Monthly Archives: August 2015

Corvette’s brakes wirelessly hacked through an insurance dongle

Posted on by

“Researchers at the University of California at San Diego have found a way to wirelessly hack thousands of vehicles by exploiting the on-board diagnostics (or OBD) devices that insurance companies use to monitor speed and location. In a video posted to YouTube (seen above), they were able to activate the windshield wipers and engage or disengage the brakes of a 2013 model Corvette by sending an SMS message to the OBD dongle’s cellular radio. The OBD attack isn’t limited to just Corvettes, or Chevrolets for that matter. The researchers also told Wired that the hack could be modified to grant access to other systems like the locks, steering, and transmission of most modern vehicles.”

http://www.theverge.com/2015/8/11/9130203/wireless-hack-corvette-brakes-insurance-dongle

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Stagefright Patch Incomplete Leaving Android Devices Still Exposed

Posted on by

“Google today released to open source a new patch for the infamous Stagefright vulnerability found in 950 million Android devices after researchers at Exodus Intelligence discovered the original patch was incomplete and Android devices remain exposed to attack.  The original four-line code fix for CVE-2015-3824, one of several patches submitted by researcher Joshua Drake of Zimperium Mobile Security’s zLabs who discovered the flaw in Stagefright, still leads to a crash and device takeover.  The vulnerabilities affect Android devices going back to version 2.2; newer versions of Android have built-in mitigations such as ASLR that lessen the effects of Stagefright exploits.”

https://threatpost.com/stagefright-patch-incomplete-leaving-android-devices-still-exposed/114267

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Another day, another stunning security flaw in Android

Posted on by

“Fresh from sorting out the Stagefright flaw, Google has another serious security vulnerability in Android on its hands.  A privilege escalation hole allows normal apps to gain superpowers to snoop on a device’s owner, smuggle in malware, and wreak other havoc.  The vulnerability, CVE-2015-3825, affects about 55 per cent of Android handsets – basically version 4.3 and above, as well as the current build of Android M.  Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.”

http://www.theregister.co.uk/2015/08/10/another_android_flaw_hitting_55_percent_handsets/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

All Android operating systems infringe Java API packages, Oracle says

Posted on by

“The ongoing legal saga known as the Oracle-Google copyright battle took a huge leap Wednesday when Oracle claimed the last six Android operating systems are ‘infringing Oracle’s copyrights in the Java platform.’  That’s according to the latest paperwork (PDF) Oracle filed in the five-year-old closely watched case that so far has resulted in the determination that Application Programming Interfaces (APIs) are, indeed, copyrightable. Its suit, which had been mired in litigation and appeals, now names Android operating systems Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat, and Lollipop. These are the operating systems that came after Froyo, when the suit was filed in 2010.”

http://arstechnica.com/tech-policy/2015/08/all-android-operating-systems-infringe-java-api-packages-oracle-says/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Oracle security chief to customers: Stop checking our code for vulnerabilities

Posted on by

“Oracle’s chief security officer is tired of customers performing their own security tests on Oracle software, and she’s not going to take it anymore. That was the message of a post she made to her corporate blog on August 10—a post that has since been taken down.  Perhaps thinking that all the security researchers in the world were busy recovering from Black Hat and DEF CON and would be somehow more pliant to her earnest message, Mary Ann Davidson wrote a stern message to customers entitled ‘No, You Really Can’t‘.  Davidson scolded customers who performed their own security analyses of code, calling it reverse engineering and a violation of Oracle’s software licensing.”

http://arstechnica.com/information-technology/2015/08/oracle-security-chief-to-customers-stop-checking-our-code-for-vulnerabilities/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Electronic car lock hack revealed after 2-year injunction by Volkswagen

Posted on by

“In 2012, researchers at Radboud University in the Netherlands discovered a security flaw in a common automotive security chip used in theft prevention by Volkswagen, Audi, Fiat, Honda, and Volvo vehicles. But after they disclosed their results to the auto manufacturers—a full nine months before they planned to publish them—the automakers sued to keep them quiet.  Today, that suppressed paper is finally being presented at the USENIX security conference in Washington, DC.  The list of impacted cars includes vehicles from Volkswagen’s Porsche, Audi, Bentley, and Lamborghini brands.”

http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Gone in Less Than a Second

Posted on by

“Do not let Samy Kamkar near your car.  Kamkar has built a new device that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors. The device can be hidden underneath a vehicle and when the owner approaches and hits the unlock button on her key or remote, the device grabs the unique code sent by the remote and stores it for later use.  The device is built from about $30 in hardware, Kamkar said, and he plans to reveal more details about it at DEF CON here Friday. The attack he developed also works on garage door openers that use rolling codes.”

https://threatpost.com/gone-in-less-than-a-second/114154

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Power Metals CD launched with exposure to gold, silver, copper

Posted on by

EverBank announced the launch of the five-year MarketSafe Power Metals CD, which combines the market potential of gold, silver and copper. This U.S. dollar-denominated CD offers 100-percent principal protection, and the ability to earn up to a 45% capped upside payment at maturity if the metals increase in value across annual pricing dates.  EverBank created the FDIC-insured Power Metals CD for individuals interested in exposure to valuable metals, but concerned about the obvious risk. The CD launched June 11, 2015.  EverBank’s MarketSafe Power Metals has a minimum deposit of $1,500 and no monthly account fee. Returns are based on CD performance.”

http://www.marketwatch.com/story/everbank-launches-marketsafe-power-metalssm-cd-2015-06-12

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hedge fund mogul Paulson: Gold is now ‘fairly valued’

Posted on by

“Billionaire hedge fund manager John Paulson, one of the world’s most influential gold investors, said on Friday that the metal is now at an appropriate price level, following last week’s rout that dragged prices to five-year lows.  Paulson, in his first public comments since the recent price crash, said his firm, Paulson & Co. Inc., has retained a 10 million share stake, now worth about $1 billion, in SPDR Gold Trust, which tracks the price of gold.  More than $500 million of gold futures were dumped in last week’s sudden selloff. Paulson’s view on gold has been closely followed ever since he earned roughly $5 billion on a bet on the metal in 2010.”

http://www.reuters.com/article/2015/07/31/us-hedgefunds-paulson-gold-idUSKCN0Q52LL20150731

http://www.reuters.com/article/2015/07/31/us-hedgefunds-paulson-gold-idUSKCN0Q52LL20150731

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hacking ring made $100M trading by stealing corporate press releases

Posted on by

“An international web of hackers and traders made $100 million on Wall Street by stealing a look at corporate press releases before they went out and then trading on that information ahead of the pack, federal authorities charged Tuesday.  Authorities said it was the biggest scheme of its kind ever prosecuted, and one that demonstrated another alarming vulnerability in the financial system in this age of increasingly sophisticated cybercrime.  In a 21st-century twist on insider trading, the hackers broke into the computers of some of the biggest business newswire services, which put out earnings announcements and other press releases for a multitude of corporations.”

http://www.usnews.com/news/business/articles/2015/08/11/feds-group-made-30m-with-hacked-press-release-info

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet