On the heels of reports of Volkswagen, Audi and Porsche models being outfitted with firmware designed to fool environmental emissions tests, there now comes news that a vulnerability in keyless entry mechanisms of 100 million VWs made within the last 21 years can permit the cars to be unlocked by intruders carrying an Arduino kit.
Security researchers Charlie Miller (@0xcharlie) and Christopher Valasek (@nudehaberdasher) have found an exploit for Chrysler's Uconnect infotainment system allowing for remote control of many vehicle functions including climate control, audio, braking, and under certain conditions, steering. They plan to release details during a talk at next month's DEFCON 23 hacking conference. Chrysler has already issued a patch for the vulnerability, but it requires a manual update.
Two 14 Year Olds Hack Winnipeg ATM. "Matthew Hewlett and Caleb Turon, both Grade 9 students, found an old ATM operators manual online that showed how to get into the machine's operator mode.... Hewlett and Turon were even more shocked when their first random guess at the six-digit password worked. They used a common default password." [more inside]
"During his civil lawsuit against the People's Republic of China, Brian Milburn says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. That doesn't mean Milburn's adversary had no contact with him." [China Mafia-Style Hack Attack Drives California Firm to Brink]
"Hacker" discovers backdoor to Harvard Business School admissions decisions. Harvard rejects all applicants who used the "hack."
Think your Prox Card system is secure? Guess again. Some Sophomores at Olin College reverse-engineered the prox card system on campus and built their own reader. Rumor has it they have a spoofer (self-contained copier/transmitter) too, but nothing on the site about it.
Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
Hackers: a report on the Internet's vulnerabilities Anyone see the original broadcast of this PBS "Front Line" special? Any good? It airs again Nov. 29, 2001.
Anyone trading on E*trade should read this thread at securityfocus.