Informations about SSL certificates and networks security
This is impressive: The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was … Read More “Smart TV Hack via the Broadcast Signal” »
Researchers build a covert channel between two virtual machines using a shared cache. Powered by WPeMatico
Since Edward Snowden revealed to the world the extent of the NSA’s global surveillance network, there has been a vigorous debate in the technological community about what its limits should be. Less discussed is how many of these same surveillance techniques are used by other — smaller and poorer — more totalitarian countries to spy … Read More “Surveillance and our Insecure Infrastructure” »
In another symptom of climate change, Chile’s largest squid producer “plans to diversify its offering in the future, selling sea urchin, cod and octopus, to compensate for the volatility of giant squid catches….” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. … Read More “Friday Squid Blogging: Chilean Squid Producer Diversifies” »
Carnegie Mellon University has released a comprehensive list of C++ secure-coding best practices. Powered by WPeMatico
Ross Anderson liveblogged the presentations. Powered by WPeMatico
I regularly say that, on the Internet, attack is easier than defense. There are a bunch of reasons for this, but primarily it’s 1) the complexity of modern networked computer systems and 2) the attacker’s ability to choose the time and method of the attack versus the defender’s necessity to secure against every type of … Read More “Attack vs. Defense in Nation-State Cyber Operations” »
Interesting paper: “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams“: Abstract: In technical support scams, cybercriminals attempt to convince users that their machines are infected with malware and are in need of their technical support. In this process, the victims are asked to provide scammers with remote access to their machines, who … Read More “Research on Tech-Support Scams” »
There’s a new malware called BrickerBot that permanently disables vulnerable IoT devices by corrupting their storage capability and reconfiguring kernel parameters. Right now, it targets devices with open Telnet ports, but we should assume that future versions will have other infection mechanisms. Slashdot thread. Powered by WPeMatico
WikiLeaks is obviously playing their Top Secret CIA data cache for as much press as they can, leaking the documents a little at a time. On Friday they published their fourth set of documents from what they call “Vault 7”: 27 documents from the CIA’s Grasshopper framework, a platform used to build customized malware payloads … Read More “Fourth WikiLeaks CIA Attack Tool Dump” »