This is an amazing hardware+software hack. Next time you’re using a wireless keyboard, think where all the signals might be going.
KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
An alarmist or realist view of where society is headed in terms of increasing loss of privacy and control? Read and judge for yourself.
This is another instance where damage is no longer limited to the digital world.
Cyberattack on German steel factory causes 'massive damage' | ITworld.
This is probably the most invasive hack of 2014. It has resulted in Sony canning the movie just before release. A big win for cyber-terrorists? Is this model of data terrorism going to be emulated for future hack attacks? Only time will tell.
Bruce Schneier: Sony Hackers 'Completely Owned This Company' | Motherboard.
Humorously written article of how to hijack Facebook+Tinder sessions if someone left their machine unlocked while away. Then again, if you had physical access there are other means of getting what you want.
Fun with your friend's Facebook and Tinder sessions | Robert Heaton.
It’s amazing how advanced the online ads business have gotten. This is the current state as of 2014. I’m sure it will evolve even more as we progress (or some will say regress).
How browsers get to know you in milliseconds – O'Reilly Radar.
This falls under the category of uncommon hardware hacks. Increasingly, people are realizing that there are many places that could be compromised, like your USB firmware, SIM card, mobile baseband, and now hard disk firmware. Fascinating and scary at the same time, ‘cos it could lead to undetectable compromises.
Fascinating story of Duqu, the successor (or predecessor?) of Stuxnet.
The Digital Hunt for Duqu, a Dangerous and Cunning U.S.-Israeli Spy Virus – The Intercept.
Another serious data breach. This is getting more common, though that certainly doesn’t mean it should be treated as such. The industry has to get used to responding to such security breaches.
JPMorgan Says Data Breach Affected 76 Million Households – Bloomberg.
oss-sec: CVE-2014-6271: remote code execution through bash.
This is serious. Bash is the default shell used by most *nix users. Lots of public web servers out there will be vulnerable if not updated. Someone could write an exploit that infects one machine and turn that machine into an agent for infecting others.
Update (2014-09-25): Ok it is happening.
Update (2014-09-26): Everything you need to know about the Shellshock Bash bug
The headlines state everything through 4.3 or in other words, about 25 years’ worth of Bash versions
Update (2014-10-07): Winzip and possibly Yahoo has been compromised