84912237
submission
mask.of.sanity writes:
Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document's terms are a threat to the information security industry.
84888925
submission
mask.of.sanity writes:
Aussie hacker 'Nixxer' recounts how he took a random home address from Pastebin and ended up learning enough information on the target to compromise his identity and hack his business gaining root privileges on the servers.
83373923
submission
mask.of.sanity writes:
Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-zip compression tool to stop attackers gaining full control of customer machines.
83242171
submission
mask.of.sanity writes:
A world-first proof-of-concept worm — if unleashed — could spell disaster for the worldâ(TM)s critical infrastructure, including power utilities by making attacks exponentially more difficult to detect and stop.
83169301
submission
mask.of.sanity writes:
University students in the Australian city of Perth found and ahref exploited severe holes to rewind travel charges incurred using the city's SmartRider public transport smart card. One has been charged after the research was considered an act of fraud, despite that the academics covered the $18 in false recharges.
83148645
submission
mask.of.sanity writes:
Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found.
82886007
submission
mask.of.sanity writes:
Australian lockpickers have forged a creative method for popping so-called restricted locks by 3D printing master keys using freely-available designs on patent sites, and stolen unprotected lock cylinders.
82598181
submission
mask.of.sanity writes:
Google's and Facebook's CAPTCHA services have been defeated in research that successfully designed an automated system to solve the human verification challenges. Their proof-of-concept attacks detailed in a paper had a 70.78 percent CAPTCHA-cracking success rate against 2235 CAPTCHAs, with an average running time of 19.2 seconds. It could also be applied to other CAPTCHA schemes including that used by Facebook, the trio says, with a higher accuracy of 83.5 percent.
82457567
submission
mask.of.sanity writes:
Thieves can hijack US$28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from 2km away thanks to a lack of encryption which is not present due to latency overheads.
81920201
submission
mask.of.sanity writes:
Security professionals acting on behalf of researchers unable to gain Common Vulnerabilities and Exposures numbers for their bugs have started an alternative numbering system to help triage what they describe as a huge backlog of ignored software flaws.
81729713
submission
mask.of.sanity writes:
The cheap U8 smart watch popular on eBay uses a pairing app for Android or iOS that contains a backdoor that quietly connects to an unknown Chinese IP address.
Researchers ran dynamic and behavioural analysis on the phone's pairing app and discovered that it sent encrypted data off to an IP address based in China. It is not known what traffic is going to the undocumented IP address.
81555023
submission
mask.of.sanity writes:
Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger.
In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings which could result in medical responses that injury or kill patients.
Full paper here.
81473621
submission
mask.of.sanity writes:
Bug bounty hunters are making hundreds of thousands of dollars a year finding and reporting vulnerabilities in what amounts to a casual job. Since its inception at a Netscape meeting some 20 years ago bounties have evolved to become a huge multi-million dollar industry that is making some hackers rich and lifting others out of poverty.
80446479
submission
mask.of.sanity writes:
A researcher has strung together dusty unpatched Windows vulnerabilitiesto gain local system-level access on Windows versions up to 8.1 (GitHub). The unholy zero-day concoction, reported to Microsoft in September and still unpatched, is a reliable way of elevating privileges on Windows for attackers that have managed to pop user machines.
80309267
submission
mask.of.sanity writes:
New Zealanders could print their own non-expiring 40c fuel discount vouchers thanks to a shoddy algorithm that a hacking duo has broken. The algorithm affects petrol stations operated by national energy provider Z. Researchers say fixing the flaw will require the algorithm to be re-written.