KevLar's Space

my little space on the interwebs

Smart Meters and New IoT Devices Cause Serious Concern

dkatana writes: The ongoing deployment of internet-of-things devices is already creating serious issues and discussions about the privacy of users, IoT security, and the potential threat of cyber criminals taking control of sensors and smart devices connected to the Internet. Security and privacy concerns associated with smart meters are why they are currently “optional” in several countries. That’s the case in the Netherlands after consumer organizations and privacy watchdog groups campaigned vigorously to stop the mandatory smart meter deployment. A report from researchers at Tilburg University claimed that “smart meters have the capacity to reveal quite privacy-sensitive information, thus affecting not only informational privacy but also privacy of the home and of family life.” This now applies to televisions as well — an article in Salon discusses the author’s new “smart” TV, which came with a 46-page privacy policy. Quoting: “It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect ‘when you have viewed particular content or a particular email message.’ It records ‘the apps you use, the websites you visit, and how you interact with content.’ It ignores ‘do-not-track’ requests as a considered matter of policy. It also has a built-in camera — with facial recognition.”

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1udAglC

Facebook Sets Up Shop On Tor

itwbennett writes: Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook’s onion address. This was done both for internal technical reasons and as a way for users to verify Facebook’s ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1tpsDFl

Breaching Air-Gap Security With Radio

An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method (“AirHopper”) for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1G2EsIb

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company’s disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla’s decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team’s Bodo Möller stated at the time: “In the coming months, we hope to remove support for SSL 3.0 completely from our client products.”

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/107uLGX

Vulnerabilities Found (and Sought) In More Command-Line Tools

itwbennett writes The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems [also mentioned here]. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1p8cJAJ

Cutting the Cord? Time Warner Loses 184,000 TV Subscribers In One Quarter

Mr D from 63 (3395377) writes Time Warner Cable’s results have been buoyed recently by higher subscriber numbers for broadband Internet service. In the latest period, however, Time Warner Cable lost 184,000 overall residential customer relationships [Note: non-paywalled coverage at Bloomberg and Reuters]. The addition of 92,000 residential high-speed data customers was offset by 184,000 fewer residential video customers in the quarter. Triple play customers fell by 24,000, while residential voice additions were 14,000.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1zj3uAX

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw

Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that’s designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.

Read more of this story at Slashdot.



via Slashdot: IT http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/6NpNzIIQdpo/story01.htm

Security Companies Team Up, Take Down Chinese Hacking Group

daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft’s Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1tinSid

Apple Pay Competitor CurrentC Breached

tranquilidad writes “As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a “more secure” payment system. Some controversy surrounds CurrentC’s requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, “We take the security of our users’ information extremely seriously.”

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1tj91Td

Hackers Breach White House Network

wiredmikey writes: The White House’s unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the “Sandworm Team” and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1sEXhGO

Follow

Get every new post delivered to your Inbox.