A federal judge on Tuesday afternoon ordered Apple to provide technical assistance to the FBI with respect to accessing an iPhone 5c owned by Syed Farook, one of the San Bernardino shooters. Presumptively, the device was used to help plan and coordinate the December 2015 shooting that tragically left 14 people dead and many more wounded.
Shortly after revealing the contact information of nearly 10,000 Department of Homeland Security employees, a group of hackers on Monday also published the contact information of more than 22,000 FBI employees. The leaked information, in addition to disclosing names and job titles, also includes employee phone numbers, states of residence, and email addresses.
Notably, identifiable information of FBI employees from all areas of the bureau was compromised, including special agents, intelligence analysts, technicians, language specialists and more.
Virtual private networks (VPNs) are supposed to help users protect their online privacy. VPN services obfuscate the user’s real IP address by routing traffic through other international servers. There are plenty of online companies who offer free or paid access to VPN subscriptions that many users rely on to avoid geofences (read: access Netflix U.S. content from anywhere in the world), download pirated content or just to simply mask their online activity to enhance privacy protection.
However, a discovery has revealed that VPN services aren’t as secure as you’d think, as a huge security flaw can apparently expose the real IP address of their users.
A new mobile exploit recently unveiled at the MobilePwn2Own panel at the PacSec conference this week enables an attacker to take control of any Android device via a Chrome link which unknowingly directs users to a malicious website.
Led by Joel Land, security researchers from Carnegie Mellon University’s Computer Emergency Response Team (CERT) recently discovered that a popular Belkin router contains a number of serious security vulnerabilities that can leave users exposed to a wide variety of attacks.
According to a CERT vulnerability report published earlier this week, the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 is vulnerable to a number of harrowing exploits. Speaking to the device’s popularity, the router in question is the first product listed when one searches for a “Belkin Router” on Amazon.
While the prevalence of smartphones with fingerprint-based security has increased considerably over the past two years, the vast majority of Android users still rely on tried and true lock patterns to unlock their devices. That said, new research suggests that the lock patterns typically chosen by Android users may not be as hard to crack as previously imagined.
Originally introduced in 2008, Android’s lock pattern screen was presented as both an easier and more secure alternative to traditional numeric passcodes. While a standard four-digit pin gives users 10,000 possible combinations, a secure lock pattern with 9 distinct nodes can yield 389,112 possible patterns. While one might think that this makes Android devices inherently secure, Marte Loge of the Norwegian University of Science and Technology recently explained why your Android lock pattern may be easier to crack than you imagined.
In the realm of antivirus software, few companies are as respected as Kaspersky Lab. Based out of Moscow, Kaspersky over the years has garnered a lot of praise for detecting and detailing some of the more sophisticated pieces of malware the world has ever seen, including the famed Stuxtnet computer worm and an even complex piece of malware known as Flame.
Before the arrest of Silk Road creator Ross Ulbricht made headlines a few years ago, most everyday web users had never heard of Tor. Originally developed by US Naval Research Laboratory employees, Tor (an acronym for “The Onion Router”) is a popular piece of software designed to enable truly anonymous communications online. Today, it’s estimated that approximately 2.5 million users use Tor on a daily basis.
Another day, another Android vulnerability. Just days after researchers disclosed an MMS-based Android vulnerability that potentially puts 950 million Android devices at risk, a different group of researchers have come forward with yet another Android-based security exploit.
The latest Android vulnerability affects more than half of all Android devices in circulation today and has the potential to render handsets completely inert, which is to say infected phones cannot make calls or receive any other type of notification. What’s more, the screen itself may become lifeless, effectively turning Android phones into expensive screen savers.
Over the past few years, there has been no shortage of high-profile credit card breaches at some of the largest retailers in the country. From Target to Home Depot, it seems that we can’t go a few months without hearing a story regarding some new worrisome data breach. With respect to Home Depot in particular, it’s estimated that nearly 60 million credit cards were compromised over a 5-month period.
Compounding the problem is that retailers aren’t the only target that hackers have their eyes on. In recent months, hackers have managed to obtain confidential information from targets as varied as the U.S. Government, health insurance providers, and even popular apps like Twitter and Snapchat. Indeed, it can get a bit tiring trying to keep up with what sites have been exposed to security breaches and when.
As typically portrayed in action movies, breaking into an ostensibly impenetrable safe often requires a world class lock-picker or, barring that, an array or C4 explosives positioned in just the right orientation.
But in the real world, surprisingly enough, defeating the security mechanisms on a top-notch Brinks safe can be done with nothing more than a USB stick and 100 lines of code. At the always entertaining Def Con Hacking Conference set to kick off in Las Vegas next week, researchers Daniel Petro and Oscar Salazar of Bishop Fox will detail how they were able to skirt around the defenses of the Brinks CompuSafe Galileo with relative ease.
Earlier this month, we highlighted an intriguing new piece of hardware capable of providing secure and anonymous Wi-Fi connectivity within a 2.5 mile radius. The brainchild of researcher Ben Caudill, the device, dubbed ProxyHam, was scheduled to be officially introduced at Def Con in Las Vegas early next month.
But then something funny happened.
Caudill’s talk was abruptly cancelled under extremely mysterious circumstances over the weekend.
While encryption and secured messaging has long been a topic of interest in tech circles, the issue became a mainstream and hot-button issue in 2013 following a series of Edward Snowden leaks detailing the NSA’s extensive efforts to bolster their electronic snooping capabilities.
In the back and forth battle over consumer privacy, one tends to think of government cryptographers looking to outwit engineers at companies like Google and Apple who help churn out some of the most widely used software across the globe.
But playing an instrumental role in this cat and mouse game is a man you might not ordinarily expect to see in such a discussion.