Security

How many people listened to the Black Hat talk about the backdoor accounts present in scanners used by many airports in the United States and thought, "How am I going to fly back home after this?" I know I did.

Many of the machines deployed at airport security checkpoints have embedded accounts with default passwords that can be abused, Billy Rios, director of threat intelligence at Qualys, told attendees at the Black Hat conference on Wednesday. In this case, the concern is that attackers may be able to use the accounts as a backdoor to get access to the system.

John McAfee, the flamboyant anti-virus software industry pioneer, made a surprise appearance at a computer hackers' conference last Friday evening, where he unveiled a new website to give people a place online to vent their anger.

The one-time millionaire, who fled the Central American nation of Belize in 2012 after police sought to question him about the murder of a neighbor, said he set up the site for ordinary people to lodge complaints on anything from government corruption to bad consumer products.

Specialized servers used by many ISPs to manage routers and other gateway devices provisioned to their customers are accessible from the Internet and can easily be taken over by attackers, researchers warn.

By gaining access to such servers, hackers or intelligence agencies could potentially compromise millions of routers and implicitly the home networks they serve, said Shahar Tal, a security researcher at Check Point Software Technologies. Tal gave a presentation Saturday at the DefCon security conference in Las Vegas.

Security researcher Raashid Bhatt has detailed how to bust the security protections of the Zeus banking trojan allowing him to take a webcam photo of the scammer.

Bhatt (@raashidbhatt) wrote in a technical blog how he reverse-engineered the malware after a scammer attempted to foist the malware on him through a phishing scam claiming that "a person from your office was found dead outside" directing him to open a malicious attachment to verify the victim's identity.

Facebook is hoping its latest acquisition will help protect users from malware and other security threats.

The company announced Thursday it was acquiring PrivateCore, a security startup that focuses on securing remote servers. Facebook is hoping PrivateCore's technology will help make its own systems more secure, according to Facebook's chief security officer, Joe Sullivan, in this Facebook post.

A group of innovative hackers used free services from Google and an Internet infrastructure company to disguise data stolen from corporate and government computers, a security firm reported.

FireEye discovered the campaign, dubbed Poisoned Hurricane, in March while analyzing traffic originating from systems infected with a remote access tool (RAT) the firm called Kaba, a variant of the better known PlugX.

To our U.S. readers, paying with a credit card means swiping a magnetic strip. But for people in much of Europe and other countries, it means inserting your chip card into a reader and entering your PIN. This so-called chip and PIN solution has long been touted as far superior to the American swipe, and in most ways it is. But there are some serious issues with how the scheme has been implemented.

Yahoo users may have benefited most from the “Snowden effect.” The tech company was a laggard when it came to security practices until the NSA leaker’s disclosures made clear the extent to which weak security practices by tech companies are being exploited by talented hackers.

A keyless security system that doesn't use databases and never stores passwords has hit the Kickstarter crowdfunding website, promising to encrypt data and make it inaccessible to hackers and spies.

A startup named Venux has created an "NSA proof" security system called Venux Files, a universal file management system that provides access to many cloud-based services such as Dropbox and iCloud, making it easier for users to store, access, and manage files securely from any location.

During his keynote and a press conference that followed here at the Black Hat information security conference, In-Q-Tel Chief Information Security Officer Dan Geer expressed concern about the growing threat of botnets powered by home and small office routers.