March 2021 – SSL and internet security news

System Update: New Android Malware

March 30, 2021 infossl

android, cyberweapons, gps, malware, Security technology, Uncategorized

Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article: The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; … Read More “System Update: New Android Malware” »

Friday Squid Blogging: Squid Potato Masher

March 26, 2021 infossl

Security technology, squid, Uncategorized

A squid potato masher for only $11.50. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Hacking Weapons Systems

March 26, 2021 infossl

cyberattack, cyberweapons, hacking, infrastructure, military, national security policy, Security technology, Uncategorized, weapons

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger … Read More “Hacking Weapons Systems” »

Determining Key Shape from Sound

March 24, 2021 infossl

academic papers, keys, locks, physical security, Security technology, smartphones, Uncategorized

It’s not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. Listen to Your Key: Towards Acoustics-based Physical Key Inference Abstract: Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While … Read More “Determining Key Shape from Sound” »

Accellion Supply Chain Hack

March 23, 2021 infossl

hacking, patching, Security technology, supply chain, Uncategorized, vulnerabilities

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it … Read More “Accellion Supply Chain Hack” »

Details of a Computer Banking Scam

March 22, 2021 infossl

banking, phones, psychology of security, scams, Security technology, social engineering, Uncategorized, video

This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. There’s a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, and then that they’ve mistyped … Read More “Details of a Computer Banking Scam” »

Friday Squid Blogging: Squid Cartoon

March 19, 2021 infossl

humor, Security technology, squid, Uncategorized

Squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Easy SMS Hijacking

March 19, 2021 infossl

authentication, cell phones, cybercrime, Security technology, sms, Uncategorized, vulnerabilities

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money — in this case, $16 off an anonymous prepaid credit card — and a few lies, you can forward the … Read More “Easy SMS Hijacking” »

Exploiting Spectre Over the Internet

March 18, 2021 infossl

exploits, google, Security technology, Uncategorized, vulnerabilities

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to … Read More “Exploiting Spectre Over the Internet” »

Illegal Content and the Blockchain

March 17, 2021 infossl

bitcoin, blockchain, botnets, censorship, cryptocurrency, economics of security, essays, Security technology, tor, Uncategorized

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery … Read More “Illegal Content and the Blockchain” »