Tag: hacking

Unpatchable USB Malware Now Open Source | WIRED

Andy Greenberg over at Wired has an interesting piece of news coming out of last week’s Derbycon hacker conference in Louisville, Kentucky. According to Greenberg and Wired, researchers Adam Caudill and Brandon Wilson showed off their own version of Karsten Nohl and Jakob Lell’s BadUSB malware, and that they’d released the code on Github.   Their presentation raises the stakes for USB manufacturers to fix the BadUSB problem or leave hundreds of millions of users vulnerable, Greenberg writes. At a presentation at the Black Hat Briefings in August, Nohl and Lell, both of Security Research Labs (SRLabs), showed how the controller chips inside common USB devices can be reprogrammed, allowing USB peripherals to impersonate other kinds of devices.  Among other things, Nohl demonstrated how a BadUSB infected device could emulate a USB keyboard, issuing commands to a connected machine using the permissions of the logged-in user. Alternatively, an infected USB could spoof a […]

Continue Reading

Infographic: Possible Attacks on The Internet of Things

The folks over at Trend Micro have put together a nice infographic that reminds us that all those smart devices connected to the Internet communicate through some well worn channels, namely: standard communications protocols like Wi-Fi, Ethernet and Bluetooth that connect devices to each other and the global Internet, as well as HTTP that are used to transmit data to and from cloud based resources like management interfaces. Of course those standard protocols also leave IoT devices vulnerable to a wide range of commodity attacks: from brute force password cracking on web based management consoles to Man in the Middle attacks that can sniff out authentication credentials and hijack sessions. Trend’s infographic does a good job of depicting the various layers in the IoT stack and some of the likely attack vectors for each layer. It also gives advice on how to protect yourself (use encryption, patch software vulnerabilities, disable unused ports). Nothing ground breaking […]

Continue Reading

Report: Home Depot Fallout Reveals History of Lax Security, Hiring

Its a truism in cyber security that behind every great hack often lies a string of bad decisions and missed opportunities. Its also true that when you dig into the details of damaging cyber incidents, the root causes are personal and psychological as often as they are technical in nature. Organizations -even sophisticated and wealthy organizations – end up making bad decisions for all the wrong reason: failing to properly assess their risk, or pursuing short term savings when long term investment is needed. Home Depot learned via law enforcement that a breach of transaction data exposed as many as 52 million credit card transactions, the largest retail credit card breach to date. But as more comes out about the breach at home improvement giant Home Depot, it starts to look a lot more like the root causes there may have started in the HR department rather than the data center. The […]

Continue Reading

Building an Unhackable Autonomous Vehicle – CityLab

The folks over at The Atlantic have an intriguing take on the subject of “connected vehicles” and autonomous driving. Now this is a vision that we’ve been chasing for more than 50 years (consider all the technicolor “highway of tomorrow” films from the 50s and 60s). And we’re on the cusp of realizing it. Google’s self-driving car is racking up the miles and automated features like hands free cruise control and collision avoidance are making their way into production vehicles. As Alexis Madrigal at The Atlantic’s (cool) CityLab writes, however, there’s one major fly in the ointment when you consider the super efficient, algorithmically driven road of the future: humans. Specifically: Madrigal, in the course of writing an article on how to build an ‘unhackable’ car poses a scenario that I think is very likely: humans who subvert or otherwise game vehicle automation features to suit their own needs. Imagining the orderly procession […]

Continue Reading

Home Depot Acknowledges Breach of Payment Systems

Almost a week after public reports named Home Depot as a possible victim of a sophisticated cyber attack, the home improvement giant has acknowledged that it was hacked.   In a statement on Monday, Home Depot said that an internal investigation confirmed a “breach of our payment data systems” took place. The breach affects the company’s U.S. and Canadian stores, though not its Mexican locations or online transactions, the company said. The incident also appears to have been long-lived. Home Depot estimates that the breach dates to April, 2014. The company did not say when it was finally shut down – though that date could be as late as July. Home Depot has been investigating the incident since it was first disclosed by Brian Krebs at the blog Krebsonsecurity. Krebs was alerted to the incident after large quantities of stolen credit cards began appearing on cyber criminal forums. Sources at […]

Continue Reading
1 76 77 78 79 80 114