This falls under the category of uncommon hardware hacks. Increasingly, people are realizing that there are many places that could be compromised, like your USB firmware, SIM card, mobile baseband, and now hard disk firmware. Fascinating and scary at the same time, ‘cos it could lead to undetectable compromises.
Fascinating story of Duqu, the successor (or predecessor?) of Stuxnet.
The Digital Hunt for Duqu, a Dangerous and Cunning U.S.-Israeli Spy Virus – The Intercept.
Another serious data breach. This is getting more common, though that certainly doesn’t mean it should be treated as such. The industry has to get used to responding to such security breaches.
JPMorgan Says Data Breach Affected 76 Million Households – Bloomberg.
oss-sec: CVE-2014-6271: remote code execution through bash.
This is serious. Bash is the default shell used by most *nix users. Lots of public web servers out there will be vulnerable if not updated. Someone could write an exploit that infects one machine and turn that machine into an agent for infecting others.
Update (2014-09-25): Ok it is happening.
Update (2014-09-26): Everything you need to know about the Shellshock Bash bug
The headlines state everything through 4.3 or in other words, about 25 years’ worth of Bash versions
Update (2014-10-07): Winzip and possibly Yahoo has been compromised
We are likely to see more and more of such high profile hacks, as devices become more transparent/integrated and IoT takes off. Be very afraid when your next Smart TV comes with a built-in webcam.
With more information than ever being stored and shared online and on connected devices hacking stories are frequent and are mainstream news. This was the case yesterday as dozens of celebrities fell victim to hackers who leaked hundreds of private photographs and videos stolen from web based storage services.
New Web Order > Nik Cubrilovic – – » Notes on the Celebrity Data Theft.
This is the kind of thing which crosses into the movie realm. Yes, it is possible to hack traffic lights.
Taking over a city’s intersections and making all the lights green to cause chaos is a pretty bog-standard Evil Techno Bad Guy tactic on TV and in movies, but according to a research team at the University of Michigan, doing it in real life is within the realm of anyone with a laptop and the right kind of radio.
via Researchers find it’s terrifyingly easy to hack traffic lights | Ars Technica.
This is a cool real-time visualization of cyber attacks that is happening right. Ok it’s not exactly monitoring the entire Internet. The attacks shown are based on honeypots set up by the company Norse. They claimed to “emulate over 5m users, severs, infrastructures on the Internet” in various countries and the visualization is only based on a small subset of the live flows. I guess this can be taken to mean the real number of attacks is much larger and probably won’t run as smoothly on a web-powered application in real-time. It is still quite impressive and can be strangely mesmerizing to watch.
Incidentally, the application is powered by D3 and it runs best on Chrome.
IPViking map: Cybercrime hunting just got real-time – Real Business:
Unsurprisingly, IPViking has been likened with 1983 movie WarGames starring Matthew Broderick and Introversion’s classic game called Defcon. It’s true, the map is simply astonishing to behold – and slightly unnerving – when activity starts happening.
Remote code execution on Android devices | Bromium Labs.
This is surely something of concern for Android users. My advice is don’t use public Wifi. Yes it can be difficult sometimes, especially if you are overseas, but would you rather pay the risk of having your phone rooted and its contents stolen?
Why the Security of USB Is Fundamentally Broken | Threat Level | WIRED.
On some levels this is one of the scariest vulnerability of recent times. Just think of how many things are at risk if exploitation becomes prevalent. Your usual anti-virus is useless against this type of attacks. It’ll be interesting to know if Stuxnet is using this delivery mechanism.
More detailed info can be found here.
