Thomas Brewster over at Forbes has an interesting story this week on a $10,000 bounty that’s being offered for anyone who can hack Tesla’s Model S sedan. The contest is open to all registered attendees of SyScan Conference in Beijing, which takes place later in July. (Conference web site is here.) According to Brewster, the contest is not endorsed by Tesla, nor is the company cooperating in any way. The conference features a number of hacking demonstrations, including at least one on hacking cars: this presentation on strategies for securing Controller Area Network (CAN) based systems – CAN is the most commonly used networking protocol in automobiles. Tesla – which makes the most wired cars on the road – have flirted with both hackers and mod-ers in the past. Notably: this article mentions one car owner’s hack of Tesla’s (really nice) on board touch screen interface. That prompted a warning from […]
news
Hacker Takes on the World’s Spy Agencies | WIRED
Andy Greenberg over at Wired has a fine profile of former Google hacker and human rights champion Morgan Marquis-Boire (aka “Morgan Mayhem”), who is now working for the start-up publication First Look Media Marquis-Boire is an expert in malware analysis, with particular expertise in analyzing the software that oppressive regimes use to spy on journalists, human rights activists and political dissidents. At First Look, he will be devoting his talents to defending what Greenberg calls “an endangered species: American national security journalists.” First Look is a nascent, independent online media startup founded by eBay billionaire Pierre Omidyar. The site is best known as the (new) home of Glenn Greenwald and Laura Poitras, and the launch pad for whatever secrets are still hidden in the trove of information Edward Snowden leaked to Greenwald. According to Greenberg, Marquis-Boire was hired away from Google and given the task of safeguarding those documents as well as the […]
Google Warns Of Dodgy Digital Certificates Issued By India
Beware of Google domains bearing gifts – especially gifts from India. On Tuesday, Google’s Adam Langley took to the company’s security blog to warn about unauthorized digital certificates that have been issued by India’s National Informatics Centre (NIC) and used to vouch for “several Google domains.” Google notified the NIC, as well as India’s Controller of Certifying Authorities (or CCA) and Microsoft about the discovery and the certificates have been revoked, Langley said. As Cory Doctorow noted over at BoingBoing.net, most operating system vendors and browser makers don’t trust NIC-issued certificates as a matter of course. However, NIC holds intermediate CA (certificate authority) certificates that are trusted by India’s CCA, and CCA-trusted certificates are included in Microsoft’s Root Store, meaning applications running on Windows as well as Microsoft’s Internet Explorer web browser would have trusted the bogus NIC certificates. Google said that Chrome users on Windows would not have been victims of the […]
Update: Cyber Spies Digging For Clues On Iraq?
The folks over at CrowdStrike have dug deep into a campaign of targeted cyber attacks targeting Washington D.C. think tanks and say they have evidence that whomever is behind the attacks has taken a sudden interest in U.S. policy towards Iraq. Editor’s Note: This story was updated to include comments from Adam Meyers, Vice President of Security Intelligence at CrowdStrike. – PFR July 8, 2014 14:30 Writing on Tuesday, CrowdStrike CTO Dmitri Alperovitch described a new campaign by a group they dubbed “DEEP PANDA” that was targeting think tanks specializing on U.S. foreign policy and national security. Alperovitch said CrowdStrike observed a pronounced shift in targets from think tank experts on Asia to experts on Iraq and the Middle East in recent weeks. The shift corresponded with the rapid escalation of violence in Iraq as the Islamic extremist group ISIS took control of large parts of the country. “This actor, who was engaged in […]
That LIFX Smart Lightbulb Hack Wasn’t Easy
If you’ve been following your Internet of Things security news, you probably read about the latest hack of a consumer-oriented ‘smart home’ device: Context Information Security’s analysis of security holes in LIFX-brand smart light bulbs. The top line on this is scary enough. As The Register reported: researchers at Context discovered that, by gaining access to a “master bulb” in LIFX deployments, they could control all connected lightbulbs and expose user network configurations. That’s scary – and recalls research on hacking Philips HUE light bulbs that was published last year. But read down in the Context research and you’ll realize that, while the LIFX technology wasn’t perfect, the job of hacking the technology wasn’t child’s play, either. LIFX connected its smart bulbs using a 6LoWPAN-based mesh network. The company made the mistake of transmitting most bulb-bulb communications in the clear, which made analyzing traffic sent between master- and slave bulbs easy. Context researchers found […]
