Dennis Fisher talks with Joe Grand of Grand Idea Studio about the design for this year’s DEFCON badge, the secret feature he added that no one has uncovered yet and his research on hacking smart parking meters.
Browsing Tag: Hacking
From The Wall Street Journal (Emily Steel)
On a Saturday night at the end of May, visitors to the forums section of Digital Spy, a British entertainment and media news Web site, were greeted with an ad that loaded malicious software onto their computers. The Web site’s advertising system had been hacked.
A number of such attacks have occurred this year, as perpetrators exploit the complex structure of business relationships in the online advertising, with its numerous middlemen and resellers. Web security experts say they have seen an uptick in the number of ads harboring malware as the economy has soured and publishers, needing to boost their ad revenues, outsource more of their ad-space sales. Read the full story [wsj.com]
From DarkReading (Kelly Jackson Higgins)
Texting just keeps getting riskier: Researchers at next month’s Black Hat USA in Las Vegas will demonstrate newly discovered threats to mobile phone users, as well as release a new iPhone application that tests phones for security flaws.
“We set out to create a graphical SMS auditing app that runs on the iPhone,” says Luis Miras, an independent security researcher. The tool can test any mobile phone, not just the iPhone, for vulnerabilities to specific exploits that use SMS as an attack vector. Read the full story [darkreading.com]
This Google Tech Talk features Michael Steil and Felix Domke discussing the security model of the Microsoft Xbox 360 and how to break it.
From Federal Computer Week (Ben Bain)
Attackers have penetrated a network that the Department of Homeland Security uses to share sensitive information with state and local authorities, gaining access to important, but unclassified, data. The attack began in March and occurred again a few weeks later, according to a report in Federal Computer Week.
From WaPo Security Fix (Brian Krebs)
Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site’s homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents. Read the full story [washingtonpost.com]
Twitter co-founder Biz Stone says the company “takes security very seriously” but the details behind the micro-blogging site’s recent hack shows that Twitter is light years away from having the most basic security controls in place.
From ZDNet (Dancho Danchev)
Yesterday, a French hacker claimed to have gained access to Twitter’s administration panel, and based on the screen shots that he included featuring internal data [zataz.com] for accounts belonging to U.S President Barack Obama, Britney Spears, Ashton Kutcher, and Lily Allen, as well as a detailed overview of different sections behind the scenes of Twitter, his claims [mashable.com] seem pretty legitimate. Read the full story [zdnet.com].
Criminals are willing to pay thousands of euros for a discontinued Nokia mobile phone with a software problem that can be exploited to hack into online bank accounts [cio.com], according to a fraud investigator in the Netherlands.
About 10 days ago, investigators observed someone transfer €25,000 (US$32,413) for a Nokia 1100 phone, said Frank Engelsman of Ultrascan Advanced Global Investigations. The candy-bar style phone is one of Nokia’s all-time best-selling models, and originally sold for under €100. Read the full story [cio.com]
From Computerworld (Gregg Keizer)
Although the media blitz about the Conficker worm prompted a significant number of enterprise users to finally fix a six-month-old Windows bug, about one in five business computers still lack the patch [computerworld.com], a security company said today.
Scans of more than 300,000 Windows PCs owned by customers of Qualys Inc. show that patching of the MS08-067 vulnerability — a bug that Microsoft fixed with an emergency update issued in October 2008 — picked up dramatically two weeks ago. Read the full story. Also see our previous coverage of the Conficker threat.