Recently, Apple released an iOS update to address a bug with its SSL implementation, which would allow a nefarious individual on the same local network as your computer to intercept sensitive information as you browse the Web.
This type of attack, called a man-in-the-middle attack, is possible because in the latest versions of OS X and iOS (up to version 7.0.5) the operating system does not check the signature in a TLS Server Key Exchange Message, allowing a third-party to spoof a private key or simply omit using one and intercept the SSL data. Since encrypted SSL data … Read more
Not only were as many as 110 million Target customers affected by the massive hack on the retailer in December, but banks have also had to deal with the security breach.
The hack is said to have cost banks and credit unions more than $200 million, according to data gathered by the Consumer Bankers Association and the Credit Union National Association. Originally, the two associations estimated that losses tallied around $178 million but now say those costs are rising.
In all, 40 million credit and debit cards were compromised in the breach. So far, banks and credit unions have replaced … Read more
Smart home networks are rapidly gaining popularity, but some security experts worry that not enough encryption controls are coming with the products.
Security firm IOActive released an advisory (PDF) on Tuesday saying more than half a million Belkin WeMo devices are susceptible to widespread hacks. The firm uncovered several vulnerabilities in these devices, which would let hackers gain access to home networks and remotely control Internet-connected appliances.
The hacks could range from a mean-spirited prank to actually posing a danger. For example, they could be as benign as turning someone's house lights on-and-off to something dangerous like getting a … Read more
It may be news to you that some Asus wireless routers leave your computer and networked drives open to hackers, but Asus has known about the problems for months, reports indicate.
The vulnerabilities make it possible for hackers to access directories on networked drives using Asus' proprietary AiCloud option. Enabling features such as "Cloud Disk," "Smart Access," and "Smart Sync" appear to enable the vulnerability, security researcher Kyle Lovett told Ars Technica.
Enabling the file-sharing tool Samba in the router also exposes the vulnerability to hackers.
Lovett told CNET that following his report of … Read more
Hackers hit crowd-funding site Kickstarter and made off with user information, the site said Saturday.
Though no credit card information was taken, the site said, attackers made off with usernames, e-mail addresses, mailing addresses, phone numbers, and encrypted passwords.
"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," the site said in a blog post, adding that "as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts … Read more
The Syrian Electronic Army has attacked Forbes, stealing user data and posting fake stories to its Web site.
The hacking group announced the exploit on Friday, showing several screenshots of the Wordpress-based backend of the Forbes.com Web site. The organization said in a tweet that more than 1 million user e-mails and passwords were successfully stolen and will be published at some point.
Forbes acknowledged that its Web site and publishing platform were the targets of a hack in a Facebook post on Friday. The company said e-mail addresses may have been exposed but passwords are encrypted. Still, Forbes … Read more
Tesco, an international supermarket chain, has been forced to deactivate online customer accounts after hackers took aim at its systems.
The company confirmed to The Guardian on Friday that over 2,200 of its accounts were compromised. Interestingly, it's believed that the hackers didn't actually break into its systems, but instead used data collected from other hacks to see if they could get any hits. The affected accounts used the same username and password combination as those in previous hacks, allowing the hackers to break in.
Rather than snoop around, however, the hackers posted the compromised accounts online, … Read more
Snapchat is combating yet another security issue, and it's a juicy one.
In a story posted late Tuesday, Wired editor Joe Brown said his Snapchat friends were asking why he was sending them messages with photos of fruit smoothies. That was a surprise to Brown because he hadn't sent any such messages. Other Snapchatters have since complained about receiving these same messages, according to a Twitter search.
The messages serve up a URL for a company called Snapfroot, which then redirects the recipient to an AllRecipes.com page for a "Berry Delicious" smoothie. The spam outbreak … Read more
A report this week that attendees at the Sochi Winter Olympics were being hacked the second they booted up their electronic devices is "100 percent fraudulent," a security researcher charged Thursday.
Robert Graham of Errata Security was criticizing a report by NBC reporter Richard Engel on the safety of logging onto Russian networks. Engel reported that during a security test at cafe with a security expert, "before we even finished our coffee" the bad actors had hit, downloading malware and "stealing my information and giving hackers the option to tap or even record my phone … Read more