The term hack-proof is one that people have thrown around for some time. It is one of those phrases like NSA-Proof or malware proof that really do not mean what they should mean. However, it is certainly meant to mean that the technology in question is resistant to the majority of known (important word there) attacks. It is important to mention this definition as we start talking about the announcement that MIT and Texas Instruments have developed a new “hack-proof” RFID chip.
Norse Corp, famous for their live attack map and Viking based parties at Black Hat, could be having some financial issues. At least that is the word from researcher Brian Krebs. Over the last couple of weeks they have laid off 30% of their staff and let their CEO go. Neither of the occurrences is good news for a company that is relatively new (Norse was founded in 2010). The basis of the business was to provide a nimble product that would allow for better threat tracking and blocking. Everything was centered on the use of live information to help prevent and mitigate attacks.
One cool thing about working in IT is that things are very predictable. You generally know how a system or application will react if you do this or that to it. This is how people find and use exploits in software and even hardware. You look at how an application works and identify ways you can use those processes against it. It is like digital judo. However, what many people do not really get is that this also works when setting up a larger organization for an attack. If you can track how they will respond to a particular threat, you can use it against them in very interesting ways.
It seems that the stars might finally align to remove one of the largest security holes in the history of… well history itself. Oracle is announcing that it is finally getting rid of the Java Browser Plug-in… sometime. According to a blog post on the Oracle page they are aware that most (if not all) browsers are already blocking plug-ins like the one in the Java Runtime Environment. These are for security, stability and performance, and really should have been done a long time ago. Over the last few years the Java browser plug-in (along with Flash) has been the vector of choice for many web-based attacks.
In the fast paced and insanely stupid argument between privacy advocates and national security advocates we often hear how we need to give up one or the other. The security guys say that privacy will block criminal activity so we need to give up some of that. On the other side the Privacy gang feels that giving up privacy is only hurting the people that are not doing anything wrong. They also feel it has an impact on free speech and limits discourse. What neither side is getting is that they both are right. Strong privacy protections and encryption allow for better and more secure communication. The complement each other in a way that no one seems to get.
You have to love how easy it is to find information out in the wilds of the internet. In the last couple of weeks a number of cloud-databases have been found to be leaking data to the interment due to an almost total lack of security. The latest one seems to be a group of 191… Million voters in the US. Yup, if you have voted in any election since 2000 your personal information is out there on the open internet. The information that is out contains names, addresses, party affiliation and voter ID numbers… it is not as bad as it could be, but it is still bad.
Juniper has acknowledged that “unauthorized code” was somehow inserted into their ScreenOS. The code appears to have been around since at least 2012 which means that it went unnoticed during multiple code updates, patches and even full version updates. Although the code was buried deep in cores parts of the OS it still should have been noticed during at least one update over the last three years.
You know that awkward moment when your security company actually fails and ends up exposing your data? Well that is happening for a, less than loved, Mac application called MacKeeper. It seems that they forgot all about data management and security. Now, that being said MacKeeper and the developer, Kromtech Alliance, are not know as a wonderful application in the Mac world. For the most part they are known as something to be avoided, but that does not mean that people have not bought and installed their software.
The average GPU is a pretty powerful computational device. The highly parallel design and efficient memory structure means that you can execute operations at a rate that puts most CPUs to shame. With the advent of Cuda and OpenCL the door was opened for developers to push workloads to the GPU and get back some pretty nice returns. Microsoft and many others joined in and began making access to the GPU simpler starting with DirectX 10.
When things are not quite right you always hope for that “ah-ha” moment when everyone realizes the issue and will actually begin to work on a solution. For connected devices we have been hoping for that since they were first introduced and are still waiting for the industry to have that moment. We thought that perhaps it would happen when a host of connected cameras were compromised allowing people to spy on and even talk to children that were being monitored by them. However, while the hole was covered up with tape (not really fixed) there was no general outcry to have these connected devices secure properly.