Author: Robert Vamosi

Akamai Identifies Old Protocol in New DrDoS Attacks

An old protocol found in SOHO routers may be responsible for recent DrDoS attacks, says the security steam at Akamai. Akamai, through the company’s Prolexic Security Engineering & Research Team (PLXsert), issued an alert today for an old protocol that could be used in Distributed Reflection Denial of Service attacks (DrDoS) attacks. Routing Information Protocol v1 (RPIv1) allows routers in small networks to share route information. For example a router running RIPv1 would send a request over UDP 520 when it is first powered on and other devices on the network, listening for this request, would send the new router a list of routes. In this case the list of routes would be sent instead to a designated target. It has since been replaced with RIPv2 but many older units still have RIPv1 enabled by default. “This version of the RIP protocol was first introduced in 1988 – more than […]

Black Hat 2014

New Calls For A Common Hardware Vulnerability Database At Black Hat

The Black Hat briefings made its reputation as a forum for star security researchers to unveil hair raising vulnerabilities in hardware and software. But Black Hat has become a more corporate event and collaboration is much in evidence these days. The latest example: the first roundtable discussion ever held at Black Hat. Speaking on Wednesday, Don Bailey, CEO of Lab Mouse Security, and Zach Lanier, Senior Security Researcher at Duo, facilitated a lively discussion of embedded system security before a group of attendees arranged around a table with a few more chairs off to the side. Bailey asked the audience to start the conversation, and he and Lanier then moderated the discussion. The conversation started with discussion of new secure chipsets, such as ARM TrustZone, and the fact that few institutions are using them. One factor is cost. Some organizations are gravitating toward open source chipsets such as Ardinuio, which […]

connected car - audi-thumbnail

Remote Car Hacks Depend On The Internal Design, Say Researchers

When purchasing your next car, you face many options. You want a good price, but also good gas mileage and perhaps an entertainment system for the kids in back. But for Dr. Charlie Miller, Twitter, and Chris Valasek, director of vehicle security research at I/OActive, the main criteria is whether or not the car is a likely candidate to be hacked. In particular they said they were interested in cars that would be more susceptible to remote hacking. Work done previously by Professor Stefan Savage along with graduate students from the University of Santa Barbara and the University of Washington used the Onboard Diagnostic port to control a car. Last year Miller and Valasek used internal wiring to gain control of their test cars. This year the pair said they wanted to take a step back and look at how cars in general communicate internally as a predictor of hacking […]