D-Link Working on Firmware Updates for Three Critical Bugs

March 4th, 2015
by The Feeder
D-Link is in the midst of pushing out firmware updates for eight of its home router models, addressing three serious remote code injection vulnerabilities.

Posted in Cross-site request forgery, d-link, D-Link firmware update, D-Link patches, D-Link vulnerabilities, hacks, ping.ccp vulnerability, Router Security, Router vulnerabilities, routers, vulnerabilities | Comments (0)

Shaking electrons brings atoms to standstill

March 4th, 2015
by The Feeder

I often get enthusiastic about Bose Einstein condensates, fascinating materials where large groups of atoms show collective quantum behavior. The thing that really gets me going is the process used to make 'em. The main step is something called optical cooling. It may sound very simple, but in reality it is difficult and mostly doesn't work.

A recent paper in Physical Review Letters now adds a new optical cooling method to the physicist's range of tools. In doing so, this opens up a whole lot of new and exciting possibilities.

Like, just cool off dude

The typical optical cooling method is an exceptionally neat bit of physics. Think about a gas of atoms. They are having a fantastic time in life's mosh pit, flying in all directions and bouncing off one another with vim and vigor. But as with all good things in life, some old dude will turn up, complain about the noise, and generally suck all the entertainment out of life—everything just slows down. Slowing everything down is the easiest way to think of cooling.

Read 20 remaining paragraphs | Comments

Posted in optical cooling, Physics, quantum mechanics, Scientific Method | Comments (0)

More IoT insecurity: This Blu-ray disc pwns PCs and DVD players

March 4th, 2015
by The Feeder

For more than a decade, malicious hackers have used booby-trapped USB sticks to infect would-be victims, in rare cases to spread virulent, self-replicating malware on air-gapped computers inside a uranium enrichment plant. Now, a security researcher says he has found a way to build malicious Blu-ray discs that could do much the same thing—without any outward signs that an attack was underway.

Stephen Tomkinson, a security consultant at NCC Group, said he has devised a proof-of-concept exploit that allows a Blu-ray disc to compromise both a PC running Microsoft Windows and most standalone Blu-ray players. He spoke about the exploit on Friday at the Securi-Tay conference at the Abertay University in Dundee, Scotland, during a keynote titled "Abusing Blu-ray players."

"By combining different vulnerabilities in Blu-ray players, we have built a single disc which will detect the type of player it’s being played on and launch a platform-specific executable from the disc before continuing on to play the disc’s video to avoid raising suspicion," Tomkinson wrote in an accompanying blog post. "These executables could be used by an attacker to provide a tunnel into the target network or to exfiltrate sensitive files, for example."

Read 4 remaining paragraphs | Comments

Posted in Blue-Ray, dvd, exploits, Gear & Gadgets, Internet of things, malware, Risk Assessment, Technology Lab, vulnerabilities | Comments (0)

Patrick Gray on the State of Security and State Security

March 4th, 2015
by The Feeder
Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we're making any progress in the fight against attackers.

Posted in Compliance, Dennis Fisher, Digital Underground, Hacking, Patrick Gray, Podcasts, Risky Business, security, Security journalism, Security practices | Comments (0)

Securing Our Electric Power Grid Is Critical

March 4th, 2015
by The Feeder
Highly complex infrastructure systems require protection against cyberattacks.

Posted in Uncategorized | Comments (0)

Black Hat Asia 2015: Break All the Security

March 4th, 2015
by The Feeder
You can't spell 'exploit' without 'Black Hat.' Wait, that didn't come out right... how embarrassing. While our word engineers troubleshoot the aphorism we just fried, you might enjoy this latest round-up of Black Hat Asia 2015 Briefings. You'll note they focus on security exploits, not wordplay. Probably for the best.

Posted in Uncategorized | Comments (0)

Tech support scammer threatened to kill man when scam call backfired

March 4th, 2015
by The Feeder

Tech support scammers should probably just hang up the phone when a scam call goes wrong.

But one scammer took things to a new level by threatening to kill a man who pointed out that the scammer was trying to steal money.

As we've reported numerous times, scammers pretending to work for Microsoft tech support call potential victims, tell them their computers are infected, convince them to provide remote access, and then charge them hundreds of dollars to fix imaginary problems.

Read 6 remaining paragraphs | Comments

Posted in microsoft tech support, tech support scam, Technology Lab | Comments (0)

Firefox 37 to Include New OneCRL Certificate Blocklist

March 4th, 2015
by The Feeder
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]

Posted in certificate authorities, mozilla, OCSP, OneCRL, vulnerabilities, Web Security | Comments (0)

A ‘Building Code’ For Internet of Things Security, Privacy

March 4th, 2015
by The Feeder
In the fast emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges Infosec professionals should begin to think about now.

Posted in Uncategorized | Comments (0)

D-Link patches critical router flaws, says more fixes to come

March 4th, 2015
by The Feeder
D-Link has taken action over three serious vulnerabilities discovered in several of its home routers, and it's promising more fixes next week.

Posted in d-link, Exploit, Featured, router, Vulnerability, vulnerablity | Comments (0)