Revolutionary hardware backdoor discovered in China-made military-grade FPGA chips.
Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
posted by scalefree
on May 27, 2012 -
If you've ever worked with the command prompt on a Unix-based computer, you're likely familiar with SSH
(Secure SHell), which is a program and a protocol that allows you (yes, you!) to securely access a remote system. While SSH has certainly earned the "Secure" portion of its namesake over the years, it's functionality as a shell has ironically received very little attention, and has begun to show signs of age and obsolescence: SSH doesn't work very well on mobile connections, and its support for Unicode
is buggy and incomplete. A group of MIT researchers think they've found solutions to these problems, and have created Mosh
as a potential successor to SSH, which fixes many of the old protocol's annoyances and shortcomings, while retaining all of SSH's security features.
posted by schmod
on Apr 12, 2012 -
Web developer Justin Watt
was staying at the Courtyard Marriott in Times Square, New York
and using the hotel wifi to access the Internet. He noticed some strangeness on his website... and on every other website he visited
(not to mention YouTube was broken.)
posted by gen
on Apr 5, 2012 -
"A man wearing bowler hat reading a newspaper is seen leaning leisurely against a car. Another person comes from behind and starts hitting the poor man on the head with an iron bar. He does not react at all, still reads his paper. The third man appears looking puzzled. The man takes his hat of and shows it to the other two. They take the hat and examine it." Beat The Bandit, 1961
is a video (01:46) presentation of amazing security/anti-theft inventions that you'll surely feel compelled to buy.
posted by vidur
on Mar 5, 2012 -
, a company that processes credit cards for web apps, decided to play a security wargame
called Capture the Flag
where you are given a logiin and password for a server and are invited to use your hacking abilities to gain access to accounts with increasing access and authorization. People who beat the server and "capture the flag" at /home/the-flag/.password
are invited to contact the company for bragging rights and a T-shirt. Just one problem: the hacking game has been hacked
, with something called a fork bomb
. [more inside]
posted by Deathalicious
on Feb 23, 2012 -
He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop."
- Travel precautions in the age of digital espionage.
posted by Artw
on Feb 13, 2012 -
For the past 18 months
, engineers at PayPal, Google, Facebook, Yahoo, AOL, Microsoft and nine
other technology companies have spent their off-hours (and some on-hours) working hand in hand to tackle the problem that plagues them all: e-mail phishing
. The result is DMARC
, or, "Domain-based Message Authentication, Reporting & Conformance". It's not new, but puts SPF
to work in a new way
posted by Blake
on Jan 31, 2012 -
The long strange trip
of a Singaporean Cold-War-era assault rifle into the hands of Somali pirates in the Gulf of Aden, and what it reveals about the unintended consequences of the global trade in small arms and ammunition. [slnyt]
posted by killdevil
on Jan 26, 2012 -
Security researchers at North Carolina State University led by Xuxian Jiang (who had previously discovered 12 malicious Android applications
sold through Google's Android Market) have uncovered holes
in how the permissions-based security model is enforced on numerous Android devices. Called "leaks", these vulnerabilities allow new and existing malicious applications to eavesdrop on calls, track the user's location, install applications, send SMS messages, delete data from the device, and more. (via
posted by Blazecock Pileon
on Dec 5, 2011 -
James Fallows writes in the Atlantic Monthly on how his wife's Gmail account was hacked, and years of email were deleted. Summary: if you have Gmail, you should be using its new 2-step verification; use strong passwords; don't re-use passwords. [more inside]
posted by russilwvong
on Nov 5, 2011 -
Wikileaks has alleged that Guardian editor David Leigh
negligently leaked the encryption passphrase to the unredacted 'Cablegate' archive in an upcoming book. The Guardian
denies the charges, but states that "[a] Twitter user has now published a link to the full, unredacted database of embassy cables"
, potentially putting informants at risk.
posted by p3on
on Aug 31, 2011 -
Robert Morris, a pioneer in the field of computer security, early major contributor to the UNIX operating system, and father of Robert Tappan Morris (author of the Morris Worm), has died at 78
. NYT [more inside]
posted by fireoyster
on Jun 29, 2011 -