The Security Pub

Random Thoughts About Security

Monthly Archives: July 2010

Cell phone eavesdropping enters script-kiddie phase

BlackHat Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world’s most widely deployed mobile technology.

“The whole topic of GSM hacking now enters the script-kiddie stage, similar to Wi-Fi hacking a couple years ago, where people started cracking the neighbor’s Wi-Fi,” said Karsten Nohl, a cryptographer with the Security Research Labs in Berlin who helped spearhead the project. “Just as with Wi-Fi, where they changed the encryption to WPA, hopefully that will happen with GSM, too.”

Check out the article – [The Register]

Data Breaches Blamed on Organized Crime

Data Breach Cybercrooks continue to be a menace to corporate security, with hackers and malware authors responsible for 85% of all stolen data.  Data breaches crop up in all types of industries but financial services, hospitality and retail still make up the “Big Three” of industries affected (accounting for 33%, 23% and 15% of incidents, respectively). However, a huge majority (94%) of all compromised records in 2009 were attributable to breaches at financial service firms.

Check out the article – [The Register]

Smart Meters Could Pose Security Vulnerabilities

smart meter Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, warns that the move to smart metering introduces a "strategic vulnerability" that hackers might conceivable be exploit to remotely switch off elements on the gas or electricity supply grid.  A program is underway to replace Britain’s 47 million meters with smart meters that can be turned off remotely. Utilities welcome the move because it will greatly simplify the process of collecting meter reading and controlling supply at times of high demand. As an added bonus the technology also makes it easier to switch subscribers to new (higher) tariffs if they persistently fail to pay their bill on time.

Check out the article – [The Register]

Verizon’s 2010 Data Breach Investigations Report

VerizonBusiness This report is interesting in terms of analyzing trends. Last year, we reported on our own caseload. This year, we added an entirely new dataset. It shouldn’t be surprising that this changed some of our results substantially. We discuss these changes and potential reasons for them throughout the report. Equally interesting to the those changes, however, are the results that didn’t change. We’ve always wondered (and so have you) whether certain findings were unique to Verizon’s caseload or truly indicative of the general population. The fact that Secret Service data shows many results that are very similar to our own is a compelling revelation.

Check out the post by Verizon Business

Download the Report

Rogue AV Masquerades as a Firefox/Flash Update

FF_bug It seems that rogue peddlers have gotten tired of their old tricks in pushing rogueware into the user’s system. It used to be a fake scanning page, that leads to a warning, then a fake AV. Now, it comes as the Firefox "Just Updated" page. You know that page that instantaneously appears right after you update your Firefox browser? And you open Firefox for the first time? Just like that. But with a catch of course. There is a message telling the user than even if their Firefox got updated, their Adobe Flash Player isn’t. So they still have to update. Pretty helpful… – Check out the article [F-Secure]

Creator of the Mariposa Botnet is arrested

bot_collage Investigators have released more details on the arrest of a Slovenian hacker suspected of creating the code behind the infamous Mariposa botnet. The 23-year-old suspect – known only by his hacker handle of Iserdo – was arrested in Maribor, Slovenia 10 days ago, five months after Spanish police arrested three suspects who alleged used the Mariposa code to create a 12 million botnet.

 Check out the article [The Register]