[ISN] Crypto weakness in smart LED lightbulbs exposes Wi-Fi passwords

http://arstechnica.com/security/2014/07/crypto-weakness-in-smart-led-lightbulbs-exposes-wi-fi-passwords/ By Dan Goodin Ars Technica July 7, 2014 In the latest cautionary tale involving the so-called Internet of things, white-hat hackers have devised an attack against network-connected lightbulbs that exposes Wi-Fi passwords to anyone in proximity to one of the LED devices. The attack works against LIFX smart lightbulbs, which can be turned on and off and adjusted using iOS- and Android-based devices. Ars Senior Reviews Editor Lee Hutchinson gave a good overview here of the Philips Hue lights, which are programmable, controllable LED-powered bulbs that compete with LIFX. The bulbs are part of a growing trend in which manufacturers add computing and networking capabilities to appliances so people can manipulate them remotely using smartphones, computers, and other network-connected devices. A 2012 Kickstarter campaign raised more than $1.3 million for LIFX, more than 13 times the original goal of $100,000. According to a blog post published over the weekend, LIFX has updated the firmware used to control the bulbs after researchers discovered a weakness that allowed hackers within about 30 meters to obtain the passwords used to secure the connected Wi-Fi network. The credentials are passed from one networked bulb to another over a mesh network powered by 6LoWPAN, a wireless specification built on top of the IEEE 802.15.4 standard. While the bulbs used the Advanced Encryption Standard (AES) to encrypt the passwords, the underlying pre-shared key never changed, making it easy for the attacker to decipher the payload. “Armed with knowledge of the encryption algorithm, key, initialization vector, and an understanding of the mesh network protocol we could then inject packets into the mesh network, capture the Wi-Fi details, and decrypt the credentials, all without any prior authentication or alerting of our presence,” researchers from security consultancy Context wrote. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NORKS hacker corps reaches 5, 900 sworn cyber soldiers – report

http://www.theregister.co.uk/2014/07/07/north_korea_employs_6000_leet_hackers_source_claims/ By Darren Pauli The Register 7 July 2014 North Korea has doubled the number of government hackers it employed over the last two years according to military sources from the South. The allegations claim 5900 “elite” personnel were employed in Pyongyang’s hacking unit, up from 3000 in 2012. The hackers had their crosshairs firmly fixed on Seoul but operate from bureaux in China, the source told the Yonhap News Agency. “The communist country operates a hacking unit under its General Bureau of Reconnaissance, which is home to some 1200 professional hackers,” the source told the agency. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Bloody June: What’s behind last month’s DDoS attacks?

http://www.networkworld.com/article/2449855/security0/bloody-june-what-s-behind-last-month-s-ddos-attacks.html By Jon Gold Follow NetworkWorld July 7, 2014 The list of DDoS attacks in the month of June has made for grim reading. High-profile sites have been targeted by extortion demands, online games got disrupted and at least one company was put out of business as a direct result. While it’s tempting to look for a single cause at the root of this apparent tsunami of distributed denial-of-service activity, the reality is considerably more complex. Online activism, the profit motive and even potential nation-state activity contributed to June’s high volume of DDoS attacks. The only commonality, in fact, may be the ease with which DDoS attacks can be launched. Experts like Molly Sauter, an academic and author of the forthcoming book The Coming Swarm, say that the process is childishly simple. “Literally, if you have a credit card and if you’re bored, it could be anyone,” Sauter told Network World. “It’s so easy to rent a botnet – most of them are out of Russia – and you can rent one for stupid cheap, and then deploy it for a couple of hours, and that’s really all you need to target a major site like Feedly or Evernote.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Russian hacker captured in 2010 Broadway Grill data breach

http://www.capitolhillseattle.com/2014/07/russian-hacker-arrested-in-2010-broadway-grill-data-breach/ By jseattle July 7, 2014 A 30-year-old Russian man was arrested over the weekend for a series of crimes involving hacking into point of sales systems at Washington restaurants including a data breach in 2010 that involved stealing credit card information from hundreds of customers of Capitol Hill’s Broadway Grill. The allegations detail at least $1.7 million in losses to banks and credit card companies from data stolen from the Capitol Hill restaurant’s point of sale system. The U.S. Attorney’s office Monday morning announced the arrest of Roman Seleznev


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attend Cyber Security EXPO

http://www.infosecnews.org/event/cyber-security-expo/ October 8-9, 2014 Brand new for 2014, Cyber Security EXPO is the new place for everybody wanting to protect their organisation from the increasing commercial threat of cyber attacks Co-located with IP EXPO Europe, Cyber Security EXPO has been designed to provide CISOs and IT security staff the tools, new thinking and policies to meet the 21st century business cyber security challenge. At Cyber Security EXPO, discover how to build trust across the enterprise to securely manage disruptive technologies such as: * Cloud computing mobile * Bring your own device (BYOD) * Social media * Identity and access * Encryption * GRC * Analytics * Data The event delves into business issues beyond traditional enterprise security products, providing exclusive content on behaviour trends and business continuity. As well as providing the opportunity to meet top tier industry vendors you can hear presentations from the likes of Mikko Hypponen, Eugene Kaspersky and many more. Cyber Security EXPO will also host the first “Cyber Hack” a live open source security lab. In the lab, you’ll be able to share ideas with White Hat hackers, security gurus, Cyber Security EXPO speakers and fellow professionals. For more information or to register: http://bit.ly/1lBuUGi


Facebooktwittergoogle_plusredditpinterestlinkedinmail