TweakTown
Tech content trusted by users in North America and around the world
6,071 Reviews & Articles | 38,992 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 70

TOR advises users to steer clear of Windows and switch to another OS

Today, TOR began advising its users to avoid using Microsoft Windows at all cost. The advisory comes after NSA spying was discovered that used malware injected by using the Firefox zero-day vulnerability to gather users' machine names and Mac addresses, which were then being sent back to US government servers.

 

TweakTown image news/3/2/32196_1_tor_advises_users_to_steer_clear_of_windows_and_switch_to_another_os.jpg

 

The security advisory posted by the TOR Project states that the only sure-fire workaround to this exploit is to switch away from Windows. They advise this because the JavaScript that was used to inject the malware was specifically written to target Windows machines running the Firefox 17 ESR browser that was packaged with the TOR Browser Bundle. This allowed the attackers to unmask TOR users without actually installing any backdoors into their host machine.

 

Mozilla has since patched this vulnerability, but the TOR Project says that there are still many out there who use the affected version of the browser. "Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect," TOR wrote. "A future version of Tor Browser Bundle will have an easier interface for letting you configure your JavaScript settings."

Vulnerability found in Tor Browser Bundle, beams info back to the NSA

In the ongoing saga of NSA spying, it appears that not even the darknet is safe. Today, reports came in that an exploit has been discovered in the Tor version of Firefox 17 that comes packaged with the Tor browser bundle. An exploit in the browser's code allowed malware to be injected into the system which then beamed the machine's hostname and MAC address back to a remote server in Reston, Virginia.

 

TweakTown image news/3/2/32144_1_vulnerability_found_in_tor_browser_bundle_beams_info_back_to_the_nsa.jpg

 

The exploit was based on a vulnerability that arises when websites on the darknet attempted to run JavaScript. After a little digging, sources found that the remote server located just outside of Washington DC then sent those hostnames and MAC addresses to NSA servers located all over the country. The exploits as well as the NSA spying were discovered by Baneki Privacy Labs, a collective of Internet security researchers, and VPN provider Cryptocloud.

 

The vulnerability is only present in the Windows version of the Firefox Extended Support Release 17 browser that was bundled with the Tor Browser Bundle before June of this year. Because automatic updating is turned off in this version, anyone who downloaded the Tor Browser Bundle before June is susceptible to the spying. Tor recommends that users download the new version of the Browser Bundle to stay secure.

Samsung Smart TVs could let hackers watch you via built-in webcam

With all the recent revelations and allegations about the NSA and other foreign agencies been able to spy on you through backdoors in your computers and through the microphones on your smartphones, tablets, and other mobile devices, it should come as no surprise that your Smart TV may be spying on you as well.

 

TweakTown image news/3/2/32102_1_samsung_smart_tvs_could_let_hackers_watch_you_via_built_in_webcam.jpg

 

It's not pleasant all the stories are popping up at the same time, as this week the world's largest security conference known as Black Hat took place in Las Vegas, Nevada. Yesterday, two researchers named Aaron Grattafiori and Josh Yavor demonstrated several vulnerabilities found in the 2012 models of Samsung's Smart TV line. The demonstration took place as Black Hat was wrapping up and it showed how hackers could turn on the built-in camera, take control of social media apps, and access files that were stored on the television.

 

"Because the TV only has a single user," Grattafiori explained in an interview with Mashable, "any type of compromise into an application or into Smart Hub, which is the operating system--the smarts of the TV--has the same permission as every user, which is, you can do everything and anything."

 

The two researchers discovered these issues back in December 2012 while working for security firm iSEC. They said that they alerted Samsung back in January and the company has since patched these holes via three software updates and on future generation devices, however, TVs that have not downloaded the update still remain vulnerable.

WSJ: FBI can remotely activate Android and laptop microphones

If you still thought you had privacy after all of the news you've been reading about the NSA PRISM system, or the GCHQ, then you'd be wrong. Very wrong. The Wall Street Journal is now reporting that the FBI has the power to remotely activate microphones in Android smartphones and laptops to record conversations.

 

TweakTown image news/3/2/32088_04_wsj_fbi_can_remotely_activate_android_and_laptop_microphones.jpg

 

This is all coming from a single anonymous former US official, who says that remotely forcing a cellular microphone to listen in on a conversation isn't something new. The FBI used something they called "roving bugs" to spy on alleged mobsters back in 2004, and further back in 2002 they used the roving bugs to keep tabs on supposed criminals using the microphone in a vehicle's emergency call system.

 

The anonymous US official said that there is a dedicated FBI group that regularly hacks into computers, where they use a mix of custom and off-the-shelf surveillance software which they purchase from private companies. One of the Journal's sources said that the "Remote Operations Unit" will sometimes install software by physically plugging in a USB device, but they can also do it through the Internet by "using a document or link that loads software when the person clicks or views it."

Continue reading 'WSJ: FBI can remotely activate Android and laptop microphones' (full post)

AMD responds to hardware backdoor allegations

Yesterday, I covered a story about the big chip manufacturers allegedly installing hardware level backdoors into the processors used in all of our PCs. The allegations came from two security industry experts who both claim to have proof of concept demonstrations already. Earlier today, AMD's Michael Silverman contacted me with an official statement on the matter in which he called the allegations "unfounded."

 

TweakTown image news/3/2/32081_1_amd_responds_to_hardware_backdoor_allegations.jpg

 

Providing security to users of our processors is a key priority for AMD. We've been incorporating security features into our silicon for many years. There's no reason for the unfounded speculation that has been occurring.

 

With the Black Hat conference wrapping up today, we will be keeping our eyes open for any whitepapers or proof of concept demos that prove the backdoors exist. I have reached out to both of the security experts for statements as well, but have yet to receive a response. If and when that response comes in, I will be sure to post an update.

AMD and Intel in bed with NSA? Are backdoors built into processors?

The Australian Finance Review has just published a new story that suggests that the NSA may have hardware level backdoors built into current generation AMD and Intel processors. Leading security expert Steve Blank says that he first caught on to the practice when he noticed that the NSA had access to Microsoft emails before they were encrypted. He says that he would be extremely surprised if the NSA did not have access to a processor microcode level backdoor on every PC in America.

 

TweakTown image news/3/2/32067_1_amd_and_intel_in_bed_with_nsa_are_backdoors_built_into_processors.jpg

 

His reasoning behind the theory is quite simple. The sheer power needed to brute force crack AES 256-bit encryption on a single file would be equivalent to "the power of 10 million suns" and that a hardware backdoor would require almost no effort to enter and would allow agents access inside your PC in a matter of minutes. Jonathan Brossard, another expert in the security field, demonstrated this as a proof of concept at last year's Black Hat conference. These backdoors are made possible because they are placed inside the microcode which is stored on the chip itself and gets updated every time Microsoft, Apple, or any other OS pushes out an update.

Using just basic tools, all GPS units across the world can be hacked

According to a new study, the world's GPS system is open to hackers who could hack virtually any and all GPS units and take control of commercial airliners, for example.

 

TweakTown image news/3/1/31990_02_using_just_basic_tools_all_gps_units_across_the_world_can_be_hacked.jpg

 

The tools required are simple: a laptop, a small antenna, and an electronic GPS "spoofer" which would cost $3,000. The report comes from GPS expert Todd Humphreys and his team at the University of Texas who took control of a sophisticated navigation system that was built into an $80 million, 210-foot super-yacht in the Mediterranean Sea.

 

Humphreys told Fox News: "We injected our spoofing signals into its GPS antennas and we're basically able to control its navigation system with our spoofing signals." The team hacked into the yacht's navigation system by sending it counterfeit radio signals and were able to navigate the ship off course, steering it in any direction they wanted.

Continue reading 'Using just basic tools, all GPS units across the world can be hacked' (full post)

Ubuntu user forums hacked, 1.8 million user credentials stolen

Over the weekend, the Ubuntu forums went down after a massive security breach resulted in over 1.8 million user credentials being stolen. Canonical made a decision to put the forums in maintenance mode in an attempt to ward off any further attacks. The company says that the attackers managed to get away with every user's local username, password, and email address that was stored in the Ubuntu forum's database.

 

TweakTown image news/3/1/31863_1_ubuntu_user_forums_hacked_1_8_million_user_credentials_stolen.jpg

 

The company says in the passwords were stored as salted hashes instead of plaintext, but they still recommend that you change any and all passwords that were used on other services such as email, Facebook, or other forum accounts in which you might have use the same password. Canonical says that Ubuntu One, Launchpad, and other related services were not affected by the breach and users of those services need not worry.

GitHub suffers massive DDoS attack, says it is recovering quickly

Today, the popular version control code repository GitHub issued a statement to the media announcing that it has been fending off a massive attack on its system which managed to knock it servers off-line early Friday morning. The company said that around 10:40 UTC the site was struck with a massive DDoS attack from unknown sources.

 

TweakTown image news/3/1/31818_1_github_suffers_massive_ddos_attack_says_it_is_recovering_quickly.jpg

 

Roughly an hour and a half later, the company had implemented processes that began to alleviate the load on their servers but things were not yet back to full functionality. "We've put mitigation in place that should deflect the attack, and services are recovering. We're continuing to monitor closely," GitHub said in a statement.

 

This is the second large DDoS attack against GitHub this year with the first happening back in March. Before that, the site experienced another massive attack in September 2012 and one before that during February 2012 that lasted for a whole week. It is unclear who keeps attacking the site or what motivates them to try and bring down the service.

Continue reading 'GitHub suffers massive DDoS attack, says it is recovering quickly' (full post)

HP caught red-handed installing secret backdoors into their enterprise storage products

After the last month or so with the unveiling of the NSA PRISM system from Edward Snowden, as well as GCHQ, you'd think people would be up in arms over their security. How deep does the rabbit hole go, you ask?

 

TweakTown image news/3/1/31683_05_hp_caught_red_handed_installing_secret_backdoors_into_their_enterprise_storage_products.jpg

 

Well, it's now coming to the point where Hewlett-Packard have had to admit, for the second time in a month, that they've built secret backdoors into their enterprise storage products. Technion, a blogger, is the one who has blown the whistle on this one, who saw the security issue in one of HP's StoreOnce systems last month, but then found more backdoors in HP's storage and SAN products.

 

HP's statement, after Technion blew the whistle, admitted that "all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer."

Continue reading 'HP caught red-handed installing secret backdoors into their enterprise storage products' (full post)

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases