Computer scientists have developed an audio malware prototype that’s capable of establishing communication between devices that do not have an active network connection, Ars Technica reports. Instead, the lab-created malware uses the built-in microphones and speakers to send out a high-frequency signal from an infected computer to a different source. While it has limited use and can only send 20 bits of data per second to up to 65 feet the audio malware concept can still be used to send out significant data, including user and passwords for certain systems. Additionally, the distance can be increased by adding more attacker-controlled devices to repeat the audio signal.
Finnish communications minister Pia Viitanen has stated bluntly that the NSA may be breaking the laws of Finland. According to the Finnish Constitution, capturing and reading emails or text messages without privileges is illegal. Viitanen plans to take up the issue with the European Comission. Several European countries are apparently considering unleashing Neelie Kroes, the feared European Commissioner for Digital Agenda, in an effort to fight back against the NSA’s PRISM program. More →
The latest Guardian bombshell reveals that NSA has gained access to several leading U.S. tech giants in a massive dragnet hoovering email, photo, filesharing and chat info from Yahoo, Google, Skype, Apple, AOL and YouTube services. According to Guardian, DropBox will follow soon. However, the government spying program seems to have a fatal flaw: It’s really unhip. More →
As advertising companies continue to push the boundaries of online tracking in an effort to woo clients with eerily accurate ad targeting techniques, online privacy is seemingly becoming a thing of the past. One startup is looking to stop third-parties from tracking users on the web, however, and one of the company’s co-founders may be in a better position than most to accomplish this lofty goal. More →
Smart TVs, particularly Samsung’s (005930) last few generations of flat screens, can be hacked to give attackers remote access according to a security startup called ReVuln. The company says it discovered a “zero-day exploit” that hackers could potentially use to perform malicious activities that range from stealing accounts linked through apps to using built-in webcams and microphones to spy on unsuspecting couch potatoes. Don’t panic just yet, though. In order for the exploit to be activated, a hacker needs to plug a USB drive loaded with malicious software into the actual TV to bypass the Linux-based OS/firmware on Samsung’s Smart TVs. But, if a hacker were to pull that off, every piece of data stored on a Smart TV could theoretically be retrieved.
Facebook (FB) confirmed on Thursday that reports of users seeing old private messages displayed as public wall posts are incorrect. A Facebook spokesman told TechCrunch that users are confusing old public Wall posts as old private messages because “before 2009 there were no likes and no comments on wall posts. People went back and forth with wall posts instead of having a conversation [in the comments of single wall post].” The issues appears to have stemmed from the global rollout of Timeline. Facebook says it has conducted its own investigation and “is satisfied that there has been no breach of user privacy.” Despite Facebook’s official statements denying the reports, users are still reporting that their old messages are being exposed for all their friends to see. For those worried, TheNextWeb offers some advice on how to remove all old posts (public or private) from Timeline. More →
With so many big banks’ reputations in the toilet, one software vendor is betting that they’ll want to do a better job of cracking down on their more unethical employees before they become a public relations headache. MIT’s Technology Review blog reports that Digital Reasoning, a software company that has traditionally sold its data-combing software to intelligence agencies and the military, is marketing its wares to scandal-plagued financial institutions that are presumably tired of getting fined by assorted regulatory agencies on a regular basis. More →
A federal appeals court on Tuesday ruled in favor of President George W. Bush’s controversial Terrorist Surveillance Program, which allows the government to spy on Americans without a warrant. The court reversed an earlier decision in which two American attorneys were awarded more than $20,000 in damages and their lawyers $2.5 million in legal fees after they proved the government had spied on them without warrants. The earlier lawsuit was the first and only case that successfully challenged the controversial program. More →
Computer users over the age of 55 employ passwords that are twice as secure as passwords used by those under 25 years old. A recent study conducted by Joseph Bonneau, a computer scientist at the University of Cambridge, analyzed almost 70 million passwords belonging to Yahoo users around the world. Ensuring that data was kept anonymous and passwords could not be tied to individual accounts, Bonneau looked at password strength alongside other data such as age and locale. Beyond the relationship between age and security, the researcher found that German and Korea speakers generally use the strongest passwords, and the presence of credit card data on a user’s account seemingly does not prompt that user to avoid weak passwords such as “123456.” Bonneau’s study was the largest of its kind, and he unveiled his findings at the Symposium on Security and Privacy in San Francisco, California earlier this month. More →
Natural gas pipeline operators in the United States have reportedly been the target of sophisticated phishing attacks since last year, and the Department of Homeland Security has been helping firms deal with incidents since March. “DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies,” DHS spokesman Peter Boogaard told CNET on Tuesday. “The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats.” More →
Microsoft researchers recently discovered a piece of Mac OS X malware that exploits a three-year-old flaw in old versions of Office for Mac. The threat uses a multi-stage attack, just like a Windows virus would. While Microsoft did fix the problem in 2009, the software giant notes that not every machine is up-to-date. The company’s data indicates, however, that the malware is not widespread. “No operating system that exists outside a laboratory is entirely immune to malware,” Microsoft stated on its blog. “As different operating systems continue to gain in popularity they attract more attention from would-be attackers – especially since, as we see in the example analysis above, the techniques and understanding needed to do so may be much the same as those used against other platforms. And even though an operating system may include many risk-reducing mitigation technologies, any machine’s defenses against vulnerabilities are directly related to how current its security updates for applications are kept.” Microsoft concludes by warning users of Office 2004 for Mac, Office 2008 for Mac or Open XML File Format Converter for Mac to update their software in order to protect themselves from possible threats. More →
Hacked websites are frequently used to infect PCs with malware, however the team at Lookout Mobile Security has discovered that hacked websites are specifically targeting Android-powered mobile devices for the first time. The malware, called NotCompatible, is a Trojan that poses as a system update but acts like a proxy redirect. After visiting an infected website, the Android mobile web browser will automatically begin downloading the NotCompatible malware, which is named “Update.apk.” Like any drive-by downloads, to become infected a user needs to install the downloaded application. The malware is found on a number of websites, but all have relatively low traffic. Lookout notes that the threat does not appear to cause any direct harm to an infected device, although it could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. If an Android device has the “Unknown sources” settings disabled — thus disabling sideloading — the NotCompatible malware will be unable to install. More →
People who browse religious websites are more likely to have their computers infected with a virus than those who visit pornographic websites, according to Symantec’s annual “Internet Security Threat Report.” The firm found that websites with religious or ideological themes had triple the average number of threats than those featuring adult content. “It is interesting to note that websites hosting adult/pornographic content are not in the top five, but ranked tenth,” Symantec said. “We hypothesize that this is because pornographic website owners already make money from the Internet and, as a result, have a vested interest in keeping their sites malware-free; it’s not good for repeat business.” The report was based on information gathered from more than 200 countries through the Symantec Global Intelligence Network. Symantec blocked a total of 5.5 billion attacks last year, an 81% increase from 2010. More →