »

Security insider discusses Vista’s level of security

 Posted by Caspertwin on August 5, 2011 at 6:00 AM Comments comments (0)
LAS VEGAS–It’s easy now to look back at Microsoft’s Windows Vista and berate the company for the operating system’s shortcomings, but the truth is far more complex, according to one security researcher. At the second day of the annual Black Hat conference here, Chris Paget, chief hacker at the security company Recursion Ventures, discussed her independent contracting work for Microsoft on Vista prior to its release for the first time. Before Recursion took on the contract, all members of the te… Read Full Post »

Microsoft offers $250,000 for security defense research

 Posted by Caspertwin on August 5, 2011 at 6:00 AM Comments comments (0)
LAS VEGAS–Microsoft today announced that it will give out $250,000 in BlueHat Prize rewards for innovative research on computer security defense. Winners will be announced at next year’s Black Hat security conference, with the grand prize being $200,000 and second prize being $50,000, Katie Moussouris, head of Microsoft’s Security Community Outreach and Strategy team, said in a conference call from the conference being held here. Researchers will own the intellectual property from their inven… Read Full Post »

Is the Internet Explorer IQ test a fake?

 Posted by Caspertwin on August 3, 2011 at 6:44 AM Comments comments (0)
Inconsistencies point to elaborate hoax. Relax, Internet Explorer users, you may not be so stupid after all. A French psychometrics testing company has denied any link to a Canadian IQ tester who garnered global headlines this week for claiming that Internet Explorer users were dummies. CentralTest, which claimed 350 customers and nearly 200 staff worldwide, said it had no relationship to AptiQuant, a Canadian business that claimed to be an IQ tester and whose website bore a striking si… Read Full Post »

Researchers warn of SCADA equipment discoverable via Google

 Posted by Caspertwin on August 3, 2011 at 6:44 AM Comments comments (0)
LAS VEGAS–Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop. Acknowledging that he wouldn’t click on any link results to avoid breaking the law by accessing a network without authorization, researcher Tom Parker typed in some search terms associated with a Programmable … Read Full Post »

New airport scanners alarmed by sweaty armpits

 Posted by Caspertwin on August 3, 2011 at 6:43 AM Comments comments (0)
Every time there dawns a new era of airport safety, we the citizens and passengers of the world bow in wonder at the latest new technology that will save us from our fellow man. So it was at Australia’s Sydney Airport yesterday, where the well-meaning authorities launched a shiny new full-body scanner that would not only ensure that you are not armed, but could also tell what you had for lunch last Tuesday. (That’s merely a slight exaggeration, of course.) News.com.au sniffed out a certain sna… Read Full Post »

Android users twice as likely to see malware than six months ago

 Posted by Caspertwin on August 3, 2011 at 6:42 AM Comments comments (0)
LAS VEGAS–If you’ve got an Android you are 2.5 times more likely to encounter malware on the device today than six months ago, while mobile users have a 30 percent likelihood of clicking on a malicious link, according to a report released today from mobile security firm Lookout. Those figures are based on detection rates from Lookout users on Android, but not the iPhone, however the rates are presumed to be about the same, according to Lookout. “This number is likely so high because users on … Read Full Post »

Android Trojan records your phone conversations

 Posted by Caspertwin on August 3, 2011 at 6:41 AM Comments comments (0)
A look at where the Trojan saves conversations on the SD card. (Credit: CA Technologies) A new Android Trojan has been discovered that records your phone conversations, according to IT service provider CA Technologies. According to CA security researcher Dinesh Venkatesan, the malware only runs after users unwittingly install it onto their Android-based devices. To coax users into doing so, the Trojan mimics a standard installation screen for legitimate applications. If users click “install… Read Full Post »

Malware scam targets RSA tokens

 Posted by Caspertwin on August 3, 2011 at 6:40 AM Comments comments (0)
A malware scam has been discovered that claims a security vulnerability has been found in RSA’s SecurID which was hacked earlier this year. The scammers purport to deliver messages from RSA that claim that an “unsafe vulnerability” was found in some of its SecurID token devices. The message contains a link to what is claimed to be a security scanner that would detect this vulnerability. If opened, the application installed a Zeus torjan variant ?Seemingly the creators of this attack… Read Full Post »

DefCon Kids joins adult hacker conferences

 Posted by Caspertwin on August 3, 2011 at 6:40 AM Comments comments (0)
(Credit: DefCon) LAS VEGAS–Hackers of all types will be making their annual pilgrimage to the Black Hat and DefCon security conferences this week, including children who will learn how to write ciphers, hack circuit boards, and pick locks. This marks the first year for DefCon Kids, which targets children aged 8 to 16. The event will run alongside all of the regular DefCon security and hacking sessions and the fun events for the adults like Hacker Karaoke, Hacker Jeopardy, Mohawk-Con, and an a… Read Full Post »

Cybercrime costs on the rise from last year

 Posted by Caspertwin on August 3, 2011 at 6:38 AM Comments comments (0)
A new annual study on the cost of cybercrime conducted by the Ponemon Institute has found that the expense of dealing with cybercrime is on the rise from last year. The study, which was funded by Hewlett-Packard, found that the median cost of cybercrime to the 50 organizations it surveyed was $5.9 million per year, based on a range of $1.5 million to $36.5 million per year. That’s up 56 percent from the $3.8 million median found in last year’s study, which ranged from $1 million to $53 million … Read Full Post »

How companies use Wi-Fi to track you (roundup)

 Posted by Caspertwin on August 3, 2011 at 6:36 AM Comments comments (0)
Microsoft curbs Wi-Fi location database The company restricts access to a Live.com geolocation tool linking Wi-Fi devices with locations after a CNET article draws attention to privacy concerns. (Posted in Privacy Inc. by Declan McCullagh) August 1, 2011 12:38 PM PDT Scoop: Microsoft’s Web map exposes phone, PC locations Microsoft collects and publishes the locations of laptops, phones, and other Wi-Fi devices without taking the privacy precautions that Google and Skyhook Wireless have, … Read Full Post »

Global cyber-espionage operation uncovered

 Posted by Caspertwin on August 3, 2011 at 6:35 AM Comments comments (0)
A widespread cyber-espionage campaign that stole government secrets, sensitive corporate documents and other intellectual property for five years from more than 70 public and private organizations in 14 countries has been uncovered by a McAfee researcher, Vanity Fair reported today. The campaign, dubbed “Operation Shady RAT,” was discovered by Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee. It continues today, he said. Alperovitch has briefed senior Whit… Read Full Post »

Security firm warns of new Twitter threat

 Posted by Caspertwin on August 3, 2011 at 6:34 AM Comments comments (0)
Scammers are using compromised Twitter accounts to prey on suspecting victims, security firm Sophos said today. According to Sophos, compromised Twitter accounts are sending out tweets and direct messages to followers, urging them to sign up for a site that will help them make money. One such message from an account reads, “I made $888 today check out how I made it.” The message is followed by a link to a malicious site. According to Sophos, the dollar amount in the tweets and messages can… Read Full Post »

Man arrested in News of the World phone-hacking scandal

 Posted by Caspertwin on August 3, 2011 at 6:33 AM Comments comments (0)
A 71-year-old man has been arrested on suspicion of involvement in the News of the World phone-hacking scandal, the Metropolitan Police announced today. According to the British police force, the man was called in earlier today and arrested when he arrived. So far, the Metropolitan Police have not revealed the identity of the man, but Sky News, which is partially owned by News Corp., is reporting that it could be 71-year-old Stuart Kuttner, a former managing editor of News of the World who left… Read Full Post »

Black Hat 2011 to focus on new hacking techniques, software flaws

 Posted by Caspertwin on August 3, 2011 at 6:33 AM Comments comments (0)
LAS VEGAS ? The temperature is expected to be in the 100s in Nevada throughout this week?s Black Hat 2011 security conference, but the real heat will be on software companies and the people responsible for securing their products. The amount of mobile malware has been increasing. Neil Daswani, CTO, Dasient Inc. Security researchers will demonstrate new hacking techniques that probe networking devices, exploit holes in common database management systems and target vulnerabilities deep … Read Full Post »

ALDI 4-in-1 device spreads conficker

 Posted by Caspertwin on August 2, 2011 at 8:32 PM Comments comments (0)
Aldi External 4-in-1 Hard Drive, DVD, USB and Card Reader Device may contain malware – SSO-AL2011-019 28 July 2011 Hardware and platform/s affected The following hardware is affected Aldi External 4-in-1 Hard Drive, DVD, USB and Card Reader for the following operating system platform/s: Microsoft Windows What is the problem? Aldi stores are currently selling an External 4-in-1 Hard Drive, DVD, USB and Card Reader which may contain malware. If infected, your personal and/o… Read Full Post »

Security bleak for ageing Windows, IE:

 Posted by Caspertwin on August 1, 2011 at 6:52 AM Comments comments (0)
Users of superseded Windows and Internet Explorer versions are hacker food, according to Microsoft’s security team. In a detailed report (pdf), security researchers explored how exploit mitigation technologies like heap metadata protection, Address Space Layout Randomization (ASLR) and Structured Exception Handler Overwrite Protection (SECHOP) were absent or weakly implemented in older versions of Windows and Internet Explorer. The mixed use of different versions of Windows and Internet Ex… Read Full Post »

Amazon used to spread bank-stealing trojan

 Posted by Caspertwin on August 1, 2011 at 6:51 AM Comments comments (0)
Criminals for the past several weeks have been exploiting Amazon’s Simple Storage Service (S3) cloud offering to spread SpyEye malware. Amazon S3, a paid web service that enables users to store data or files in the cloud, has been heavily abused this month, according to Kaspersky Lab malware analyst Jorge Mieres. SpyEye is an online banking trojan designed to steal money from victims’ bank accounts. The malware is capable of evading sophisticated anti-fraud systems put in place by financia… Read Full Post »

Citrix patches severe XenDesktop, XenApp security flaw

 Posted by Caspertwin on August 1, 2011 at 6:50 AM Comments comments (0)
Virtualization vendor Citrix Systems Inc. is urging users of its XenApp and XenDesktop products to install new patches it has issued for a flaw in the products? XML Service interface. The vulnerability is rated as severe. Fort Lauderdale, Fla.-based Citrix said the flaw could be exploited by sending a specially crafted packet to the vulnerable component, enabling a remote, unauthenticated attacker to execute arbitrary code in the context of a service account of a server supporting XenApp, th… Read Full Post »

Facebook makes 30 petabyte Hadoop migration

 Posted by Caspertwin on August 1, 2011 at 6:50 AM Comments comments (0)
Facebook has revealed it developed a replication system to move a 30 petabyte (PB) file system to a new data centre in Oregon. Facebook?s data warehouse Hadoop cluster grew 10 PB over a the year to March 2010, hitting 30 PB which forced the data centre move. Hadoop is a distributed file system developed by the Apache Software Foundation. Facebook used the Hive datawarehousing framework and its massive Hadoop cluster for internal analysis and to support products, such as the Facebook Ad… Read Full Post »

Google AdWords phishing attack detected

 Posted by Caspertwin on August 1, 2011 at 6:49 AM Comments comments (0)
Phony message tricks users into logging into a bogus AdWords account to ?reactivate? a Google AdWords campaign. A new phishing attack targeting users of Google AdWords has surfaced in a variety of spam emails, according to security vendor Sophos. Users of the AdWords service may be easily tricked by a phony email message purportedly from Google warning that their AdWords campaign has been suspended. If the user is tricked into clicking a link, the person is forwarded to a phony Google Ad… Read Full Post »

Policy thinktank says cyber czar would create delays

 Posted by Caspertwin on August 1, 2011 at 6:47 AM Comments comments (0)
Cyber crime responsibility best left to agencies. The head of the government-sponsored Australian Strategic Policy Institute Andrew Davies has urged against appointing a single ‘cyber czar’ to combat internet-borne security threats. Davies told the a summit in Canberra last week that cyber security was best understood as a set of policy issues ranging from nuisance to national security. He said those issues currently fell under the remit of three sets of Federal and State agencies. A… Read Full Post »

Hackers strike government cybersecurity contractor

 Posted by Caspertwin on August 1, 2011 at 6:47 AM Comments comments (0)
Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners. “Today is Friday and we will be following the tradition of humiliating our friends from the FBI once again. This time we hit one of their biggest contractors for cyber security: Mantech International Corporation,” the hack… Read Full Post »

Airbnb horror story goes from bad to worse

 Posted by Caspertwin on August 1, 2011 at 6:46 AM Comments comments (0)
A few days ago, one Airbnb member’s horror story of her home being ransacked went viral. Now she has spoken out again–and things aren’t any better. (Credit: Screenshot by Lance Whitney/CNET) In case you’re not familiar with the account, basically, a woman named “EJ” in San Francisco rented out her apartment while she was on vacation. When she returned, she found her home trashed and vandalized, with some of her most personal belongings as well as several documents related to her identity stol… Read Full Post »

Facebook launches bug bounty program

 Posted by Caspertwin on August 1, 2011 at 6:45 AM Comments comments (0)
Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site. Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook’s Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem. “Typically, it’s no longer than a day” to fix a bug, Facebook Chief Security Officer Joe Sull… Read Full Post »

Hacker of Apple iPad-AT&T site reportedly in plea talks

 Posted by Caspertwin on August 1, 2011 at 6:45 AM Comments comments (0)
A hacker accused of breaking into an AT&T Web site and stealing data of iPad users is negotiating a plea agreement a month after an alleged co-conspirator pleaded guilty, Reuters reported today. Andrew Auernheimer was indicted three weeks ago by a Newark, N.J., grand jury on one count of conspiracy to gain unauthorized access to computers and one count of identity theft. Auernheimer, who lives in Fayetteville, Ark., is free on bail. U.S. District Judge Susan Wigenton put Auernheimer’s case on … Read Full Post »

Report: Breach exposes data of 35 million S. Koreans

 Posted by Caspertwin on August 1, 2011 at 6:44 AM Comments comments (0)
Personal information of 35 million South Koreans has been compromised as a result of a hacking attack on the company that runs the country’s biggest social network and a major Web search engine, according to reports. SK Communications, which operates the Cyworld social-networking site and the Nate portal site, said today that the hacking and exposure of names, phone numbers, e-mail addresses, resident registration numbers, and passwords, originated from malicious code that appeared to come from… Read Full Post »

Topiary ‘known’ to police says network giant

 Posted by Caspertwin on August 1, 2011 at 6:43 AM Comments comments (0)
Frontline Lulzsec hacking member Topiary’s identity and whereabouts were known to British police, chief technology officer of Prolexic Paul Sop has said. While debate raged over whether British Police had arrested Topiary. Scotland Yard released the name of a teenager, Jake Davis, it arrested in the Shetland Islands last week on suspicion of involvement with the LulzSec hacking group. It has yet to emerge if the arrest man was the LulzSec identity Topiary, a concept contested by some on… Read Full Post »

LulzSec spokesman Topiary arrested

 Posted by Caspertwin on August 1, 2011 at 6:42 AM Comments comments (0)
Police in the UK have arrested the man they believe has been serving as the unofficial spokesperson of the hacktivist group LulzSec. The 19-year-old suspect, who uses the online alias “Topiary,” was arrested Wednesday at a home in the Shetland Islands, located off the northeast coast of Scotland, and was booked at a London police station, according to a statement. Topiary is believed to be the person responsible for running the extremely popular Twitter account belonging to LulzSec, a six-… Read Full Post »

Anonymous touts its own social network: ‘Anon+’

 Posted by Caspertwin on August 1, 2011 at 6:41 AM Comments comments (0)
With the Defcon 19 hacking conference set to begin in Las Vegas next week, hacking group/movement/”idea” Anonymous is touting its own “social network,” a site with the Googly moniker Anon+. @YourAnonNews recently sent out a tweet advertising the effort, which seems to be an attempt to create an anonymous, open-source communications platform that will allow for an Internet space somehow immune to government shutdown and corporate censorship. Here’s the tweet: Welcome to a new why of thinking… Read Full Post »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s