Identity Theft

Homeland Security Warns Of Expanding Medical Device Attacks

A bulletin published by the Department of Homeland Security has warned that the increasing use of wireless networking technology to enable medical devices expands the ways that those devices could be hacked. The bulletin, published May 4 by DHS’ National Cybersecurity and Communications Integration Center, warns that advances in medical devices, including Internet connectivity and the use of smartphones, tablets and other mobile devices in patient care “expands the attack surface” of medical devices. “Smartphones and tablets are mini computers with instant access to the internet or linked directly to a hospital’s network. The device or the network could be infected with malware designed to steal medical information if not upgraded with the latest anti-virus and spy-ware software,” DHS said. Advances in medical device technology have already greatly improved medical care, especially in areas like medical health records and remote monitoring of patients with implantable medical devices. However, too little […]

Continue Reading

That Facebook Account Hijack Vulnerability Is Still Dangerous. Here’s Why.

Did you hear about that really dangerous security hole that allows attackers to manipulate third party Facebook applications to hack into your Facebook account? Skype and Dropbox both said they fixed a web site redirection vulnerability that both companies fixed before the vulnerability was disclosed? Great news, right? Right. Except for the fact that the same vulnerability may exist in hundreds, or even thousands of other Facebook applications and still provides a ready pathway into Facebook accounts, according to Nir Goldshlager, the Israeli security researcher who discovered the vulnerability. Goldshlager described the vulnerability, which he named the “UnFix Bug” on his web site in a post on Wednesday, after discussing details of the hole with the online publication TechCrunch. It is just the latest in a string of security holes he has discovered in OAuth, an open authentication standard used by social networking sites like Facebook and Twitter. The vulnerability allows a […]

Continue Reading

What’s In Your Bucket? Data For The Taking In Amazon S3 Containers

Security is one of the main obstacles to greater cloud adoption. When it gets right down to it: companies that own sensitive data are reluctant to release control of it to a third party without ample reassurance that it won’t be lost or stolen. Given that’s the case, the results from an analysis of Amazon’s cloud-based Simple Storage Service (S3) by the security firm Rapid7 won’t ease privacy and security fears surrounding cloud-based storage and applications. In that study, Rapid7 researchers surveyed 12,328 Amazon S3 “buckets” – virtual containers for stored data. The results: 1,951 of those buckets were publicly accessible – around 1 of every 6. Within those 2,000-odd public buckets were 126 billion (with a “B”) files. That’s right – 126 billion. The sheer amount of data was too large for Rapid7 to audit each file individually, so the company sampled 40,000 publicly visible files and found that […]

Continue Reading

Friday Night Massacre: Twitter Hacked, Info on 250k Exposed

What better time to drop some really bad and embarrassing news than late on a Friday afternoon, as everyone is heading out the door? So it was with social media giant Twitter, which dropped a bombshell late Friday: revealing that it had been compromised in an “extremely sophisticated” attack that yielded the account credentials for around 250,000 users. A blog post by Twitter Security Team member Bob Lord on Friday said that the company has been investigating the breach all week long, after detecting unusual patterns of account access across its network. After stopping an attack that was in progress, the company’s investigation revealed that the attackers “may have had access to limited user information – usernames, email addresses, session tokens and encrypted/saltedversions of passwords – for approximately 250,000 users,” Lord wrote. Twitter did not discuss the circumstances of the breach, but reiterated guidance from the U.S. Department of Homeland Security for users to disable Java […]

Continue Reading

Update: Student’s Expulsion Exposes Computer Science Culture Gap

Editor’s Note: Updated to include comment from Dawson CS Professor Simonelis. – PFR 1/22/2013 The expulsion of a  20 year-old computer science major at Dawson College in Quebec, Canada has laid bare what one expert says is a culture gap between academic computer science departments and the ‘real world’ of application development. In the wake of news stories that have drawn attention to the case, Dawson’s faculty and administration have stood by their decision, saying that “hacking” of the type Ahmed Al-Khabaz was engaged in was an example of “unprofessional conduct” by a computer sciences engineer. This, even as private sector firms – including the company whose software Al-Khabaz exposed – have come forward with job offers and scholarships. Al-Khabaz was expelled in November by a school administration that looked askance at his security audits of a student portal web site dubbed “Omnivox,” accusing him of launching “SQL injection” attacks […]

Continue Reading
1 17 18 19 20 21