Archive for the ‘Uncategorized’ Category
Tuesday, July 27th, 2010
At the Black Hat conference in Las Vegas this month, a group of highly accomplished hackers-turned-security researchers will converge to show off their latest discoveries and to share their findings with the development community. Among them will be Craig Heffner, who plans to unveil a flaw in consumer routers that could expose ‘millions’ of home networks to hackers.
“The sleight of hand discovered by Heffner involves establishing an attack site which runs malicious script that means a visitor’s own IP address is presented as one of the site’s alternative IP addresses, thereby granting a trusted status to a malign site. Modern browsers are designed to block earlier types of such attacks but not with this particular scenario, for reasons Heffner is due to explain at Black Hat.”
Present in a variety of router models by companies such as Linksys, Belkin and Dell, the flaw is a vulnerability to a classic hacking technique called DNS rebinding, in which hackers use malicious code to “trick” a device into controlling it. While Heffner’s discussion will hopefully include preventative measures for the manufacturers of these routers, there is currently a list of vulnerable kits and sensible workarounds to address this flaw at Notebooks.com.
Tags: hack, network, router
Posted in Uncategorized | No Comments »
Monday, July 26th, 2010
The number of software vulnerabilities found in the first half of 2010 has nearly eclipsed last year’s total figure, and topping the list are machines running Apple operating systems, according to a new report by security firm Secunia. Studies were conducted on PCs equipped with a standard set of third-party software applications and across multiple operating systems.
Apple ranks first, ahead of runner-up Oracle, and Microsoft in the number of security bugs found in all their products in 1H 2010. During the first six months of 2010, Secunia logged 380 vulnerabilities within the top-50 most prevalent packages on typical end-user PCs, or 89 per cent of the figure for the entire year of 2009.
This is the first time since 2005 that Apple has topped the list of vendors in Secunia’s yearly security vulnerability report. According to Secunia, the rising number of total vulnerabilities can be partially attributed to the wide variety of mechanisms required to keep software updates current. Additionally, more risks were found in systems with a higher number of third-party applications installed.
Tags: apple, security
Posted in Uncategorized | No Comments »
Sunday, July 25th, 2010
Mocana today announced that Good Technology has licensed its NanoCrypto cryptographic engine for use on supported mobile platforms, including iOS, Android, Symbian, Windows Mobile, and Palm webOS. Good for Enterprise enables IT administrators to easily define and distribute configuration profiles and enforce compliance policies for devices using the web-based Good Mobile Control console. With solutions that combine a great user experience with the tools that IT needs to manage and protect its mobile enterprise, Good Technology will implement Mocana’s NanoCrypto as their universal security client, protecting against increasingly sophisticated attacks directed specifically at non-PC smart devices.
Good Technology–whose solutions can be found in some of the most sensitive government and business settings–needed a portable, universal crypto solution and the proven expertise of a smart device security leader. They chose Mocana. NanoCrypto is Mocana’s super-fast, super-small, government-certified cryptographic engine, purpose-built for the entire ecosystem of smart devices, of which smartphones are just one category.
Click here to view the full press release.
Tags: android, cryptography, enterprise, good technology, iOS, iphone, mobile, security, symbian, windows mobile
Posted in Uncategorized | No Comments »
Thursday, July 22nd, 2010
Move over, Sputnik—Now anyone can put a satellite in orbit. At least, that’s the claim of Interorbital Systems, previously a research and development firm and spacecraft manufacturer. Interorbital is now offering what seems to be a true first—TubeSat, a DIY satellite kit with an $8,000 price tag that includes putting said satellite in orbit. Here are some of the specs, according to Wired.com:
“TubeSat is different because it lets and hobbyist engineers and astronomers build the satellite themselves. Each TubeSat kit includes the satellite’s structural components, a printed circuit board, Gerber files (essentially blueprints), electronic components, solar cells, batteries, transceiver, antennas, microcomputer and some programming tools.”
Once TubeSat has been assembled, it is returned to Interorbital and scheduled for flight into space, with the first launch currently scheduled for Winter 2010. It’s yet to be seen whether the do-it-yourself kits will hold up during the rigorous launch, but for their money customers are offered a second chance for free should the first attempt fail.
Tags: diy, satellite, tubesat
Posted in Uncategorized | No Comments »
Wednesday, July 21st, 2010
Whether you’re new to the smart grid concept, a developer looking for technical documentation, or involved in any aspect of planning for the grid, there is now a central online resource for information on all things “smart grid”. The Smart Grid Information Clearinghouse (SGIC) will officially go live in Fall 2010, but for the time being it’s available publicly in beta form:
“It is envisioned that the SGIC portal will be the essential gateway that connects the smart grid community to the relevant sources of information that are currently scattered and distributed on the worldwide web. The portal will also direct its users to other pertinent sources or databases for additional data, case studies, etc. It will serve as a decision support tool for both state and federal regulators in their deliberations for rule-making and evaluating the impact of their investments in the smart grid technologies and software.”
This site will likely prove to be an invaluable reference library for those involved in any aspect of the smart grid, with information available on a wide variety of subjects all aimed at providing awareness and furthering the development of the smart grid community.
Tags: security, smart grid security, smart meter
Posted in Uncategorized | No Comments »
Tuesday, July 20th, 2010
As mobile devices continue to pull ahead of PCs in widespread connectivity, a new emphasis on security has been embraced by the development community. In line with this recent trend come two new major upgrades from prominent mobile players Google and Research In Motion.
Earlier this week, Google unveiled new device management features for its Google Apps suite aimed at the enforced use of data encryption and password security. Implemented for a variety of platforms such as Windows Mobile, iPhone, and Nokia Series E, the Apps will now wipe passwords after a series of failed attempts, mandate new passwords periodically and automatically trash old passwords. These changes will also reach Google’s own Android platform later this year.
Similarly, Research In Motion introduced an upgrade for its BlackBerry smartphones that targets enterprise use. Included in its 7th release of BlackBerry Enterprise Server Version 5.0.2 is the new Individual-Liable Devices Policy, which enables segregation of corporate and personal BlackBerry use. The new revision also enables remote wiping of corporate data.
Tags: app, blackberry, devices, google, iphone, mobile, security, smartphone
Posted in Uncategorized | No Comments »
Monday, July 19th, 2010
Commonly regarded as a more tweak-friendly alternative to Apple’s iPhone OS, Google’s Android OS has carved out a loyal market niche among power mobile users looking to get tricky with their smartphones as well as developers of third party apps that wouldn’t make the cut on Apple’s more stringent App Store. But those who love Android phones for their tweakability may want to think twice before shelling out for Motorola’s Droid X, the new flagship phone released today.
As reported by Venturebeat, the new Droid phone contains “eFuse” technology designed to render itself inoperable, should the smartphone be user-modified.
[eFuse] runs when the phone boots up, and it checks to make sure that the phone’s firmware, kernel information, and bootloader are legit before it actually lets you use the device….If the eFuse failes [sic] to verify this information then the eFuse receives a command to “blow the fuse” or “trip the fuse”. This results in the booting process becoming corrupted and resulting in a permanent bricking of the Phone. This FailSafe is activated anytime the bootloader is tampered with or any of the above three parts of the phone has been tampered with.
Motorola insists that eFuse is a customer-focused security measure that helps to protect user data.
Tags: android, app, apple, droid, google, hack, iphone, mobile, security
Posted in Uncategorized | 1 Comment »
Sunday, July 18th, 2010
A recent article in The New York Times looks at a number of new technologies that use ambient radio waves to provide power for wireless, low-power devices and sensors. Harnessing waves from everything in the air — cellphone antennas, radio stations, TV towers, WiFi transmitters — these new technologies are using otherwise wasted energy to power a wide range of low-power sensors.
At Intel, Dr. [Joshua] Smith, working with the researcher Alanson Sample of the University of Washington, created an electronic “harvester” of ambient radio waves. It collects enough energy from a TV station broadcasting about 2.5 miles from the lab to run a temperature and humidity sensor.
The device collects enough power to produce about 50 microwatts of DC power, Dr. Smith said. That is enough for many sensing and computing jobs…. The power consumption of a typical solar-powered calculator, for example, is only about 5 microwatts…and that of a typical digital thermometer with a liquid crystal display is one microwatt.
Dr. Smith and his colleagues have built a second device, powered by radio waves, that collects signals from an outdoor weather station and transmits them to an indoor display. The unit can accumulate enough energy to send an updated temperature every five seconds.
Thanks to the virtually endless supply of radio waves in the air, these technologies could soon create wireless devices that can run continuously on an endless power supply — battery-free.
Tags: radio waves, security, wifi, wireless
Posted in Uncategorized | No Comments »
Thursday, July 15th, 2010
Network service provider Ericsson announced Thursday, July 8th that the number of mobile subscriptions active worldwide has reached 5 billion. The recent surge in mobile usage, which include both basic cellular phones and “smart” devices, has been attributed to growth in emerging markets such as China and India.
Ericsson reports that mobile broadband subscriptions are also growing at a rapid pace, and are expected to reach over 3 billion by 2015, a massive increase from the 360 million subscriptions active in 2009. Experts now believe that soon 80% of all people connecting to the internet will doing so from a mobile device.
Tags: devices, internet of things, mobile, security
Posted in Uncategorized | No Comments »
Wednesday, July 14th, 2010
Have you received an unusual amount of strange phone calls on a mobile or land line recently? If so, you should be aware of a scam that uses automated phone calls to gain access to users’ accounts, leaving its victims with drained bank accounts. It’s a rare example of Telephony Denial of Service (TDOS) attacks being used directly against consumers.
The FBI website describes the phony phone call scheme:
During these TDOS attacks, online trading and other money management accounts are being accessed by the perpetrators who are transferring funds out of those accounts. The perpetrators will obtain account information of their victims in some way and then contact the financial institutions to change their victims’ profile information such as email addresses, telephone numbers and bank account numbers. The purpose of the malicious phone calls is to occupy the victim phone numbers on record with the financial institutions managing the accounts so that when the institutions contact the victim to verify the changes and transactions, the institution is unable to reach the victim. Consequently, the victim has no idea what has really transpired until it’s too late.
The calls, typically made in such a volume as to overwhelm the targeted line, can be identified as dead air (silence on the other end), an ‘innocuous recorded message’, advertisement or even a phony telephone sex menu. The FBI recommends anyone who suspects they may be the target of such an attack should contact their telephone service provider in addition to alerting their financial institutions.
Tags: FBI, scam, security, tdos
Posted in Uncategorized | No Comments »
