New Bluetooth hack can unlock your Tesla—and all kinds of other devices

Posted on May 18, 2022 by mea at 4:31 pm

This class of hack is known as a relay attack, a close cousin of the person-in-the-middle attack. In its simplest form, a relay attack requires two attackers. In the case of the locked Tesla, the first attacker, which we’ll call Attacker 1, is in close proximity to the car while it’s out of range of the authenticating phone. Attacker 2, meanwhile, is in close proximity to the legitimate phone used to unlock the vehicle. Attacker 1 and Attacker 2 have an open Internet connection that allows them to exchange data.

Source: New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica

Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability

Posted on December 13, 2021 by mea at 5:06 pm

Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services, meaning that there’s a wide range of software that could be at risk from attempts to exploit the vulnerability.

Source: Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability | ZDNet

Undermining Democracy

Posted on November 27, 2020 by mea at 4:38 pm

The fundamental problem, however, is Republican insiders who have convinced themselves that to keep and hold power, they need to trash the shared beliefs that hold American democracy together.

Source: Undermining Democracy – Schneier on Security

Torvalds Expresses Concerns Over Current “Kernel Lockdown” Approach

Posted on April 7, 2018 by mea at 5:55 pm

Linus describes Secure Boot as being “pushed in your face by people with an agenda.” But his real problem is that Secure Boot would then imply Kernel Lockdown mode.

Source: Torvalds Expresses Concerns Over Current “Kernel Lockdown” Approach – Phoronix

Equifax Breach Response Turns Dumpster Fire

Posted on September 9, 2017 by mea at 10:47 am

I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.

Source: Equifax Breach Response Turns Dumpster Fire — Krebs on Security

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency

Posted on August 22, 2017 by mea at 10:42 am

“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur.

Source: Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency – The New York Times

How IoT hackers turned a university’s network against itself

Posted on February 11, 2017 by mea at 9:40 pm

While this incident represents one of the first of its kind, the bad news is this form of attack is only going to become more common as more and more everyday items get connected to the internet, providing hackers with greater numbers of potential zombie devices.”

The reason behind it is the issue of default credentials for wireless devices. This is going to bring billions of devices into the fold by 2020, which is only three years away. Whenever it is, there’s going to be so many of these things used by people with very limited understanding of what they are,” says Dine.

Source: How IoT hackers turned a university’s network against itself | ZDNet

The network that IoT devices must use should be isolated and secured by a firewall. This isn’t that difficult to do.

How to Spot Ingenico Self-Checkout Skimmers

Posted on February 7, 2017 by mea at 9:36 pm

The overlay skimming devices pictured here include their own tiny magnetic read heads to snarf card data from the magnetic stripe when customers swipe their cards. Consequently, those tiny readers often interfere with the legitimate magnetic card reader on the underlying device, meaning compromised self-checkout lines may move a bit slower than others.

Source: How to Spot Ingenico Self-Checkout Skimmers — Krebs on Security

Rudy Giuliani is an absurd choice to defend the US from hackers

Posted on January 13, 2017 by mea at 12:10 pm

While it’s amusing to make fun of Giuliani, hiring people with little or no bona fide security experience to head up cybersecurity practices in government is sadly a tried and true pastime in Washington. Instead of tapping actual computer security experts, politicians in many cases continue to put their friends or people they know in charge of a monumental problem that requires expertise beyond having many political connections or relationships with donors.

Source: Rudy Giuliani is an absurd choice to defend the US from hackers | Trevor Timm | Opinion | The Guardian

From: Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’

“You can probably break into Giuliani’s server,” said Robert Graham of Errata Security. “I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses.

“But that doesn’t matter. There’s nothing on Giuliani’s server worth hacking.”

Stop Trying to Fix the User

Posted on October 12, 2016 by mea at 10:15 pm

We must stop trying to fix the user to achieve security. We’ll never get there, and research toward those goals just obscures the real problems. Usable security does not mean “getting people to do what we want.” It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users’ security goals without — as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it — “stress of mind, or knowledge of a long series of rules.”

Source: Security Design: Stop Trying to Fix the User – Schneier on Security

Bucktown Bell

Cut to the chase.

Tag Archives: security