Infamous company Hacking Team was hacked.
Hacking Team hacked, attackers claim 400GB in dumped data | CSO Online.
JXcore butchered. Twice. Ouch.
Besides being quite easy to reverse engineer, the central flaw here is that they still don’t obfuscate your source code! It’s sitting there in its original form, ready for easy extraction by anybody that you distribute your application to. I mentioned obfuscation in my previous article on JXcore and I’ll repeat that assertion here: obfuscation is the only reasonable protection to defend high level source code from reverse engineering. Nothing can prevent reverse engineering, but good obfuscation can raise the cost substantially.
Ok this is not as bad as Superfish, but it’s bad enough. Samsung is disabling Windows Update so that it doesn’t have to deal with driver update issues.
When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.
via Debugging and reverse engineering: Samsung deliberately disabling Windows Update.
The leakage of OPM data has been well-reported but this article provides more details about how it happened. In the worse case, “personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government”.
“EPIC” fail—how OPM hackers tapped the mother lode of espionage data | Ars Technica.
iOS and OS X attacks are likely to get more frequent as the platform becomes a valuable attack target, just like Windows in the past.
via Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register.
Oh dear. You can’t even trust your photocopiers these days. Spot the difference.
The implications are huge. Imagine what happens if the following happens as a result of your copy getting messed up (excerpt from article):
- Incorrect invoices
- Construction plans with incorrect numbers (as will be shown later in the article) even though they look right
- Other incorrect construction plans, for example for bridges (danger of life may be the result!)
- Incorrect metering of medicine, even worse, I think.
Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel.
How not to release a security patch. Or, don’t take the security community for a fool.
Excellent analysis of the attack against github reported earlier. Great firewall demystified just a little.
Errata Security: Pin-pointing China's attack against GitHub.
Scary how easy it is to gain control over physical building systems.
Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube.
Very good analysis of the current DDoS attack that GitHub is facing, apparently over the hosting of github.com/greatfire and github.com/cn-nytimes, which is used to bypass censorship in China.
