Tag Archives: today

[ISN] Hackers have broken into mainstream TV


http://www.usatoday.com/story/life/tv/2014/10/19/hackers-on-tv/17432191/ By Ann Oldenburg USA TODAY October 19, 2014 Hackers are hot. Yes, they tend to be villains in real life, making headlines for tapping into Target to steal credit card data, breaking into the cloud to snatch nude celebrity photos, and even breaching government firewalls to commit all sorts of top-level cybercrimes. But on TV? They’re the new heroes. “Hackers are often unfairly portrayed as super-bad people, super-evil people,” says Nick Santora, executive producer of Scorpion, CBS’s new hit about hackers who help solve high-tech threats. “The truth is, hackers can provide a valuable service. They can uncover government misdeeds, unfair corporate practices. Hackers have a skill set that most people don’t have. It’s a skill set that’s really useful and important. They’re the watchers of the watchers.” Scorpion, airing Mondays at 9 p.m. ET/PT, premiered to a lot of its own watchers in September with a healthy 13.8 million viewers and is the No. 2 new show this fall, behind NCIS: New Orleans. And, according to a study released last week, the show has had the most positive word of mouth of all the new fall broadcast network series. […]

Tags: , , , , , , , , , , , , , , , , , ,

[ISN] The secure smartphone that won’t get you beaten with rubber hoses

http://arstechnica.com/security/2014/10/the-secure-smartphone-that-wont-get-you-beaten-with-rubber-hoses/ By Peter Bright Ars Technica Oct 15, 2014 Interest in secure communications is at an all time high, with many concerned about spying by both governments and corporations. This concern has stimulated developments such as the Blackphone, a custom-designed handset running a forked version of Android that’s built with security in mind. But the Blackphone has a problem. The mere fact of holding one in your hand advertises to the world that you’re using a Blackphone. That might not be a big problem for people who can safely be assumed to have access to sensitive information—politicians, security contractors, say—but if you’re a journalist investigating your own corrupt government or a dissident fearful of arrest, the Blackphone is a really bad idea. Using such a phone is advertising that you have sensitive material that you’re trying to keep secret and is an invitation to break out the rubber hoses. That’s what led a team of security researchers to develop DarkMatter, unveiled today at the Hack In The Box security conference in Kuala Lumpur. DarkMatter is a secure Android fork, but unlike Blackphone and its custom hardware, DarkMatter is a secure Android that runs on regular Android phones (including the Galaxy S4 and Nexus 5) and which, at first glance, looks just like it’s stock Android. The special sauce of DarkMatter is secure encrypted storage that selected apps can transparently access. If the firmware believes it’s under attack, the secure storage will be silently dismounted, and the phone will appear, to all intents and purposes, to be a regular non-secure device. The full details of DarkMatter still aren’t nailed down, and it won’t reach the market until some time next year. […]

Tags: , , , , , , , , , , , , ,

[ISN] There Is a New Security Vulnerability Named POODLE, and It Is Not Cute

http://www.wired.com/2014/10/poodle-explained/ By Kim Zetter Threat Level Wired.com 10.14.14 On a day when system administrators were already taxed addressing several security updates released by Microsoft, Oracle, and Adobe, there is now word of a new security hole discovered in a basic protocol used for encrypting web traffic. Its name is POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, and it was discovered by three Google security researchers—Bodo Moller, Thai Duong, and Krzysztof Kotowicz. They published a paper (.pdf) about it today. POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password. To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using. This makes it less severe than an attack that can be conducted remotely against any computer on the Internet. The attack works only on traffic sessions using SSLv3. Although this is an old protocol that has been replaced in many client and server configurations with TLS (Transport Layer Security), many browser clients and web servers that use TLS for connections still support SSLv3. Some products and browsers, like Internet Explorer 6 for Windows XP, only use SSLv3. There are also clients that support SSLv3 as an alternative to use whenever a TLS connection to a web server fails. An attacker could exploit this compatibility to downgrade a connection to SSLv3 and then conduct the POODLE attack to hijack your session. […]

Tags: , , , , , , , , , , , , , ,

[ISN] Hackers claim they have stolen nearly 7 million Dropbox passwords (updated)

http://venturebeat.com/2014/10/13/apparent-hackers-claim-they-have-stolen-nearly-7-million-dropbox-passwords/ By Dylan Tweney venturebeat.com October 13, 2014 Hundreds of alleged usernames and passwords for Dropbox have been published on Pastebin, an anonymous information-sharing site. The apparent hackers claim to have nabbed 6,937,081 passwords and today published a “teaser” of 400 username-password pairs. They requested donations in Bitcoin and promised to release more passwords based on how much of the virtual currency they receive. The usernames appeared in alphabetical order starting with benitacran@btinternet.com and ending with bigjoetownsend@hotmail.com. Dropbox, however, says the hack is bogus. The company offered VentureBeat this response to our inquiry: Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well. Subsequently, two more “teasers” appeared on Pastebin. […]

Tags: , , , , , , , , , , ,

[ISN] Cyberinsurance Resurges In The Wake Of Mega-Breaches

http://www.darkreading.com/perimeter/cyberinsurance-resurges-in-the-wake-of-mega-breaches/d/d-id/1316306 By Kelly Jackson Higgins Dark Reading 10/2/2014 Insurance policies customized for cyberattack protection are on the rise as businesses worry they could be the next Target. The string of data breaches at Target, Home Depot, JPMorgan Chase, and so many other major brands has reinvigorated the cyberinsurance industry. Cyberinsurance, which originally was rolled into other insurance policies or even considered unnecessary and ineffective, is enjoying a resurgence of late. Policy purchases have more than doubled in the past year, according to new data from The Ponemon Institute: 10% of companies held cyberinsurance policies in 2013, but 26% do in 2014. Kirstin Simonson, underwriting director for Travelers Global Technology, says US premiums today are estimated at around $1 billion, and it won’t be long before they reach $2 billion. […]

Tags: , , , , , , , , , ,

[ISN] Elijah Wood’s New Movie Is a Prophetic Thriller About Celebrity Hacking

http://www.wired.com/2014/10/open-windows/ BY ANGELA WATERCUTTER Wired.com 10.02.14 Open Windows is kind of a weird movie; it’s viewed almost entirely through a series of computer windows on a laptop screen. It’s also kind of a prophetic movie; it’s about a young actress named Jill Goddard, the target of a hacker who infiltrates her smartphone and laptop—and her life. But instead of stealing the contents of the starlet’s private life, the hacker in Open Windows, out on VOD today, makes a young fan, Nick (Elijah Wood), his unwitting accomplice by giving him access to the actress’ phone and the ability to watch her through surveillance cameras. And, unlike IRL celebrity phone hacks, Nick doesn’t use his access to snatch nude selfies of Goddard (Sasha Grey) and post them online; instead, he tries to save her from the skeeze targeting her. The concept, which may remind viewers of a modern-day Rear Window, was actually vaguely inspired by the movie Closer (more on that later) and has been in the works for a couple years, but writer/director Nacho Vigalondo (Timecrimes) and his star are aware it’s coming at a time when hacks like the one that hit Jennifer Lawrence and other (mostly female) stars are making headlines. Though the problem of online harassment—both of celebrities and civilians—is nothing new. “There’s always a lack of privacy, there’s always an infringement that is possible with the internet,” Wood says. “We’ve read these stories time and time again, this just happens to be the latest infringement.” […]

Tags: , , , , , , , , , ,

[ISN] Hackers cut deal to work for gov’t

http://phnompenhpost.com/national/hackers-cut-deal-work-gov%E2%80%99t Buth Reaksmey Kongkea The Phnom Penh Post 1 October 2014 Two members of “hacktivist” group Anonymous Cambodia convicted of computer hacking yesterday will be spared further jail time. Instead, they have been ordered to put their “excellent” IT skills to use combating cybercrime in the Ministry of Interior. Bun King Mongkolpanha, 21, alias “Black Cyber”, and Chou Songheng, 20, alias “Zoro”, were found guilty of IT offences under two articles of the criminal code at Phnom Penh Municipal Court yesterday morning and sentenced to two years in prison. But their sentences were reduced to five months and 20 days – the amount of time they have already spent in prison since being arrested in April – and they are to be released today. The two former SETEC Institute students are to soon begin paid work fighting cybercrime with the same Interior Ministry department that worked with the FBI to arrest them after an eight-month investigation. […]

Tags: , , , , , , , ,

[ISN] Home Depot: 56M Cards Impacted, Malware Contained

http://krebsonsecurity.com/2014/09/home-depot-56m-cards-impacted-malware-contained/ By Brian Krebs Krebs on Security Sept 18, 2014 Home Depot said today that cyber criminals armed with custom-built malware stole an estimated 56 million debit and credit card numbers from its customers between April and September 2014. That disclosure officially makes the incident the largest retail card breach on record. The disclosure, the first real information about the damage from a data breach that was initially disclosed on this site Sept. 2, also sought to assure customers that the malware used in the breach has been eliminated from its U.S. and Canadian store networks. “To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements,” the company said via press release (PDF). “The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.” That “enhanced payment protection,” the company said, involves new payment security protection “that locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers.” […]

Tags: , , , , , , , , , , , , ,