In this post, Security Ledger contributor Or Katz of Akamai provides details of how malicious actors are abusing redirect vulnerabilities in popular web sites to boost the reputation of malicious sites they control. One recent attack involved the compromise of some 4,000 vulnerable web applications for the purpose of pumping up the search engine ranking of more than 10,000 malicious web sites, Katz reveals.
You could be forgiven for never having heard of Red Bend Software. The company is small – just 250 employees- and privately held. Red Bend’s headquarters is a suite of offices in a nondescript office park in Waltham, Massachusetts, just off Route 128 – America’s “Silicon Highway.” But the company’s small profile belies a big footprint in the world of mobile devices. Since 2005, more than 2 billion devices running the company’s mobile management software have been sold worldwide. Today, the Red Bend is believed to control between 70 and 90 percent of the market for mobile software management (MSM) technology, which carriers use to service mobile devices. The software enables mobile carriers to do critical tasks, including firmware-over-the-air (FOTA) software updates, mobile device configuration and other on-device changes. Red Bend counts many of the world’s leading companies in the mobile, enterprise and manufacturing sectors as clients, including Intel, Qualcomm, Samsung, Sharp, LG, Sony, Huawei, China Mobile and Lenovo. For the most part, Red […]
Larry Dignan over at ZDNet is writing about a new survey by HP’s Fortify application security division that finds 70 percent of Internet of things devices have exploitable software vulnerabilities. Some caveats: HP makes its conclusions based on scans of “10 of the most popular Internet of things devices.” That’s a very small sample size that could (greatly) skew the results one way or the other. So take this with a grain of salt. You can download the full survey here. (PDF) [Read Security Ledger coverage of Internet of Things here.] According to Dignan, HP found 25 vulnerabilities per device. Audited devices included TVs, Webcams, thermostats, remote power outlets, sprinklers, door locks, home alarms, scales and garage openers. One of each, from the sound of it. The findings, assessed based on the OWASP Internet of Things Top 10 list and vulnerability categories, account for the devices as well as cloud and […]
One of the more interesting stories to come out this week is from Brian Krebs over at Krebsonsecurity.com. Writing on Friday, Krebs used his prodigious knowledge of the cyber underground to profile “GoodGoogle,” one of a growing number of specialized online fraud services that helps e-commerce firms target competitors by gaming Google’s AdWords feature. As you probably know, AdWords are one of Google’s biggest sources of revenue. They allow companies with products or services to sell to “bid” on words or phrases (like “Internet of Things”). Users who search on those terms will see hyperlinked ads to the right of their search results that link to a site of the advertiser’s choosing. Advertisers pay a premium to own popular (and lucrative) keywords – more than $40 per click for keywords like “loan,” “insurance,” “mortgage” or “attorney” depending on the word and time of day. Typically, advertisers set a certain daily budget […]
Wired’s Kim Zetter reports on (independent) reports by two researchers that show how home alarm setups can be hacked remotely, from as far away as 250 yards. The vulnerabilities could allow a malicious actor to suppress alarms or create multiple, false alarms that would render the system unreliable (and really annoying). Zetter profiles the work of Logan Lamb, a security researcher at Oak Hill Ridge National Lab who conducted independent research on three top brands of home alarm systems made by ADT, Vivint and a third company that asked to remain anonymous. She also cites work by Silvio Cesare, who works for Qualys who studied common home alarm systems sold in Australia, including devices manufactured by Swann, an Australian firm that also sells its systems in the U.S. Both discovered a litany of similar problems, Zetter reports: The systems use radio signals to report when monitored doors and windows are opened, but fail to encrypt or authenticate the signals being […]
