Categories
privacy security

New air-gap jumper covertly transmits data in hard-drive sounds

Your secrets should be safe as long as your machine is not connected to any network right? Think again. There have been extremely innovative ways of transmitting information from unplugged (or what is known as air-gapped) computers to other devices, including:

and now.. via the sound that a hard drive makes.

“DiskFiltration” siphons data even when computers are disconnected from the Internet.

Source: New air-gap jumper covertly transmits data in hard-drive sounds

Categories
security

A New Wireless Hack Can Unlock 100 Million Volkswagens

More bad news for Volkswagen.

A team of researchers has found that Volkswagen stores secret keys in car components that leave almost all its vehicles since 1995 vulnerable to theft.

Source: A New Wireless Hack Can Unlock 100 Million Volkswagens

Categories
security

Researchers crack open unusually advanced malware that hid for 5 years

Another impressive likely-state-sponsored malware. Data exfiltration from air-gapped machines is the holy grail of the malware world. If they succeeded this will be huge.

The malware—known alternatively as “ProjectSauron” by researchers from Kaspersky Lab and “Remsec” by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes.

Source: Researchers crack open unusually advanced malware that hid for 5 years

Categories
security

Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers

It has long been known that telephony services like SMS are not secure. When your infrastructure provider is hostile it gets challenging to protect your users.

Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.

Source: Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers

Categories
programming

Programming bug costs Citigroup $7m after legit transactions mistaken for test data for 15 years

Like I always say, all (non-trivial) software have bugs. It’s a matter of when and if they are discovered. If you’re lucky, the bugs may only result in financial loss. In more serious cases, safety and security can be compromised.

When the system was introduced in the mid-1990s, the program code filtered out any transactions that were given three-digit branch codes from 089 to 100 and used those prefixes for testing purposes.

But in 1998, the company started using alphanumeric branch codes as it expanded its business. Among them were the codes 10B, 10C and so on, which the system treated as being within the excluded range, and so their transactions were removed from any reports sent to the SEC.

Source: Programming bug costs Citigroup $7m after legit transactions mistaken for test data for 15 years

Categories
Uncategorized

Nasty flaws in Symantec security tools expose millions of computers to hacking | PCWorld

The irony is killing: a product that is supposed to protect your enterprise contains severe security problems making your enterprise hackable through a carefully crafted email – which doesn’t even need to be opened!

Continue reading “Nasty flaws in Symantec security tools expose millions of computers to hacking | PCWorld”
Categories
Uncategorized

The Universe of Discourse : Don’t tug on that, you never know what it might be attached to

The rabbit hole can be really deep. The tl;dr version is this: this guy encountered an apparent bug in emacs in his work, but you will never guess what’s the cause of it.

Source: The Universe of Discourse : Don’t tug on that, you never know what it might be attached to

Categories
security

No internet for Singapore public servants – BBC News

Great, now we’re on BBC for the wrong reasons. This goes totally against the Smart Nation, IoT and cloud movement. The scary prospect is that quasi-government agencies and even private organizations may take a cue from this and do the same.. Expect a strong pushback from the industry. OTOH, server vendors will be very happy 🙂

Singapore says it will restrict access to the internet for public servants from May next year because of information security concerns.

Source: No internet for Singapore public servants – BBC News

Categories
security

*indrora->mind — DeadUpdate; Or, How I learned to stop worrying and…

Yet another major fail from a hardware vendor. The tl;dr version is this: Asus laptop comes with a software called LiveUpdate that deliver updates from Asus. The problem is it does so insecurely and without proper validation. So that makes it possible for someone to perform MiTM and deliver fake updates.

Source: *indrora->mind — DeadUpdate; Or, How I learned to stop worrying and…

Categories
privacy security

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

TeamViewer is a very popular tool for remote access due to its ease of use and firewall bypassing capability. It is widely used by IT support, sysadmins, appliance manufacturer, Pos system makers, individuals etc. If this hack is real it would have huge ramifications for users of this tool.

Remote-control tool wobbles offline, blames bad passwords for compromises

Source: TeamViewer denies hack after PCs hijacked, PayPal accounts drained

Update (2016-06-04): Also reported here.