Browsing Author: Paul Roberts

Slideshow: How to Avoid Getting Hacked While Traveling

VIEW SLIDESHOW How to Avoid Getting Hacked While TravelingResearcher Justin Morehouse has logged more than 100,000 miles to eight countries in the last year. His message: business travelers are at greater risk of being hacked than ever before, especially when it comes to smart phones and tablets. Now the security expert has distilled his research and first-hand experiences into some sage advice for travelling executives and VIPs. Here are eight ways you can protect yourself abroad.

Read more...

Interview: Android Engineered To Enable Data Harvesting

[img_assist|nid=10979|title=Paul Brodeur|desc=|link=none|align=right|width=100|height=100]We wrote yesterday about research by Paul Brodeur of Leviathan Security Group on security weaknesses that are built into Google’s Android mobile operating system. Brodeur was able to show, using a proof of concept application, that Android applications without any permissions can still access files used by other applications, including which applications are installed and a list of any readable files used by those applications. In this question and answer session, Brodeur corresponds with Threatpost about his ongoing work studying the Android operating system, and how a combination of loose application coding and insecure design makes Google’s Android a boon for advertisers and others who want to harvest data on mobile users.* 

Read more...

Executives Abroad May Get Owned Before They’re Off The Tarmac

[img_assist|nid=10958|title=Justin Morehouse|desc=|link=none|align=right|width=100|height=100]Corporate executives and other high value employees traveling abroad need to be on guard for attempts to compromise their mobile devices, and could even have their mobile phone compromised before they even disembark the plane following their arrival, according to security researcher Justin Morehouse. A thirst for intellectual property and trade secrets, and a bugeoning market of sophisticated mobile surveillance tools means that executives need to begin thinking and acting like spies in order to avoid being spied upon themselves, according to a presentation at the OWASP AppSec DC 2012 conference in Washington DC on Thursday.

Read more...

Project Basecamp Adds Stuxnet-type Attack Module to Metasploit

UPDATE: Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers (PLCs). The new exploits, which are being submitted to the Metasploit open platform, include one that carries out a Stuxnet-type attack on programmable logic controllers made by the firm Schneider Electric, according to information provided to Threatpost by Digital Bond, a private consulting firm that has sponsored the effort.

Read more...

Arms Race In Zero Days Spells Trouble For Privacy, Public Safety

Editor’s Note: This is the second of a two-part podcast with independent security researcher Chris Soghoian. In the first part of our podcast with independent security researcher Chris Soghoian, we talked about the way that the proliferation of “free” applications have forced consumers into the position of increasingly trading privacy for access to cool new Web sites and tools.

Read more...