Security

What 420,000 insecure devices reveal about Web security

A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.

In a SecLists posting yesterday, the unnamed researcher describes how he was able to take control of open, embedded devices on the Internet. The researcher did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web … Read more

Doctors 'used fake fingers' to clock in for colleagues at ER

I feel sure this story might be an inspiration to some, especially those who enjoy showing solidarity for their fellow worker.

For it seems that several doctors in Sao Paulo, Brazil, decided there was a way to fool the biometric scanners on which they clocked in with their fingers.

They allegedly created more fingers. Fake ones, out of silicone.

As AFP reports, an investigation by Globo television showed a doctor using the fake fingers to fool the machines.

The machines dutifully printed out a paper record of a doctor's attendance, when he or she wasn't actually there.… Read more

Google rolls out initiative to help hacked sites

It's not pretty when a Web site gets a "this site may be compromised" or "this site may harm your computer" status note. Many webmasters and Web site owners can be at a loss of what to do in these situations.

For this reason, Google has launched "Help for Hacked Sites" informational series, which has a dozen articles and videos aimed to help people avoid having their sites hacked and also teach them how to gain back control of compromised sites.

"Every day, cybercriminals compromise thousands of websites. Hacks are often invisible … Read more

Microsoft's latest patches address new USB hack

A new kind of vulnerability popped up recently, one that lets hackers stick a USB thumb drive into a computer -- even if it's logged-off or locked -- type out a bit of attack code and steal whatever data they want.

In an effort to avoid this type of cyberattack, Microsoft issued its monthly software patches today and included a fix for this Windows vulnerability called MS13-027. This vulnerability lets a hacker get into the computer with a thumb drive and take over administrative privileges.

"When the Windows USB device drivers enumerate the device, parsing a specially crafted … Read more

China claims it's willing to talk to U.S. about cybersecurity

The U.S. and China both say they want to directly discuss the issue of cybersecurity, but the odds of an open discussion are slim at best.

The Chinese government today responded to a U.S. invitation to enter into a dialogue with the U.S. over acceptable behavior in cyberspace, Reuters reported.

At a daily news briefing, Foreign Ministry spokeswoman Hua Chuying said that "China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain … Read more

Researchers highlight potential security risk to iOS users

Android usually gets smacked around for playing host to mobile malware, but iOS isn't totally immune, according to researchers at Skycure Security.

iOS profiles, aka mobileconfig files, are used by mobile carriers to configure key settings for e-mail, Wi-Fi, and other features. But these files could be abused by attackers to sneak past Apple's normally tight security and and hijack a mobile device, the security firm revealed in a blog post today.

The process would be similar to that of a typical malware infection.

An attacker might tempt users to visit a malicious Web site by promising something … Read more

Colin Powell's Facebook page defaced

Gawker's headline tells the story: Either Colin Powell's official Facebook page got hacked or the former U.S. Secretary of State has had a drastic change of heart about the president he served.

Powell's Facebook page was pulled down today after it wound up hosting a series of sometimes scatological references to George W. Bush, according to Gawker which saved some of the posts.

This is just the latest in a spate of high-profile hacks launched against personal and private accounts. Sometimes the object has been public embarrassment, other times an effort to insert malware. In mid-February, … Read more

'Weapons of Mass Destruction' discussion lands at SXSW

AUSTIN, Texas -- Once again, Uncle Sam wants you. This time, the U.S. government is after your nerdy, data- and public policy-obsessed brains.

That was the message delivered by Acting Undersecretary of State for Arms Control and International Security Rose Gottemoeller to a small but actively curious group of techie and policy wonks at South by Southwest today.

In a session entitled, "Mobilizing Ingenuity to Strengthen Mobile Security," Gottemoeller and CNET reporter Daniel Terdiman discussed the U.S. government's interest in getting the public more involved in disarmament and the detection of weapons of mass destruction. … Read more

Apple finally fixes App Store flaw by turning on encryption

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more