Lukas Grunwald — last seen cloning Germany’s RFID passports — is back with more “white hat” hackery on the worlds’ new e-passport systems. This time, however, he’s crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports.
A security blunder at Newcastle City Council has exposed the credit and debit card details of up to 54,000 people online. The breach was discovered on 19 July after the council hired an independent security expert to try and crack its systems. The security exercise found an encrypted file containing names, addresses, and credit and debit card numbers had been mistakenly placed on an insecure server.
As Facebook evolves from a University alumini network into an enterprise tool, VeriSign iDefense security experts are warning that the platform is turning into a prime attack vector for cybercriminals. Ryan Olson, US-based analyst for VeriSign’s iDefense malicious code operations, said that the thousands of new applications being developed for Facebook users, whilst enriching functionality, present a perfect channel for distributing malware.
A flaw has been patched in Mozilla Firefox that could have allowed users’ computers to be compromised by visiting websites infected with malware. The flaw lay in the way Firefox version 2.0.0.5 handled uniform resource identifiers (URIs), protocols that allow browsers to access software. Firefox failed to properly handle some URIs, a flaw in the web browser that could have allowed remote malware execution.
Spammers are using the popular file format – Microsoft Excel – to dupe users, a messaging security firm reported has discovered. Israel-based Commtouch said on Monday it is tracking a new trick in which spammers send messages with Excel attachments that contain the latest pump-and-dump stock scams.
A hacker has accessed two University of Michigan databases containing student information, including names, addresses and some Social Security numbers, a spokeswoman said Saturday. The School of Education databases also listed some birth dates and districts where former students were teaching. University spokeswoman Kelly Cunningham said they contained no financial information.
Web ads are becoming a delivery system of choice for hackers seeking to distribute viruses over the Internet. In a development that could threaten the explosive growth of online advertising, hackers have started to exploit security holes to slip viruses into ads. Going to a site that shows such an ad can infect a computer.
The Secret Service’s recent arrest and indictment of four Cuban nationals in Florida for ID theft is evidence that a presidential task force’s recommendations on ID theft are out of touch with reality, said Mari Frank, an expert and former victim of ID theft. That Presidentâs Identity Theft Task Force has recommended federal legislation that would permit companies involved in data breaches determine whether consumers are at risk after a data breach, according to Frank. It would overturn California’s much stricter law, which requires companies to notify everyone whose personally sensitive information was stolen or lost in an electronic breach.
WabiSabiLabi Ltd, a Swiss company rolled out an interesting website that allows users to buy security vulnerabilities for unpatched software solutions. Although it might sound like some hot goodies for hackers, the owners sustain the flaws can be also bought by the security
companies or even by the parent firms in order to fix the programs. At this time, there are only 4 vulnerabilities for sale with prices between 500 euros and 2000 euros. There are only 2 bids for a Linux kernel memory leak and for an “unpatched SQL Injection vulnerability in MKPortal.”
A Swiss company launched an eBay-like marketplace this week for buying and selling zero-day software vulnerabilities. The goal of the WabiSabiLabi (WSLabi) exchange is to reward security researchers without putting valuable information in the hands of criminals, according to a company announcement.