Displaying items by tag: Hacking

A couple of days ago we posted a story about a group of developers that complained to Valve about their lack of a Bug Bounty. In their complaint was an inference that having a form of reward would make people want to identify and report bugs and exploits in a timely manner. On the surface that would seem to make sense, but there is a flip side to this line of thinking. There will also be times when people will wait to report something to ensure they get the most money out of their efforts.

There is a lot of information flying around the internet about security this month. Much of this is due to the looming Black Hat and DEF CON conferences that kick off in August. While many of the articles hitting the net are malware centric we are hearing about a few more that punch more than a few holes in the security of some very popular devices. We have seen Blackberry poke at Samsung and their Knox secure phone layer and vice versa. The biggest one that we have seen is the 58 page document published by security expert Jonathan Zdiarski about the iPhone.

Point of Sale Terminals are a new target for malicious individuals. At least this is a trend that many security researchers are seeing over the last few months. These systems can be a treasure trove of information for someone looking to make some quick money. On top of that most are designed with simple and generic logons to make use easier. This is a common flaw with many Windows based POS systems, yet the trend continues.

Our first bit of news this morning is a piece about the SEA (Syrian Electronic Army) hacking into an ad plug-in (widget) on the Reuters new page that allowed them to redirect readers to new landing pages. Now, while the hack is serious, at the time of this writing it does not appear there was any additional payload pushed out to end users. All that happened was readers looking for news stories were redirected to a new page that slammed western media.

Over the course of the years you have read many (many, many) articles about security. These articles have ranged from details on specific breaches to general security information. One of the big areas that we cover is the lack of motivation to maintain proper security in the cloud and also on the internet. We have talked at length about the way many businesses treat security from a planning view or even in the face of a real threat.

A common feature in today’s society is the cat. We see them all over the internet and when we chose to go outside we see them in our neighborhoods. What would happen if someone mobilized that arm of felines to do their bidding? I am not talking about mind control or a real army of cats here. Instead I am talking about simply outfitting some of these animals to collect WiFi data and report back. Think this is crazy? Well if someone can do it with a Google Street view car, why not with an animal as small and inconspicuous as a cat.

There is an interesting story that is making the rounds on the internet that relates to Synology NAS devices, but so far has not really gotten the right press coverage. As with many things, the rush to get the story out often means a lack of data to properly cover the incident. In the case of the Synology boxes that were taken over to mine dodge coin this appears to be the case. So with that in mind let’s take a look at the story as it transpired.

Remember when we told you about the first ransomware for Android? No? Oh ok so let’s give you a quick background. Not that long ago some enterprising person came up with a way to use the locking portion of Find my iPhone to lock a number of iPhones in Australia. This started a number of rumors about the spread of this new threat to the iPhone including one that claimed iCloud had been hacked. In the end the number of locked phones was much smaller than reported and the users were able to get their phones back without paying out the relatively small ransom.

Nothing makes a Friday fun like hearing about a brand new form of Malware. Well that is what we have for you on today. It seems that an RSA researcher was picking around the darker places on the Internet and stumbled upon a new bit of malware that, if real, could be a serious problem in the near future. RSA researcher Eli Marcus is calling the new malware Pandemiya and claims that it is 25,000 lines of previously unused code.

Twitter has a keen sense of the word irony now. Almost immediately after grabbing the highest score by the Online Trust Alliance for security and privacy they managed to get hit with a very bad XSS (Cross Site Scripting) bug that impacted their TweetDeck side of the house. To make matters worse the XSS flaw was not some 0-day exploit that hackers used, it was a fairly old one that allowed the hackers to fill the feeds of TweetDeck users with malicious scripts.