Consumer Archives

Consumer

Missing in Action At BlackHat: The PC

June 3, 2013 Paul Roberts

Once the target of choice for hackers of all stripes, personal computers (PC) will be -at most- a side attraction at this year’s annual Black Hat Briefings show in Las Vegas, where presentations on ways to attack mobile devices and other networked “stuff” will take center stage. Just over ten percent of the scheduled talks and turbo talks at The Black Hat Briefings in early August (5 of 47) will be devoted to attacks against what might be considered “traditional” endpoints, like end user systems and servers running Microsoft’s Windows, Apple’s Mac OSX and Linux. By contrast, more than 30% will discuss security flaws and attacks against mobile phones or other “smart” devices including wireless surveillance cameras, home automation systems and smart meters. The dearth of PC-focused talks isn’t a new trend in and of itself. As far back as 2006, talks that explicitly discussed security issues with components of Microsoft’s […]

Monoculture 2.0: Will Android’s Rise Be A Security Nightmare?

May 31, 2013 Paul Roberts

There have been a bunch of interesting articles in recent weeks that highlight the rapid expansion of Google’s Android operating system from phones and tablets to all kinds of intelligent devices. They beg the question: is Android becoming the Microsoft Windows of the fast-emerging “Internet of Things.” And, if so, we might ask: ‘What are the security implications of that?’ First the skinny on Android’s growing dominance of the intelligent device sector. Ashlee Vance over at Businessweek.com delved into that with an article “Behind the Internet of Things is Android – and its everywhere.” Vance makes the point that Android is not only the choice for 75% of the handset makers these days – it’s also become the OS of choice for anyone making anything with a processor and a networking stack. The effect of that is akin to what Microsoft encountered when Windows went from being just another PC […]

Illiquid: Liberty Reserve Gone, Cybercrooks Look For Alternatives

May 29, 2013 Paul Roberts

Now that authorities in Spain, Costa Rica and the U.S. have taken down online money transfer service Liberty Reserve, the cyber underground is facing a serious liquidity crunch, as criminal gangs, botmasters, spammers and malicious hackers look for a safe platform on which to transact business. But finding a ready substitute may not be easy, with Liberty Reserve’s close competitors showing less tolerance of its “no questions asked” account creation policy, and less scrupulous outlets wary of the long arm of the U.S. Justice Department. Liberty Reserve (libertyreserve.com) went offline on Friday along with dozens of other domains operated by its founder, Arthur Budovsky – a.k.a. “Arthur Belanchuk” a.k.a “Eric Paltz.” Budovsky was arrested in Spain on May 24th. Spanish authorities acted at the request of authorities in Costa Rica, where Budovsky had set up shop, and the U.S. A three-count criminal complaint filed there by the U.S. Attorney for the […]

Podcast: The Big Truth – Responding To Sophisticated Attacks

May 25, 2013 Paul Roberts

If you work at a rank and file corporation in the U.S. or Europe, stories like those about the breach at the defense contractor Qinetiq are terrifying. Here’s a company that’s on the bleeding edge of technology, making autonomous vehicles and other high-tech gadgetry for the U.S. Military. Despite that, it finds itself the hapless victim of a devastating cyber breach that lasts – by all accounts – for months, or years. In the end, the attackers (likely linked to China’s People’s Liberation Army) make off with the company’s intellectual property (likely all of it) and, soon, defense contractors in Mainland China start turning out devices that look eerily similar to the ones Qinetiq makes. Ouch! If a company like Qinetiq can’t stop an attack by advanced persistent threats (APT) – or whatever name you want to use – what hope do overworked IT admins at rank and file enterprises […]

Update: Researchers Use Weezer Tune To Knock Defibrillators Offline

May 21, 2013 Paul Roberts

Editor’s Note: This article has been updated to include comment from Medtronic and from the researchers. A bit more on that: I spoke to the fine researchers who conducted this study. They are concerned that people might casually read the headline or first couple paragraphs and conclude that listening to Weezer will kill them. Listening to Weezer will not kill you. Listening to Weezer will not interfere with your implanted defibrillator if used under normal conditions. Their experiment (and my article) make this clear, but you do have to read down a bit in the article to get that, and I know not everyone does that. In any case, the health benefits of using an implanted defibrillator in accordance with your doctor’s instructions, far outweigh any risk from EMI or other electronic tampering. – PFR 5/22/2013. Listening to Weezer could kill you. Literally. That’s the conclusion of an unusual experiment […]