US Embassy staffer ran a sextortion racket from work computer for 2 years

1280px-US_Embassy_London_view_from_SE

Michael C Ford has been sentenced to four years and nine months in prison, having pleaded guilty to running a sextortion/phishing operation from his work computer at the US embassy in London for two years. Read the rest

FBI issues car-hacking warning, tells drivers to keep their cars' patch-levels current

giphy

More proof that all devices in the modern world are just computers in fancy cases: the FBI's joint warning issued with the DoT and the National Highway Traffic and Safety Administration tells drivers that they're at risk of local and remote hack-attacks against their cars, and tells them they have to keep their cars' patch-levels current or they'll be in serious danger. Read the rest

McAfee shovelware emits tracking beacons

img-mcafee

Researchers at Duo Labs bought a "stack" of OEM laptops and audited the preinstalled shovelware they came with, looking specifically at the security implications of the default settings. Read the rest

Iran: We snarfed up “13,000 pages of data” from detained Navy sailors' devices

Photo released by Iranian Revolutionary Guards on  Jan. 13, 2016, shows detained US Navy sailors in Iran prior to their release.  Sepahnews via navytimes.com

The government of Iran claims to have obtained “thousands of pages of information” from devices used by the U.S. Navy sailors briefly detained in January.

Read the rest

Hack-attacks with stolen certs tell you the future of FBI vs Apple

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x989

Since 2014, Suckfly, a hacker group apparently based in Chengdu, China, has used at least 9 signing certs to make their malware indistinguishable from official updates from the vendor. Read the rest

The Car Hacker's Handbook: a Guide for Penetration Testers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x980

The 2016 Car Hacker's Handbook expands on the hugely successful 2014 edition, in which the Open Garages movement boiled down all they'd learned running makerspaces for people interested in understanding, improving, penetration testing and security-hardening modern cars, which are computers encrusted in tons of metal that you strap your body into.

No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.

Author Craig Smith founded Open Garages and now has years of experience with community development of tools and practices for investigating how manufacturers are adding computers to cars, the mistakes they're making, and the opportunities they're creating.

The Handbook is an excellent mix of general background on how to do threat-modelling, penetration testing, reverse engineering, etc, and highly specific code examples, model numbers, recipes and advice on how to put a car up on a bench, figure out how it works, figure out how to make it do cool things the manufacturer never intended, and figure out how to understand the risks you face from people doing the same thing without your best interests at heart.

A lot of the advice is theoretical, but there are a bunch of highly practical projects, from improving and customizing your in-car satnav and entertainment system to tuning your engine performance. Read the rest

Hotel's Android-based lightswitches are predictably, horribly insecure

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x982

Matthew Garrett checked into a London hotel and discovered that the proprietors had decided that "light switches are unfashionable and replaced them with a series of Android tablets." Read the rest

Web security company breached, client list (including KKK) dumped, hackers mock inept security

Screen-Shot-2016-03-11-at-12.00.51-PM-640x263 (1)

Newport Beach based Staminus Communications offered DDoS protection and other security services to its clients; early this morning, their systems went down and a dump of their internal files were dumped to the Internet. Read the rest

If the FBI can force decryption backdoors, why not backdoors to turn on your phone's camera?

HAL9000.svg

Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest

Using distributed code-signatures to make it much harder to order secret backdoors

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x985

Cothority is a new software project that uses "multi-party cryptographic signatures" to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their products as innocuous-looking software updates. Read the rest

Home Depot might pay up to $0.34 in compensation for each of the 53 million credit cards it leaked

spare_change__by_aliceintheflowers-d4rhdh0

In 2014, Home Depot disclosed a security breach of 53 million customer credit cards and 56 million email addresses. This week the company settled a class action lawsuit and agreed to pay as much as $19.5 million in damages and compensation. Read the rest

Less than a year on, America has all but forgotten the epic Jeep hack

IMG_0724-1024x7681

Last summer, security researchers Charlie Miller and Chris Valasek were so alarmed at the terrible state of information security in cars that they demo'ed a hack that let them take over Chrysler Jeep Cherokees over the public Internet, controlling the steering and the brakes and the acceleration. Read the rest

Phishers make off with W2 tax forms for several thousand Seagate employees

w-2-red

Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. Read the rest

Hacking a phone's fingerprint sensor in 15 mins with $500 worth of inkjet printer and conductive ink

animation (1)

MSU Computer Science researchers Kai Cao and Anil K Jain published a new paper describing a Read the rest

As Apple fights the FBI tooth and nail, Amazon drops Kindle encryption

TwFCy5vGnq2PQJQw.medium

Amazon's Kindle devices run a custom version of Android that, until today, supported full-disk encryption. Now they don't. Read the rest

Pirates hacked shipping company, cherry-picking targets based on cargo

5369581593_b9e2ec903c_b

An unnamed shipping company had its unpatched content management system hacked by sea-pirates, who then sorted the ships at sea by the value of their cargo to help prioritize attacks to maximize the take. Read the rest

ISIS opsec: jihadi tech bureau recommends non-US crypto tools

1123

The US government is attempting to force Apple to backdoor its Iphone security, congress is considering mandatory backdoors for all secure technology, and FBI director James Comey insists that this will work, because there's no way that America's enemies might just switch over to using technology produced in other countries without such mandates. Read the rest

More posts