In the global war on terror, governments are looking for any and every way to take down terrorist networks and interrupt their communications. In the most recent one of these attacks/communication interruptions, an unknown group of hackers launched a cyber attack on al-Qaida’s main website, temporarily taking away their main protected mode of communication, leaving them with the option of potentially exposing their identities or not communicating at all.

Read More →

thinkYou know the text message you just sent using your new iPhone? That one about how much of a “power-hungry slave driver” your boss is?

Until Apple releases a patch to correct the issue, you better hope he doesn’t have the same skills as the two European researchers that recently discovered a way to hijack the iPhone.

Vincenzo Iozzo, 22, and Ralf Philipp Weinmann, 32, successfully broke into the iPhone and hacked into the SMS database in about 20 seconds during the Pwn2Own hacking contest. They were even able gain access to messages that had already been deleted. The hacking technique developed by the two researchers, known as an exploit, could have also extracted the phone contact list, the email database, photographs, and iTunes music files on any iPhone.

The iPhone’s sandbox, a security tool that protects the iPhone from being attacked, was able to keep the hackers from bypassing it. But the winning exploit was strong enough to operate without having to break free from the sandbox.

“Apple has pretty good counter-measures but they are clearly not enough,” said Halvar Flake, a security researcher that assisted with the exploit.

Weinmann said that they were able to hone in an a vulnerability in the iPhone’s design. By using the exploit, a hacker is able to have the same user privileges as a non-root user called mobile located in the iPhone sandbox.

“It was a real world exploit against a popular device, ” said Aaron Portnoy, a security researcher from the company sponsoring the Pwn2Own hacking contest, TippingPoint Zero Day Initiative. “They exfiltrated the entire SMS database in about 20 seconds. It was as if a webpage was loading.”

TippingPoint ZDI will report the issue to Apple and will withhold details until a patch to correct the vulnerability is released.

(Via ZDNet)


Read More →

energizerResearchers at the United States Computer Emergency Readiness Team (US-CERT) say that the Energizer Bunny DUO USB battery charger is infected with a trojan horse that allows hackers to steal personal information from a Window’s PC.

Energizer Holdings ascertained late Friday that the USB-powered nickel hydride battery recharger was contaminated with malicious code, and the product has since been discontinued.

As of now the company does not know how the hacking was done. “Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software,” Energizer said in a statement.

The Windows software included with the Energizer DUO is supposed to display charging status. After the software is installed, a Trojan that steals and transmits files is created. Even if the charger is disconnected from the computer, the Trojan continues to steal and alter information whenever the computer is on.

According to US-CERT officials, if you think your computer is infected you are advised to uninstall the software. Another method is to remove the Arucer.dll from Windows’ “system32 ” directory and restart your computer.

(Via Network World)

Read More →

smartgridAs cyber security becomes increasingly important in the fabric of American culture and government, more money and research is being put towards securing the smart grid. This so-called smart grid refers to the system that delivers electricity from suppliers to consumers using two-way digital technology. This is modernized electrical system being used to address problems of energy independence, global warming, and emergency resilience issues. Cyber attacks on such a system could

Read More →

virusAs always, hackers are busy trying to get you to download their latest virus and hopefully make some money from it somehow. This time they are targeting people that are using search engines to look up Apple’s iPad. When you type keywords like  “Apple Tablet” and “Apple iPad rumor” into search engines, you will get spam results and the scary part is that these regular looking sites will install spyware and viruses unto your computer.

On its blog, Symantec, an Internet security company tested this out by Googling some iPad keywords and found that a bunch of the link on the first page were hacker’s infected websites. That being said, make sure you are careful when browsing around online and make sure that you have some sort of Internet security program installed on your computer at all times.

(Via SecurityWatch.EWeeek)

Read More →

indiahackIndia’s security chief, M.K. Narayanan,  is claiming that Chinese hackers have attempted to hack into India’s most sensitive government office. Tensions between China and India have been resizing lately ever nice India’s relationship with the U.S. has improved to the point that the U.S. is poised to be selling them billions of dollars worth of weapons. Although there is no way for the Indian office to now for sure, they are pretty sure that the attacks originated from China.

Read More →

homeland-securityPresident Obama is currently reevaluating the country’s cyber security to protect both citizens and the government from harmful cyber attack.

One such exercise that is strengthening the nation’s cyber security is the “U.S. Cyber Challenge.” This multi player video game inspired challenge takes kids from age 17-21 who have above average computer skills or even hacking abilities and challenges them to a game called NetWars, where competitors play against each other in a game that tests their hacking skills.

Organizers say “the competition is aimed at identifying young people with exceptional computer skills and inspiring them to join the country’s woefully understaffed ranks of cyber security specialists needed to protect systems used by the military, industry and everyday people.”

While President Obama attempts to ameliorate this system, there are a few basic precautions you can take to better protect yourself from a cyber security breach. One such thing would be putting a credit freeze on your account if you suspect suspicious activity. This makes you Social Security number less susceptible to online theft. Another way to protect yourself would be to continually change your passwords  and create secure passwords when using online accounts. Besides these tips, basic common sense comes into play when entering sensitive banking or personal data and monitoring what exactly happens to this information after its submitted.

(Via the Examiner)

Read More →