The talk presented the findings of “Project Basecamp,” a volunteer-led security audit of leading programmable logic controllers (PLCs). The audit found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code. Source This opens a whole new field of malware attack area of opportunity. It’s been coming for a long time with [...]

Megaupload.com , the well known file-sharing website was taken down by authorities(read FBI) and its co-founder Kim Dotcom and several other members from the staff were charged for: Conspiracy to Commit Racketeering, Conspiracy to Commit Copyright Infringement, Conspiracy to Commit Money Laundering, Criminal Copyright Infringement by distributing a Copyrighted Work Being Prepared for Commercial Distribution on a Computer Network & Aiding and Abetting of Criminal Copyright Infringement and Criminal [...]

Tokyo, we have a problem Japanese space engineers have admitted one of their computers has been infected by a Trojan that may have leaked sensitive data, including system login information, to hackers. Data exposed by the breach may have included emails, technical specifications and operational information as well as login credentials. The space agency has reset potentially exposed passwords while it continues to investigate the scope of the breach. Source It’s often in today’s connected [...]

In December 2011 Stefan Viebhock published a report about a vulnerability discovered and analyzed by him in Wi-Fi Protected Setup(WPS) previously known as Wi-Fi Simple Config. Introduced by Wi-Fi Alliance in 2007 year, WPS allows users without an advanced knowledge about Wi-Fi router’s configurations to easily setup their home Wi-Fi networks, adding new devices or enabling the security. The user can add a new device in the wireless network either by pushing a button on both wireless router [...]

Viruses stole City College of S.F. data for years Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. “Given the outright mismanagement of our networks, if someone’s information is stolen, are we liable for [...]

Joe Barton, a Texas Republican, and Edward Markey, a Massachusetts Democrat, are complaining Facebook is not answering questions about how the company tracks its users via cookies. Source In my mind, security and privacy are two sides of the same coin. To have privacy means you must have security to obtain it. Should security demand access to your data for security reasons, then privacy is invaded. A good demonstration of that in practice, is laws on the books involving sexual harassment, the [...]

Ang Cui, a researcher on embedded devices demonstrated at this year’s Chaos Communications Congress (28C3) that is possible to embed malware in a HP printer firmware using the RFU mechanism, a presentation of an extraordinary importance for any corporate or small networks since the printers are ubiquitous in any office . RFU stands for remote firmware update and is an important feature assuring the best performance and security for the printers, sort of update feature for your operating system [...]