Tag Archives: Security

Another day, another stunning security flaw in Android

Posted on by

“Fresh from sorting out the Stagefright flaw, Google has another serious security vulnerability in Android on its hands.  A privilege escalation hole allows normal apps to gain superpowers to snoop on a device’s owner, smuggle in malware, and wreak other havoc.  The vulnerability, CVE-2015-3825, affects about 55 per cent of Android handsets – basically version 4.3 and above, as well as the current build of Android M.  Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.”

http://www.theregister.co.uk/2015/08/10/another_android_flaw_hitting_55_percent_handsets/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Oracle security chief to customers: Stop checking our code for vulnerabilities

Posted on by

“Oracle’s chief security officer is tired of customers performing their own security tests on Oracle software, and she’s not going to take it anymore. That was the message of a post she made to her corporate blog on August 10—a post that has since been taken down.  Perhaps thinking that all the security researchers in the world were busy recovering from Black Hat and DEF CON and would be somehow more pliant to her earnest message, Mary Ann Davidson wrote a stern message to customers entitled ‘No, You Really Can’t‘.  Davidson scolded customers who performed their own security analyses of code, calling it reverse engineering and a violation of Oracle’s software licensing.”

http://arstechnica.com/information-technology/2015/08/oracle-security-chief-to-customers-stop-checking-our-code-for-vulnerabilities/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Electronic car lock hack revealed after 2-year injunction by Volkswagen

Posted on by

“In 2012, researchers at Radboud University in the Netherlands discovered a security flaw in a common automotive security chip used in theft prevention by Volkswagen, Audi, Fiat, Honda, and Volvo vehicles. But after they disclosed their results to the auto manufacturers—a full nine months before they planned to publish them—the automakers sued to keep them quiet.  Today, that suppressed paper is finally being presented at the USENIX security conference in Washington, DC.  The list of impacted cars includes vehicles from Volkswagen’s Porsche, Audi, Bentley, and Lamborghini brands.”

http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Gone in Less Than a Second

Posted on by

“Do not let Samy Kamkar near your car.  Kamkar has built a new device that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors. The device can be hidden underneath a vehicle and when the owner approaches and hits the unlock button on her key or remote, the device grabs the unique code sent by the remote and stores it for later use.  The device is built from about $30 in hardware, Kamkar said, and he plans to reveal more details about it at DEF CON here Friday. The attack he developed also works on garage door openers that use rolling codes.”

https://threatpost.com/gone-in-less-than-a-second/114154

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hacking ring made $100M trading by stealing corporate press releases

Posted on by

“An international web of hackers and traders made $100 million on Wall Street by stealing a look at corporate press releases before they went out and then trading on that information ahead of the pack, federal authorities charged Tuesday.  Authorities said it was the biggest scheme of its kind ever prosecuted, and one that demonstrated another alarming vulnerability in the financial system in this age of increasingly sophisticated cybercrime.  In a 21st-century twist on insider trading, the hackers broke into the computers of some of the biggest business newswire services, which put out earnings announcements and other press releases for a multitude of corporations.”

http://www.usnews.com/news/business/articles/2015/08/11/feds-group-made-30m-with-hacked-press-release-info

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Could Shapeshifting ‘Material Support’ Doctrine Take A Bite Out Of Apple?

Posted on by

“Recently, Congress, the administration, and pundits have not been shy about threatening to use material support against social media companies like Twitter. Wittes and Bedell reason, it’s not a great leap to see how a judge would find Apple equally guilty.  Apple would violate the law, the two write, if it continued to provide its encrypted services to a customer after the FBI has served a warrant for the customers’ communications.  Wittes and Bedell argue that ‘the sale of an encrypted phone by a major company to the general public cannot plausibly constitute material support for terrorism.’  We’re not so sure.”

http://www.defendingdissent.org/now/news/shapeshifting-material-support-apple/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Firefox PDF exploit found in the wild

Posted on by

“An advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.  The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy’) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.  The exploit leaves no trace it has been run on the local machine.”

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Over 4.5m records exposed as UCLA Health and CVS Health’s photo service hacked

Posted on by

University of California (UCLA) Health, which runs four hospitals, and drug retailer CVS Health’s photo service had millions of individuals’ private records exposed in a recent cyberattack, reports Reuters.  UCLA Health said that hackers breached its network on May 5, and had accessed systems that contained personal information on about 4.5 million patients and healthcare providers. On-going investigations have shown that attackers may have gained access as early as September 2014.  CVSPhoto, which offers photo printing services, noted that customer credit card information collected by an independent vendor that manages its site, may have been compromised.”

http://thenextweb.com/insider/2015/07/18/over-4-5m-records-exposed-as-ucla-health-and-cvs-healths-photo-service-hacked/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Tesla’s first big vulnerability requires physical access to the car

Posted on by

“The good news for Tesla drivers is that the attack requires physical access — Rogers and Mahaffey had to physically plug into the car’s onboard ethernet port — so it’s unlikely to be exploited at scale. Even when the remote shut down is successfully executed, the result isn’t as dangerous as it might be. When the Model S shuts down at low speeds, the parking brake is automatically engaged; at higher speeds, the car shifts into neutral, allowing the driver to steer it off the road without an abrupt stop.  Tesla has been working quickly to patch the vulnerabilities and has said it’s pushing out a full over-the-air patch to the bug later today, leaving almost no time for the bug to be exploited.”

http://www.theverge.com/2015/8/6/9108059/teslas-vulnerability-model-s-hacked

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Drone drops drugs into Ohio prison yard, inmate brawl ensues

Posted on by

“It’s not quite the drone-delivery business model that Amazon is planning to offer.  But a drone carrying heroin, marijuana, and tobacco dropped its payload over a prison yard crowded with inmates, causing a brief melee before authorities stamped out the brawl with pepper spray, according to ODRC.  Local media reported Tuesday that the July 29 melee at the Mansfield Correctional Institution began moments after a drone let loose with the goods. At least nine inmates began fighting over the package while other inmates rushed toward the brawl.  None of the inmates are believed to have gotten away with the 65.4 grams of marijuana, 6.6 grams of heroin and 144.5 grams of tobacco.”

http://arstechnica.com/tech-policy/2015/08/drone-drops-drugs-into-ohio-prison-yard-inmate-brawl-ensues/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet