mask.of.sanity - Slashdot User

Submission + - Trump's cyber-guru Giuliani runs ancient, utterly hackable website (theregister.co.uk)

Submitted by mask.of.sanity on Thursday January 12, 2017 @10:21PM

mask.of.sanity writes: US president-elect Donald Trump's freshly minted cyber tsar Rudy Giuliani runs a website so insecure that its content management system is five years out of date, unpatched and is utterly hackable.
Giulianisecurity.com the website for Giuliani's eponymous infosec consultancy firm, runs Joomla! version 3.0, released in 2012, and since found to carry 15 separate vulnerabilities. More bugs and poor secure controls abound.

Submission + - McAfee takes 6 months to patch chained remote root RCE in Enterprise antivirus (theregister.co.uk)

Submitted by mask.of.sanity on Tuesday December 13, 2016 @01:52AM

mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch on Friday.

Submission + - WordPress auto-update server had flaw allowing persistent backdoors in websites (theregister.co.uk)

Submitted by mask.of.sanity on Tuesday November 22, 2016 @09:33PM

mask.of.sanity writes: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of their choice to verify code updates are legitimate.

Submission + - Every LTE call, text, can be intercepted, blacked out, hacker finds (theregister.co.uk)

Submitted by mask.of.sanity on Sunday October 23, 2016 @07:54PM

mask.of.sanity writes: A hacker has blown holes in 4G LTE networks.by detailing how to intercept and make calls, send text messages and force phones offline.

It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads.

Submission + - Hackers pop 6000 sites on active 18-month carding spree (theregister.co.uk)

Submitted by mask.of.sanity on Thursday October 13, 2016 @08:33PM

mask.of.sanity writes: Hackers have installed skimming scripts on more than 6000 online stores and are adding 85 each day in a wide-scale active operation that may have compromised hundreds of thousands of credit cards. The malware is infecting stores (full list) running vulnerable versions of the Magento ecommerce platform, and also compromised the US National Republican Senatorial Committee store.

Submission + - LastPass accounts can be 'completely compromised' when users visit sites (theregister.co.uk)

Submitted by mask.of.sanity on Wednesday July 27, 2016 @03:40AM

mask.of.sanity writes: A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which can completely compromise user accounts when users visit malicious websites. The flaw is today being reported to LastPass by established Google Project zero hacker Tavis Ormandy who says he has found other "obvious critical problems".

Submission + - Microsoft re-writes arms control pact in urgent bid to save infosec industry (theregister.co.uk)

Submitted by mask.of.sanity on Thursday July 21, 2016 @05:00AM

mask.of.sanity writes: Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document's terms are a threat to the information security industry.

Submission + - Dangerous 7-Zip vulnerabilities flows to top security, software tools (theregister.co.uk)

Submitted by mask.of.sanity on Thursday May 12, 2016 @12:38AM

mask.of.sanity writes: Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-zip compression tool to stop attackers gaining full control of customer machines.

Submission + - Audiophile torrent site What.CD fully pwnable thanks to wrecked RNG (theregister.co.uk)

Submitted by mask.of.sanity on Sunday May 01, 2016 @11:04PM

mask.of.sanity writes: Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found.

Submission + - $40 of hardware is enough to hijack $28k professional drones from 2km away (theregister.co.uk)

Submitted by mask.of.sanity on Friday April 01, 2016 @01:45AM

mask.of.sanity writes: Thieves can hijack US$28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from 2km away thanks to a lack of encryption which is not present due to latency overheads.

Submission + - Patient monitors altered, drug dispensary popped in collosal hospital hack test (theregister.co.uk)

Submitted by mask.of.sanity on Thursday February 25, 2016 @07:56AM

mask.of.sanity writes: Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger.

In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings which could result in medical responses that injury or kill patients.

Full paper here.

Submission + - New Android phones hijackable with Chrome exploit (theregister.co.uk)

Submitted by mask.of.sanity on Wednesday November 11, 2015 @08:55PM

mask.of.sanity writes: Google's Chrome for Android has been popped with a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference, targets the JavaScript v8 engine and compromises phones when users visit a malicious website. It is also notable in that it is a single clean exploit that does not require chained vulnerabilities to work.

Submission + - Security threat researchers face revenge of spy agencies (theregister.co.uk)

Submitted by mask.of.sanity on Thursday October 22, 2015 @06:26AM

mask.of.sanity writes: Researchers tasked with revealing malware attack campaigns are being harassed, locked out of tenders, and in some cases deported. The retaliation by the unnamed spy agencies is in direct response to the popular published advanced-persistent threat campaigns that have coloured information security reporting over recent years. More details from researcher Juan Andrés Guerrero-Saade are available in a paper (pdf).

Submission + - Microsoft, Tesla, build smart, adaptable, long-life battery that predicts usage (theregister.co.uk)

Submitted by mask.of.sanity on Wednesday October 07, 2015 @04:47PM

mask.of.sanity writes: Engineers from Microsoft, Tesla, and Columbia and Massachusetts universities have teamed up to develop what on paper looks like a revolution in consumer battery technology that meets demands for fast charge, long life, and the ability to bend. The "Software-Defined Battery" system allows different batteries with different chemistries to be integrated into the same system. Fast charging and the ability to work for longer by adapting to different tasks are the result of the blended battery plan. Read the PDF paper.

Submission + - iCloud celebrity hacker admin reveals RipSec, says 11,300 accounts raided (theregister.co.uk)

Submitted by mask.of.sanity on Thursday September 24, 2015 @11:27PM

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipShock using a photoshopped naked image of major TV star who offered access to her iCloud account.

Slashdot Top Deals