TweakTown
Tech content trusted by users in North America and around the world
6,052 Reviews & Articles | 38,926 News Posts
Weekly Giveaway: Win a Biostar J1800NH2 Motherboard (Global Entry!)

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 88

Melbourne teen behind Twitter attacks

By: Array

A Melbourne twit has flagged a Twitter vulnerability that let overnight attacks happen to Twitter users, which could have affected up to half a million users.

 

TweakTown image news/1/6/16845_25.jpg

 

A cross-site scripting flaw used recently by RainbowTwtr was used in a copycat attack by Melbourne teen, Pearce Delphin.

 

RainbowTwtr's attack changed the profile backround picture to a rainbow colour and tweeted the script in an update. The code was quickly re-tweeted by hundreds of users.

 

Continue reading 'Melbourne teen behind Twitter attacks' (full post)

Stay away from Twitter.com; it's being exploited with simple code

By: Array

If you haven't seen already, Twitter.com is under attack exploiting a flaw in its system with a simple code called "onmouseover" that is used to execute code or a command when your mouse cursor is moved over the bad area.

 

My @camwilmot account has personally been affected just now and as far as I can see, it only affects the front page of Twitter.com and not other pages such as your profile page.

 

TweakTown image news/1/6/16827_5.png

 

Basically what I did by mistake was move my mouse over a strange tweet with black color background over the text and then that took over my Chrome v6 browser. Now when I load the old Twitter.com I am unable to access the page and if I click anywhere a link is opened in a new window. Meanwhile tweets are automatically being made consisting of re-tweets of the latest tweets from a Twitter user called "Matsta". Is this some sort of attempt to push Twitter to move all of its users to the new Twitter.com design that was unveiled last week or just a way to highlight flaws in Twitter's security? Some Twitter users are reporting that the new Twitter.com is not affected, but at the time of writing we could not confirm if this is true or not.

 

06:45 US PST UPDATE: Here is an update from Twitter: We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

 

Continue reading 'Stay away from Twitter.com; it's being exploited with simple code' (full post)

Courts give Microsoft legal ownership of botnet domains

By: Array

We can all agree that the internet is fantastic and opens up an entire world of information and other fun stuff for us to consume. We can also agree that the internet can be a massive pile of crap that we have to deal with thanks to spam, viruses, and botnets. Microsoft is fighting botnets and has won a major legal battle against one of the big botnets this week.

 

TweakTown image news/1/6/16686_1.jpg

 

A US District Court judge for the Eastern Virginia district has granted Microsoft ownership of 276 domains that were once part of the massive Waledac cybergang botnet. The botnet was hit with the first major blow early this year when the same judge granted a temporary restraining order that took the 276 domains offline.

 

Continue reading 'Courts give Microsoft legal ownership of botnet domains' (full post)

Logitech unveils new Alert video security system

By: Array

Logitech has announced a new home security system that records HD video with motion alerts and is accessible from anywhere. The new system is called Logitech Alert.

 

[img]2[/img]

 

The system comes in an Alert 750i Master system and a weatherproof 750e Outdoor Master System with night-vision. Both master systems come with the HD camera and PC software for recoding video on a Mac or a PC.

 

Continue reading 'Logitech unveils new Alert video security system' (full post)

NZXT site hacked; assuring customers they are still in business

By: Array

TweakTown image news/1/6/16024_001.jpg

 

People trying to browse the NZXT site last night as well as those subscribed to the NZXT newsletter got an awful surprise when a letter was released stating that NZXT was going out of business. This was an attack on their site in which hackers infiltrated the site and changed product warranties, deleted products and banners, and even sent out a newsletter stating that NZXT was going out of business.

 

The folks at NZXT have since booted the hackers, cleaned up the site and have assured us that NZXT is still going strong and plan to continue business as usual.

 

Continue reading 'NZXT site hacked; assuring customers they are still in business' (full post)

Air Force moves 30K soldiers from communications to cyberspace specialty

By: Array

The sheer amount of data and computer systems that is in use in the military in the US is staggering. It takes a fleet of specialists to support these systems and ensure the data is safe and available to those who need it.

 

[img]3[/img]

 

The Air Force has had communications officers for years that are tasked with maintaining the computer systems at a base. The Air Force has taken about 30,000 of these communications specialists and retasked them as cyberspace specialists.

 

The new specialty will still maintain the computer systems at bases around the world, but they will also be experts on how computers and communications can improve war-fighting capabilities. The new officers will spend 115 days in training compared to the 26 day training that communications officers received.

 

PDF file format found to be a vector for attack

By: Array

We have all heard about how Adobe's Acrobat Reader and Flash browser plug-ins are vulnerable to exploits. But did you know that the actual file format specification for all PDFs is also a vector for attack?

 

The ISO standard for PDFs (ISO PDF 32000-1:2008) details the functionality that is present in the file format and outlines the launch command. This launch specification can allow malicious coders to imbed scripted commands that can infect even a clean PDF. There is no need to exploit javascript or another zero-day exploit. As the code executes in the PDF the user will be presented with a dialog box asking if he or she wants to run the code. A clever attacker can design the dialog to entice the user into thinking they need to click this. This is a proven technique used by many "scare-ware" vendors. They fool the user into thinking they are infected with a virus and by clicking on a button it will clean it off for them.
Both Adobe and Foxit are working ways to correct the issue or at least provide additional user warnings about the danger of opening unknown PDFs.

 

 

Continue reading 'PDF file format found to be a vector for attack' (full post)

Stealth MXP Bio encrypted flash drive offers 3 factor security

By: Array

There have been lots of stories about the flaws found in some encrypted flash drives and hard drives recently. This means that the data many thought was safe is not. If you are in the market for a new flash drive with encryption, the MXP Bio Encrypted USB drive may be it.

 

TweakTown image news/1/3/13965_4.jpg

 

The drive offers hardware encryption of all data stored on it with AES-256 CBC hardware encryption. The drive also has a malware-proof mode to protect it against attacks. The most interesting part is that the drive can be configured for 1, 2, or 3 factor authentication.

 

The authentication process includes biometrics and digital identity with PKI tokes such as the RSA SecurID and OATH OTP. Capacity and pricing information are unknown, but expect the drive to be expensive.

 

Continue reading 'Stealth MXP Bio encrypted flash drive offers 3 factor security' (full post)

TKIP WPA cracked in 60 Seconds

By: Array

Wow this one sort of sent a chill down my spine until I remembered that my home network is protected by WPA-2 enterprise with a RADIUS server, 4096-bit certificates, (machine and user) and a bunch of tin foil hats and black radar repelling spray paint.

 

If you are wondering what I am so paranoid about well there is this group of scientists in Japan that have figured out how to break the WPA protocol as long as you are using the Temporal Key Integrity Protocol TKIP. If you are using the Advanced Encryption Standard (AES) you are safe for now.

 

The problem lies in the fact that not all wireless devices support AES. Yes most new ones do but you still see a smattering of TKIP only or devices that default to auto for the encryption standard.

 

Now while breaking this key is significant, it is not a first. WPA with TKIP has been broken before. To crack it took roughly 15 minutes. This time, well it took about 60 seconds.

 

Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, the tow people responsible for this new fast hack plan on releasing the details at a technical conference on September 25th.

 

Now, I will say that while this is scary, it is the "scientists" that never reveal their methods that actually scare me more.

 

TKIP WPA cracked in 60 Seconds

 

Continue reading 'TKIP WPA cracked in 60 Seconds' (full post)

IE 8 comes out tops in Security test

By: Array

Wow, I know this little bit of news is sure to annoy a few people out there. As Mozilla complains that a browser election when Windows 7 is installed is just not enough it is having a hard time competing with IE 8 in terms of security.

 

According to a recent Study performed by NSS Labs Internet Explorer is more secure than FireFox 3, Chrome, Safari 4, and even Opera.

 

The test was to see if each browser was capable of withstanding common Web-Based attacks.

 

The numbers were pretty telling. IE 8 was able to block about 81% while FireFox only caught 54%. Chrome V2 only caught 7%, Safari 4 Caught 21% and Opera only managed to stop 1% of the attacks. The success of IE 8 is mostly attributed to the built in SmartScreen technology that screens websites for common attack vectors. Granted you can get something similar for FireFox but even so it still did not outperform the built in one in IE 8.

 

This test, while not the end all of security tests is still not good news for Mozilla and Opera, they are telling the EU commission that they are not able to get market share because MS is locking them out. But with security like this it is possible that people will chose MS' IE over them for the security.

 

IE 8 comes out tops in Security test

 

Continue reading 'IE 8 comes out tops in Security test' (full post)

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases