Journalists and citizens living under repressive regimes alike depend on the encrypted Tor browser to surf the web anonymously. But in certain cases, an attacker can figure out which dark web site a user is trying to access by passively monitoring Tor traffic, and even reveal the identity of servers hosting sites on the Tor network.
Microsoft Windows 10 will have a number of improvements when it launches tomorrow, including a revamped Start menu, a speedy Microsoft Edge web browser, a built-in Cortana digital assistant and the ability to stream games from an Xbox One console to another device. But there is a controversial feature shipping with Windows 10 called Wi-Fi Sense — which will be enabled by default.
Russian hackers have figured out a way to use Twitter to communicate with malware that’s infected target computers, allowing them to cover their tracks while making their way into confidential government computer systems.
The hackers upload special images to the social media site that stealthily transmit directions to installed malware that can then steal files or other unwanted actions, reported the Financial Times. The advantage of this approach is that targeted computer systems don’t register the intrusion. It looks like just another Tweet.
Fiat Chrysler’s recall of more than 1.4m of its Jeeps so they can be fitted with a software patch to make them safe from having the controls taken over remotely, draws attention to an unnerving fact: any modern car is a network of anything up to 70 powerful computers that happen to be mounted on wheels and armoured in a tonne or more of steel. Every new car sold in the past few years is running about twice as much code as the whole of Facebook.
L33tdawg: Dmitry Chastuhin from ERPScan will be at #HITBGSEC in Singapore where he'll show off an attack against SAP Afaria - One SMS to hack a company.
ERPScan researcher Alexey Tuyrin says hundreds of Oracle PeopleSoft users, including banks, are running publicly-exposed services that are open to a token-plundering vulnerability.
We reported on a newly discovered Android security vulnerability yesterday, hackers can gain access by simply sending a MMS message to the target’s device and it doesn’t even matter if that message is opened or not, Android’s default media handling system would automatically process the message and activate the code. Naturally this has raised security concerns and Google has now come out with a statement on the matter, it promises a fix for this flaw by next week.
A researcher is advising drivers not to use a mobile app for General Motors Co's (GM.N) OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely.
"White-hat" hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to "locate, unlock and remote-start" vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.
While most people tune in to Apple's WWDC keynote to figure out what's coming in the next version of the company's operating systems, the event is a developer's conference. Apple genuinely uses WWDC to introduce a lot of new technologies that end users will never experience directly. So with the exception of big news like Swift, the company generally does this in later, non-public talks and through the software released via its Developer Connection.
L33tdawg: This HITB GSEC session by folks from Citizen Lab and VXRL will hopefully shed some light: http://gsec.hitb.org/sg2015/sessions/session-014/
Once a month, cybersecurity lawyer Paul Haswell gets a call from an Asian company with the same question: We’ve been hacked. Who do we need to tell?
More often than not, his answer is “no one.” The client will hang up before Haswell can urge them to go public anyway.
The issue is simple enough: if we had started with NAND flash - instead of disks - in the late 1950s, would our storage devices and software stack look like they do today? No, of course not.
Over the last year, researchers have been teasing out the problems with making flash look like disks. While these problems are less of an issue for notebook and desktop users, they are a big problem for servers.