Security

The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher.

At the Hack in the Box 2014 security conference in Amsterdam, Corey Kallenberg, a security researcher from nonprofit research organization Mitre, also showed Thursday that it's possible to render some systems unusable by modifying a specific UEFI variable directly from the OS, an issue that could easily be exploited in cybersabotage attacks.

Apple's biggest announcement today was, without a doubt, iOS 8's new openness. As the company's press release says, it's their biggest developer release ever, with more than 4000 new application programming interface (API) calls.

"iOS 8 allows developers to further customise the user experience with major extensibility features like Notification Center widgets and third-party keyboards; and introduces robust frameworks such as HealthKit [for health and fitness apps to communicate with each other] and HomeKit [for home automation]," Apple writes.

Inexpensive equipment can be used to disrupt vessel-tracking systems and important communications between ships and port authorities, according to two security researchers.

During the Hack in the Box conference in Amsterdam Thursday, Marco Balduzzi, a senior research scientist at Trend Micro, and independent security researcher Alessandro Pasta described three new attacks against the Automatic Identification System (AIS), which is used by over 400,000 ships worldwide.

A group of developers has decided to continue supporting free encryption tool TrueCrypt which appeared to have suddenly closed its doors last week, leaving customers angry and confused.
 
A new website has been created at truecrypt.ch where Thomas Bruderer and Joseph Doekbrijder are co-ordinating efforts to make existing versions of the product available again and eventually to fork the code for future development.
 

Imagine driving down the highway at 70 miles per hour, when suddenly the wheel turns hard right. You crash. And it was because someone hacked your car.

It's not far-fetched science fiction. It's the near-term future today's hackers are warning about.

Authorities in Macau — a Chinese territory approximately 40 miles west of Hong Kong — this week announced the arrest of two Ukrainian men accused of participating in a skimming ring that stole approximately $100,000 from at least seven ATMs.

The fifth annual HITB Security Conference in Amsterdam kicks off this week and prominent security researcher Rahul Sasi is scheduled to present a way to allow you to hijack a cable TV channel and broadcast your own content - just like in the movies! From his talk abstract:

The talk will have various small demos that will include,

If you were tried to install OS X software updates this weekend, you might have noticed that you...can’t. As MacRumors points out, OS X users who attempt to install software updates through the App Store app are getting error messages that complain about an invalid certificate. The reason? Apple apparently forgot to renew the SSL certificate in question.

Not too many people would know or remember this, but Vint Cerf is one who does: May 2014 marks the 40th anniversary of the first publication of the description of what we know today as the Internet.

In September 1973, Cerf and a colleague, Robert Kahn, wrote a paper, "A Protocol for Packet Network Intercommunication," for the May 1974 edition of IEEE Transactions on Communications. The dissertation described how packets of digital data would be able to move from one computer node to another, then to another, then to many others, using new protocols and standard phone networks.

A $12.7 million supercomputer owned by Niwa has been targeted by a computer hacker believed to have come from China.

The computer, known as FitzRoy, is housed in a specially constructed room at the National Institute for Water and Atmospheric Research base at Greta Point, Wellington.