Invest in cyber security – why bother

Another month, another data breach, and another set of proposals for what is seemingly an intensifying cyberattack problem. When we examine the evidence, though, the actual expenses from the recent and high-profile breaches at Sony, Target and Home Depot amount to less than 1% of each company’s annual revenues. After reimbursement from insurance and minus

Broadband routers: SOHOpeless

Home and small business router security is terrible. Exploits emerge with depressing regularity, exposing millions of users to criminal activities. Many of the holes are so simple as to be embarrassing. Hard-coded credentials are so common in small home and office routers, comparatively to other tech kit, that only those with tin-foil hats bother to

FREAKing

Security experts have discovered a potentially catastrophic flaw that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds of thousands or millions of websites, including AmericanExpress.com, Bloomberg.com, NSA.gov, and FBI.gov. In recent days, a scan of more than 14 million websites

Home alone – not quite

Your refrigerator is sending spam. Your front door is running buggy firmware that tells you the deadbolt is locked (when it’s not). And the kid next door is pirating music over your Wi-Fi network, thanks to a backdoor in your thermostat app. All the internet-enabled things that make your home “smart” are also turning it

Hi Signal, it’s Red Phone

RedPhone is a free and open-source encrypted voice calling application for Android. RedPhone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to set up an encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics

Wickr

Wickr: The Covert App Used By Politicians For Secret Discussions Fancy yourself as a secret agent or need to discuss sensitive topics without any evidence? Reportedly used by our very own communications minister Malcolm Turnbull, Wickr is billed as a kind of grown up version of SnapChat –- letting you send and receive information with

Abusing Blu-ray Players

Vulnerability 1 – Windows – Cyberlink PowerDVD Blu-rays have been supported by PowerDVD since 2009 and the security mechanisms haven’t really changed since that early release. PowerDVD comes with a range of additional Java classes which provide functionality internal to the player, but which are still callable by Xlets on the disc. One of these

Crocodile tears

China is weighing a far-reaching counterterrorism law that would require technology firms to hand over encryption keys and install security “backdoors”, a potential escalation of what some firms view as the increasingly onerous terms of doing business in the world’s second largest economy. Although the counterterrorism provisions would apply to both domestic and foreign technologies,

Surreptitiously Weakening Cryptographic Systems

In the field of cryptography, a secretly planted “backdoor” that allows eavesdropping on communications is usually a subject of paranoia and dread. But that doesn’t mean cryptographers don’t appreciate the art of skilled cyphersabotage. Now one group of crypto experts has published an appraisal of different methods of weakening crypto systems, and the lesson is

Kaymera Mobile Security

We have had a few privacy- and security-focused smartphones over the past few years, from the German CryptoPhone 500 that can identify IMSI catchers to Silent Circle’s Blackphone and its end-to-end encryption for voice calls and texts. Kaymera Technologies, a security services company, is now also coming out with not just a secure phone, but

The Equation Group

What may sound like the start to a Tom Clancy novel, or an episode of 24, is, in fact, completely real, the likes of which actually happened to one or more researchers back in 2009. In fact, surreptitious, interdiction-based cyber attacks like this one have apparently been happening since at least the early 2000s and

Analysing Number Patterns In Passwords

The primary purpose of a password is to serve as an unique verification identifier for a given user. Ideally, the password for a given website or service should be both random and unique; if the letters and/or numbers in the password follow any patterns, then they might be easier to guess by an intruder. For

Malware You Should Check For

It’s a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other apps like LavaSoft are doing the same. It’s really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads

nls_933w.dll

One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen.

Fake ID: Passports

There are two reasons you may want a fake passport. One is obviously for a clandestine overseas trip. We have all seen the movie where someone pulls our their “grab bag” and empties it on the bed to show five or six different passports (and ID’s). I am hoping that most of you realise that