Category Archives: Security

10 Bizarre-but-True Ways Your Home Is Susceptible to Hackers

Posted on by
Reply

By John Brandon

Published June 03, 2010

| FOXNews.com

Reality is scarier than fiction — especially when it comes to what hackers can do. In many bizarre-but-true ways, your home is wide open to hacker attacks. Right now.

While you’re reading this, a criminal could be logging in to your router and using it as a porn server. He could be using a Bluetooth “sniper rifle” (like the one shown above) to tap into your phone while you chat by the window. He could even physically steal your printer and capture from its circuitry the financial records you printed last week.

Here are 10 scary — and real — home-security threats hackers may try, and how to block them — if you can.

1. They Can Take a Gun to Your Phone Calls
A gun … for wireless networking? It’s weird, but it’s true. A few years ago, John Hering — who’s now the CEO of Lookout — built a data-sniping rifle that could hack its way into the Bluetooth networks used by most cellular phones. It caused quite a stir with security pundits. He showed how to sniff out a Bluetooth signal, tap into a phone and steal data — from across the block or even from an airplane overhead.

The hack is still possible today, says Hering, who believes the idea of such long-range hacks is growing, not disappearing. And the only way to block them is to use only Bluetooth devices that require a passcode and turn off “discoverable” mode (usually a quick setting on your phone). And more important, turn off Bluetooth when you’re not using it.

2. They Can Steal Your Printer
Security consultant Winn Schwartau says you need to literally tie down your printer. Now. The expert from The Security Awareness Company says it’s possible for thieves to break into your home and steal your printer, rip out the print head, install it on another printer, and retrieve the last few printouts. Hackers could then bribe you — if they discover sensitive information — or steal financial records.

Newer printers use a temporary hard drive to hold printouts, a data repository that’s also ripe for hacking. The solution? Use a security lock for the printer like those from Kensington, or avoid printing private records.

3. They Can Electro-Pulse Your Electronics
Hold on to your hat, ’cause HERF guns are here. According to Brain Yoder, the VP of Engineering at CyberDefender, high-energy radio-frequency guns are still in circulation, though they were more common a few years ago. The guns send out a powerful electro-mechanical pulse that disables all electronic equipment — including your fancy alarm system.

Some websites, such as Information Unlimited, even sell the devices. Yoder says the only way to block an EMP attack is by installing a Faraday cage — a special wire box that blocks electric fields — around any gadget you want to protect from attack.

4. They Can Intercept Your Display
Using a device called a Tempest receiver — a gadget that costs $1,000 or more but is readily available online — Schwartau says it’s possible to capture the transmissions between your PC and monitor, then re-create those transmission on a second monitor. He’s shown that this procedure works for many years, in fact. Hackers can then capture any information you view on a PC.

Other than visually inspecting your premises for the receiver, which looks like a piece of high-end audio equipment, there is no bulletproof security precaution against this kind of attack.

5. They Can Google Your Car  – and Then Steal It
Services such as Google Latitude, Foursquare and Loopt broadcast your whereabouts to your friends and the world at large.  If a hacker intercepts this feed, or tricks you into allowing him to see it, he can track where you are during the day. And knowing that you’re out of town reveals a good time to break into your house or steal your car while you’re at work.

To keep yourself safe, carefully limit your use of these tools. The best way to block the broadcast is to turn off the feature — or the smartphone itself.

6. They Can Become Your Friend
Hackers are clever — they pose as friends on Facebook and trick you into giving out private information. Criminals also pose as a reputable contacts, such as a job recruiters or researchers, and ask for private information, then use it to steal credit cards and other financial data from your bank. The protective measure: never give out private info or friend someone you don’t know very well.

7. They Can Rob Your Home — From Twitter
Did you just tweet that you’re on vacation? Oops. Hackers can use that against you, too.

Chuvakin says criminals will find your real name, usually by tricking you or a friend online. Then they will use a site like RealPagesLive to find your address. “To make it more fun, they can look up house prices in the area to see whether your house is really worth robbing,” he adds. To avoid this hack, never post your whereabouts online, especially to people you don’t know.

8. They Can Walk in the Front Door
Surprisingly, many home owners run a wide-open wireless network without any security protection. Hackers routinely “war-drive” in neighborhoods looking for these open networks, then install “zombie” software tools that send out spam or distribute porn. Locking down a wireless router with strong encryption, such as AES, can keep the hackers at bay — at least until they figure out a crack for that one.

9. They Can Pull the Plug
Last year, President Obama announced funding for a nationwide Smart Grid — a way for companies and home owners to see their power usage in real-time, disable some power usage during times of the day, and monitor their carbon footprint. Security consultant Dr. Anton Chuvakin says this opens the door for hackers to break into the Smart Grid infrastructure.

The network should be remote-controllable and interconnected sometime in the next 3-5 years, butGoogle PowerMeter and Microsoft Hohm can tap into your home power usage today, and that opens up the potential for trouble.

For example, hackers could shut off power in your home and then demand payment immediately to turn it back on. Chuvakin says these systems should be designed with tighter security and that some critical endpoints should not be Internet-connected.

10. They Can Exploit Your Ignorance
The greatest security danger has nothing to do with sniper rifles or the power grid. It’s us. Visiting nefarious sites on the Internet, downloading porn and using software from disreputable sources opens us to attack.

According to Schwartau, it’s pure ignorance about scams and viruses that presents the greatest danger to home users who open the door to widespread abuse. “I go to a lot of crazy places on the Internet, but the last time I had a virus was 15 years ago,” says Schwartau, who advises clients to educate themselves about all the home security dangers, and the protections available.

LinkedIn Now 60 Million Strong

Posted on by
Reply

link.jpg

Professional social network LinkedIn has just added its 60 millionth member, according to a Tweet issued by the company this afternoon. Over the past year, network has seen a significant amount of growth, especially internationally. As of last December, the network had 55 million members, so its grown by 5 million in less than two months. In October, LinkedIn’s network’s CEO, Jeff Weiner, said in the post that half of LinkedIn’s membership is international.

To manage this growth, LinkedIn has also been expanding its operations in international markets, opening offices in The Netherlands, and India, two areas where LinkedIn is growing rapidly. Coincidentally, the 60 millionth member hailed from The Netherlands.

LinkedIn had a big 2009. Founder Reid Hoffman recently changed the guard at the company, with Jeff Weiner taking the helm as CEO in June. While LinkedIn is a strong IPO candidate, Hoffman told us at TechCrunch50 that he’s not in any rush to go public. Later, Hoffman told Reuters that the company plans to pursue an IPO at some point, but not any time soon.The company was valued at around $1 billion in its last round of financing in 2008, and has been profitable for the past years. LinkedIn launched two-way integration with Twitter as well as opened up its API to developers. The company also released a new version of its iPhone app in December.

CrunchBase Information

LinkedIn

Information provided by CrunchBase

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=dnMXMwOfBR0 Techcrunch?i=WHNsKDBM0xs:3qAcHpUuHRo:D7DqB2pKExk Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA
WHNsKDBM0xs

http://feedproxy.google.com/~r/Techcrunch/~3/WHNsKDBM0xs/

Security flaw puts iPhone users at risk of phishing attacks

Posted on by
Reply

thumb_catfishing_ars-thumb-230x130-11855-f.jpg

When Apple introduced iPhone OS 3.0, it attempted to beef up the security of over-the-air enterprise management of iPhones by adding support for Cisco Systems’ Simple Certificate Enrollment Protocol (SCEP). However, a flaw in the implementation of the standard could allow hackers to offer mobile configuration files that appear to be from a legitimate source, but may otherwise set your iPhone to access malicious servers.

Ars spoke with a mobile security expert who discovered the problem (who asked to remain anonymous because he did not have approval to talk about the issue). He told Ars that the issue is one of trust: “Who would you trust to change your iPhone configuration over the air? Your carrier? Your company? Your IT security admin?” he asked. Apple uses SCEP as a way for the iPhone to check in with a certificate server to verify that a mobileconfig file has been signed by a trusted source, but flaws in the set-up on the iPhone mean that the process doesn’t always work as intended.

Read the rest of this article...

apple?i=0ZL-P8J9s7E:Jw_1-6G3fTE:V_sGLiPBpWU apple?i=0ZL-P8J9s7E:Jw_1-6G3fTE:F7zBnMyn0Lo apple?d=qj6IDK7rITs apple?d=yIl2AUoC8zA
0ZL-P8J9s7E

http://feeds.arstechnica.com/~r/arstechnica/apple/~3/0ZL-P8J9s7E/security-flaw-puts-iphone-users-at-risk-of-phishing-attacks.ars

Potentially Nasty New iPhone Security Flaw Discovered

Posted on by
Reply

Screen-shot-2010-02-03-at-February-3-2.51.45-PM1.png

Wuh-oh! Considering its popularity and the number of handsets floating around out there compared to the number of security exploits discovered thus far, I’d say Apple has done a pretty good job of keeping things locked down.

As this just-discovered flaw proves, however, nobody’s perfect.

Read the rest of this post at MobileCrunch >>

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=dnMXMwOfBR0 Techcrunch?i=_IAtLsPjXmo:E9dH4sqD6GE:D7DqB2pKExk Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA
_IAtLsPjXmo

http://feedproxy.google.com/~r/Techcrunch/~3/_IAtLsPjXmo/

Voice encryption for mobile phones cracked: 12 out of 15 methods deemed insecure

Posted on by
Reply

For those of you that use voice encryption products on mobile phones the last thing you would expect is for it to be easily decrypted and intercepted. You may have shelled out good coin for your application and rely upon it for your intellectual security, but what if that security was not as tight as you had imagined, what if a readily available wiretapping utility attainable by anyone, and a simple Trojan slipped on to your device could compromise all of your calls?

Blogger, hacker and IT security expert Notrax, has done just that. For his own safety we will not reveal his name, however, Notrax has discovered that 12 commercially available mobile voice encryption products can be intercepted and compromised using a little ingenuity and creativity as he has carefully detailed on his website.

He tested 15 voice encryption products in total, 12 of them were “worthless”. It’s easy to take the software at face value when it “tells you” that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.

Secure means that Notrax did not manage to crack it. It does not mean that someone else would not be able to crack it.

These calls can be tapped by anyone that has basic technical skills or the money to back up such an endeavour. “Statistics show Government agencies on average conduct 50,000 legal wiretaps per year (legal= those where a court order is required), (Let’s not forget Echelon) another 150,000 phones are illegally tapped by private detectives, spouses and boyfriends and girlfriends trying to catch a potential cheater. Another estimate shows up to 100,000 phones are wiretapped by companies and private industry in some form of industrial espionage. It is happening and it is a big business.”

The ones that made it were PhoneCrypt. It provides military grade technology to secure phone conversations in real time. Also, PhoneCrypt’s active protection agent monitors calls to protect against eavesdropping and wiretapping. Out of the three survivors, only PhoneCrypt’s solution was software-based.

SnapCell was safe, it’s a private encryption device that snaps on to your mobile, they claim to protect your mobile voice, fax and data communications from wiretapping, eavesdropping and line interference. SnapCell’s website has been offline since January 21st for unknown reasons.

TopSec Mobile was also secure, it’s a voice encryption device that can be connected to almost any mobile phone using Bluetooth. The encryption is embedded in the TopSec Mobile hardware to avoid the susceptibility of GSM phones to manipulation.

If you are not using one of the above three voice encryption technologies, you may want to be on the lookout for a new solution. Although these applications cracked are not entirely secure, it would take much effort to bypass them, like having the attacker be able to load software or a trojan on your phone without you knowing. It’s similar to a credit card, so as long as you keep it with you in a secure place you should be fine for the most part.