Brain-to-Brain Communication Over the Internet

Posted on November 6, 2014 by Carmelo

Wow, that’s cool!

I would like to coin the phrase “Cybernotic Suggestion” for when brain-to-brain communication over the Internet is subject to a man-in-the-middle attack and the receiving end of the mind comm. gets suggested brain waves.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Brain-to-Brain Communication Over the Internet

Remember, Remember, The 5th of November

Posted on November 5, 2014 by Carmelo

GuyFawkes

Anonymous is a truth movement advocating hacktivism as self-defense for unconstitutional government. It is our aim to shed light on corrupt government in order to set people free from oppression. Read more about the Million Mask March.

Guy Fawkes is sometimes toasted as “the last man to enter Parliament with honest intentions“.

Posted in Security Blog | Tagged , , , , | Comments Off on Remember, Remember, The 5th of November

Contactless Payment Cards Will Approve Foreign Currency Transactions of up to 999,999.99

Posted on November 5, 2014 by Carmelo

vi_img_visa_paywave

“With just a mobile phone we created a POS terminal that could read a card through a wallet,” explains Martin Emms, from the NewCastle University research team during the 2014 ACM CCS Conference held in the city of Scottsdale, Arizona, USA on November 3 – 7, 2014. A flaw in Visa’s contactless credit cards means they will approve unlimited cash transactions without a PIN when the amount is requested in a foreign currency.

By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction. In tests, it took less than a second for the transaction to be approved.

Visa said it would be “very difficult” to carry out such a theft in reality.

http://www.bbc.com/news/uk-england-tyne-29862080
http://thehackernews.com/2014/11/hackers-can-steal-99999999-from-visa.html
http://www.ncl.ac.uk/press.office/press.release/item/contactless-cards-fail-to-recognise-foreign-currency

Posted in Security Blog | Tagged , , , , , , | Comments Off on Contactless Payment Cards Will Approve Foreign Currency Transactions of up to 999,999.99

OS X 10.10 rootpipe

Posted on November 1, 2014 by Carmelo

rootpipe, a privilege escalation vulnerability in OS X version 10.10, allows attackers to completely bypass logging in and gaining the highest administration privilege on a Mac.

To protect against it, create a new admin user and remove the admin rights from the daily used account. Make sure that admin account has a super strong password. Also, use the Apple FileVault tool to encrypt the contents of the hard drive.

Posted in Security Blog | Tagged , , , , , , | Comments Off on OS X 10.10 rootpipe

AirHopper. Keylogging Disconnected Computers.

Posted on November 1, 2014 by Carmelo

AirHopper demonstrates how textual and binary data can be ex-filtrated from physically an isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13 to 60 bps. Enough to steal a password. The technology works by using the FM radio receiver included in many mobile phones and can capture keystrokes by intercepting certain radio emissions from the monitor or display unit of the isolated computer. The video shows how its possible to pick up FM signals on a nearby smartphone and translate the FM signals into the typed text.

Here is the paper on it.

With appropriate software, compatible radio signals can be produced by a compromised computer, utilizing the electromagnetic radiation associated with the video display adapter. This combination, of a transmitter with a widely used mobile receiver, creates a potential covert channel that is not being monitored by ordinary security instrumentation. Thusly, this proof of concept proves that if an attacker can place malware into a target’s phone, they can gather data getting entered into disconnected machines. So even disconnected machines aren’t safe.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on AirHopper. Keylogging Disconnected Computers.

Tales from the Encrypt (RSA Video)

Posted on October 31, 2014 by Carmelo

Happy Halloween!

Posted in Security Blog | Tagged , , , , , , | Comments Off on Tales from the Encrypt (RSA Video)

Breaches, Attacks, and Vulnerabilities in October 2014

Posted on October 29, 2014 by Carmelo

Payment information breach

  1. Dairy Queen Data breach hits 395 stores
  2. Big K’ raided by hackers: Kmart warns customers after malware discovered
  3. Staples stores investigated: suspected payment card breach
  4. Irish Water investigates data breach involving customers’ bank details
  5. Malware on Breyer Horses website for about 18 months, payment card data at risk
  6. Sourcebooks payment card breach impacts more than 5,000 customers
  7. Fraud reports from a ‘few dozen’ customers in Sheplers payment card breach
  8. HMRC phishing scam exposed!
  9. Cyberswim notifies customers that payment card data may be at risk
  10. Huge Data Leak at Largest U.S. Bond Insurer
  11. Flinn Scientific notifies customers of payment card breach
  12. Fidelity National Financial employees targeted in phishing attack
  13. More than a dozen bank accounts hacked at Willard Parking Garage

Data breach

  1. JP Morgan suffers data breach affecting 76 million customers
  2. AT&T Inform Customers of Data Breach
  3. 850,000 individuals compromised in Oregon Employment Department data breach
  4. Transcript website flaw exposed personal data on 98k users
  5. Marquette University notifies graduate applicants of possible breach
  6. Physician’s email account, accessed by unknown source, contained patient data
  7. Malware on NDSCS computers that stored data on 15K students and staffers
  8. Valeritas notifies all employees of possible data breach
  9. Touchstone Medical Imaging patient data accessible online
  10. Unencrypted laptop stolen from Community Technology Alliance
  11. Taylor Swift: ‘1989’ Leak Traced Back to Target and France

Cyber attack

  1. ClickStartMe & CrowdItForward Hacked
  2. Ukraine Blames Report of Crippled Electronic Election System on Hackers
  3. Websites of 66 municipal bodies in State hacked
  4. Hackers breach the Warsaw Stock Exchange
  5. Goa governor’s website hacked
  6. North Carolina Republican Senate Candidate’s Website Hacked
  7. Ello Users Experience Further Downtime After DDoS Attack

Discovered vulnerabilities

  1. POODLE attack digs up downgrade flaw in TLS
  2. Koler ransomware locks US Android cell phones
  3. Flash Player users may be vulnerable to new attacks
  4. Microsoft warns all Windows users of new zero-day attack
  5. Utility meters at risk of cyber attack
  6. Tyupkin ATM Malware: Banks Give Away Cash
  7. Phone evidence remotely wiped in police stations
Posted in Security Blog | Tagged , , , , , , , | Comments Off on Breaches, Attacks, and Vulnerabilities in October 2014

Reuben Paul, an 8-year-old Cyber Professional and CEO

Posted on October 28, 2014 by Carmelo

An extension from this old post, the 8 year old, identified as Reuben Paul, has grown in fame. He demonstrates in this video, some of his mastery of hacking tools and his thought processes.

Here is an article/interview from Tripwire.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Reuben Paul, an 8-year-old Cyber Professional and CEO

Microsoft’s Safer Online Videos #NCSAM

Posted on October 27, 2014 by Carmelo

The Internet’s Most Wanted!

Subscribe to the Microsoft Safer Online Youtube channel here.

Posted in Security Blog | Tagged , , , , | Comments Off on Microsoft’s Safer Online Videos #NCSAM

Payment Card with Smart Chip? So What?

Posted on October 27, 2014 by Carmelo

Credit-card-theft

Over the past week, at least three U.S. financial institutions reported receiving tens of thousands of dollars in fraudulent credit and debit card transactions coming from Brazil and hitting card accounts stolen in recent retail heists… The problem with that though is that they were all submitted through Visa and MasterCard‘s networks as chip-enabled transactions, even though the banks that issued the cards in question haven’t even yet begun sending customers chip-enabled cards.

Smart cards can provide identification, authentication, data storage and application processing. But that doesn’t even matter anymore.

More from Krebs.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Payment Card with Smart Chip? So What?