Bundle Security blogs

Vast array of medical devices vulnerable to serious hacks, feds warn

Security blogs - Jue, 06/13/2013 - 18:54

A vast array of heart defibrillators, drug infusion pumps, and other medical devices contain backdoors that make them vulnerable to potentially life-threatening hacks, federal officials have warned.

The devices, which also include ventilators, patient monitors, and surgical and anesthesia devices, contain hard-coded password vulnerabilities, according to an advisory issued Thursday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a liaison group between the US Department of Homeland Security and private industry. Attackers who know the default passwords of the devices can exploit these backdoors and change critical settings or replace the authorized firmware altogether.

The advisory came the same day that the Food and Drug Administration released its own notice on the same topic. Both warnings said there was no indication attacks were being carried out in the wild, and neither warning disclosed the affected device models or the manufacturers. But Terry McCorkle, one of the researchers who uncovered the vulnerabilities, said few if any are immune.

Read 4 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Cloud Security Corporation Files U.S. Patent Application for One-Time Password System And Methods On A Mobile Computing Device

Security blogs - Jue, 06/13/2013 - 17:32
Process reduces several risk factors related to current one-time password technology(author unknown)
Categorías: Bundle Security blogs

S&ET Executive Breakfast - Featuring Dr. Patricia Falcone, OSTP

Security blogs - Jue, 06/13/2013 - 17:15
06/28/2013 - Dr. Patricia Falcone is the Associate Director for National Security and International Affairs in the Office of Science and Technology Policy (OSTP...(author unknown)
Categorías: Bundle Security blogs

Trusted Microelectronics Workshop

Security blogs - Jue, 06/13/2013 - 17:11
06/28/2013 - The NDIA is pleased to offer a workshop designed to identify ways in which Trusted Microelectronics can contribute to compliance with DoD Instructi...(author unknown)
Categorías: Bundle Security blogs

Phishing attacks on Iranian Gmail users jump before Iranian election

Security blogs - Mié, 06/12/2013 - 22:32

Google researchers have detected phishing attacks originating inside Iran that target tens of thousands of Gmail users from that country, a company official said in a blog post published Wednesday. The attacks appear to come from the same group that pulled off a much more sophisticated attack in 2011 involving a forged secure sockets layer certificate for the Google domain name.

“The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday,” Eric Grosse, Google's VP of Security Engineering, wrote.

He said the attacks were aimed at Iranian-based account holders who were sent an e-mail purporting to be from Google asking the user to add an alternative e-mail address to their accounts. When users clicked on a URL provided in the e-mail, they were taken to a fake Google sign-in page that collected the victim’s username and password.

Read 2 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Edward Snowden: US government has been hacking Hong Kong and China for years

Security blogs - Mié, 06/12/2013 - 22:19

US whistle-blower Edward Snowden yesterday emerged from hiding in Hong Kong and revealed to the South China Morning Post that he will stay in the city to fight likely attempts by his government to have him extradited for leaking state secrets.

In an exclusive interview carried out from a secret location in the city, the former Central Intelligence Agency analyst also made explosive claims that the US government had been hacking into computers in Hong Kong and on the mainland for years.

Tags: USChinaHong KongSecurityl33tdawg
Categorías: Bundle Security blogs

US charges eight with multimillion-dollar cybercrime

Security blogs - Mié, 06/12/2013 - 22:06

U.S. federal prosecutors charged eight people on Wednesday in connection with a multimillion-dollar fraud that siphoned money from hacked accounts at banks and financial institutions, laundered it and sent it overseas.

Four of the eight have been arrested by authorities, one as he arrived at New York's John F. Kennedy Airport on Tuesday afternoon, while four remain at large. Prosecutors unsealed details of the case on Wednesday.

Tags: Law and Orderl33tdawg
Categorías: Bundle Security blogs

NSA: "Dozens of attacks" prevented by our snooping

Security blogs - Mié, 06/12/2013 - 22:04

The National Security Agency has defended its slurping of phone records and other business data on the grounds the information contained has helped it fight terrorism.

In a congressional hearing on cybersecurity and government surveillance on Tuesday, NSA Director General Keith Alexander said the NSA's data slurping had let it avert terror attacks.

Tags: SecurityNSAl33tdawg
Categorías: Bundle Security blogs

Chinese piracy ring operator sentenced after selling military-related software

Security blogs - Mié, 06/12/2013 - 22:00

On Tuesday, a Chinese national was sentenced to 12 years in federal prison for conspiracy to commit wire fraud and criminal copyright infringement. The sentencing is part of a plea deal with federal prosecutors over a massive software piracy ring. Once the prison term is complete, Xiang Li will be deported back to China.

Tags: ChinaLaw and Orderl33tdawg
Categorías: Bundle Security blogs

Facebook now lets users include hashtags in posts

Security blogs - Mié, 06/12/2013 - 21:58

Facebook is setting itself up to introduce the hashtag to status posts, per a press release from the company Wednesday. The company acknowledges that the feature is “similar to other services like Instagram, Twitter, Tumblr, or Pinterest,” and will in fact integrate with the hashtags used on Instagram.

Tags: FacebookIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Does the Big Bang necessarily mean we're part of a multiverse?

Security blogs - Mié, 06/12/2013 - 21:46

For most of its history, the idea of a multiverse was the domain of science fiction and some rare speculation from physicists. In recent years, though, the idea that our Universe may be just one among many has gained traction in two different areas.

Tags: Sciencel33tdawg
Categorías: Bundle Security blogs

Scientists investigate dark lightning threat to aircraft passengers

Security blogs - Mié, 06/12/2013 - 21:44

US Navy scientists are going to rig aircraft with radiation detectors to check if a phenomenon known as dark lightning could be killing aircraft passengers.

Dark lightning is the product of the electrical activity caused by thunderstorms and produces intense bursts of omnidirectional terrestrial gamma-ray flashes (TGFs) up to half a mile wide, as electrons and positrons are forced to interact by the atmospheric disturbance such storms produce.

Tags: Sciencel33tdawg
Categorías: Bundle Security blogs

Big Brother needs a data privacy policy

Security blogs - Mié, 06/12/2013 - 21:43

"NO ONE is listening to your calls," soothed President Barack Obama last week, following the revelation that the US National Security Agency (NSA) had been collecting data about telephone and online communications on a truly epic scale. But Obama's pledge is nothing like as reassuring as it might sound.

Tags: PrivacyIndustry Newsl33tdawg
Categorías: Bundle Security blogs

iOS 7 design changes remain in flux, likely to see major revisions before release

Security blogs - Mié, 06/12/2013 - 21:41

Much has been said, both positive and negative, about the look of Apple's iOS 7, though new information reveals the design showed off at WWDC on Monday was merely a work in progress, meaning those initial impressions are likely to change in the months ahead.

According to The Next Web, people familiar with Apple's latest mobile operating system said the iOS 7 beta, as well as the preview shown at the WWDC keynote on Monday, is a "mid-stride" snapshot of the work being done behind closed doors.

Tags: AppleiOS7l33tdawg
Categorías: Bundle Security blogs

Google buys Waze and puts the squeeze on Facebook and Apple

Security blogs - Mié, 06/12/2013 - 21:40

With Google set to buy app-maker Waze, the question is whether Google actually needs the crowd-sourced traffic app or is simply trying to stick it to its competitors.

On Tuesday, Google confirmed weeks of rumors that it is buying Waze. The company did not disclose the terms of the deal, but early reports put the price between $1 billion and $1.3 billion.

Tags: GoogleWazeIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Iranian phishing on the rise as elections approach

Security blogs - Mié, 06/12/2013 - 20:00
Posted by Eric Grosse, VP Security Engineering

For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.

Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.

Protecting our users’ accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users. Especially if you are in Iran, we encourage you to take extra steps to protect your account. Watching out for phishing, using a modern browser like Chrome and enabling 2-step verification can make you significantly more secure against these and many other types of attacks. Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website's address does not match this text, please don’t enter your Google password.
Categorías: Bundle Security blogs

First Edition Of SIA Technology Insights Released

Security blogs - Mié, 06/12/2013 - 18:17
Publication provides exclusive vendor-neutral analyses of emerging security technologies(author unknown)
Categorías: Bundle Security blogs

Program Management Systems Committee June Meeting

Security blogs - Mié, 06/12/2013 - 16:56
06/18/2013 - The Program Management Systems Committee (PMSC) is a committee within the Procurement Division of NDIA. The PMSC is the primary forum for building...(author unknown)
Categorías: Bundle Security blogs

New DEF CON 21 Speakers Posted!

Security blogs - Mié, 06/12/2013 - 15:35

Check out this new batch of speakers for your perusal! You can see them all on the Speaker page!

Hacker Law School
Jim Rennie and Marcia Hofmann

ACL Steganography - Permissions to Hide Your Porn
Michael Perklin

Privacy In DSRC Connected Vehicles
Christie Dudley

Kill 'em All — DDoS Protection Total Annihilation!
Tony Miu and Wai-leng Lee

TMI: How To Attack Sharepoint Servers And Tools To Make It Easier
Kevin Johnson and James Jardine

Reality Hackers
Rebecca Wexler and Paul Sanderson

Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot
Amir Etemadieh, CJ Heres, Mike Baker, and Hans Nielsen

How to use CSP to stop XSS
Kenneth Lee

RFID Hacking: Live Free or RFID Hard
Francis Brown

DNS May Be Hazardous to Your Health
Robert Stucke

EMET 4.0 Exploit Mitigations
Neil Sikka

Getting The Goods With smbexec
Eric Milam

Pwn'ing you(r) cyber offenders
Piotr Duszynski

Defeating SEAndroid
Pau Oliva Fora

The Politics of Privacy and Technology: Fighting an Uphill Battle
Eric Fulton and Daniel Zolnikov

Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine
Brandon Wiley

Making Of The DEF CON Documentary
Jason Scott and Rachel Lovinger

Inside The Strange World Of Java Cards, SIM Card Apps, And Over-The-Air Updates
Karl Koscher

(author unknown)
Categorías: Bundle Security blogs