Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - LastPass accounts can be 'completely compromised' when users visit sites (theregister.co.uk)

mask.of.sanity writes: A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which can completely compromise user accounts when users visit malicious websites. The flaw is today being reported to LastPass by established Google Project zero hacker Tavis Ormandy who says he has found other "obvious critical problems".

Submission + - Australia's SmartRider public transport cards popped by student researchers (theregister.co.uk)

mask.of.sanity writes: University students in the Australian city of Perth found and ahref exploited severe holes to rewind travel charges incurred using the city's SmartRider public transport smart card. One has been charged after the research was considered an act of fraud, despite that the academics covered the $18 in false recharges.

Submission + - Researchers defeat Google, Facebook CAPTCHAs in automated attacks (theregister.co.uk)

mask.of.sanity writes: Google's and Facebook's CAPTCHA services have been defeated in research that successfully designed an automated system to solve the human verification challenges. Their proof-of-concept attacks detailed in a paper had a 70.78 percent CAPTCHA-cracking success rate against 2235 CAPTCHAs, with an average running time of 19.2 seconds. It could also be applied to other CAPTCHA schemes including that used by Facebook, the trio says, with a higher accuracy of 83.5 percent.

Submission + - Chinese backdoor found in popular eBay U8 smart watch (theregister.co.uk) 2

mask.of.sanity writes: The cheap U8 smart watch popular on eBay uses a pairing app for Android or iOS that contains a backdoor that quietly connects to an unknown Chinese IP address.
Researchers ran dynamic and behavioural analysis on the phone's pairing app and discovered that it sent encrypted data off to an IP address based in China. It is not known what traffic is going to the undocumented IP address.

Submission + - Patient monitors altered, drug dispensary popped in collosal hospital hack test (theregister.co.uk)

mask.of.sanity writes: Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger.

In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings which could result in medical responses that injury or kill patients.

Full paper here.

Submission + - The bug bounty boom (theregister.co.uk)

mask.of.sanity writes: Bug bounty hunters are making hundreds of thousands of dollars a year finding and reporting vulnerabilities in what amounts to a casual job. Since its inception at a Netscape meeting some 20 years ago bounties have evolved to become a huge multi-million dollar industry that is making some hackers rich and lifting others out of poverty.

Submission + - Hot Potato exploit mashes old vulns to gain SYSTEM access on Windows (theregister.co.uk)

mask.of.sanity writes: A researcher has strung together dusty unpatched Windows vulnerabilitiesto gain local system-level access on Windows versions up to 8.1 (GitHub). The unholy zero-day concoction, reported to Microsoft in September and still unpatched, is a reliable way of elevating privileges on Windows for attackers that have managed to pop user machines.

Slashdot Top Deals

Writing software is more fun than working.

Working...