Security researchers at the Black Hat show in Las Vegas are debating whether rootkits that mimic virtual machines can ever be detected. Joanna Rutkowska, researcher at Invisible Things, famously ignited interest in virtualised rootkit attacks after she showed off her creation, a rootkit called Blue Pill, at last year’s Black Hat.
Researchers at Core Security Technologies demonstrated an attack that could allow hackers to extract private information from databases — without requiring any bugs in the database management software. The demonstration, on Wednesday at Black Hat USA in Las Vegas, involved timing attacks, a technique for breaking ciphers. It’s effective against databases using BTREE, the most popular database indexing algorithm and data structure, and will use MySQL for demonstration purposes, Core researchers said.
Media players in personal computers have serious vulnerabilities that could allow online criminals to attach malicious code and infect computers without the users’ knowledge, a researcher said Thursday. As a result, audio and video downloads can be turned into digital weapons that hackers could use to hijack or corrupt computers, said David Thiel, senior security consultant with San Francisco-based researcher iSEC Partners.
Poor detection of the MPack data-theft toolkit by anti-virus software has allowed it to run riot on the Internet, a new analysis from Finjan has claimed. The company says that the malware system has been used to successfully infect 500,000 consumer and corporate users since it appeared some months ago, achieving unusually high infection rates of 16 percent from an attack profile of 3.1 million web-borne attempts.
Researchers at Core Security Technologies are to demonstrate an attack that could allow hackers to extract private information from databases – without requiring any bugs in the database management software. The demonstration, on Wednesday at Black Hat USA in Las Vegas, will involve timing attacks, a technique for breaking ciphers. It’s effective against databases using BTREE, the most popular database indexing algorithm and data structure, and will use MySQL for demonstration purposes, Core researchers said.
Apple late Tuesday patched the first-ever vulnerabilities in its popular iPhone, including a critical flaw that could allow attackers to steal sensitive information, nearly one month after the year’s hottest gadget went on sale. The timing was perfect for the Cupertino, Calif.-based computing giant as researcher Charlie Miller from the Independent Security Evaluators â which discovered the critical bug â is scheduled to release details Thursday at the Black Hat hacker conference in Las Vegas.
Security vendors have warned email users to be as vigilant about PDF attachments as they would for other documents, after seeing a sharp rise in spam embedded within PDF documents. Email security vendor Messagelabs reports that PDFs made up 20 percent of image-based spam messages in July, up 10 percent on the month prior. Image-based spam makes up around 22 percent of total spam, the company said.
Lukas Grunwald — last seen cloning Germany’s RFID passports — is back with more “white hat” hackery on the worlds’ new e-passport systems. This time, however, he’s crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports.
California’s Secretary of State, Debra Bowen, has only three days to decide which, if any, e-voting systems are reliable enough to be used in the state’s 2008 presidential primary election, which is scheduled for February 5. If you’re at all concerned about your chosen candidate’s chances for election in 2008, you may want to seek the services of your neighborhood computer whiz. That’s because a study conducted by a University of California team of researchers has found that all of the devices it tested are extremely vulnerable to hacking.
DESIGNER OF cheap, plastic gadgets, Apple has released its first patch for the Iphone just a few days before a hacker conference which is expected to show up holes in its security. According to the Apple site, the v1.0.1 Update, which can be downloaded and installed via Itunes, fixes several security holes in the Iphone’s Safari browser, Webcore, and Webkit.