security

Bitcoin: newest frontier in e-money management

"Over the last year, many wealthy Russians lost billions of euros in the Cyprus economic crisis. The Russian government announced plans to intentionally weaken the ruble - plans that were never realized, but which caused quite a scare. President Vladimir Putin banned government officials from holding bank accounts and securities abroad. Historically, the Russian ruble has been a tumultuous currency, suffering major fluctuations throughout the 20th century. For those distrustful of Russia's financial institutions, then, Bitcoin's decentralized basis in math and code may provide an increasingly viable alternative." Continue reading

Continue ReadingBitcoin: newest frontier in e-money management

Watch: How GPS spoofing can take control of drones and ships

"A University of Texas researcher who has hacked the navigational systems of drones and ships told PBS on Friday that anyone with his software could do the same. Humphrey’s and and his graduate students used a technique called 'GPS spoofing,' in which false GPS signals are broadcast that trick a vehicle’s GPS receiver. The researchers first used the technique to commandeer an aerial drone. More recently, they commandeered a ship. Milton Clary of Overlook Systems Technologies told PBS that spoofing attacks posed a huge threat." Continue reading

Continue ReadingWatch: How GPS spoofing can take control of drones and ships

Half Of Tor Sites Compromised, Including Tormail

"The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail. This is undoubtedly a big blow to the TOR community, Crypto Anarchists, and more generally, to Internet anonymity. All of this happening during DEFCON. If you happen to use and account name and or password combinations that you have re used in the TOR deep web, change them NOW." Continue reading

Continue ReadingHalf Of Tor Sites Compromised, Including Tormail

Casascius Physical Bitcoins Cracked at Defcon

"The methodology consisted of using a hypodermic needle to carefully inject tiny quantities of what the researchers will only refer to as a 'non-polar solvent' between the holographic security sticker and the brass coin itself. After the solvent weakened or entirely dissolved the adhesive they were able to peel back the holographic foil and access the private key beneath. The sticker was then trivially replaced, though Stits felt that using a secondary adhesive might be necessary since little of the original adhesive was left. The re-assembled coin bore only a tiny mark at the edge of the foil where the needle was first inserted." Continue reading

Continue ReadingCasascius Physical Bitcoins Cracked at Defcon

When ‘Smart Homes’ Get Hacked: I Haunted A Complete Stranger’s House Via The Internet

"Due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion. Thomas Hatley’s home was one of eight that I was able to access. Sensitive information was revealed – not just what appliances and devices people had, but their time zone (along with the closest major city to their home), IP addresses and even the name of a child." Continue reading

Continue ReadingWhen ‘Smart Homes’ Get Hacked: I Haunted A Complete Stranger’s House Via The Internet

Russian ‘mobile malware’ industry could spread to other countries

"Businesses referred to as ‘Malware HQs’ accounted for more than half the overall mobile malware detections by Lookout during the first six months of this year. Malware HQs openly recruit ‘affiliates’ that could be anyone and provide simple do-it-yourself tools to distribute viruses with tactics such as booby-trapped websites or Twitter posts. Once on smartphones, viruses fire off premium text messages behind the scenes, with HQs getting the money and sharing it with affiliates who hooked the victims. 'We’ve seen evidence that these affiliate marketers have earned between $700 a month to $12,000 a month from these scams,' Smith said." Continue reading

Continue ReadingRussian ‘mobile malware’ industry could spread to other countries

Hacker: Sim card flaws leave ‘hundreds of millions of phones’ vulnerable to attack

"A German cryptographer says he has discovered encryption and software flaws in hundreds of millions of phones, leaving them vulnerable to attack, startling peers who had considered sim cards to be relatively safe technology. Karsten Nohl, 31, a respected hacker and specialist on phone security, said the vulnerability allowed outsiders to obtain a sim card’s digital key, a 56-digit sequence that exposes the chip to manipulation. 'What this means is that your sim card can work against you. The hacker can redirect calls, rewrite numbers, listen in on calls.' A criminal hacker, using an ordinary computer, could also commit payment fraud remotely controlling your phone." Continue reading

Continue ReadingHacker: Sim card flaws leave ‘hundreds of millions of phones’ vulnerable to attack

Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages

"The technique, scheduled to be demonstrated Thursday at the Black Hat security conference in Las Vegas, decodes encrypted data that online banks and e-commerce sites send in responses that are protected by the widely used transport layer security (TLS) and secure sockets layer (SSL) protocols. The attack can extract specific pieces of data, such as social security numbers, e-mail addresses, certain types of security tokens, and password-reset links. It works against all versions of TLS and SSL regardless of the encryption algorithm or cipher that's used." Continue reading

Continue ReadingGone in 30 seconds: New attack plucks secrets from HTTPS-protected pages

Hacker Forces Colin Powell To Deny Affair While At State Department

"Powell’s swift denial of an affair--especially one possibly conducted with an official of a foreign government while he served as America’s chief diplomat--was clearly prompted by the sensitive nature of the e-mails sent to his personal AOL account. In the 'very personal' correspondence cited by Powell, Cretu calls him the love of her life and describes a relationship that spanned more than a decade. The 2010-2011 e-mails would leave most readers with the clear impression that the forlorn Cretu is writing about the twilight of a lengthy romance. Powell’s e-mail and Facebook accounts were illegally accessed by 'Guccifer.'" Continue reading

Continue ReadingHacker Forces Colin Powell To Deny Affair While At State Department