Spyware, Viruses, & Security forum

Alert

NEWS - July 09, 2013

by Carol~ Moderator / July 9, 2013 12:13 AM PDT
We interrupt this program to warn the Emergency Alert System is hackable

The US Emergency Alert System, which interrupts live TV and radio broadcasts with information about national emergencies in progress, is vulnerable to attacks that allow hackers to remotely disseminate bogus reports and tamper with gear, security researchers warned.

The remote takeover vulnerability affects the DASDEC-I and DASDEC-II application servers made by a company called Digital Alert Systems. It stems from the a recent firmware update that mistakenly included the private secure shell (SSH) key, according to an advisory published Monday by researchers from security firm IOActive. Administrators use such keys to remotely log in to a server to gain unfettered "root" access. The publication of the key makes it trivial for hackers to gain unauthorized access on Digital Alert System appliances that run default settings on older firmware.

"An attacker who gains control of one or more DASDEC systems can disrupt these stations' ability to transmit and could disseminate false emergency information over a large geographic area," the IOActive advisory warned. "In addition, depending on the configuration of this and other devices, these messages could be forwarded and mirrored by other DASDEC systems."

Continued : http://arstechnica.com/security/2013/07/we-interrupt-this-program-to-warn-the-emergency-alert-system-is-hackable/

Also:
This Is Not a Test: Emergency Broadcast Systems Proved Hackable
US Emergency Alerting System vulnerable to attack
Discussion is locked
You are posting a reply to: NEWS - July 09, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 09, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Your Facebook friends may be evil bots
by Carol~ Moderator / July 9, 2013 12:16 AM PDT
In reply to: NEWS - July 09, 2013

How safe is your online social network? Not very, as it turns out. Your friends may not even be human, but rather bots siphoning off your data and influencing your decisions with convincing yet programmed points of view.

A team of computer researchers at the Department of Electrical and Computer Engineering at the University of British Columbia has found that hordes of social bots could not only spell disaster for large online destinations like Facebook and Twitter but also threaten the very fabric of the Web and even have implications for our broader economy and society.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

Four UBC scientists designed a "social botnet" -- an army of automatic "friends." A botmaster herds its troop of social bots, each of which mimics a person like you and me. The researchers then unleashed the social botnet on an unsuspecting Facebook and its billion-plus profiles.

Continued : http://www.networkworld.com/news/2013/070813-your-facebook-friends-may-be-271597.html

Collapse -
"Google account hacked" text scam puzzles researchers
by Carol~ Moderator / July 9, 2013 1:05 AM PDT
In reply to: NEWS - July 09, 2013

A curious spamming campaign continues to target Google users via their mobile phones, and researchers still don't know what it actually does.

First spotted back in March, bogus Google messages warn potential victims that their account has been hacked and asks them to send a message to that number when they are ready to verify their accounts: [Screenshot]

"The obvious intention of the messages is to trick users into responding. But, the exact motivation of those responsible for the spam messages remains unclear," says Hoax-Slayer, positing that the message might be an attempt to trick users into supplying sensitive personal information or subscribing to premium rate SMS services.

Continued: http://www.net-security.org/secworld.php?id=15196

Collapse -
Security Must-Do's For Facebook Graph Search
by Carol~ Moderator / July 9, 2013 5:21 AM PDT
In reply to: NEWS - July 09, 2013

Facebook finally pulled the covers off its much-anticipated (or dreaded) Graph Search feature on Monday, after about six months in beta. The new search feature greatly expands the kinds of information Facebook users can access on other users of the social network, making it easy, for example, to cross reference data stored in Facebook profiles. For example, users can easily call up a list of their "friends who live in Boston" and like the show "Arrested Development." Fun!

But, as has been noted, Graph Search is also a social engineer's dream, because it lays bare lots of information - data - that Facebook users shared, casually, and without a thought of how it might be used in combination with other data they shared. For example, researchers have shown that they can use knowledge of a Facebook user's "Likes" to "automatically and accurately predict a range of highly sensitive personal attributes including: your age, and gender, you sexual orientation, ethnicity, religious and political views."

And, in May a security researcher released a new module for Recon-ng an open source "web reconnaissance framework" that allows anyone with a Facebook Developer account to use Graph Search and Recon-ng's features to harvest phone numbers associated with Facebook user accounts.

Continued: https://securityledger.com/2013/07/security-must-dos-for-facebook-graph-search/

Collapse -
Adobe, Microsoft Release Critical Updates
by Carol~ Moderator / July 9, 2013 10:01 AM PDT
In reply to: NEWS - July 09, 2013

Patch Tuesday is upon us once again. Adobe today pushed out security fixes for its Flash and Shockwave media players. Separately, Microsoft released seven patch bundles addressing at least 34 vulnerabilities in Microsoft Windows and other software. At least one of the Windows flaws is already being exploited in active attacks.

Six of the seven Microsoft patches released today earned the company's most dire "critical" rating, meaning the patches plug security holes that could be exploited by malware or miscreants with no help from PC users, save for visiting a hacked site or opening a specially crafted document.

Microsoft and security experts are calling special attention to MS13-053, which fixes at least eight flaws in Windows' implementation of TrueType font files. These critical TrueType vulnerabilities exist on nearly every supported version of Windows, including XP, Vista, Windows 7 and Windows 8, and can be exploited to gain complete control over a vulnerable Windows system, just by having the user visit a Web page that contains malicious TrueType content. To make matters worse, Microsoft says one component of this vulnerability (CVE-2013-3660) is already being exploited in the wild.

Continued : http://krebsonsecurity.com/2013/07/adobe-microsoft-release-critical-updates/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.