Tech content trusted by users in North America and around the world
7,023 Reviews & Articles | 50,049 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 3

Keep your luggage safe with this Bluetooth lock and app

By: Chris Smith | More News: Hacking & Security | Posted: Jan 7, 2016 4:35 am

CES 2016 - If you're worried about someone whipping out a bobby pin and Fallout 4-style breaking into your luggage, Dog & Bone are now offering its LockSmart Travel product, a TSA approved, keyless, Bluetooth connected luggage padlock and app.

 

keep-luggage-safe-bluetooth-lock-app_034

 

The app is compatible with Apple iOS and Google Android operated phones, functioning as a keyless and trackable way to keep your belongings safe. Access can be granted to additional smartphones by the owner, hopefully removing a flat battery issue. There isn't any override system as far as we know right now, so what's worrying is that you could be stuck in a foreign country with a flat phone, locked bag and the charger nestled safely within your locked baggage - unable to be taken out and used.

 

Set for availability in early 2016, the lock contains 128-bit encryption and will cost artound $100.

Tor Project launching their first ever bug bounty program

By: Jeff Williams | More News: Hacking & Security | Posted: Jan 1, 2016 5:03 pm

The Tor Project is getting its very own bug bounty program to help keep the wild onion nice and fresh in the face of increasing threats.

 

tor-project-launching-first-bug-bounty-program_17

 

The new bug bounty program was announced at their State of the Onion address that occurred at the annual Chaos Communication Congress security conference that's held in Germany. It's part of the Tor's continuing commitment to privacy and the realization that the more talented people that get their hands in the code-base, the better. "We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved." Nick Mathewson, the co-founder and chief architect of the Tor Project said.

 

They've teamed up with the Open Technology Fund to help fund the all the the good citizens that help the project.

Continue reading 'Tor Project launching their first ever bug bounty program' (full post)

Samsung thinks SmartTV's are unsafe, makes security solution: GAIA

By: Jeff Williams | More News: Hacking & Security | Posted: Dec 30, 2015 5:06 pm

Samsung has just introduced a new three-layered approach to security for their SmartTV ecosystem to better secure any stored information, such as account details, payment details or any data being sent between it and the Internet.

 

samsung-thinks-smarttvs-unsafe-makes-security-solution-gaia_37

 

This comes right after Samsung announced that they'd move more towards making their SmartTV's more of a hub for all of your IoT connected devices throughout your house. With that much data flowing between their TV's and being able to control your security system, lights and more, it's definitely a good idea to at least have a little encryption. Thankfully they're doing more than just a healthy dose of AES 256. Because of that centralized nature, security is important, Samsung said that "Protecting consumers' personal information is of the utmost importance to Samsung, both in terms of the company's values and what's needed for the continued growth and success of the IoT ecosystem."

 

GAIA works in three ways. First it separates the main operating system, the Tizen OS, from a secure space that can house all the important and personal bits of information and core services that's logically segmented in memory. This'll work in a similar way to how ARM's TrustZone and Intel's TXT works. The second piece is a built-in anti-malware service that can scan incoming and outgoing data, it'll also encrypt all traffic to and from the TV. The third part is much the same as the first, segmenting the OS in memory so that even if there is malware, it won't be able to touch the actual personal information.

Continue reading 'Samsung thinks SmartTV's are unsafe, makes security solution: GAIA' (full post)

AVG Chrome extension had a huge security hole, patched just in time

By: Jeff Williams | More News: Hacking & Security | Posted: Dec 30, 2015 12:32 am

One of AVG's Chrome addons, Web TuneUP had a security hole that your could drive a tank into, something that could potentially let websites with malicious code in their CSS take control of your PC, though only in a trivial manner.

 

avg-chrome-extension-huge-security-hole_06

 

The exploit was originally found by Google, who reported it to AVG to have fixed. The initial fix wasn't quite good enough, so they just pushed out a new fix that seems to solve the issue. That being said, it still seems to be vulnerable to XSS attacks, though that should be fixed soon as well.

 

One generally thinks that antivirus companies are a bit more scrupulous and careful when designing their applications, but this mistake, and a mostly glaring one, calls to question the type of quality control and examination goes on before things go live. But it's best to fly without any addons, because all addons can potentially be security risks. Browse safe!

Pre-installed malware on Raspberry Pi? They were asked to at least

By: Jeff Williams | More News: Hacking & Security | Posted: Dec 29, 2015 3:14 pm

It looks like some enterprising business people approached the Raspberry Pi Foundation with an odd business proposal, to pre-install their malware on the Raspberry Pi mini-computer.

 

 

In an email to the Foundation, a company, whose name was obviously redacted, was asking them to make available an exe file for installation (which wouldn't run on Linux anyway) in exchange for a sum of money for the amount of installations they detect.

 

This kind of tactic is surprising given the sheer audacity of asking a well-known organization, that prides itself on the many security applications of its minuscule box, outright to cheat its customers. It goes without saying that the Raspberry Pi Foundation didn't go along with their idea. It's even more hilarious that these peddlers of malware didn't seem to understand the platform being run on those devices. Maybe they'll ask Microsoft or Apple next?

Continue reading 'Pre-installed malware on Raspberry Pi? They were asked to at least' (full post)

The Hyatt hotels find malware hiding on their systems

By: Jeff Williams | More News: Hacking & Security | Posted: Dec 25, 2015 2:10 am

The Hyatt chain of hotels just yesterday found malware running on their systems that operate the payment processing for their hotels.

 

hyatt-hotels-find-malware-hiding-systems_14

 

In their statement they said that they've launched a full-scale investigation and are cooperating with some of the leading cyber-security experts in order to get the issues resolved. In the meantime, if you happen to have stayed at a Hyatt owned hotel within the past six months, be sure to keep an eye out on your bank accounts just in case something suspicious happens to show up.

 

How does one get malware onto a payment processing system? It's not terribly hard but there are best practices in place to make sure that it's difficult to do. Segmenting the network used and keeping it separate from other networks used for browsing the web, making sure that a proper IDS is in place to detect weird activity and limiting any IP addresses that actually access those systems processing card data to those on a whitelist. But those don't make it impossible, just harder and more likely to scare away all but the most seasoned and prepared of individuals.

Continue reading 'The Hyatt hotels find malware hiding on their systems' (full post)

Google is testing a new passwordless login system

By: Derek Strickland | More News: Hacking & Security | Posted: Dec 22, 2015 11:10 pm

In an effort to bolster account security, tech giant Google has confirmed that it's testing a new login system that doesn't require passwords.

 

google-testing-new-passwordless-login-system_5

 

Google is currently testing a new authentication method that could pave the way to password-free accounts in the near future. Google's method is very much like Yahoo's Account Key logins, which uses smartphone push notifications instead of manual passwords to log into Google accounts. The company's new sans password login method with a small batch of users, and one Reddit user has shared a few details on the new system.

 

According to an early access tester, the new method is pretty simple and is very much like linking a smartphone to a Roku to use a remote, or tethering a phone to an Xbox One to use Smartglass. Once your phone is linked and authorized to login to your Google account, the app sends a code that's shown on both screens, and users must type the same code to link the devices. Once that's done, users are logged in and can freely use their accounts. Basically Google's new method hinges on syncing, meaning you'll be matching digital pairs rather than typing in a per-session password.

Continue reading 'Google is testing a new passwordless login system' (full post)

Infrastructure hacking isn't a new thing, New York dam lost in 2013

By: Chris Smith | More News: Hacking & Security | Posted: Dec 22, 2015 4:34 pm

While we wrote that relatively small 'Western Nations' such as Australia are under possible infrastructure hacker threat due to low-security measures, news has come to light that a New York dam was infiltrated by Iranian hackers back in 2013.

 

infrastructure-hacking-new-thing-york-dam-lost-2013_054

 

With the dam being located no more than 20 miles from New York City, this Iranian hack likely came around thanks to Leon Panetta, ex-Defense Secretary, calling out Iran's hacking prowess in October 2012, putting Governments on high alert for possible hacker threats. With this hack taking place and being kept under the covers until recently, it's just one example of how infrastructure infiltration is a very real threat.

 

This classified dam is one of the very few public accounts of infrastructure control loss, with all major suppliers of electricity, sewage, water and more all linked to the internet.

Not even Hello Kitty is safe, 3.3 million accounts exposed in hack

By: Chris Smith | More News: Hacking & Security | Posted: Dec 21, 2015 6:35 pm

sanriotown.com is as a massive Hello Kitty community database and contains around 3.3 million accounts, with Gizmodo reporting that this website has been breached, leaking sensitive member information online.

 

even-hello-kitty-safe-3-million-accounts-exposed-hack_047

 

The data stolen from 'sanriotown' includes first and last names, encoded birthdays, member country of origin, email addresses, passwords, password hints and answers, plus various "other data points," says Chris Vickery , researcher from CSO online.

 

In addition to this hacked database, information from official Hello Kitty websites has also been spotted, including the original .com website, plus .sg, .my, .th and finally mymelody.com. If you beleive you have been involved in this hack it is advised that you change your password immediately.

Juniper Networks VPN Firewall security breach probed by the FBI

By: Jeff Williams | More News: Hacking & Security | Posted: Dec 20, 2015 4:02 am

Juniper Networks has had quite the week. On Thursday it seems that some unauthorized code was found to have been inserted into their ScreenOS, which forms the basis for their hardware filewalls. This malicious code would allow a backdoor into the firewall, letting potential attackers decrypt VPN traffic with the keys found inside.

 

juniper-networks-vpn-security-breach-probed-fbi_02

 

The fun doesn't stop there, however. Now the FBI has now gotten involved and will be investigating the possibility of whether foreign governments had been involved with inserting the malicious code for the purposes of intercepting encrypted communications from government employees.

Continue reading 'Juniper Networks VPN Firewall security breach probed by the FBI' (full post)

loading