TweakTown
Tech content trusted by users in North America and around the world
5,916 Reviews & Articles | 38,116 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 73

Google building a privacy 'red team' that will solve privacy concerns in the future

If you're a heavy Google user like myself, you might be concerned with your data privacy. But, it looks like the Mountain View-based company is building themselves a privacy "red team" for such matters.

 

TweakTown image news/2/5/25453_03_google_building_a_privacy_red_team_that_will_solve_privacy_concerns_in_the_future.jpg

 

Google's new division comes hot on the hells of the FTC's $22.6 million record-setting fine, where the company was accused of a tracking cookie incident that allegedly occurred sometime in 2011 and 2012.

 

The 'Red Team' plans were found from a recent job posting, and according to ZDNet, a red team would normally work internally at a company to go over everything from policies and products, to services and the workforce in general. The job is usually described as a quality control measure taken a bit further, to make the company work more efficiently.

Google runs Pwnium 2, if you can hack Chrome, there are $2 million in rewards up for grabs

Google have announced the second Pwnium hacking competition after widthdrawning from this TippingPoint's annual Pwn2Own which was previously held back in February. Google have thrown $2 million in rewards for anyone who can find bugs in their popular Chrome browser, exploit them and detail how they achieved the hack.

 

TweakTown image news/2/5/25366_04_google_runs_penium_2_if_you_can_hack_chrome_there_are_2_million_in_rewards_up_for_grabs.jpg

 

The first Pwnium that was held in March, in Vancouver, only had $1 million up for grabs, and only a slice of that was handed out. This was because there were only two submissions, requiring Google to sign over just $120,000 of the $1 million they had up for grabs. So, what are Google offering? $60,000 for a full Chrome exploit using only bugs found in the web browser itself. $50,000 for a partial Chrome exploit using Chrome itself, or other browser, or Windows flaws such as Webkit or kernel-level flaws.

 

Finally, $40,000 for a non-Chrome exploit for a bug found in Flash, Windows or a driver. In addition incomplete or unreliable exploits may be eligible for a prize, where Google have said "our rewards panel will judge any such works as generously as we can". Sounds like Google just want to give money away! Rules have changed from the annual Pwn2Own hacking competition, with TippingPoint no longer requiring entrants to reveal all the details about exploits used to compromise security. Google has said that this change is "worrisome" and decided to leave the competition, promoting their own Pwnium challenge instead.

Saudi Aramco, the world's largest oil company, is being cyber-attacked

Saudi Aramco, who has the title of the world's largest oil company, has been struck by a cyber attack. The company has reported that nearly all of their workstations have been hit by malware, and the breach is said to be similar to the attack on Iranian systems back in Apri, but oil-production industrial equipment was not affected.

 

TweakTown image news/2/5/25348_08_saudi_aramco_the_world_s_largest_oil_company_is_being_cyber_attacked.jpg

 

Saudi Aramco have said they've disconnected their entire network from the Internet as a precautionary measure, and expect a full recovery of their systems before the end of the week. The oil company hasn't said who is involved, but have insisted that the production of oil has not been altered as a result of the breach. The company said in a statement:

 

The company employs a series of precautionary procedures and multiple redundant systems within its advanced and complex system that are used to protect its operational and database systems.

 

There are other networks connected to the Aramco system, with companies Chevron and Schlumberger Ltd attached, and vulnerable. Most of the oil industry companies across the world have moved over to Windows-based systems during the Y2K scare, and could face similar problems. Also, the rapid expansion of Internet connectivity mixed with the nature of Windows has increased the chances of a cyber attack to the energy industry.

Android malware level has tripled in Q2 2012

Malware is bad. It's created by people who want to cause you trouble or steal your information. It's a fact of life that Windows will always be a target of malware, but how about Android? It seems as more hackers and scammers are now targeting the mobile operating system with varying degrees of success.

 

TweakTown image news/2/5/25336_1_android_malware_level_has_tripled_in_q2_2012.jpg

 

In the second quarter of 2012, Kaspersky Labs found that the number of malware out there targeting Android has tripled. Likely this is the result of an increased number of Android phones giving malicious programmers a wider base to attack. This is the same reason so many different malwares are written for Windows.

 

During the three months that make up the second quarter, the number of new malware increased to nearly 15,000. 49 percent of the malware were multi-functional Trojans designed to steal data such as contact names, phone numbers, and e-mails. 25 percent were SMS Trojans which send texts to premium numbers to gain money for the programmer.

 

Trojan Spy malware only constituted 2 percent of the newly found malware and this is a good thing for users as Trojan Spy malware is the most dangerous to users. It is able to transfer information to the programmer which gives access to bank accounts and other sensitive accounts.

WikiLeaks unveils TrapWire, a very scary surveillance system, gets taken down by DDoS attack, coincidence?

This is something that I've read with great interest, and to anyone who has seen the TV show "Person of Interest", you'll understand that these types of systems are not just fiction, but they can be used for wrong-doing, too.

 

TweakTown image news/2/5/25286_09_wikileaks_unveils_trapwire_a_very_scary_surveillance_system_gets_taken_down_by_ddos_attack_coincidence.jpg

 

Last week, WikiLeaks talked of, and released internal documents and e-mails by hackers regarding TrapWire. TrapWire is a privately-owned surveillance technology that is used by various private and public agencies. TrapWire seems to work by collecting surveillance data from 'participating' private and public sources, such as CCTV cameras.

 

The data is then poured into the system, where TrapWire can analyze the data, detecting changes in patterns such as noticing a certain vehicle is not on its usual morning commute to work, which can then be looked at as 'suspicious behavior'. The technology is owned by Abraxas, who were eventually acquired by Cubic. In 2005, Abraxas Corp. CEO Richard Hollis talked about TrapWire:

 

TrapWire can help do that without infringing anyone's civil liberties. It can collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists. The application can do things like "type" individuals so if people say "medium build," you know exactly what that means from that observer.

Continue reading 'WikiLeaks unveils TrapWire, a very scary surveillance system, gets taken down by DDoS attack, coincidence?' (full post)

Blizzard gets hacked, emails, answers to security questions and more gets taken

The developer behind successful titles such as the recently released Diablo III, and World of Warcraft, oh I suppose we can't leave out StarCraft, has posted an "important security update" to its official website. Blizzard have announced that their security team found an "unauthorized and illegal access into our internal network here at Blizzard".

 

TweakTown image news/2/5/25242_01_blizzard_gets_hacked_emails_answers_to_security_questions_and_more_gets_taken.jpg

 

The developer quickly took appropriate steps to close off access, and started working with law enforcement and security experts to investigate into the matter. At the moment, Blizzard have found no evidence that financial information (such as credit card details) or billing details and real names were compromised. Blizzard's investigation is ongoing, but there's nothing suggesting that these pieces of information were accessed.

 

What was accessed, were lists of email addresses for global Battle.net users, outside of China. This mens that players on North American-based servers, such as North America, Latin America, Australia, New Zealand, and Southeast Asia had their personal security question, and information regarding to Mobile and Dial-In Authenticators were accessed. Blizzard have noted that based on what they currently know, this information is not enough for anyone to access Battle.net accounts.

Continue reading 'Blizzard gets hacked, emails, answers to security questions and more gets taken' (full post)

Apple slap 24-hour suspension on phone-based resets of Apple ID passwords in a bid to stem more hacks

And so they should. After having the joy of a daisy-changed hack, Mat Honan has been keeping the tech world up-to-date on the going ons of the recent hack over at Apple, and what companies are doing to make sure that it doesn't happen to anyone else.

 

TweakTown image news/2/5/25200_03_apple_slap_24_hour_suspension_on_phone_based_resets_of_apple_id_passwords_in_a_bid_to_stem_more_hacks.jpg

 

Apple have improved their services, issuing a 24-hour ban on calling Apple support to change your Apple ID password. Honan's hack involved some social engineering, meaning that a hacker actually made a voice call, setting up accounts pretending to be him. Wired reported on the ban, saying:

 

Apple on Tuesday ordered its support staff to immediately stop processing AppleID password changes requested over the phone, following the identity hacking of Wired Reporter Mat Honan over the weekend, according to Apple employees.

 

An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.

Continue reading 'Apple slap 24-hour suspension on phone-based resets of Apple ID passwords in a bid to stem more hacks' (full post)

Three Windows 8 exploits found before official release

It's a sad reality that there's always someone trying to break into Windows. This is due to the wide use that Windows has over other operating systems. Even before the official release, people are doing their best to break into Microsoft's upcoming Windows 8, and sadly, they've found three exploits to do just that.

 

TweakTown image news/2/5/25088_1_windows_8_exploits_found_before_official_release.jpg

 

With three months left before the actual release of Windows 8, Microsoft has time to take care of these exploits that have been found. Sung-Ting Tsai of Trend Micro is the person who found the exploits, so he's helping Microsoft patch them rather than working on exploiting them for nefarious reasons.

 

The exploits are in the kernel level advanced local procedure call, the component object model (COM) application programming interface, and the Windows Runtime API. Tsai worked on several methods to attack the vulnerabilities, and while he wasn't completely successful, he says that someone with enough time could find a way to compromise the system.

Ubisoft accidentally installed a backdoor with its DRM

Earlier today, stories were hitting the web that Ubisoft's DRM installed a browser plug-in that contained a backdoor. Ubisoft acted quickly and has released a patch to fix the security hole as it turns out that the backdoor was an accident and was in no way meant to be there, or at least not exploitable as it was.

 

TweakTown image news/2/5/25067_1_ubisoft_accidentally_installed_a_backdoor_with_its_drm.png

 

Tavis Ormandy, a Google security engineer, found the backdoor and wrote about it on the Seclists.org mailing list on Sunday. Mr. Ormandy went as far as to post a few lines of Javascript as an untested proof of concept. This morning, the story made it onto Hacker News along with a working proof of concept.

 

The list of games which come with Uplay, and the vulnerability, are as follows:

 

Assassin's Creed II

Assassin's Creed: Brotherhood

Assassin's Creed: Project Legacy

Assassin's Creed Revelations

Assassin's Creed III

Beowulf: The Game

Brothers in Arms: Furious 4

Call of Juarez: The Cartel

Driver: San Francisco

Heroes of Might and Magic VI

Just Dance 3

Prince of Persia: The Forgotten Sands

Pure Football

R.U.S.E.

Shaun White Skateboarding

Silent Hunter 5: Battle of the Atlantic

The Settlers 7: Paths to a Kingdom

Tom Clancy's H.A.W.X. 2

Tom Clancy's Ghost Recon: Future Soldier

Tom Clancy's Splinter Cell: Conviction

Your Shape: Fitness Evolved

Continue reading 'Ubisoft accidentally installed a backdoor with its DRM' (full post)

Another OS X Trojan has been identified, this one bypasses user permissions

Apple have been hit again, with security firm Intego and their virus team identifying yet another Trojan horse that attacks Apple's Mac platform. The new Trojan called "Crisis", hasn't been seen in the wild yet, but Intego says that the Trojan is engineered to make analysis of the malware difficult for security experts.

 

TweakTown image news/2/4/24993_03_another_os_x_trojan_has_been_identified_this_one_bypasses_user_permissions.png

 

Intego have stressed alertness regarding Crisis, as it appears to be quite smart, having the ability to bypass OS X security features and install itself, all without any user interaction.

 

Crisis has been tracked, back to the IP address of 176.58.100.37, which it then calls back to every five minutes for instructions. There's only two OS X versions that are said to be susceptible to Crisis, OS X 10.6 and 10.7. Crisis can install and run itself without the need for the user to enter in their password. It's also resistant to reboots, and will run until it is detected and removed.

Continue reading 'Another OS X Trojan has been identified, this one bypasses user permissions' (full post)

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases