Revolutionary hardware backdoor discovered in China-made military-grade FPGA chips. Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties. In an open letter to it customers RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
A blogger for information security firm Imperva reports the discovery of a hacker site offering root access on US & foreign government, military & educational sites for sale for prices ranging from $55 to $499, or just database records for the reasonable price of $20/1000. Besides US sites the hacker(s) also offer government servers in India, Taiwan & Italy. The hacker(s) also provide what they claim is proof of their access for the skeptical or cautious buyer. No credit card offers, please - the only currency they accept is Liberty Reserve.
In accordance with Executive Order 10865 of 1960 & DoD Directive 5220.6 of 1992 (original PDF), the Department of Defense has published the reasons for granting or turning down applications for Clearance by 444 Defense contractor personnel in 2010 (so far).
Cyber security consultant & self-styled “innovator, leader & visionary” Greg Evans has just written & self-published a book titled How To Become The Worlds No. 1 Hacker. Or did he? His company, LIGATT Security International, counts Philips Arena, the NBA Atlanta Hawks and the NHL Atlanta Thrashers among its clients. Or does it?
In 1984 computer pioneer Ken Thompson wrote one of the seminal works of computer security, Reflections on Trusting Trust [PDF]. In it he postulated putting a trojan horse inside a compiler as a means of infecting software compiled by it. 25 years later somebody has finally done just that. Researchers at anti-virus house Sophos have discovered a virus that places a backdoor into applications compiled with the Delphi language. They've identified at least 3000 separate Delphi applications that have had this backdoor compiled into them so far, including banking programs and programs used for cellphone programming.
Klaatu barada...Jikto? First there was Nikto. Then along came Wikto. Last Saturday at Shmoocon Billy Hoffman introduced the world to Jitko, a client-side vulnerability scanner that exploits your browser & turns your PC into a platform for finding holes in computers across the Internet (or behind your firewall). Reactions were mixed. Does Jikto go too far?