In June, Belarus antivirus company VirusBlokAda reported a new bug with some interesting features. The Stuxnet worm they discovered was programmed to specifically attack industrial control systems, and reprogram the controllers to hide the changes from view using a methods almost identical to those used in 1980's - 90's stealth viruses.
The last time someone hacked up a SCADA system like this, it caused a 3 kiloton explosion that was reported as having been the most monumental non-nuclear explosion and fire ever seen from space.
Some news, views and musing about things going on in the Information Security World.
Friday, September 24, 2010
Thursday, September 23, 2010
ZoneAlarm caught using fake antivirus scare tactics
In a world where its getting harder and harder to tell the good guys from the bad, Checkpoint's ZoneAlarm is now being marketed using the same techniques used by said bad guys. The new scare tactic ads look so much like the non-professional spam ads we all know and love, that their own customers are looking for a more serious vendor to deal with.
Let's see if everyone has learned their lessons and refuse to click on it.
Let's see if everyone has learned their lessons and refuse to click on it.
Tuesday, September 14, 2010
Personal Information is Big Business Now
The personal information aggregation industry has grown to the point that companies have sprout up specializing in each aspect of collecting and selling everything they know about you. This goes a lot deeper than simply tracking what web pages you visit, as these companies also monitor what you look at on a web page, mouse movements, your age and sex demographics, and so on.
And you thought Facebook was starting to look intrusive...
And you thought Facebook was starting to look intrusive...
Burglars Said to Have Picked Houses Based on Facebook Updates
According to New Hampshire’s WMUR Channel 9 News, three local men, Mario Rojas, Leonardo Barroso and Victor Rodriguez, have burglarized more than 18 homes in the Nashua area of New Hampshire simply by checking status updates on Facebook and then pillaging the houses of victims who announced on the social network that they were not home.
Key Words:
physical security,
social engineering,
spying,
theft
Thursday, September 9, 2010
Twittering Too Much?
The Register posted an article about a bug that could cause Internet Explorer to post tweets just by visiting a website like this one. Of course, since the exploit works by stealing the credentials of other active sessions in your browser, Chris' concept can be tweaked to access just about any site where people tend to stay logged in, such as facebook or gmail.
Of course, just about every other browser in existence has already fixed this bug.
Of course, just about every other browser in existence has already fixed this bug.
Key Words:
0-day,
hacking,
microsoft,
security controls,
trojan
Thursday, September 2, 2010
Pentagon Going Postal
The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary's computer network overseas. Of course, this doesn't come without a laundry list of issues that have to be dealt with first.
Interesting Out-of-Band Communication Technique
Apparently the Mafia has found a way to communicate with their bosses spending time behind bars. Many sport and music television programs allow viewers to send SMS texts which are then displayed on a scroller at the bottom of the screen. Savvy Mafiosi have been using this function to send status messages to their bosses, who would theoretically be able to watch the game from within their cells.
So when you see messages like "Luigi loved his new cement shoes", you have an idea what may be going on there.
So when you see messages like "Luigi loved his new cement shoes", you have an idea what may be going on there.
Using a Blackberry in the UAE?
Apparently Arabic blackberries aren't the only devices with neutered security controls. According to Slate, mobile phone company Etisalat is the digital certificate authority in the UAE. This would allow Etisalat to decrypt any messages relying on their services.
It is worth noting that Etisalat is already known to spy on their Blackberry users, by deliberately keeping copies of all emails passing through the service.
It is worth noting that Etisalat is already known to spy on their Blackberry users, by deliberately keeping copies of all emails passing through the service.
Subscribe to:
Posts (Atom)