StealthHunter writes: I know that github is popular as is Google code, but where do you host open source projects when your primary user base just wants to read webpages and download software? As in, the average person that doesn't want to figure out how to use svn or navigate wiki pages. Google code used to have "downloads" but those have recently been abandoned and github's norm is an awkward "tarball commit" for releases. Is SourceForge really the only option?
StealthHunter writes: It turned out that just by setting a browsers user-agent to "xmlset_roodkcableoj28840ybtide" anyone can remotely bypass all authentication on D-Link routers. It seems that thttpd was modified by Alphanetworks who inserted the backdoor. Unfortunately, vulnerable routers can be easily identified by services like shodanHQ. At least these models may have vulnerable firmware: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240.
StealthHunter writes: QR codes are starting to appear everywhere. The 2D barcode is an easy way to get unauthenticated data into a smartphone, and many apps automatically visit URLs found in QR codes without allowing the user to see the URL first. We attempt to teach users not to click on links, but what about QR codes? A new study shows that people scan QR codes primarily out of curiosity, and that the devices used to scan are unpatched against the latest exploits leaving users fundamentally unprotected.
The work from Carnegie Mellon will be presented at the Workshop on Usable Security in Japan next week. The data collection period strangely correlates with news and Slashdot posts observing such an attack.
StealthHunter writes: The survey, conducted by av-comparatives, asked 5000 users questions about browsers, mobile OS, etc. "The survey also asked about preferred mobile operating systems and preferred browsers. Android took 51 percent of mobile users, Symbian 17 percent, and iOS/Apple 17 percent. The report notes that the dominance of Android means it will remain the biggest target for malware."
This survey doesn't quite match recent market-share numbers by Neilson which shows 52% Android, 34% iOS, and 8% BlackBerry.
StealthHunter writes: Cambridge researchers found a hardware backdoor after discovering additional functionality in the JTAG (hardware debugging / programming) interface. While such attacks have been theorized, this is thought to be the first real-world instance. The vulnerable product is the Actel ProASIC3, and, since the backdoor is in the hardware, there is no patch other than to physically replace the chip.
StealthHunter writes: When did updates start looking like recently unclassified and fully redacted documents? This recent update to the Fedora distribution leaves quite a bit to the imagination to the reader. Security folks may advise "apply security patches in a timely manner" while others may go a step further and say "read about what the patch does and consider the impact to the system before applying it." What is somebody supposed to do with this patch? Fav part: (See also _______)
StealthHunter writes: In a note to registered Developers Google reannounced Android Market is coming to Google TV. "With the update coming later this summer, we want to give you the tools to start building now using theGoogle TV add-on for the Android SDK." After a Honeycomb update (pending) "the add-on will let you emulate Google TV and build apps using the standard Android SDK tools. We're also releasing APIs for TV interaction. Currently, Google TV emulation is supported on Linux with KVM only.
StealthHunter writes: sans suggests sending folks to www.uscc.org in order to get info on cyber security talents and help get an inside track on the coolest jobs in cyber space, the funny part is that www.uscc.org directs browsers to uscc.ch!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Do you know any college kids who are good at cyber security and go to school in New York, Delaware, or California? If yes they can get an all expenses paid scholarship to cyber camps this summer that could give them an inside track to the coolest jobs in the coolest places in cyber security. Send them to www.uscc.org. That's also where you will find data on how cyber-security-talented high school kids all over the country can qualify for full four year college scholarships (with summer internships).