Disclosing a flaw in a widely used system without making someone at least a little angry requires a delicate touch. But Andrew Auernheimer, a.k.a. “Weev,” a 26-year-old finder of security vulnerabilities, is anything but delicate.Two years ago, Auernheimer and a friend made a surprising discovery about the way AT&T was protecting its web database of iPad cellular data accounts: That is, AT&T wasn’t protecting it at all. Any customer could access his or her account data by going to an AT&T URL containing their iPad’s unique numerical identifier. No password, cookie, or login procedure was required to bring up a user’s private information. Auernheimer
Symantec's chart shows a distribution of zero-day exploits based on how long they persist before being discovered. The average is close to 10 months. (Click to enlarge.)Software vendors are constantly on the watch for so-called “zero day” vulnerabilities–flaws in their code that hackers find and exploit before the first day companies become aware of them. But the term “zero-day” doesn’t capture just how early hackers’ head-starts often are: Day zero, it seems, often lasts more than 300 days.That’s one of the findings of a broad study of hackers’ zero-day exploits by two researchers at the antivirus firm Symantec that they plan to present at the
CLEVELAND — Internet users are becoming vulnerable to hackers who can infiltrate software and gain access to webcams.
“The main thing to worry about is when software is able to turn on your camera without notifying you, without the user explicitly turning it on, that’s the main issue,” said Feross Aboukhadijeh, a student at Stanford University in California.
Via Skype, Feross told FOX 8 about his online discovery last year that criminals were able to “clickjack” – or trick – computer users into handing over control of their webcams via Adobe Flash Player. The move enabled hackers to turn on cameras and watch people without permission.
FBI agents may not have been the first to rumble the affair between CIA director David Petraeus and his biographer that led to the four-star general's resignation on Friday.Anyone with a copy of the leaked Stratfor databases, a half-decent PC, some political nous and a barrel of luck could have uncovered the fling months ago, it has emerged.Paula Broadwell, the former spy chief's mistress and biographer, was a customer of Stratfor, the private intelligence outfit that was attacked by Anonymous hackers last year. Buried in the megabytes of subsequently leaked information was Broadwell's Yahoo! email address and her hashed Stratfor login password.
Google has never been stingy when it comes to paying for information about security vulnerabilities in products. Now it’s offering an especially large–and especially nerdy–sum of money.At its third Pwnium hacking competition in Vancouver in March, the company is ponying up a total of $3.14159 million in prizes for hackers who can demonstrate critical security vulnerabilities in its Chrome OS operating system running on a Samsung Series 5 550 Chromebook, according to a notice posted Monday on its Chromium blog. Any participant who can take over a Chromebook user’s browser or entire computer via a malicious Web page can earn a $110,000 payout.
- Big Data: Architecting Systems at Speed - E2 Conference Boston
- Learn how to enage customers through mobility - Mobile Commerce World - Mobile Commerce World
- Explore best practices for marketers in the new mobile world - Mobile Commerce World - Mobile Commerce World
- Learn how to best integrate mobile commerce with your current systems -- Mobile Commerce World - Mobile Commerce World
- Evaluating Emerging Technologies for the Enterprise - E2 Conference Boston
- Building a Hybrid Cloud in Government: It's not that Complicated
- Why is Information Governance So Important for Modern Analytics?
- Maximize the benefits of virtualization for greater ROI
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- The ROI of Mobile Photo Bill Pay