A site that's been warning the public about data breaches might actually be doing more harm than good.
Enter LeakedSource, a giant repository online that can potentially make hacking easier. Your email address and the associated Internet accounts -- including the passwords -- is probably in it.
The Apple vs. FBI fight over breaking the encryption of the San Bernardino iPhone was one of the most important news topics of the beginning of the year. Ultimately Apple won, as it didn’t have to create a backdoored version of iOS that would let the FBI spy on that iPhone 5c that belonged to one of the San Bernardino shooters. The FBI won too, as it bought an iPhone hack for more than $1.3 million that let it bypass the password that protects the lockscreen of iPhones.
Hackers love exposing Tesla’s electronic weaknesses. Just this August, researchers showed how they could use jamming and spoofed signals to convince the Tesla Model S autopilot that real objects had disappeared or fake obstacles had appeared. A year before, researchers prized open a Tesla’s dash and attached computers to kill the car mid-drive. And today hackers from Tencent’s elite KEEN Team TISI +% hacker crew claimed to have demonstrated the first remote exploit of Elon Musk’s vehicles, making the potential for real-world attacks a little more realistic.
As we move to a world of hybrid data centers that span both private and public clouds, encryption will become increasingly ubiquitous and important. While the physical control of infrastructure becomes less and less relevant, the logical control of encryption becomes the foundation of trust. As such, the integrity of an encryption solution moves more centrally into the spotlight.
On Monday, a report surfaced claiming that a teen hacker using the alias “Fear” managed to gain access to hundreds of FTP servers owned by the U.S. government. The hacker initially gained access to one server, but then discovered that it listed the access credentials to all FTP servers residing on the .us and .gov domains. The .us servers include public data, private data, program source code, and more sensitive data, while the hacker wouldn’t say what’s loaded on the .gov sites.
Cisco’s Product Security Incident Response Team recently uncovered that the vulnerabilities revealed by the “Shadow Brokers” group as part of NSA’s set of hacking tools, were now being used against at least some of its customers:
“On August 15, 2016, Cisco was alerted to information posted online by the Shadow Brokers group, which claimed to possess disclosures from the Equation Group,” said Cisco in a recent security advisory.
Criminals have started to aggressively erase EXIF metadata from their photos to make it harder for authorities to locate them, Harvard University students Paul Lisker and Michael Rose find.
Unbeknownst to most, digital cameras and smartphones that shoot in JPG or TIFF formats write information on where a photograph was taken, when, and the camera used, every time the virtual shutter opens. That data is written in the "exchangeable image file format" (EXIF) standard.
Security researcher Bruce Schneier spotted a series of DDoS attacks which may be part of a larger effort to learn how to take down the internet on a national or even global scale.
The attacks targeted major companies that provide the basic infrastructure for the internet and the incidents seem to appear to have probed the companies' defences to determine how well they can protect themselves, according to a 13 Sept blog post.
At Blackhat 2016 Jean-Philippe Aumasson and Markus Vervier were a bit bored and decided to take a peek at the Signal source code. This actually evolved into a longer hunt for bugs in the high profile messenger recommended by Snowden. Since two of the bugs for the Java reference implementation of Signal have been publicly fixed after our disclosure, we think we should give a little description about what we found.
L33tdawg: On an unrelated note, Google's resident “exploit enthusiast” Natalie Silvanovich will be delivering the closing keynote at HITBSecConf2017 - Amsterdam in April :)
