1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40  |  41  |  42  |  43  |  44  |  45  |  46  |  47  |  48  |  49  |  50  |  51  |  52  |  53  |  54  |  55  |  56  |  57  |  58  |  59  |  60  |  61  |  62  |  63  |  64  |  65  |  66 

October 24, 2012

Cyberwar against Iran is okay, but when Iran attacks the Saudis people panic

It looks like maybe Iranian computer experts repurposed parts of a virus we unleashed on them and used the repurposed virus to mess up Saudi oil production. But evidence is very, very thin and the NYT cannot be considered credible when discussing Iran. Cyberattack on Saudi Oil Firm Disquiets U.S. - NYTimes.com
That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag. United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility. But their online message and the burning flag were probably red herrings, say independent computer researchers who have looked at the virus’s code. Immediately after the attack, Aramco was forced to shut down the company’s internal corporate network, disabling employees’ e-mail and Internet access, to stop the virus from spreading. It could have been much worse. . . . Computer security researchers noted that the same name, Wiper, had been given to an erasing component of Flame, a computer virus that attacked Iranian oil companies and came to light in May. Iranian oil ministry officials have claimed that the Wiper software code forced them to cut Internet connections to their oil ministry, oil rigs and the Kharg Island oil terminal, a conduit for 80 percent of Iran’s oil exports. It raised suspicions that the Aramco hacking was retaliation. The United States fired one of the first shots in the computer war and has long maintained the upper hand. The New York Times reported in June that the United States, together with Israel, was responsible for Stuxnet, the computer virus used to destroy centrifuges in an Iranian nuclear facility in 2010. Last May, researchers discovered that Flame had been siphoning data from computers, mainly in Iran, for several years. Security researchers believe Flame and Stuxnet were written by different programmers, but commissioned by the same two nations. . . .

October 19, 2012

Hacker discovers secuirty flaw in pacemakers that would enable someone to shut them down remotely

The Escapist : News : Researcher Turns Pacemakers Into Mass Murder Machines
Barnaby Jack of IOActive made a rather stunning announcement today at the Breakpoint security conference in Melbourne, Australia. He's figured out how to reverse-engineer pacemaker transmitters to deliver hacked firmware to any compatible devices within a 30 foot range, which can force them to deliver electric shocks of up to 830 volts. He's only done it with one brand of pacemaker, which he declined to name for obvious reasons, but said that it opened the door to "anonymous assassination" and, in a worst-case scenario, even mass murder. It seems that the pacemakers in question have a "secret function" that, when activated, causes them to return model and serial number information to a remote terminal, which Jack said provides "enough information to authenticate with any device in range." The function is presumably intended for diagnostic purposes, but he discovered that they have no encryption and even found user names and passwords for what is apparently the manufacturer's development server. "The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer," he said. "The compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range." That "compromised firmware" would let the controller do all sorts of unintended and unpleasant things with and to the pacemakers, including delivering some serious electric shocks. "With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature," he continued. "Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop."

October 15, 2012

With IOS6 Apple is tracking your every move again

Here is how to turn it off. Schneier on Security: Apple Turns on iPhone Tracking in iOS6
Previously, Apple had all but disabled tracking of iPhone users by advertisers when it stopped app developers from utilizing Apple mobile device data via UDID, the unique, permanent, non-deletable serial number that previously identified every Apple device. For the last few months, iPhone users have enjoyed an unusual environment in which advertisers have been largely unable to track and target them in any meaningful way. In iOS 6, however, tracking is most definitely back on, and it's more effective than ever, multiple mobile advertising executives familiar with IFA tell us. (Note that Apple doesn't mention IFA in its iOS 6 launch page).