Archive

Posts Tagged ‘security’

Researcher Develops Patch For Java Zero Day In 30 Minutes

October 23rd, 2012 10:18 admin View Comments

Java

Trailrunner7 writes “A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the February 2013 Critical Patch Update as Oracle earlier said it would. Adam Gowdiak of Polish security consultancy Security Explorations reported the vulnerability to Oracle on Sept. 25, as well as proof-of-concept exploit code his team produced. The vulnerability is present in Java versions 5, 6 and 7 and would allow an attacker to remotely control an infected machine once a user landed on a malicious website hosting the exploit. Gowdiak said his proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7.”

Source: Researcher Develops Patch For Java Zero Day In 30 Minutes

Ask Slashdot: How Can I Protect My Android Devices From Hackers?

October 22nd, 2012 10:15 admin View Comments

Android

SternisheFan writes “My Android phone (an unrooted OptimusV running 2.2.2) and my Android tablet (Arnova 7g3 running 4.1) have been subjected to hacking via either ‘forced Bluetooth attack’ or through the Wi-Fi signals in the home where I currently rent a room. I got an Android phone at the start of this year after my ‘feature phone’ was force Bluetooth hacked hoping for better security, yet I still have major security issues. For instance, my Optimus’s Wi-Fi again shows an error, although I am sure that a hack is causing this since when I reset the device when it’s out of range from this home’s signal the Wi-Fi works fine. And now the tablet (as of recently) can’t access this home’s open Wi-Fi, though it works fine when at other outside hot-spots. So, my question is: Are there any good (free?) security apps out there that would actually prevent this from occurring? It’s not like I’m doing nefarious things on the internet, I just want to keep it private.”

Source: Ask Slashdot: How Can I Protect My Android Devices From Hackers?

Dutch Ministry Proposes Powers For Police To Hack Computers, Install Spyware

October 19th, 2012 10:30 admin View Comments

Government

hypnosec writes “The Dutch Ministry of Justice and Security has proposed some rather over the line measures and wants to extend such powers to the police that would allow them to break into computers and mobile phones in any part of the world. According to the proposal (PDF in Dutch), dated October 15, the ministry has asked for powers that would allow police to not only break into computers, but also allow them to install spyware, search for data in those computers, and destroy data. As explained by digital rights group ‘Bits of Freedom,’ which obtained the copy of the proposal, if the Dutch police get such powers, the security of computer users would be lessened and there will be a ‘perverse incentive to keep information security weak.’”

Source: Dutch Ministry Proposes Powers For Police To Hack Computers, Install Spyware

Malware Is ‘Rampant’ On Medical Devices In Hospitals

October 17th, 2012 10:52 admin View Comments

Operating Systems

Dupple sends this quote from MIT’s Technology Review: “Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable. While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion. [He said], ‘Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There’s little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches.’ … Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don’t offer updates, Fu says. And such reporting is not required unless a patient is harmed.”

Source: Malware Is ‘Rampant’ On Medical Devices In Hospitals

Kaspersky To Build Secure OS For SCADA Systems

October 16th, 2012 10:25 admin View Comments

Operating Systems

Trailrunner7 writes “Attacks against SCADA and industrial-control systems have become a major concern for private companies as well as government agencies, with executives and officials worried about the potential effects of a major compromise. Security experts in some circles have been warning about the possible ramifications of such an attack for some time now, and researchers have found scores of vulnerabilities in SCADA and ICS systems in the last couple of years. Now, engineers at Kaspersky Lab have begun work on new operating system designed to be a secure-by-design environment for the operation of SCADA and ICS systems. ‘Well, re-designing ICS applications is not really an option. Again, too long, too pricey and no guarantees it will fit the process without any surprises. At the same time, the crux of the problem can be solved in a different way. OK, here is a vulnerable ICS but it does its job pretty well in controlling the process. We can leave the ICS as is but instead run it in a special environment developed with security in mind! Yes, I’m talking about a highly-tailored secure operating system dedicated to critical infrastructure,’ Eugene Kaspersky said in an interview.”

Source: Kaspersky To Build Secure OS For SCADA Systems

Firefox 16 Pulled To Address Security Vulnerability

October 11th, 2012 10:48 admin View Comments

Firefox

Shortly after the release of the newest major version of Firefox, an anonymous reader writes with word that Mozilla has removed Firefox 16 from its installer page due to security vulnerabilities that, if exploited, could allow ‘a malicious site to potentially determine which websites users have visited’ … one temporary work-around, until a fix is released, is to downgrade to 15.0.1″

Source: Firefox 16 Pulled To Address Security Vulnerability

Flaws Allow Every 3G Device To Be Tracked

October 9th, 2012 10:04 admin View Comments

Privacy

mask.of.sanity writes New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim’s outgoing traffic to different networks.”

Source: Flaws Allow Every 3G Device To Be Tracked

US Congress Rules Huawei a ‘Security Threat’

October 8th, 2012 10:06 admin View Comments

United States

dgharmon writes with the lead from a story in the Brisbane Time: “Chinese telecom company Huawei poses a security threat to the United States and should be barred from US contracts and acquisitions, a yearlong congressional investigation has concluded. A draft of a report by the House Intelligence Committee said Huawei and another Chinese telecom, ZTE, ‘cannot be trusted’ to be free of influence from Beijing and could be used to undermine U.S.. security.”

Source: US Congress Rules Huawei a ‘Security Threat’

Europe Joins Forces In Massive Simulated Cyber Attack

October 5th, 2012 10:11 admin View Comments

Security

An anonymous reader writes “Hundreds of cyber security experts from across the EU are testing their readiness to combat cyber-attacks in a day-long simulation across Europe today. In Cyber Europe 2012, 400 experts from major financial institutions, telecoms companies, internet service providers and local and national governments across Europe are facing more than 1200 separate cyber incidents (including more than 30 000 emails) during a simulated DDoS campaign. The exercise is testing how they would respond and co-operate in the event of sustained attacks against the public websites and computer systems of major European banks. If real, such an attack would cause massive disruption for millions of citizens and businesses across Europe, and millions of euros of damage to the EU economy.”

Source: Europe Joins Forces In Massive Simulated Cyber Attack

IETF Starts Work On Next-Generation HTTP Standards

October 3rd, 2012 10:09 admin View Comments

The Internet

alphadogg writes “With an eye towards updating the Web to better accommodate complex and bandwidth-hungry applications, the Internet Engineering Task Force has started work on the next generation of HTTP, the underlying protocol for the Web. The HTTP Strict Transport Security (HSTS), is a security protocol designed to protect Internet users from hijacking. The HSTS is an opt-in security enhancement whereby web sites signal browsers to always communicate with it over a secure connection. If the user is using a browser that complies with HSTS policy, the browser will automatically switch to a secure version of the site, using ‘https’ without any intervention of the user. ‘It’s official: We’re working on HTTP/2.0,’ wrote IETF Hypertext Transfer Protocol working group chair Mark Nottingham, in a Twitter message late Tuesday.”

Source: IETF Starts Work On Next-Generation HTTP Standards

YOYOYOOYOYOYO