Brinks Safe Hack USB

Brinks safe hacked with USB stick and 100 lines of code

By about 4 hours ago.

Brinks safe hacked with USB stick and 100 lines of code

As typically portrayed in action movies, breaking into an ostensibly impenetrable safe often requires a world class lock-picker or, barring that, an array or C4 explosives positioned in just the right orientation.

But in the real world, surprisingly enough, defeating the security mechanisms on a top-notch Brinks safe can be done with nothing more than a USB stick and 100 lines of code. At the always entertaining Def Con Hacking Conference set to kick off in Las Vegas next week, researchers Daniel Petro and Oscar Salazar of Bishop Fox will detail how they were able to skirt around the defenses of the Brinks CompuSafe Galileo with relative ease.

More →

No Comments
Proxyham WiFi

Anonymizing Wi-Fi device with 2.5 mile range just mysteriously disappeared from Def Con

By on July 14, 2015 at 7:45 AM.

Anonymizing Wi-Fi device with 2.5 mile range just mysteriously disappeared from Def Con

Earlier this month, we highlighted an intriguing new piece of hardware capable of providing secure and anonymous Wi-Fi connectivity within a 2.5 mile radius. The brainchild of researcher Ben Caudill, the device, dubbed ProxyHam, was scheduled to be officially introduced at Def Con in Las Vegas early next month.

But then something funny happened.

Caudill’s talk was abruptly cancelled under extremely mysterious circumstances over the weekend.

More →

No Comments
Moxie Marlinspike

Meet the dreadlocked hippie who’s an encryption guru and has the NSA freaking out

By on July 10, 2015 at 9:05 AM.

Meet the dreadlocked hippie who’s an encryption guru and has the NSA freaking out

While encryption and secured messaging has long been a topic of interest in tech circles, the issue became a mainstream and hot-button issue in 2013 following a series of Edward Snowden leaks detailing the NSA’s extensive efforts to bolster their electronic snooping capabilities.

In the back and forth battle over consumer privacy, one tends to think of government cryptographers looking to outwit engineers at companies like Google and Apple who help churn out some of the most widely used software across the globe.

But playing an instrumental role in this cat and mouse game is a man you might not ordinarily expect to see in such a discussion.

More →

No Comments
Selfies MasterCard

MasterCard’s Wild Plan to Authorize Purchases by Analyzing User Selfies

By on July 7, 2015 at 6:45 PM.

MasterCard’s Wild Plan to Authorize Purchases by Analyzing User Selfies

With each passing year, consumers continue to spend more and more time and money shopping online, both via mobile devices and the desktop. As a result, there’s also been a corresponding rise in the level of online fraud in recent years.

In the latest, and perhaps most bizarre, effort we’ve seen to stem the incidence of mobile fraud, MasterCard is working on a new security scheme that would authorize online transactions by having users take a photo of their face as a means to verify their identity. Think of it as Apple’s TouchID, but with one’s face serving as the digital fingerprint.

More →

No Comments
Proxyham

New Device Provides Secure and Anonymous Wi-Fi With an Incredible 2.5-mile Range

By on July 1, 2015 at 4:50 PM.

New Device Provides Secure and Anonymous Wi-Fi With an Incredible 2.5-mile Range

Next month during the Def Con hacker conference in Las Vegas, security researcher Ben Caudill will unveil a potentially game changing device called a ProxyHam. Without question, the promise of ProxyHam should leave proponents of Internet privacy and anonymity beyond excited.

By relying upon a 900 MHz radio connection, Caudill’s device effectively serves as a long-distance Wi-Fi router. Specifically, the ProxyHam can transmit a Wi-Fi connection up to a distance of 2.5 miles in ideal conditions. As a result, even in scenarios where authorities manage to track down a target’s Internet connection, they might arrive on the scene (presumably a location with public w-fi access) only to find a ProxyHam device transmitting a low level signal perhaps thousands of feet away in any direction.

More →

No Comments
Government Agencies Hacked Passwords

Passwords From 47 Government Agencies Leaked Online

By on June 25, 2015 at 4:45 PM.

Passwords From 47 Government Agencies Leaked Online

Stolen email and passwords belonging to individuals from nearly 50 Government agencies have leaked online, according to a CIA backed startup out of Boston. According to a report from Recorded Future, login credentials from 47 agencies were found to have been leaked on upwards of 89 unique domains.

Compounding matters is that 12 of the affected agencies, including the Department of Energy, do not implement two-factor authentication. As a result, the report notes that “the presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.”

More →

No Comments
Samsung Galaxy Hack

Samsung Galaxy Keyboard Hack: Samsung Says Fix Is On The Way

By on June 19, 2015 at 5:18 PM.

Samsung Galaxy Keyboard Hack: Samsung Says Fix Is On The Way

Just a few days after a researcher at the Blackhat Mobile Security Summit in London disclosed a keyboard vulnerability that put upwards of 600 million Samsung Galaxy devices at risk, Samsung announced that it plans to roll-out a security fix to address the issue.

The vulnerability itself stems from the stock Swiftkey keyboard that comes pre-installed on Samsung Galaxy smartphones. Because the Swiftkey keyboard will periodically look for and download additional language packs, security researchers at NowSecure figured out a way to spoof a proxy server and send down malicious code to a device.

More →

No Comments
Malware Profits

Crime Pays: Malware authors enjoy an average 1,425% return on investment

By on June 16, 2015 at 1:39 PM.

Crime Pays: Malware authors enjoy an average 1,425% return on investment

A recent report from Trustwave on the state of malware relays that online crime, unfortunately, does pay. The report, originally cited by Net Security, relays that attackers on average enjoy a 1,425% return on investment, with the average return checking in at $84,100 on an average initial investment of $5,900.

More →

No Comments
LastPass Security

Leading password security company gets hacked; customers advised to change their master passwords

By on June 15, 2015 at 6:12 PM.

Leading password security company gets hacked; customers advised to change their master passwords

These days, it appears as if no one is safe from hackers. Just a week after the security firm Kaspersky announced that they had been hacked comes word that LastPass, a password security company, has been hacked as well.

More →

No Comments
FBI Apple Encryption

The FBI ups the ante in its boneheaded war on encryption

By on June 5, 2015 at 3:20 PM.

The FBI ups the ante in its boneheaded war on encryption

The FBI is worried that stronger encryption from tech companies like Apple is making it more difficult for law enforcement agencies to effectively keep tabs on terrorists. As a result, some in the FBI believe that we are sacrificing safety at the altar of privacy.

More →

No Comments
Malware Software

Almost anyone can make ransomware with this horrifying new program

By on May 28, 2015 at 11:44 AM.

Almost anyone can make ransomware with this horrifying new program

We might be entering a whole new era of malware, one where even those who lack any semblance of deep technical expertise will be able to acquire and disseminate viruses and the like on the fly.

Speaking to this point, security researchers at McAfee recently discovered a new piece of software which makes it exceedingly easy for anyone to create their own ransomware. The online software, which runs on TOR, is called Tox and, believe it or not, is completely free to use. The developers of the software aim to make money on the back end by taking a cut of any successful ransomware campaigns its users run.

Here’s how it all works.

More →

No Comments
Google Security Questions

Google study finds website security questions are even less secure than passwords

By on May 22, 2015 at 6:20 PM.

Google study finds website security questions are even less secure than passwords

A new in-depth study from Google reveals that the security questions most individuals use as an additional layer of security are often less secure and easier to guess than user-chosen passwords. This is especially problematic given that security questions are often the only line of defense when a password is forgotten and needs to be resent or reset.

Interestingly enough, Google found that security questions tend to be weak because many individuals lie when answering them. Specifically, Google discovered that many people who provide fake answers to security questions do so to make them harder to guess. But as it turns out, “on aggregate this behavior had the opposite effect as people harden their answers in a predictable way.” Compounding the problem is that many users, as a result, also have a difficult time remembering their security question answers in the first place. This is especially true when the questions chosen are exceedingly specific.

More →

No Comments
Android Factory Reset

500 million Android devices at risk: Researchers find that factory reset doesn’t completely wipe data

By on May 22, 2015 at 3:02 PM.

500 million Android devices at risk: Researchers find that factory reset doesn’t completely wipe data

One of the most important things to do before selling or giving away a used smartphone is to wipe the device clean. After all, the last thing anyone wants is for a complete stranger to have access to all of their personal data. Unfortunately for Android users, researchers from Cambridge University recently discovered that performing a data wipe on Android devices doesn’t clear the device as one would expect.

More →

No Comments