Showing posts with label Exploits. Show all posts
Showing posts with label Exploits. Show all posts

October 20, 2014

Shining A Light On Your Privacy


Check out this special report...

~Half a billion~ downloads of the top 10 Flashlights Apps--the ones we all have on our smartphones--and guess what?

All/most are malware/spyware from China, India, and Russia that are spying on you!

Your contacts, banking information, even your location, is being intercepted by hackers abroad,

The cybersecurity experts Snoopwall (that conducted this study and are offering a free opensource "privacy flashlight") are recommending that you don't just uninstall these flashlight apps, because they leave behind trojans that still are functioning behind the scene and capturing your information. 

So instead doing a backup of key information and then a factory reset of the smartphone is advised.

Pain in the you know what, but these flashlight apps are shining a light and compromising your personal information.

Snopes points out that the flashlight apps may be no more vulnerable to spyware than other apps you download and that perhaps the screening process from the app stores help to protect us somewhat.

When the cyber hackers decide to exploit those apps that are vulnerable, whether for political, military, or financial gain, it will likely be ugly and that flashlight or other app you use may prove much more costly than the download to get them. ;-)

(Thank you Betty Monoker for sharing this.)
Share/Save/Bookmark

July 29, 2013

Medical Hacks

Usually when we talk about the dangers of cyber attacks, we are concerned with the dangers of someone stealing, spying, or systematically corrupting our information systems. 

But Barnaby Jack who died last week at age 35 brought us awareness of another, more personal and perhaps dangerous hack...that of hacking medical devices.  

Barnaby, a director at computer security firm IOActive, became known first in 2010 for being able to hack at cash machine and have it dispense money. 

In 2012, he drew attention to a flaw in insulin pumps whereby someone could cause it to administer a fatal dose to its unknowing victim. 

This week, Barnaby was going to demonstrate how heart implants could be hacked, killing a man from 30 feet away. 

With advances in the miniaturization and battery life of personal medical devices and implants for monitoring and managing patients health, more and more people could be exposed to malicious or murderous cyber attacks on their body.

With the potential for RFID embedded chips for managing our personal identities to bionics for replacing or enhancing human body parts with electronic and mechanical implants, the opportunity for someone seriously messing with our physical person grows each day. 

If dangerous vulnerabilities are discovered and exploited in these devices, an enemy could go from the traditional attack on our information systems to potentially sickening, disabling, or even killing millions at the stroke of some keys. 

Imagine people keeling over in the streets as if from a surprise attack by a superior alien race or the release of a deadly chemical weapon, only it's not extraterrestrial or kinetic, but instead a malevolent cyber attack by a hostile nation or cyber terrorist group taking aim at us in a whole new and horrible way.

(Source Photo: here with attribution to Bhakua)

Share/Save/Bookmark

July 21, 2013

Like Buying A Nuke On The Black Market

Buying a serious computer vulnerability is now like acquiring a nuke on the black market. 

Nations and terrorists will pay to find the fatal flaw in computer programs that will enable them to perpetrate everything from subversive cyber spying to potentially massively destructive cyber attacks. 

As the world is focused on nuclear non-proliferation, computer weapons are the new nukes--able to do everything from a targeted strike on an organization or agency to taking out vast swaths of our nation's critical infrastructure.

According to the New York Times (13 July 2013), there is a great interest in buying "zero-day exploits"--one where governments or hackers can strike using a computer vulnerability before anyone even knows about it and can correct it. 

The average zero-day exploit persists for "312 days--before it is detected"--giving amble time for attackers to cash-in!

Brokers are now working to market the computer flaws for a 15% cut, with some even "collecting royalty fees for every month their flaw is not discovered."

The average flaw "now sells for around $35,000 to $160,000" and some companies that are selling these are even charging an annual $100,000 subscription fee to shop their catalog of computer vulnerabilities in addition to the cost for each one that varies with it's sophistication and the pervasiveness of the operating system behind the exploit. 

While governments and terrorists are on the prowl to buy the exploits for offensive purposes, technology companies are competing to purchase them and are offering "bug bounties" in order to identify the flaws and fix them before they are exploited. 

We've come a long way from people and organizations buying software with their regular upgrades and patches to nations and hackers buying the knowledge of the flaws--not to patch--but to spy or harm their adversaries. 

You can buy the bomb shelter or software patch, but someone else is buying the next more lethal bomb or vulnerability--the question is who will pay more to get the next exploit and when and how will they use it. 

(Graphic by Andy Blumenthal adapted from here with attribution for the mushroom cloud photo to Andy Z.)
Share/Save/Bookmark

May 6, 2013

Learning IT Security By Consequences


This is a brilliant little video on IT Security. 

What I like about it is that it doesn't just tell you what not to do to stay safe, but rather it shows you the consequences of not doing the right things. 

Whether you are letting someone into your office, allowing them borrow your badge, leaving your computer unsecured, posting your passwords, and more--this short animated video shows you how these vulnerabilities will be exploited.

It is also effective how they show "Larry" doing these security no-no's with signs everywhere saying don't do this. 

Finally, the video does a nice job summing up key points at the end to reinforce what you learned. 

I think that while this is simpler than many longer and more detailed security videos that I have seen, in a way it is more successful delivering the message in a practical, down-to-earth approach that anyone can quickly learn core basic practices from. 

Moreover, this video could be expanded to teach additional useful IT security tips, such as password strengthening, social engineering, and much more. 

I believe that even Larry, the unsuspecting office guy, can learn his lesson here. ;-)

(Note: This is not an endorsement of any product or service.)
Share/Save/Bookmark