TweakTown
Tech content trusted by users in North America and around the world
6,202 Reviews & Articles | 40,030 News Posts
TRENDING NOW: Samsung wants the US government to block GeForce GPU shipments

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 84

AMD responds to hardware backdoor allegations

Yesterday, I covered a story about the big chip manufacturers allegedly installing hardware level backdoors into the processors used in all of our PCs. The allegations came from two security industry experts who both claim to have proof of concept demonstrations already. Earlier today, AMD's Michael Silverman contacted me with an official statement on the matter in which he called the allegations "unfounded."

 

TweakTown image news/3/2/32081_1_amd_responds_to_hardware_backdoor_allegations.jpg

 

Providing security to users of our processors is a key priority for AMD. We've been incorporating security features into our silicon for many years. There's no reason for the unfounded speculation that has been occurring.

 

With the Black Hat conference wrapping up today, we will be keeping our eyes open for any whitepapers or proof of concept demos that prove the backdoors exist. I have reached out to both of the security experts for statements as well, but have yet to receive a response. If and when that response comes in, I will be sure to post an update.

AMD and Intel in bed with NSA? Are backdoors built into processors?

The Australian Finance Review has just published a new story that suggests that the NSA may have hardware level backdoors built into current generation AMD and Intel processors. Leading security expert Steve Blank says that he first caught on to the practice when he noticed that the NSA had access to Microsoft emails before they were encrypted. He says that he would be extremely surprised if the NSA did not have access to a processor microcode level backdoor on every PC in America.

 

TweakTown image news/3/2/32067_1_amd_and_intel_in_bed_with_nsa_are_backdoors_built_into_processors.jpg

 

His reasoning behind the theory is quite simple. The sheer power needed to brute force crack AES 256-bit encryption on a single file would be equivalent to "the power of 10 million suns" and that a hardware backdoor would require almost no effort to enter and would allow agents access inside your PC in a matter of minutes. Jonathan Brossard, another expert in the security field, demonstrated this as a proof of concept at last year's Black Hat conference. These backdoors are made possible because they are placed inside the microcode which is stored on the chip itself and gets updated every time Microsoft, Apple, or any other OS pushes out an update.

Using just basic tools, all GPS units across the world can be hacked

According to a new study, the world's GPS system is open to hackers who could hack virtually any and all GPS units and take control of commercial airliners, for example.

 

TweakTown image news/3/1/31990_02_using_just_basic_tools_all_gps_units_across_the_world_can_be_hacked.jpg

 

The tools required are simple: a laptop, a small antenna, and an electronic GPS "spoofer" which would cost $3,000. The report comes from GPS expert Todd Humphreys and his team at the University of Texas who took control of a sophisticated navigation system that was built into an $80 million, 210-foot super-yacht in the Mediterranean Sea.

 

Humphreys told Fox News: "We injected our spoofing signals into its GPS antennas and we're basically able to control its navigation system with our spoofing signals." The team hacked into the yacht's navigation system by sending it counterfeit radio signals and were able to navigate the ship off course, steering it in any direction they wanted.

Continue reading 'Using just basic tools, all GPS units across the world can be hacked' (full post)

Ubuntu user forums hacked, 1.8 million user credentials stolen

Over the weekend, the Ubuntu forums went down after a massive security breach resulted in over 1.8 million user credentials being stolen. Canonical made a decision to put the forums in maintenance mode in an attempt to ward off any further attacks. The company says that the attackers managed to get away with every user's local username, password, and email address that was stored in the Ubuntu forum's database.

 

TweakTown image news/3/1/31863_1_ubuntu_user_forums_hacked_1_8_million_user_credentials_stolen.jpg

 

The company says in the passwords were stored as salted hashes instead of plaintext, but they still recommend that you change any and all passwords that were used on other services such as email, Facebook, or other forum accounts in which you might have use the same password. Canonical says that Ubuntu One, Launchpad, and other related services were not affected by the breach and users of those services need not worry.

GitHub suffers massive DDoS attack, says it is recovering quickly

Today, the popular version control code repository GitHub issued a statement to the media announcing that it has been fending off a massive attack on its system which managed to knock it servers off-line early Friday morning. The company said that around 10:40 UTC the site was struck with a massive DDoS attack from unknown sources.

 

TweakTown image news/3/1/31818_1_github_suffers_massive_ddos_attack_says_it_is_recovering_quickly.jpg

 

Roughly an hour and a half later, the company had implemented processes that began to alleviate the load on their servers but things were not yet back to full functionality. "We've put mitigation in place that should deflect the attack, and services are recovering. We're continuing to monitor closely," GitHub said in a statement.

 

This is the second large DDoS attack against GitHub this year with the first happening back in March. Before that, the site experienced another massive attack in September 2012 and one before that during February 2012 that lasted for a whole week. It is unclear who keeps attacking the site or what motivates them to try and bring down the service.

Continue reading 'GitHub suffers massive DDoS attack, says it is recovering quickly' (full post)

HP caught red-handed installing secret backdoors into their enterprise storage products

After the last month or so with the unveiling of the NSA PRISM system from Edward Snowden, as well as GCHQ, you'd think people would be up in arms over their security. How deep does the rabbit hole go, you ask?

 

TweakTown image news/3/1/31683_05_hp_caught_red_handed_installing_secret_backdoors_into_their_enterprise_storage_products.jpg

 

Well, it's now coming to the point where Hewlett-Packard have had to admit, for the second time in a month, that they've built secret backdoors into their enterprise storage products. Technion, a blogger, is the one who has blown the whistle on this one, who saw the security issue in one of HP's StoreOnce systems last month, but then found more backdoors in HP's storage and SAN products.

 

HP's statement, after Technion blew the whistle, admitted that "all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer."

Continue reading 'HP caught red-handed installing secret backdoors into their enterprise storage products' (full post)

Defcon organizers ask feds to not attend the hacker conference this year, marks first time ever since the event was founded

When it was first founded over 20 years ago, Defcon was been known as the gathering place where anarchist, geeks, hackers, and the feds could all hang out, talk security and get along on neutral ground. Unfortunately for the feds, the NSA has managed to break a bond of trust that lasted over two decades.

 

TweakTown image news/3/1/31653_1_defcon_organizers_ask_feds_to_not_attend_the_hacker_conference_this_year_first_time_ever_since_the_event_was_founded.jpg

 

This morning, we learned that the organizers of the Defcon Hacker Conference, held in Las Vegas Nevada, have asked that all federal employees planning to attend the show to please sit out this year as they are not welcome. This may seem like a drastic move to some, but others see it as a way to express the loss of trust many in the online community are feeling at the moment.

 

"For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory," Jeff Moss, aka The Dark Tangent, wrote in a blog post published Wednesday night. "Our community operates in the spirit of openness, verified trust, and mutual respect."

Continue reading 'Defcon organizers ask feds to not attend the hacker conference this year, marks first time ever since the event was founded' (full post)

Ubisoft hacked, recommends you change your password

Ubisoft has announced that one of their sites was hacked and allowed unauthorized access to user account data. Ubisoft has not revealed the number of affected users, though it potentially could be the entire Ubisoft customer base as most of Ubisoft's games require a user account to play. The company has recommended that users change their passwords and passwords on any site that makes use of the same password.

 

TweakTown image news/3/1/31519_1_ubisoft_hacked_recommends_you_change_your_password.png

 

During this process, we learned that data were illegally accessed from our account database, including user names, email addresses and encrypted passwords. No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.

 

As a result, we are recommending you to change your password by clicking this link.

 

Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password.

 

The hackers will have to decrypt the passwords before they are useful, though this shouldn't take too long. Ubisoft stresses that the hackers did not obtain any payment data as it is not stored by the gaming studio. We're hoping to find out just how many of Ubisoft's customers were affected by the hacking, but we're not sure Ubisoft will be forthcoming with that data.

Microsoft will pay you up to $100,000 for finding bugs in Windows 8.1

Are you a good bug finder? You might be able to collect a nice paycheck from Microsoft. Microsoft has offered up $100,000 as a top prize for finding an exploit that allows you to bypass the protections built into Windows 8.1. The time frame for this bounty program is ongoing and requires a truly novel exploitation technique.

 

TweakTown image news/3/1/31175_1_microsoft_will_pay_you_up_to_100_000_for_finding_bugs_in_windows_8_1.jpg

 

Microsoft has offered up an additional $50,000 if you provide defensive ideas along with the Mitigation Bypass bug, bringing your grand total to $150,000. This time frame is also ongoing.

 

Microsoft isn't just concerned with Windows 8.1 security. They have also offered up 30 days to submit critical vulnerabilities found in Internet Explorer 11 Preview on Windows 8.1 Preview. This period will go from June 26 to July 26, 2013. Qualifying bugs are worth up to $11,000.

Continue reading 'Microsoft will pay you up to $100,000 for finding bugs in Windows 8.1' (full post)

Kaspersky discovers 'most sophisticated' Android trojan yet

Kaspersky Labs has announced the discovery of what it is calling the "most sophisticated" Android trojan yet. Kaspersky identifies the trojan as "Backdoor.AndroidOS.Obad.a" and notes that the trojan is capable of many different functions with the added ability to be extremely hard to remove.

 

TweakTown image news/3/0/30928_1_kaspersky_discovers_most_sophisticated_android_trojan_yet.png

 

Obad.a is capable of sending SMS to premium-rate numbers, downloading other malware, sending malware over Bluetooth, and remote console commands. Obad.a makes use of code obfuscation and several previously undiscovered security holes in Android to make itself hard to remove or analyze.

 

Once it gains Device Administrator privileges, it's nearly impossible to remove:

 

One feature of this Trojan is that the malicious application cannot be deleted once it has gained administrator privileges: by exploiting a previously unknown Android vulnerability, the malicious application enjoys extended privileges, but is not listed as an application with Device Administrator privileges.

 

Google has been informed by Kaspersky of the various security holes discovered and the security company notes that the trojan only amounts to 0.15 percent of all malware infection attempts, making it a rather minor threat for now.

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases