What your phone company knows about you

Posted by & filed under /dev/random, Security News.

Malte Spitz made an excellent talk on TED in June explaining the greater consequences of the EU data retention directive. Everybody that has a mobile phone should watch this video. Also, check out the excellent (and scary) visualization of the data from his cell phone over six months by the German newspaper Zeit.

Adventures with Daisy in Thunderbolt-DMA-land: Hacking Macs through the Thunderbolt interface

Posted by & filed under Hacking & Pentesting, Hacks, Security News, Tools & Methodology.

We security folks often feel like we are regurgitating the same type of security issues over and over again, just in new contexts. So depending on how you look at it, this is “old new” or “new old” news. Nevertheless, I thought it would be a good idea to take it down from speculation to… Read more »

Openness and disclosure may be the only remedy against operations like the “Shady RAT”

Posted by & filed under Hacks, Security News.

McAfee recently disclosed the result of five years of investigation of a threat actor that have compromised 72 targeted organizations. While the sheer number and time span of the attacks, not to mention the compromised parties’ identities (for instance, the United Nations was hacked) are enough to raise an eyebrow or two, two paragraphs in the article particularly caught my… Read more »

Cloud Storage Vault

Posted by & filed under Secure Development, Security News.

I’ve been mentoring a Master’s Thesis at NTNU this spring, and my students have developed an Android app for secure cloud storage and file sharing. Quite cool, this video explains how it works. Great work, guys! The idea is to be able to share information that is encrypted with your own encryption key, as opposed… Read more »

Bin Laden’s hard drives

Posted by & filed under Security News.

Several sources reported that the commando team that killed Bin Laden made a perhaps equally important discovery in the Abbottabad recidence: Data. Disks, hard drives and computers were seized as a part of the operation, and even though the compound did not have a (wired?) Internet connection or phone lines, the data on these media… Read more »

RSA hack a combination of social engineering and a 0-day

Posted by & filed under Security News.

Found an interresting article about the recent RSA hack, seems that the threat agents in this case was both advanced and persistent. It smells like an intelligence operation to be honest, and it goes to show how hard it is to safeguard against an advanced enemy with the means and stamina to pull off advanced attacks…. Read more »

New iPad 2 keynote raises security concerns

Posted by & filed under Security News.

I just saw Steve Jobs announce the new iPad (oooh, shiny, want one), and I’m impressed of the numbers he presented in the keynote: > 200 million users are now registered through the App Store. All with associated credit cards. This is of course nice for Apple, but it is also raises some security concerns:… Read more »

The rise and fall of HBGary Federal

Posted by & filed under Hacks, Security News.

Wired‘s Threat Level blog has a very good article on how not to run a professional information security services firm. HBGary Federal, that was recently hacked by the loosely attached group of hacktivists called Anonymous (press release here), has, it seems, fallen ill to some unknown spy movie virus when trying to unmask the group… Read more »

Lost your iPhone? Change your passwords!

Posted by & filed under Security News.

Researchers at the Fraunhofer institute has done some interesting research on physical access attacks on iPhones and iPads. Turns out, if you have physical access to a turned off and locked iOS device, the process of getting all passwords on the phone boils down to three simple steps: Jailbreak it, thus getting SSH access Copy… Read more »

Norwegian newspaper claims full access to all Wikileaks cables

Posted by & filed under Security News.

Update: Aftenposten now publishes all documents that are used to write related news articles in a RSS feed here: http://www.aftenposten.no/eksport/rss-1_0/?seksjon=spesial_wikileaksdokumenter&utvalg=siste The Norwegian newspaper “Aftenposten” claims, according to several sources [Norwegian, in english here] that it has access to all the Wikileaks cables. This would effectively mean that the carefully planned drips of information to selected newspapers… Read more »