Tag Archives: False Sense Of Security

TSA remains terrible at securing transportation, internal report shows

Posted on by

“The systematic failures in TSA security checks were consistent across every airport, with auditors seeing 95 percent success rates smuggling bombs and guns into secure areas of airports. The IG found that the TSA does not have adequate monitoring of airport operators to determine if they have properly performed background checks on job applicants, and that criminal histories are rarely documented electronically. That means the TSA is unable to determine with certainty if criminals are gaining access to secured areas of airports.”

http://www.theverge.com/2015/11/5/9672268/TSA-screening-ineffective-homeland-security-report-2015

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

TSA inadvertently shows the dangers of master baggage keys

Posted on by

“Security researchers have long warned of the dangers of using master-keyed locks — if thieves get their hands on just one key, they compromise all of the compatible locks at the same time. And unfortunately, the US’ Transportation Security Administration is learning this lesson the hard way. It briefly let the Washington Post show a photo (we’ve blurred the details) of the master baggage keys it uses for approved locks, giving crooks a crude guide to making duplicates. And you can’t just switch to a non-standard lock to get around this, since TSA agents will rip it off if they catch it during an inspection.”

http://www.engadget.com/2015/08/22/tsa-reveals-master-baggage-keys/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Taxpayers Sue IRS For Illegal Account Access In Data Breach

Posted on by

“The action was filed [after] 330,000 taxpayer accounts were illegally accessed by criminals using the ‘Get Transcript’ application on the IRS web site.  The complaint alleges that the illegal access of the system ‘would have been prevented, had the IRS fixed the known security deficits in its data storage system,’ that IRS security was inadequate despite the fact that IRS ‘knew that cyber-criminals were highly motivated to hack the IRS system in order to steal taxpayer information that has significant value in the black market.’ Finally, the suit says that IRS ‘deliberately and intentionally decided not to implement the security measures needed to prevent the subject data breach.'”

http://www.forbes.com/sites/kellyphillipserb/2015/08/21/taxpayers-sue-irs-for-illegal-account-access-in-data-breach/print/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

IRS: 330K Taxpayers Hit by ‘Get Transcript’ Scam

Posted on by

“The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015 — two months after KrebsOnSecurity first raised alarms about the weakness. The IRS’s experience should tell consumers something about the effectiveness of the technology that the IRS, banks and countless other organizations use to screen requests for sensitive information.”

http://krebsonsecurity.com/2015/08/irs-330k-taxpayers-hit-by-get-transcript-scam/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hackers turn Square reader into card skimmer in under 10 minutes

Posted on by

“Square created their tiny, portable card reader to revolutionize the credit card processing business. As it turns out, they may have unwittingly revolutionized card skimming, too.  Researchers Alexandrea Mellen  and John Moore were on hand at this year’s Black Hat conference demonstrating that it only takes 10 minutes to turn an ordinary Square reader into a portable skimmer. It simply requires very little work, and a high level of skill isn’t needed to pull it off. All the duo had to do to hack the reader was to solder in a short length of wire to bypass Square’s built-in encryption chip. Once the wire is in place, the reader can then slurp up and spit out credit card swipe data in the clear.”

http://www.geek.com/mobile/hackers-turn-square-reader-into-card-skimmer-in-under-10-minutes-1630512/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Stagefright Patch Incomplete Leaving Android Devices Still Exposed

Posted on by

“Google today released to open source a new patch for the infamous Stagefright vulnerability found in 950 million Android devices after researchers at Exodus Intelligence discovered the original patch was incomplete and Android devices remain exposed to attack.  The original four-line code fix for CVE-2015-3824, one of several patches submitted by researcher Joshua Drake of Zimperium Mobile Security’s zLabs who discovered the flaw in Stagefright, still leads to a crash and device takeover.  The vulnerabilities affect Android devices going back to version 2.2; newer versions of Android have built-in mitigations such as ASLR that lessen the effects of Stagefright exploits.”

https://threatpost.com/stagefright-patch-incomplete-leaving-android-devices-still-exposed/114267

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Another day, another stunning security flaw in Android

Posted on by

“Fresh from sorting out the Stagefright flaw, Google has another serious security vulnerability in Android on its hands.  A privilege escalation hole allows normal apps to gain superpowers to snoop on a device’s owner, smuggle in malware, and wreak other havoc.  The vulnerability, CVE-2015-3825, affects about 55 per cent of Android handsets – basically version 4.3 and above, as well as the current build of Android M.  Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.”

http://www.theregister.co.uk/2015/08/10/another_android_flaw_hitting_55_percent_handsets/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Electronic car lock hack revealed after 2-year injunction by Volkswagen

Posted on by

“In 2012, researchers at Radboud University in the Netherlands discovered a security flaw in a common automotive security chip used in theft prevention by Volkswagen, Audi, Fiat, Honda, and Volvo vehicles. But after they disclosed their results to the auto manufacturers—a full nine months before they planned to publish them—the automakers sued to keep them quiet.  Today, that suppressed paper is finally being presented at the USENIX security conference in Washington, DC.  The list of impacted cars includes vehicles from Volkswagen’s Porsche, Audi, Bentley, and Lamborghini brands.”

http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Gone in Less Than a Second

Posted on by

“Do not let Samy Kamkar near your car.  Kamkar has built a new device that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors. The device can be hidden underneath a vehicle and when the owner approaches and hits the unlock button on her key or remote, the device grabs the unique code sent by the remote and stores it for later use.  The device is built from about $30 in hardware, Kamkar said, and he plans to reveal more details about it at DEF CON here Friday. The attack he developed also works on garage door openers that use rolling codes.”

https://threatpost.com/gone-in-less-than-a-second/114154

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hacking ring made $100M trading by stealing corporate press releases

Posted on by

“An international web of hackers and traders made $100 million on Wall Street by stealing a look at corporate press releases before they went out and then trading on that information ahead of the pack, federal authorities charged Tuesday.  Authorities said it was the biggest scheme of its kind ever prosecuted, and one that demonstrated another alarming vulnerability in the financial system in this age of increasingly sophisticated cybercrime.  In a 21st-century twist on insider trading, the hackers broke into the computers of some of the biggest business newswire services, which put out earnings announcements and other press releases for a multitude of corporations.”

http://www.usnews.com/news/business/articles/2015/08/11/feds-group-made-30m-with-hacked-press-release-info

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet