Before the arrest of Silk Road creator Ross Ulbricht made headlines a few years ago, most everyday web users had never heard of Tor. Originally developed by US Naval Research Laboratory employees, Tor (an acronym for “The Onion Router”) is a popular piece of software designed to enable truly anonymous communications online. Today, it’s estimated that approximately 2.5 million users use Tor on a daily basis.
Another day, another Android vulnerability. Just days after researchers disclosed an MMS-based Android vulnerability that potentially puts 950 million Android devices at risk, a different group of researchers have come forward with yet another Android-based security exploit.
The latest Android vulnerability affects more than half of all Android devices in circulation today and has the potential to render handsets completely inert, which is to say infected phones cannot make calls or receive any other type of notification. What’s more, the screen itself may become lifeless, effectively turning Android phones into expensive screen savers.
Over the past few years, there has been no shortage of high-profile credit card breaches at some of the largest retailers in the country. From Target to Home Depot, it seems that we can’t go a few months without hearing a story regarding some new worrisome data breach. With respect to Home Depot in particular, it’s estimated that nearly 60 million credit cards were compromised over a 5-month period.
Compounding the problem is that retailers aren’t the only target that hackers have their eyes on. In recent months, hackers have managed to obtain confidential information from targets as varied as the U.S. Government, health insurance providers, and even popular apps like Twitter and Snapchat. Indeed, it can get a bit tiring trying to keep up with what sites have been exposed to security breaches and when.
As typically portrayed in action movies, breaking into an ostensibly impenetrable safe often requires a world class lock-picker or, barring that, an array or C4 explosives positioned in just the right orientation.
But in the real world, surprisingly enough, defeating the security mechanisms on a top-notch Brinks safe can be done with nothing more than a USB stick and 100 lines of code. At the always entertaining Def Con Hacking Conference set to kick off in Las Vegas next week, researchers Daniel Petro and Oscar Salazar of Bishop Fox will detail how they were able to skirt around the defenses of the Brinks CompuSafe Galileo with relative ease.
Earlier this month, we highlighted an intriguing new piece of hardware capable of providing secure and anonymous Wi-Fi connectivity within a 2.5 mile radius. The brainchild of researcher Ben Caudill, the device, dubbed ProxyHam, was scheduled to be officially introduced at Def Con in Las Vegas early next month.
But then something funny happened.
Caudill’s talk was abruptly cancelled under extremely mysterious circumstances over the weekend.
While encryption and secured messaging has long been a topic of interest in tech circles, the issue became a mainstream and hot-button issue in 2013 following a series of Edward Snowden leaks detailing the NSA’s extensive efforts to bolster their electronic snooping capabilities.
In the back and forth battle over consumer privacy, one tends to think of government cryptographers looking to outwit engineers at companies like Google and Apple who help churn out some of the most widely used software across the globe.
But playing an instrumental role in this cat and mouse game is a man you might not ordinarily expect to see in such a discussion.
With each passing year, consumers continue to spend more and more time and money shopping online, both via mobile devices and the desktop. As a result, there’s also been a corresponding rise in the level of online fraud in recent years.
In the latest, and perhaps most bizarre, effort we’ve seen to stem the incidence of mobile fraud, MasterCard is working on a new security scheme that would authorize online transactions by having users take a photo of their face as a means to verify their identity. Think of it as Apple’s TouchID, but with one’s face serving as the digital fingerprint.
Next month during the Def Con hacker conference in Las Vegas, security researcher Ben Caudill will unveil a potentially game changing device called a ProxyHam. Without question, the promise of ProxyHam should leave proponents of Internet privacy and anonymity beyond excited.
By relying upon a 900 MHz radio connection, Caudill’s device effectively serves as a long-distance Wi-Fi router. Specifically, the ProxyHam can transmit a Wi-Fi connection up to a distance of 2.5 miles in ideal conditions. As a result, even in scenarios where authorities manage to track down a target’s Internet connection, they might arrive on the scene (presumably a location with public w-fi access) only to find a ProxyHam device transmitting a low level signal perhaps thousands of feet away in any direction.
Stolen email and passwords belonging to individuals from nearly 50 Government agencies have leaked online, according to a CIA backed startup out of Boston. According to a report from Recorded Future, login credentials from 47 agencies were found to have been leaked on upwards of 89 unique domains.
Compounding matters is that 12 of the affected agencies, including the Department of Energy, do not implement two-factor authentication. As a result, the report notes that “the presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.”
Just a few days after a researcher at the Blackhat Mobile Security Summit in London disclosed a keyboard vulnerability that put upwards of 600 million Samsung Galaxy devices at risk, Samsung announced that it plans to roll-out a security fix to address the issue.
The vulnerability itself stems from the stock Swiftkey keyboard that comes pre-installed on Samsung Galaxy smartphones. Because the Swiftkey keyboard will periodically look for and download additional language packs, security researchers at NowSecure figured out a way to spoof a proxy server and send down malicious code to a device.
A recent report from Trustwave on the state of malware relays that online crime, unfortunately, does pay. The report, originally cited by Net Security, relays that attackers on average enjoy a 1,425% return on investment, with the average return checking in at $84,100 on an average initial investment of $5,900.
These days, it appears as if no one is safe from hackers. Just a week after the security firm Kaspersky announced that they had been hacked comes word that LastPass, a password security company, has been hacked as well.