Software

Security Of “Things” Increasingly The Stuff Of Headlines

It looks as if the mainstream media is waking to the security implications of the “Internet of Things,” in the wake of recent demonstrations at the Black Hat and DEFCON conferences that highlight vulnerabilities in everything from home automation systems to automobiles to toilets. Stories in The New York Times and other major news outlets in the last week have highlighted concerns about “the cyber crime of things” as Christopher Mims, writing in The Atlantic, called it. Insecure, Internet connected devices ranging from surveillance cameras to home heating and cooling systems could leave consumers vulnerable to remote attacks and spying. The stories come after hacks to non-traditional computing platforms stole most of the headlines from this year’s Black Hat and DEFCON shows in Las Vegas. A compromise of a Toyota Prius hybrid by researchers Charlie Miller of Twitter and Chris Valasek of IOActive was featured prominently in stories by Forbes and […]

Continue Reading

Anonymous Email Services Shutter In Wake Of Snowden

Faced with the prospect of being forced to turn over metadata from their customers’ private correspondence to secret courts in the U.S. or other countries, two prominent secure e-mail services decided this week to cease operation. The secure email service Lavabit – lately the choice of NSA leaker Edward Snowden – announced that it was ceasing operations on Thursday after ten years of operation. The announcement was followed, on Friday, by a similar one from the security firm Silent Circle, which operated Silent Mail. Both companies cited the difficulty of securing e-mail communications and the prospect of secret government subpoenas to obtain information on the activities of their customers as the reason for deciding to stop offering secure email services. In a message posted on the Lavabit.com web site, owner and operator Ladar Levison said that he was being forced to “become complicit in crimes against the American people or […]

Continue Reading

Podcast: The Art Of Hiring Hackers

The Black Hat and DEFCON security conferences wrapped up last week in Las Vegas. Most of the media attention was (naturally) focused on the content of the presentations – including talks on the security of consumer electronics, automobiles and, of course, on the privacy implications of the recently revealed NSA surveillance program PRISM. But for the companies that pay money to send staff to these shows, the content of the talks is only one draw. Black Hat and DEFCON also serve a lesser known, but equally important role as magnets for some of the world’s top talent in obscure disciplines like reverse engineering, vulnerability research, application security analysis and more. Come August, any organization with a dog in the cyber security fight (and these days, that’s a lot of organizations) is in Las Vegas for a chance of meeting and hiring that top cyber security talent. What do companies that […]

Continue Reading

Samsung Smart TV: Like A Web App Riddled With Vulnerabilities

Smart television sets aren’t short on cool features. Users can connect to Facebook and Twitter from the same screen that they’re using to watch Real Housewives of New Jersey, or log into Skype and use a built in- or external webcam to have a video chat. Unfortunately, the more TVs start to look like computers, the more they are becoming subject to the same underlying code vulnerabilities that have caused headaches and heartache in the PC space. That was the message of two researchers at the Black Hat Briefings security conference Thursday, who warned that one such product, Samsung’s SmartTV, was rife with vulnerabilities that could leave the devices vulnerable to remote attacks. Vulnerabilities in the underlying operating system and applications on Samsung SmartTVs could be used to steal sensitive information on the device owner, or even spy on the television’s surroundings using an integrated webcam, said Aaron Grattafiori and Josh […]

Continue Reading

Six Hours, $4500: The Short Life and Quick Death Of A Facebook Bug

A security researcher based in Indonesia disclosed yet another Facebook bug this weekend – one that would allow an attacker to obtain the primary e-mail address associated with any Facebook account. Hours after informing the social network about the bug, however, it was closed and the researcher, Roy Castillo, was $4,500 richer. Castillo, a white hat vulnerability researcher based in The Philippines, disclosed the bug in Facebook’s Developer Application Roles Page in a post on his blog on Saturday.  When exploited, it allowed an attacker to discover the primary Facebook email address of any account – even those with the email privacy setting on “Only Me,” Castillo wrote.   Attackers would need a Facebook Developer account and some basic programming knowledge to take advantage of the vulnerability, in which Facebook mistakenly disclosed the e-mail address associated with a unique Facebook user ID. After discovering the buy on June 25th, Castillo […]

Continue Reading
1 110 111 112 113 114 123