Techworld.com Security

AT&T won't stop Black Hat demo

Wed, 28 Jul 2010 10:46:00 GMT

Hacker to demonstrate how to intercept a mobile phone call

AT&T says it won't interfere with a highly anticipated talk on intercepting mobile phone calls at the Black Hat conference this week, even though rumours are circulating that it will do just that.

Afghanistan war logs: Wikileaks changes journalism with crowd sourced data

Tue, 27 Jul 2010 15:59:00 GMT

US Government condemns publication; Assange invites researchers to sort classified data

The release by Wikileaks of more than 90,000 documents about military operations in Afghanistan may just be the start of similar problems for the US government.

Black Hat to keep quiet about planned controversial talks

Tue, 27 Jul 2010 15:50:00 GMT

Founder wants to avoid pressure not to reveal important security issues

The organisers of the Black Hat conference series may withhold details of selected talks at future events to avoid pressure from outside groups to cancel them.

Open source startup takes over OpenSSO

Tue, 27 Jul 2010 12:15:00 GMT

Authentication technology abandoned by Oracle

A Norwegian startup is assuming responsibility for maintaining an open source web authentication technology originally developed by Sun Microsystems, and seemingly neglected by Oracle, which purchased Sun in January. The company, ForgeRock, has released a new version of Sun's Open Single Sign On (OpenSSO) Enterprise software, called OpenAM, that adheres to the OpenSSO roadmap established by Sun.

Citi's iPhone mobile banking app has critical bug

Tue, 27 Jul 2010 10:30:00 GMT

iPhone app saves access codes, Citi banking data on phone and synced computers

Citigroup has urged customers conducting mobile banking from their iPhones to immediately upgrade because a security flaw in the older app secreted account information on the smartphone.

Black Hat alternatives: Hackers flock to Las Vegas for security conference season

Tue, 27 Jul 2010 10:14:00 GMT

DefCon, Security B-Sides, Toxic BBQ all in one city in one week

Two premier security conferences - Black Hat and DefCon - run back-to-back in Las Vegas this week, each with their own distinct flavour. But even these events don't meet the needs of all computer security pros, setting the stage for a widening set of satellite events.

Industrial virus revives power grid hacking fears

Tue, 27 Jul 2010 10:05:00 GMT

Safety of power plants and distribution in question

Last week's disclosure of a sophisticated malware program targeting control system software from Siemens AG has renewed long-standing concerns about whether the US power grid can withstand targeted cyberattacks. The malware program, called Stuxnet, is designed to exploit a Windows Zero Day flaw to find and steal industrial data from Supervisory Control And Data Acquisition (SCADA) systems running Siemens' Simatic WinCC or PCS 7 software.

Free antivirus software tool blocks Windows shortcut attacks

Tue, 27 Jul 2010 10:00:00 GMT

Microsoft won't endorse Sophos tool, tells user to cripple shortcuts instead

The security firm Sophos released a tool on Monday that it claimed will block any attacks trying to exploit the critical unpatched vulnerability in Windows' shortcut files.

How to encrypt your data with TrueCrypt

Mon, 26 Jul 2010 14:00:00 GMT

Free download helps you protect private data

Though encryption is a strong way to safeguard passwords, personal information, and other sensitive data, it can be confusing due to the acronyms and technobabble that surround the topic.

Apple Safari browser reveals name, address on demand

Mon, 26 Jul 2010 12:15:00 GMT

AutoFill feature could give up private data to hackers

A feature in Apple's Safari browser designed to make it easier to fill out forms could by abused by hackers to harvest personal information, according to a security researcher.

WPA2 security hole found

Mon, 26 Jul 2010 11:55:00 GMT

Vulnerability allows hackers to spoof WiFi packets, compromise WLAN

Perhaps it was only a matter of time. But wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of WiFi encryption and authentication currently standardised and available.

Iran was main target of SCADA spyware worm

Mon, 26 Jul 2010 11:40:00 GMT

Stuxnet hits Siemens systems in Middle East

Computers in Iran have been hardest hit by a dangerous computer worm that tries to steal information from industrial control systems.

Yahoo to pay hackers with good ideas

Mon, 26 Jul 2010 10:33:00 GMT

Independent hackers could help Internet compnay convert ideas into products

Yahoo is considering investing in hackers with good ideas and technologies, a company executive said on Saturday.

BSOD hit BP oil rig's computer, says tech worker

Mon, 26 Jul 2010 09:58:00 GMT

Drilling control system on Deepwater Horizon was crippled by crash, says chief electrician

A computer that monitored drilling operations on the Deepwater Horizon had been freezing with a "blue screen of death" prior to the explosion that sank the oil rig last April, the chief electrician aboard testified Friday at a federal hearing.

IE8 stops one billionth malware download

Sat, 24 Jul 2010 18:07:00 GMT

Smartscreen Filter is works, says blog

Internet Explorer 8's Smartscreen Filter, used to secure users from dodgy websites, has stopped its one billionth malware download, Microsoft has proudly announced.

Google raises bug bounty for Chrome flaws

Fri, 23 Jul 2010 12:25:00 GMT

Boosts cash-for-bugs maximum payment to $3,133, makes researchers mostly happy

Google on Tuesday hiked bounty payments for Chrome bugs to a maximum of $3,133, up almost $2,000 from the previous top dollar payout of $1,337.

Fake femme fatale profile fools military intelligence, security IT professionals

Fri, 23 Jul 2010 10:50:00 GMT

The Robin Sage profile snared even seasoned security veterans

Hundreds of people in the information security, military and intelligence fields recently found themselves with egg on their faces after sharing personal information with a fictitious Navy cyberthreat analyst named "Robin Sage," whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking.

Windows shortcut bug targetted by virus writers

Fri, 23 Jul 2010 10:21:00 GMT

Eset has spotted new malware targetting Microsoft; expects more

The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, according to security vendor Eset.

Microsoft refuses to pay security researchers for vulnerabilities

Fri, 23 Jul 2010 10:10:00 GMT

Microsoft not in favour of Mozilla and Google bug bounty

Microsoft will not follow the lead of Mozilla and Google in paying researchers for reporting vulnerabilities, a company executive said today. "We don't think [bug bounties] are the best way for us to compensate researchers," said Mike Reavey, director of the Microsoft Security Research Center (MSRC) in an interview Thursday.

Shortened URL spam shows big rise

Thu, 22 Jul 2010 23:28:00 GMT

Services exploited to get spam to victims

The tendency of spammers to use shortened URLs to evade detection has gone from last year's clever exploit to this year's mainstream tactic, MessageLabs has reported.

IT departments swamped by consumer devices

Thu, 22 Jul 2010 21:19:00 GMT

Who decides what to buy

IT departments are losing their technological grip as employees increasingly dictate which devices and applications get bought and used by businesses, a new study has found.

Designing buildings for security and style

Thu, 22 Jul 2010 16:15:00 GMT

Security features don't have to make structures look bad

From bright yellow bollards, to iron gates, to jersey barriers, perimeter security is not typically the most attractive part of a building. But perhaps these elements don't need to be an eyesore. Is it possible to make a building that requires heavy security both secure and stylish?

GSM-cracking software may help hackers spy on mobile phone calls

Thu, 22 Jul 2010 10:34:00 GMT

Black Hat 2010: Open source Kraken software cracks GSM networks

The Global System for Mobile Communications technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference, and what the security researchers there have to say isn't pretty.

Defcon hackers challenged to social engineering contest

Thu, 22 Jul 2010 10:25:00 GMT

Capture the flag extended to information gathering

A capture-the-flag-style competition slated to take place at Defcon later this month has raised eyebrows at a number of companies who are concerned they will be embarrassed or negatively impacted in some way. The challenge asks contestants to collect information about a "target" company, which they are assigned to by contest coordinators at the website social-engineer.org.

Windows zero day shortcut attack gets a workaround

Thu, 22 Jul 2010 10:24:00 GMT

Microsoft issues fix that makes desktop, taskbar and Start menu almost unusable

Microsoft has released an automated tool to stop exploits of a critical unpatched Windows vulnerability that experts fear will soon be exploited by hackers.