TweakTown NewsRefine News by Category:
A security consultant speaking at the Black Hat event has outlined how he gained access to the controls of 200 luxury hotel rooms in China.
At a session called Learn How To Control Every Room At A Luxury Hotel Remotely at Black Hat, Las Vegas, Jesus Molina spoke of the time he spent staying at the St Regis hotel, Shenzhen. Molina became "bored" - at which point he picked up a complimentary iPad granted to guests and reverse engineered a home automation protocol, KNX/IP. He then had access to the lights, temperature and more in his room - but by simply changing one digit of the iPad's IP address he could control rooms all over the hotel.
Molina thought about testing the methods with the door lock mechanism but decided not to. "I thought about looking to see if a similar system controlled the door locks but got scared," he said, according to Sky News. Later he made sure to inform the parent company of the security flaw, which is apparently now shut.
An American web security company, Hold Security, claims Russian criminal rings have built enormous databases of 1.2 billion stolen usernames and passwords, along with half a billion email addresses.
This heist will be the biggest identity theft of data in the history of the internet, according to Hold Security, and it is thought to have compromised roughly 420,000 websites. Hold has not named the companies it believes were hit but asserted brands both big and small are among those affected.
"We were amazed when 10,000 passwords went missing," company founder Alex Holden said. "Now we're in the age of mass production of stolen information. These guys did nothing new, they just did it better and on a mass level so it affects absolutely everybody."
The Mozilla Foundation has made a mistake that left the credentials of about 76,000 developers using its Mozilla Developer Network vulnerable to hackers. During a sanitation process on the server where the data was stored, some sort of error cause an emergency dump of the data on that server to be sent to a backup server.
That emergency dump is something that many servers do to prevent data loss. The catch is that the backup server where the data was dumped was unencrypted. That means that the details of those 76,000 developers were available to be copied by anyone along with 4,000 encrypted passwords.
Mozilla has removed the data now, but the information sat there for a month before developers noticed the issue. Mozilla says that the passwords would not work and that it hasn't seen any sort of breach using the data.
Tech heavyweights Apple and SAP are being taken to task in Russia, with officials from the government demanding the two hand over their source code to allay fears they can be exploited for surveillance purposes.
Russian communications minister Nikolai Nikiforov insisted a thorough check is necessary to determine just how private the data of users is, in particular those in the government and figureheads of Russian industry.
Nikiforov made clear in his comments that the revelations exposed by NSA whistleblower Edward Snowden are a driving force behind the demands. "The revelations of Edward Snowden in 2013 and public statements of US intelligence to strengthen [the] surveillance of Russia in 2014 raised the question seriously [of] confidence [in] foreign software and hardware," he said, ZDNet reports. "It is obvious that those companies that disclose the source code of their programs, not hiding anything, but those who did not intend to cooperate with Russia on this issue may have undeclared capabilities in their products." The agency also asserted companies that do not agree to the tests could well find their products leaving the Russian market.
Russia has posted an official bounty that offers a 3.9 million ruble sum - almost 200,000 USD - to the first people who can identify and track users on Tor.
The Russian Ministry of Internal Affairs, which posted the bounty, requires applicants to pay a hefty application fee - and they must be either a Russian citizen or a Russian company to apply. The competition runs from August 13 to August 20, and the deadline for submission is November 30.
Tor has been a persistent thorn in the side of intelligence agencies around the world. Tor, or The Onion Router, has taken in a lot of cash from America's department for defense, as well as having been utilized by police and other authorities. But it is also used as a way to anonymize traffic among dissenting citizens and human rights activists. Vladimir Putin recently approved a law that would open up access to data within Russia to Russia's intelligence service - as well as his administration insisting high-circulation bloggers with over 3,000 visits a day formally register with the government.
The Microsoft One Xbox game console will be exclusively offered in China using the China Telecom network, both companies recently announced. This will be the first Xbox One to enter the Chinese market this Autumn, China Telecom said in a recent press statement.
The Xbox One has struggled throughout Asia, where the Sony PlayStation series of game consoles remain popular. However, lower pricing and a stronger marketing push has drawn attention from gamers - where Microsoft partnered with the BesTV New Media Internet TV set-top box.
The game consoles will be available starting in China Telecom stores starting this September, with an estimated $80 million investment from BesTV and Microsoft to help move the project along.
The Bay Area Pain Medical Associates company recently sent notices to patients informing them of a data breach on May 19, in which three desktop PCs were stolen following an office break-in. The Sausalito Police Department is currently investigating, as the company warns patients of what is at risk: There were around 2,780 patients affected due to the breach, with a spreadsheet including patient data available on one of the PCs taken from the office.
The medical records were encrypted, but a single Excel spreadsheet contained "approximately 2,780 patient names, including yours, and years of service may have been available," the company sent in a memo to patients.
These types of incidents seem to happen too frequently - even if PCs and laptops are safely secured in offices - security experts recommend ensuring devices are password-protected and utilize encryption. Selling medical records is big business to cybercriminals, more valuable than traditional stolen personal information.
A group compromised of U.S. and foreign citizens have been arrested and indicted for their alleged role of an international crime ring that ripped off StubHub. Two Americans, one Russian national, three people from London, and one Canadian were rounded up - the six conspired to use stolen debit and credit card information to purchase thousands of tickets to sports games, concerts, and other in-demand tickets.
The tickets would then be resold and the profits would be split amongst the group. They face a mix of charges related to money laundering, criminal possession of stolen property, identity theft and grand larceny, according to the court.
"You are no longer safe to travel and operate outside of your home country, without significant risk of arrest and prosecution," said Robert Capps, StubHub former security executive, in a statement. "Isolation is a powerful force in the effort to change behaviors. Confined within the borders of their home country, I suspect we'll see a change in behavior of some of these criminals."
The Wall street Journal operates a print publication and it has an online presence as well. Hackers recently attacked the WSJ computer network and forced the publication offline. Authorities say that the hackers were able to infiltrate WSJ computer systems used to host graphics.
As a result of the breach, systems were taken offline to isolate the attack. According to the WSJ, no damage, or altering of news graphics has been found, but a review of the systems is ongoing. A spokesman for the WSJ said, "We are investigating an incident related to wsj.com's graphics systems. At this point we see no evidence of any impact to Dow Jones customers or customer data."
A user going by the name w0rm posted to Twitter an image of the hacked website with an offer to sell the user name and other info required to control the server for a bitcoin, worth about $620.
A person and mobile phone search database popular among law enforcement and federal agencies, LP Police, has now added advanced live data search capabilities so police can resolve cases faster.
A new social media search allows offers to enter a name and have immediate access to user profiles, profile photos, social influence, and other data, from more than 100 social media services. Searching for people through the work search feature will pull current and former employers, names, company names, position held, phone numbers and addresses.
"The LP Police team is pleased to introduce yet another round of significant search updates and user improvements," said Ron Lifton, LP Police CEO, in a press statement. "Police departments, government agencies and law enforcement across the country unanimously endorse our ongoing enhancements, best phone data in the industry, and bullet proof customer support."