IOActive

Barnaby_Jack_Jackpotting

Famed Hacker Barnaby Jack Died Of Accidental Overdose

Barnaby Jack, the world-renowned hacker who was found dead in his San Francisco apartment in July died of an accidental overdose of cocaine, heroin and prescription drugs, according to a report released by the San Francisco Medical Examiner’s office.  The news was first reported by the website theverge.com. Jack, a 36-year-old New Zealand resident was found unresponsive in bed, surrounded by bottles of pills, empty bottles of beer and champagne and evidence of “illicit drug use,” the Medical Examiner’s report states. Jack had traces of cocaine, heroin, Xanax, and Benadryl in his system at the time of death. Jack was one of the most gifted security researchers of his generation. The head of embedded device security at the firm IOActive, Jack electrified audiences with his demonstrations of vulnerabilities in devices such as ATMs and implantable insulin pumps. In a now-famous “Jackpotting” demonstration, he demonstrated a remotely exploitable hole affecting bank automated teller machines […]

Continue Reading

Zombies Gone, Problems Persist With Emergency Alert System

More than six months after hacked Emergency Alert System (EAS) hardware allowed a phony warning about a zombie uprising to air in several U.S. states, a security consulting company is warning that serious issues persist in software from Monroe Electronics, whose equipment was compromised in the earlier attack. Software updates issued by Monroe to fix security problems with earlier versions of its software have introduced serious, new issues that could once again allow EAS devices to be compromised by a remote hacker, according to a post by Mike Davis, a researcher at the security firm IOActive on Thursday. Patches issued by Monroe Electronics, the Lyndonville, New York firm that is a leading supplier of EAS hardware, do not adequately address problems raised by Davis and others earlier this year, including the use of “bad and predictable” login credentials. Further inspection by Davis turned up other problems that were either missed […]

Continue Reading

Insecure At Any Speed: Are Automakers Failing The Software Crash Test?

Editor’s Note: You can view the rest of my conversation about application and supply chain security, featuring Joshua Corman of Akamai and Chris Wysopal of Veracode by visiting Veracode’s web site. – PFR  You’re in the market for a new car, and you’ve made a list of the features you want: a cool, tablet style interface for the audio and navigation system, side impact airbags for the front and rear compartment, a pop-up third row of seating. Heck, maybe you even want to hold out for the automatic seat temperature control that some Lexus cars now come with. While you’re at it, how about some secure software, too? That last item probably isn’t on most buyers’ check list today, but it may be soon, according to two, prominent security experts: Chris Wysopal, of Veracode, and Joshua Corman of Akamai. Speaking on Talking Code, an exclusive video hosted by The Security Ledger […]

Continue Reading
NEST Thermostat-BlackHat-scaled

Security Of “Things” Increasingly The Stuff Of Headlines

It looks as if the mainstream media is waking to the security implications of the “Internet of Things,” in the wake of recent demonstrations at the Black Hat and DEFCON conferences that highlight vulnerabilities in everything from home automation systems to automobiles to toilets. Stories in The New York Times and other major news outlets in the last week have highlighted concerns about “the cyber crime of things” as Christopher Mims, writing in The Atlantic, called it. Insecure, Internet connected devices ranging from surveillance cameras to home heating and cooling systems could leave consumers vulnerable to remote attacks and spying. The stories come after hacks to non-traditional computing platforms stole most of the headlines from this year’s Black Hat and DEFCON shows in Las Vegas. A compromise of a Toyota Prius hybrid by researchers Charlie Miller of Twitter and Chris Valasek of IOActive was featured prominently in stories by Forbes and […]

Continue Reading
Survives the Zombie Apocalypse / Guaranteed

Emergency Alert System: Vulnerable Systems Double, Despite Zombie Hoax

You’d think that the prospect of a zombie invasion would prompt our nation’s broadcasters and others who participate in the Emergency Alert System (EAS). Just the opposite is true. Months after a bogus EAS message warning about a zombie uprising startled residents in Michigan, Montana and New Mexico,  the number of vulnerable EAS devices accessible from the Internet has increased, rather than decreased, according to data from the security firm IOActive. In a blog post Thursday, Mike Davis, principal research scientist at IOActive said that a scan of the public Internet for systems running versions of the Monroe Electronics software  found almost double the number of vulnerable systems in July – 412 – as were found in April, when an IOActive scan of the public Internet using the Shodan search engine found only 222 vulnerable systems. IOActive first notified Monroe Electronics about vulnerabilities in its DASDECS product in January of […]

Continue Reading
1 5 6 7 8