Surgical Attack Tool miniFlame Joins the Big Happy Cyberweapon Family [Security]

We already know about the state-sponsored malware triplets Flame, Gauss, and Stuxnet, but now a new one is rearing its little head. Dubbed as “miniFlame” by Kapersky Labs, it’s a lot less cute and more dangerous than it sounds. More »

Nearly 300,000 Florida Students and Faculty Hacked and at Risk of Identity Theft [Hacking]

According to school officials, almost 300,000 students and faculty members have had their personal information compromised in a widespread hack around Florida colleges. Enough information was leaked to lead to identity theft, and there are at least 50 cases of that occurring already. More »

Google patches SVG and IPC exploits in Chrome, discoverer banks $60,000 in the process

Google Chrome logoGoogle revels in hacking contests as ways of testing Chrome’s worth. Even if the browser is compromised, the failure provides a shot at fixing an exploit under much safer circumstances than an in-the-wild attack. No better example exists than the results of Google’s Pwnium 2 challenge in Malaysia: the company has already patched vulnerabilities found in the contest that surround SVG images and IPC (inter-process communication) before they become real problems. Staying one step ahead of truly malicious hackers carries a price, however. Pwnium 2 winner Pinkie Pie — yes, Pinkie Pie — is being paid $60,000 in prize money for catching the exploits. That may be a small price to pay if it reassures a few more Internet Explorer users looking to hop the fence.

Filed under: ,

Google patches SVG and IPC exploits in Chrome, discoverer banks $60,000 in the process originally appeared on Engadget on Thu, 11 Oct 2012 09:31:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceGoogle Chrome Releases  | Email this | Comments

Huawei faces ban in Canada over security risks

Earlier this week, both Huawei and ZTE were accused of espionage practices on behalf of the Chinese government, and the US House Intelligence Committee recommended that companies in the US should refrain from using either Huawei or ZTE hardware. Of course, both companies denied the claims, but Huawei is now getting a lot of grief from Canada.

Canada has plans to implement a secure Canadian government communications network that would carry government phone calls, emails and data center services. Canada was going to bring Huawei on board to help out with the initiative, but after hearing about the claims against the Chinese device manufacturer, Canada is thinking about excluding them from the project.

Huawei actually has been doing very well in Canada. In 2008, they were awarded a contract to build networks for Telus Corp and Bell Canada, and the company even received a C$6.5 million ($6.6 million) grant from Ontario towards an investment by Huawei in research and development that would cost a total of C$67 million.

The US House Intelligence Committee warned Canadian companies not to do business with Huawei, and it warned that China could be using equipment made by Huawei to spy on certain communications and threaten critical systems through computerized links. The potential ban on Huawei could have negative effects on both Huawei and Canada, and this certainly may not be the end to this madness.

[via Reuters]


Huawei faces ban in Canada over security risks is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Adafruit releases WebIDE alpha for Raspberry Pi, eases beginners into coding

DNP Raspberry Pi

If you’ve been intrigued by the Raspberry Pi but were hesitant to get one because you’re new to Linux, Adafruit has a solution for you. The team that brought us the Raspberry Pi Education Linux Distro has come up with a special WebIDE (Web Integrated Development Environment) designed to run on the affordable barebones computer. It’s entirely web-based so there’s no need to install any software — just launch a browser, hook up your Pi, and you’re ready to go. To make life easier for coders, the platform has a terminal built in, plus there’s an automatic updater included to keep folks running only the freshest version of WebIDE. It’s currently at the alpha stage, so only experienced users should install it for now, but Adafruit’s hoping to roll out a stable release suitable for programmers of all levels sometime soon.

Filed under: ,

Adafruit releases WebIDE alpha for Raspberry Pi, eases beginners into coding originally appeared on Engadget on Fri, 05 Oct 2012 20:19:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAdafruit (1), (2)  | Email this | Comments

New Malware Can Steal Your Payment Info from Your Browser in Real Time [Video]

“Being hacked” is an amorphous catch-all of a term. Typically, it means your computer has been infected with some kind of malware—a trojan or keylogger or something. And one, the Man in the Browser scam, just got a lot more sophisticated: Now it works in real time. More »

Sandia Labs’ MegaDroid project simulates 300,000 Android phones to fight wireless catastrophes (video)

Sandia Labs' MegaDroid project simulates 300,000 Android phones to fight wireless catastrophes video

We’ve seen some large-scale simulations, including some that couldn’t get larger. Simulated cellular networks are still a rare breed, however, which makes Sandia National Laboratories’ MegaDroid project all the more important. The project’s cluster of off-the-shelf PCs emulates a town of 300,000 Android phones down to their cellular and GPS behavior, all with the aim of tracing the wider effects of natural disasters, hacking attempts and even simple software bugs. Researchers imagine the eventually public tool set being useful not just for app developers, but for the military and mesh network developers — the kind who’d need to know how their on-the-field networks are running even when local authorities try to shut them down. MegaDroid is still very much an in-progress effort, although Sandia Labs isn’t limiting its scope to Android and can see its work as relevant to iOS or any other platform where a ripple in the network can lead to a tidal wave of problems.

Continue reading Sandia Labs’ MegaDroid project simulates 300,000 Android phones to fight wireless catastrophes (video)

Filed under: , , , ,

Sandia Labs’ MegaDroid project simulates 300,000 Android phones to fight wireless catastrophes (video) originally appeared on Engadget on Wed, 03 Oct 2012 17:24:00 EDT. Please see our terms for use of feeds.

Permalink New York Times  |  sourceSandia National Laboratories  | Email this | Comments

Somebody Just Tried to Hack the White House [Security]

Today, the White House confirmed reports that one of its “unclassified networks” was the target of an unsuccessful cyber attack. Officials aren’t coughing up much more informaiton, but a few murmurs have seeped out. More »

Android remote data-wipe hack still exists: update your software now

If you’ve not heard of the recent discovery of some rather concerning data-wipe vulnerabilities with the Samsung Galaxy S III specifically, it’s time to read up – your phone could be hit as well. Developer / researcher Ravi Borgaonkar has found several devices of all kinds to be venerable to the less-than-pleasing way in which hackers may be able to jump right into your device and knock it out entirely. What you’re going to want to do as soon as possible is pick your device up and update your software as fast as you can.

The reason you’re going to want to be concerned about this situation is not that there are hackers out there right this minute actively attempting to exploit you, but that the software break that’s been found here would make it a lot easier if someone wanted to try. What the warning here includes is a note on how something so simple as a link on the web, clicked through your smartphone, could trigger an attachment that’s capable of destroying your device’s memory.

This break has actively gone through on early production versions of the Samsung Galaxy S III and more devices are at risk – in theory – from Motorola, HTC, Sony, and Samsung. That’s pretty much the whole spread of popular manufacturers with their own custom software additions to Android. Incidentally, it appears that the Samsung Galaxy Nexus was never venerable because of its Google-only software build.

What you’re going to want to do to stay out of the way of danger is to check your software to see if you’ve got an update waiting for you. Most often this exists inside your settings, all the way down at the bottom under Phone Info (or something similar), and Software Update. Each smartphone manufacturer has a slightly different place for this update, but they’re pretty nearby one another, so make it happen!


Android remote data-wipe hack still exists: update your software now is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Scary New Malware Uses Your Smartphone To Map Your House for Robbers [Apps]

If you aren’t careful, much of the tech you hold near and dear can be used against you. An app called PlaceRaider, for instance, can use your phone to build a full 3D map of your house, all without you suspecting a thing. More »