A hacker has detailed a series of tricks that can silently reboot or brick routers or activate admins functions.
Many routers including Netgear and Surfboard models look to be affected, with most attacks requiring just victims' default universal credentials to be applied. Applications security bod Joseph Giron detailed how victims could be knocked offline or routers bricked.
Renowned database security expert David Litchfield discovered the issue last year on a client's system and at first he thought it was a backdoor left behind by an attacker.
"On investigation, it turns out the 'backdoor' is part of a seeded installation!" he said Monday on Twitter. "I was flabbergasted. Still am."
"We see compliance going down day by day, month by month, after the assessment," said Rodolphe Simonetti, managing director for Verizon's compliance consulting. "Compliance is supposed to be supporting security, not just a yearly checklist."
The Payment Card Industry Data Security Standard has 12 main requirements. The most likely to go unmet between audits? The requirement to maintain a firewall and making sure that there is a strong network protection later, said Simonetti.
While the world is laughing at UK PM David Cameron for his pledge to ban encryption, Australia is on the way to implementing legislation that could feasibly have a similar effect.
Moreover, the little-debated Defence Trade Control Act (DTCA) is already law - it's just that the criminal sanctions it imposes for sending knowledge offshore without a license are being phased in, and don't come into force until May 2015.
Just over a year ago, Jacob Appelbaum and Der Spiegel revealed pages from the National Security Agency's ANT catalog, a sort of "wish book" for spies that listed technology that could be used to exploit the computer and network hardware of targets for espionage. One of those tools was a USB cable with embedded hardware called Cottonmouth-I—a cable that can turn the computer's USB connections into a remote wiretap or even a remote control.
The trail that led US officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the well-guarded computer systems of a country considered one of the most impenetrable targets on earth.
Verizon fixed a serious vulnerability in its My FiOS mobile application that allowed unfettered access to email accounts, according to a developer who found the problem.
Randy Westergren, a senior software developer with XDA Developers, looked at the Android version of My FiOS, which is used for account management, email and scheduling video recordings.
All-or-nothing approaches to security are part of what's making it so hard to achieve acceptable protection, a new RFC suggests.
Written by Viktor Dukhovni of Two Sigma, RFC 7435 argues that the way current systems fail is a discouragement to good security. A binary failure – if two peers in a conversation don't have the same capabilities, the connection fails – can result in users avoiding encryption, for example, because it's too inconvenient; or administrators switching off because user problems are too frequent.
The centerpiece of President Barack Obama's new cybersecurity proposal is a controversial plan that would allow companies to share more cyberthreat information with government agencies, something that worries some privacy advocates.
Several photo, video and other media editing programs from software maker Corel contain DLL hijacking vulnerabilities that could allow attackers to execute malicious code on users' computers.
According to vulnerability research firm Core Security, when opening a media file associated with one of the vulnerable Corel products, the product will also load a specifically named DLL (Dynamic Link Library) file into memory if it's located in the same directory as the opened media file.
