University can publish details of Oyster smart card crack

 

A Dutch court has ruled that Radboud University can publish a paper thatdetails how university researchers cracked the Oyster smart card used on the London Underground. In the paper, researchers discuss how they cracked the card in June, rodethe London Underground free, and executed a denial-of-service attack that jammed Underground gates. The manufacturer of the card, NXP Semiconductors, sought to halt publishing of the paper and give itscustomers time to secure their card systems. A university spokesman saidit had already decided to delay publication until October. However, the university hasn’t released a publication date. (ZDNet UK)

Encryption software still open to data leaks

 

Researchers at the University of Washington and BT have discovered that users who partially encrypt portions of their hard drives might still be vulnerable to data leaks. In a paper to be presented at the Usenix HotSec Workshop in San Jose, California in July, researchers detail how programs such as Microsoft Word and Google Desktop store data on unencrypted areas of the hard drive when working with encrypted files. The researchers were able to recover copies of the Word documents stored in a hard drive’s encrypted partition and read snapshots of encrypted files when Google Desktop’s Enhanced Search option was enabled. The potential for data leaks occurs with partially encrypted hard drives, virtual disks, and encrypted USB devices. The researchers say that full-disk encryption still offers the most protection. (Techworld)

ISP tracked sites visited by users without notification

 

Embarq, a Kansas-based ISP with roughly 1.3 million users in 18 states, used deep-packet inspection technology to track the sites its users visited without notifying them. The US House Energy and Commerce subcommittee on telecommunications and the Internet will discuss whether Embarq’s actions violated users’ rights and federal wiretapping laws. Embarq used technology by NebuAd to track, collect, and analyze users’ browsing activity and directly targeted advertising to them. Lawmakers will try to find out in which states Embarq used the technology, how many users were affected, and why the company didn’t inform users of its actions. (The Washington Post)

Asprox attack compromises 1,000 high-profile domains

 

In a blog posting, security company Finjan identified more than 1,000 Web site domains serving up the Asprox malware attack. Several well-known sites are among those infected, including the UK National Health Service, University of California, and Snapple. Unsuspecting visitors to the compromised sites might find their machines infected with a Trojan. Finjan’s SecureBrowsing in-the-cloud security tool detected the infected Web sites. (Finjan)

BlackBerries vulnerable to PDF flaw

 

A vulnerability in the way the BlackBerry Attachment Service processes PDFs leaves enterprise networks open to attack, according to Research In Motion, maker of the BlackBerry. RIM has yet to issue a patch for the flaw, but advises users to disable the BlackBerry Attachment Service that lets them view PDFs on their BlackBerries. Vulnerable systems include devices running BlackBerry Enterprise Server software versions 4.1 Service Pack 3 (4.1.3) to 4.1 Service Pack 5 (4.1.5). (ZDNet)

Software adapts based on users’ skills

 

Researchers at the University of Washington have developed Supple, a software system that adapts to a user’s vision and motor abilities. Users take a one-time assessment of their vision computer mouse and keyboard skills, including mouse pointing, dragging, and clicking. Based on the assessment results, the software calculates how long it will take users to complete computer jobs and automatically adjusts the interface to maximize speed and accuracy. For patients with cerebral palsy, for example, Supple could generate an interface with larger icons and lists to cut down on the need to scroll using a mouse. In a paper presented on Tuesday at a meeting of the Association for the Advancement of Artificial Intelligence in Chicago, test results showed that Supple narrowed the performance gap between able-bodied computer users and those with disabilities by 62 percent. (Science Daily)

Intel chips open to attack

 

A security researcher has identified vulnerabilities in Intel chips that could let attackers crash systems and gain control of computers locally and over the Internet. Kris Kaspersky (no affiliation with Kaspersky Lab) will demo the attacks and release proof-of-concept code at the Hack In The Box conference in Kuala Lumpur in October. At the conference, Kaspersky will show attack techniques using JavaScript, TCP/IP packet storms, and just-in-time (JIT) Java compilers. (ZDNet)
 

Department of Homeland Security mulls shock bracelets on flights

 

The US Department of Homeland Security (DHS) has solicited a written proposal for shock bracelets from a Canadian company. The bracelets would let flight crew incapacitate hijackers via an electro-muscular shock sent by radio frequency transmitters. The bracelets remain inactive until the flight crew identifies a possible hijacking situation. The jolt overrides the central nervous system, leaving a potential hijacker immobile for several minutes. Additionally, the bracelet would contain passengers’ personal information and flight information, eliminating the need for boarding passes. Responding to criticism over the proposal, the contractor involved in the development of the bracelets posted on its Web site, “We believe that all passengers will welcome deliverance from a hijacking, as will the families, carriers, insurance providers etc. The F-16 on the wingtip is not to reassure the passengers during a hijacking but rather to shoot them down.” (InformationWeek)

Google ordered to turn over user data

 

In July, a federal judge ordered Google to turn over YouTube user data—usernames, IP addresses, and videos watched—to Viacom as part of Viacom’s copyright infringement case launched in 2007. However, Google doesn’t have to provide its source code, which was in Viacom’s original request. The ruling limits Viacom’s use of the data to proving its case against Google and the company won’t be able to target individuals identified in the data. Several privacy advocates blasted the ruling, including Kurt Opsahl of the Electronic Frontier Foundation. He said the order “is a set-back to privacy rights, and will allow Viacom to see what you are watching on YouTube.” In response to the rising swell of concern from privacy advocates, Viacom released a statement that said it “has not asked for and will not be obtaining any personally identifiable information of any user. Any information that we or our outside advisors obtain … will be used exclusively for the purpose of proving our case against YouTube and Google… .” (CNet)

Trojan infects multimedia files and spreads via P2P


A sophisticated Trojan is spreading that infects MP3, Windows Media Audio (WMA), and Windows Media Video (WMV) files stored on users’ hard drives. Infection occurs after users visit a warez site and download what they think are activation codes for pirated software. Users spread the Trojan when they share their infected files via P2P. However, users who pass along the infected files are none the wiser because their files play without any indication of the Trojan. When P2P users attempt to open an infected file, they’re sent to a page that asks them to download a codec before they can play the audio or video file. However, the codec is actually the Trojan and, once installed, it infects their multimedia files. (Dark Reading)

Showing 3,751 - 3,760 of 4,530 results.
Items per Page 10
of 453