Informations about SSL certificates and networks security
Auto Added by WPeMatico
It was easy: The hackers took a medium range photo of their subject with a digital camera’s night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture. Powered by WPeMatico
There’s interesting research on using a set of “master” digital fingerprints to fool biometric readers. The work is theoretical at the moment, but they might be able to open about two-thirds of iPhones with these master prints. Definitely something to keep watching. Research paper (behind a paywall). Powered by WPeMatico
Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware. It’s a simple scam. Encrypt the victim’s hard drive, then extract a fee to decrypt it. The scammers can’t charge too much, because they want the victim to pay rather than give up on the data. … Read More “WannaCry Ransomware” »
Turns out, multi-million dollar yachts are no more secure than anything else out there: The ease with which ocean-going oligarchs or other billionaires can be hijacked on the high seas was revealed at a superyacht conference held in a private members club in central London this week. […] Murray, a cybercrime expert at BlackBerry, was … Read More “Yacht Security” »
I’ve previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn’t authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whatever you tell it. SS7 is especially used for data-roaming: when a phone user … Read More “Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems” »
This is a good summary article about the horrible security of St. Jude pacemakers, and the history of the company not doing anything about it. Powered by WPeMatico
There’s something going on inside the intelligence communities in at least two countries, and we have no idea what it is. Consider these three data points. One: someone, probably a country’s intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, … Read More “Who is Publishing NSA and CIA Secrets, and Why?” »
There’s a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract: In this research paper, we seek to answer fundamental questions concerning the current state of the cyber insurance market. Specifically, by collecting over 100 full insurance policies, we examine the composition and variation across three primary components: The coverage … Read More “Analyzing Cyber Insurance Policies” »
The US Drug Enforcement Agency has purchased zero-day exploits from the cyberweapons arms manufacturer Hacking Team. BoingBoing post. Powered by WPeMatico
This is impressive: The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was … Read More “Smart TV Hack via the Broadcast Signal” »