TweakTown
Tech content trusted by users in North America and around the world
6,143 Reviews & Articles | 39,488 News Posts
Weekly Giveaway: Win an Antec Case, PSU and Cooler (Global Entry!)

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 75

Vulnerability found in Tor Browser Bundle, beams info back to the NSA

In the ongoing saga of NSA spying, it appears that not even the darknet is safe. Today, reports came in that an exploit has been discovered in the Tor version of Firefox 17 that comes packaged with the Tor browser bundle. An exploit in the browser's code allowed malware to be injected into the system which then beamed the machine's hostname and MAC address back to a remote server in Reston, Virginia.

 

TweakTown image news/3/2/32144_1_vulnerability_found_in_tor_browser_bundle_beams_info_back_to_the_nsa.jpg

 

The exploit was based on a vulnerability that arises when websites on the darknet attempted to run JavaScript. After a little digging, sources found that the remote server located just outside of Washington DC then sent those hostnames and MAC addresses to NSA servers located all over the country. The exploits as well as the NSA spying were discovered by Baneki Privacy Labs, a collective of Internet security researchers, and VPN provider Cryptocloud.

 

The vulnerability is only present in the Windows version of the Firefox Extended Support Release 17 browser that was bundled with the Tor Browser Bundle before June of this year. Because automatic updating is turned off in this version, anyone who downloaded the Tor Browser Bundle before June is susceptible to the spying. Tor recommends that users download the new version of the Browser Bundle to stay secure.

Samsung Smart TVs could let hackers watch you via built-in webcam

With all the recent revelations and allegations about the NSA and other foreign agencies been able to spy on you through backdoors in your computers and through the microphones on your smartphones, tablets, and other mobile devices, it should come as no surprise that your Smart TV may be spying on you as well.

 

TweakTown image news/3/2/32102_1_samsung_smart_tvs_could_let_hackers_watch_you_via_built_in_webcam.jpg

 

It's not pleasant all the stories are popping up at the same time, as this week the world's largest security conference known as Black Hat took place in Las Vegas, Nevada. Yesterday, two researchers named Aaron Grattafiori and Josh Yavor demonstrated several vulnerabilities found in the 2012 models of Samsung's Smart TV line. The demonstration took place as Black Hat was wrapping up and it showed how hackers could turn on the built-in camera, take control of social media apps, and access files that were stored on the television.

 

"Because the TV only has a single user," Grattafiori explained in an interview with Mashable, "any type of compromise into an application or into Smart Hub, which is the operating system--the smarts of the TV--has the same permission as every user, which is, you can do everything and anything."

 

The two researchers discovered these issues back in December 2012 while working for security firm iSEC. They said that they alerted Samsung back in January and the company has since patched these holes via three software updates and on future generation devices, however, TVs that have not downloaded the update still remain vulnerable.

WSJ: FBI can remotely activate Android and laptop microphones

If you still thought you had privacy after all of the news you've been reading about the NSA PRISM system, or the GCHQ, then you'd be wrong. Very wrong. The Wall Street Journal is now reporting that the FBI has the power to remotely activate microphones in Android smartphones and laptops to record conversations.

 

TweakTown image news/3/2/32088_04_wsj_fbi_can_remotely_activate_android_and_laptop_microphones.jpg

 

This is all coming from a single anonymous former US official, who says that remotely forcing a cellular microphone to listen in on a conversation isn't something new. The FBI used something they called "roving bugs" to spy on alleged mobsters back in 2004, and further back in 2002 they used the roving bugs to keep tabs on supposed criminals using the microphone in a vehicle's emergency call system.

 

The anonymous US official said that there is a dedicated FBI group that regularly hacks into computers, where they use a mix of custom and off-the-shelf surveillance software which they purchase from private companies. One of the Journal's sources said that the "Remote Operations Unit" will sometimes install software by physically plugging in a USB device, but they can also do it through the Internet by "using a document or link that loads software when the person clicks or views it."

Continue reading 'WSJ: FBI can remotely activate Android and laptop microphones' (full post)

AMD responds to hardware backdoor allegations

Yesterday, I covered a story about the big chip manufacturers allegedly installing hardware level backdoors into the processors used in all of our PCs. The allegations came from two security industry experts who both claim to have proof of concept demonstrations already. Earlier today, AMD's Michael Silverman contacted me with an official statement on the matter in which he called the allegations "unfounded."

 

TweakTown image news/3/2/32081_1_amd_responds_to_hardware_backdoor_allegations.jpg

 

Providing security to users of our processors is a key priority for AMD. We've been incorporating security features into our silicon for many years. There's no reason for the unfounded speculation that has been occurring.

 

With the Black Hat conference wrapping up today, we will be keeping our eyes open for any whitepapers or proof of concept demos that prove the backdoors exist. I have reached out to both of the security experts for statements as well, but have yet to receive a response. If and when that response comes in, I will be sure to post an update.

AMD and Intel in bed with NSA? Are backdoors built into processors?

The Australian Finance Review has just published a new story that suggests that the NSA may have hardware level backdoors built into current generation AMD and Intel processors. Leading security expert Steve Blank says that he first caught on to the practice when he noticed that the NSA had access to Microsoft emails before they were encrypted. He says that he would be extremely surprised if the NSA did not have access to a processor microcode level backdoor on every PC in America.

 

TweakTown image news/3/2/32067_1_amd_and_intel_in_bed_with_nsa_are_backdoors_built_into_processors.jpg

 

His reasoning behind the theory is quite simple. The sheer power needed to brute force crack AES 256-bit encryption on a single file would be equivalent to "the power of 10 million suns" and that a hardware backdoor would require almost no effort to enter and would allow agents access inside your PC in a matter of minutes. Jonathan Brossard, another expert in the security field, demonstrated this as a proof of concept at last year's Black Hat conference. These backdoors are made possible because they are placed inside the microcode which is stored on the chip itself and gets updated every time Microsoft, Apple, or any other OS pushes out an update.

Using just basic tools, all GPS units across the world can be hacked

According to a new study, the world's GPS system is open to hackers who could hack virtually any and all GPS units and take control of commercial airliners, for example.

 

TweakTown image news/3/1/31990_02_using_just_basic_tools_all_gps_units_across_the_world_can_be_hacked.jpg

 

The tools required are simple: a laptop, a small antenna, and an electronic GPS "spoofer" which would cost $3,000. The report comes from GPS expert Todd Humphreys and his team at the University of Texas who took control of a sophisticated navigation system that was built into an $80 million, 210-foot super-yacht in the Mediterranean Sea.

 

Humphreys told Fox News: "We injected our spoofing signals into its GPS antennas and we're basically able to control its navigation system with our spoofing signals." The team hacked into the yacht's navigation system by sending it counterfeit radio signals and were able to navigate the ship off course, steering it in any direction they wanted.

Continue reading 'Using just basic tools, all GPS units across the world can be hacked' (full post)

Ubuntu user forums hacked, 1.8 million user credentials stolen

Over the weekend, the Ubuntu forums went down after a massive security breach resulted in over 1.8 million user credentials being stolen. Canonical made a decision to put the forums in maintenance mode in an attempt to ward off any further attacks. The company says that the attackers managed to get away with every user's local username, password, and email address that was stored in the Ubuntu forum's database.

 

TweakTown image news/3/1/31863_1_ubuntu_user_forums_hacked_1_8_million_user_credentials_stolen.jpg

 

The company says in the passwords were stored as salted hashes instead of plaintext, but they still recommend that you change any and all passwords that were used on other services such as email, Facebook, or other forum accounts in which you might have use the same password. Canonical says that Ubuntu One, Launchpad, and other related services were not affected by the breach and users of those services need not worry.

GitHub suffers massive DDoS attack, says it is recovering quickly

Today, the popular version control code repository GitHub issued a statement to the media announcing that it has been fending off a massive attack on its system which managed to knock it servers off-line early Friday morning. The company said that around 10:40 UTC the site was struck with a massive DDoS attack from unknown sources.

 

TweakTown image news/3/1/31818_1_github_suffers_massive_ddos_attack_says_it_is_recovering_quickly.jpg

 

Roughly an hour and a half later, the company had implemented processes that began to alleviate the load on their servers but things were not yet back to full functionality. "We've put mitigation in place that should deflect the attack, and services are recovering. We're continuing to monitor closely," GitHub said in a statement.

 

This is the second large DDoS attack against GitHub this year with the first happening back in March. Before that, the site experienced another massive attack in September 2012 and one before that during February 2012 that lasted for a whole week. It is unclear who keeps attacking the site or what motivates them to try and bring down the service.

Continue reading 'GitHub suffers massive DDoS attack, says it is recovering quickly' (full post)

HP caught red-handed installing secret backdoors into their enterprise storage products

After the last month or so with the unveiling of the NSA PRISM system from Edward Snowden, as well as GCHQ, you'd think people would be up in arms over their security. How deep does the rabbit hole go, you ask?

 

TweakTown image news/3/1/31683_05_hp_caught_red_handed_installing_secret_backdoors_into_their_enterprise_storage_products.jpg

 

Well, it's now coming to the point where Hewlett-Packard have had to admit, for the second time in a month, that they've built secret backdoors into their enterprise storage products. Technion, a blogger, is the one who has blown the whistle on this one, who saw the security issue in one of HP's StoreOnce systems last month, but then found more backdoors in HP's storage and SAN products.

 

HP's statement, after Technion blew the whistle, admitted that "all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer."

Continue reading 'HP caught red-handed installing secret backdoors into their enterprise storage products' (full post)

Defcon organizers ask feds to not attend the hacker conference this year, marks first time ever since the event was founded

When it was first founded over 20 years ago, Defcon was been known as the gathering place where anarchist, geeks, hackers, and the feds could all hang out, talk security and get along on neutral ground. Unfortunately for the feds, the NSA has managed to break a bond of trust that lasted over two decades.

 

TweakTown image news/3/1/31653_1_defcon_organizers_ask_feds_to_not_attend_the_hacker_conference_this_year_first_time_ever_since_the_event_was_founded.jpg

 

This morning, we learned that the organizers of the Defcon Hacker Conference, held in Las Vegas Nevada, have asked that all federal employees planning to attend the show to please sit out this year as they are not welcome. This may seem like a drastic move to some, but others see it as a way to express the loss of trust many in the online community are feeling at the moment.

 

"For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory," Jeff Moss, aka The Dark Tangent, wrote in a blog post published Wednesday night. "Our community operates in the spirit of openness, verified trust, and mutual respect."

Continue reading 'Defcon organizers ask feds to not attend the hacker conference this year, marks first time ever since the event was founded' (full post)

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases