USR-Lib

Barnaby Jacks demonstrates an interesting way of getting money out of ATM machines.

Security researcher Barnaby Jacks has used the Black Hat briefings to demonstrate an interesting way of getting money out of ATM machines. Jack, head of research at cybersecurity consultancy IOActive, demoed the attack on two common ATM platforms. With one he unlocked the machine, using standard keys purchased on the internet, and inserted a USB stick which overwrote the ATM’s firmware and caused...

Airtight Networks has uncovered a flaw in the Wi-Fi Protected Access 2 (WPA2) protocol.

A researcher from leading wireless security firm Airtight Networks has uncovered a flaw in the Wi-Fi Protected Access 2 (WPA2) protocol. The flaw could allow malicious insiders to hack corporate wireless LANs (WLANs) and steal business-critical information from wireless traffic. Airtight Networks security wireless researcher Md Sohail Ahmad uncovered the flaw, demonstrating just how easy it is to...

Microsoft IE8 spam filter technology blocks one billion malware attacks.

Microsoft has revealed its web browser spam filter technology has stopped its one-billionth piece of malware from being downloaded. Internet Explorer 8’s (IE8’s) SmartScreen Filter uses URL reputation-based anti-malware technology to warn users if they are visiting web sites hosted by servers known to distribute unsafe content. James Pratt, Internet Explorer business and marketing senior...

Committee threatens legal action if search firm fails to provide answers

Google could face legal action from a committee of 38 US states demanding more details about how the company came to collect Wi-Fi data with its Street View cars. “We will take all appropriate steps, including potential legal action if warranted, to obtain complete, comprehensive answers,” said Richard Blumenthal, committee leader and Connecticut attorney general. Blumenthal has called...

AVG reveals huge number of machines vulnerable to ‘Eleonore’ toolkit

AVG Research is claiming that one in 10 of all PCs is infected by malware controlled by cybercriminals using the ‘Eleonore’ exploit toolkit. The security software firm monitored 165 domains controlled by cybercriminals using the commercial attack software toolkit over a two-month period, during which time it tracked more than 1.2 million infected computers. Out of 12 million worldwide users visiting...

Siemens confirms virus which explicitly targets industrial command and control systems

German industrial group Siemens has confirmed that a virus has been detected which explicitly targets industrial command and control systems in which the company specialises. The malware, dubbed Stuxnet, is spread via USB devices, which is a common way of updating manufacturing hardware. The software is designed to steal data on manufacturing and industrial processes and pass the data on to third...

The internet’s root servers more secure due to the addition of domain name system security extensions

The internet’s root servers have been made more secure as a result of the addition of domain name system security extensions (DNSSEC). These extensions make it more likely that when a web page is returned to a user, the right web page is returned rather than one posing as the requested page. The aim is to protect organisations and consumers from imitation e-commerce sites or banking log-in pages....

A German man uses malware for webcam spying.

A German man has been arrested for using malware to spy on young women using their webcams. The man had used a Trojan to infect a victim’s account via ICQ, a spokesman for the Aachen state prosecutor told the local Westfalenblatt newspaper. He then used this account to find other victims and police estimate 150 women may have been viewed. The investigation was triggered when Thomas Floß from...

Enterprise security market will grow by 13.8 per cent in 2010

The global enterprise security market will grow by 13.8 per cent in 2010 as budgets return and companies update systems, according to Canalys. The analyst firm said that strong year-on-year growth of 15.2 per cent in the first quarter underlined returning industry confidence, and that the value of the security market will reach $15bn (£9.8bn) by the end of the year. Europe will account for 33.6 per...

User still falling for Basic security patching

A report into the state of internet security has found patching is still woefully poor among computer users. Of the top ten exploited vulnerabilities in M86 Security’s analysis of the first half of 2010 only one had been patched this year, while one fix was issued in 2006 and the majority were at least two years old. Half of the flaws were in Microsoft products, namely Internet Explorer, Access...