Black Hat, Defcon: All about hacking (roundup)

The conferences will dig into issues ranging from mobile malware and hacking to vulnerabilities posed by linking critical infrastructure systems to the Internet and corporate networks. There are bound to be some hijinks as well.

Hacker launches volunteer program for security professionals

Hackers for Charity founder Johnny Long hopes computer and security skills can break the cycle of poverty and keep Uganda from becoming another Nigeria.
(Posted in InSecurity Complex by Elinor Mills)
August 8, 2011 4:32 p.m. PT

Lose your laptop? Change all passwords, pronto

Stanford University researcher shows how to bypass Windows' built-in encryption that Web browsers, instant messaging clients, and other programs used to store user passwords.
(Posted in Privacy Inc. by Declan McCullagh)
August 8, 2011 2:52 p.m. PT

10-year-old hacker finds zero-day flaw in games

A young hacker known as CyFi details an entirely new class of vulnerability in mobile device games at DefCon 19.
(Posted in The Download Blog by Seth Rosenblatt)
August 7, 2011 4:00 a.m. PT

Android could allow mobile ad or phishing pop-ups

Developers could sneak annoying pop-up ads or phishing attacks into mobile apps via design flaw in Android, according to researchers.
(Posted in InSecurity Complex by Elinor Mills)
August 6, 2011 8:01 p.m. PT

Attacking home automation networks over power lines

Researchers at the Black Hat security conference show how they could disrupt and snoop on home automation networks in residences and offices using devices connected to Ethernet networks that communicate via public power lines.
(Posted in InSecurity Complex by Elinor Mills)
August 5, 2011 6:25 p.m. PT

Viruses: Destroying your systems for 25 years

PC viruses first appeared in the mid-'80s courtesy of two guys in Pakistan. DefCon 19 opens with a history lesson, from that first virus (which spread by floppy disk) to the most advanced modern threats.
• From TechRepublic: Wrapping up Black Hat 2011 with Robert Clark of the U.S. Cyber Command
(Posted in The Download Blog by Seth Rosenblatt)
August 5, 2011 1:24 p.m. PT

Security insider discusses Vista's level of security

Finally released from a five-year non-disclosure agreement, one security researcher dishes on Vista and reveals something surprising: Microsoft got a lot right when it came to security.
(Posted in The Download Blog by Seth Rosenblatt)
August 4, 2011 9:50 p.m. PT

Face-matching with Facebook profiles: How it was done

Carnegie Mellon researcher demonstrates a new Facebook privacy threat: profile photos can be used to ID people on dating sites and on the street.
(Posted in Privacy Inc. by Declan McCullagh)
August 4, 2011 7:40 p.m. PT

Researchers find avenues for fraud in Square

Mobile payments system can be used to transfer money into accounts from stolen cards and to skim cards, researchers say.
• From TechRepublic: Mudge on complexity, national infrastructure
(Posted in InSecurity Complex by Elinor Mills)
August 4, 2011 6:24 p.m. PT

Hacking laptop batteries: A new security threat

Malware can brick your Apple laptop's battery, according to a security researcher at Black Hat, who says it's possible for malicious software to do even more destructive things as well.
(Posted in Privacy Inc. by Declan McCullagh)
August 4, 2011 1:26 p.m. PT

Wireless drone sniffs Wi-Fi, Bluetooth, phone signals

At Black Hat, a pair of security engineers show off prototype UAV bristling with antennas that can eavesdrop on Wi-Fi, phone, and Bluetooth signals.
(Posted in Privacy Inc. by Declan McCullagh)
August 4, 2011 11:19 a.m. PT

When hacking Chrome, it's all about your data

Not only is Google's Chrome OS hackable, the nature of the vulnerabilities highlights risks to your personal data, say security researchers at Black Hat.
• From TechRepublic: Macs in the crosshairs, Kaminsky on BitCoin
(Posted in The Download Blog by Seth Rosenblatt)
August 3, 2011 6:50 p.m. PT

Researcher demos attacks on Siemens industrial controls

Researcher opens "can of worms" about security weaknesses in systems running critical infrastructure environments, expert says.
(Posted in InSecurity Complex by Elinor Mills)
August 3, 2011 6:02 p.m. PT

Microsoft offers $250,000 for security defense research

Redmond still says no to bug bounties, but offers a $200,000 first prize and $50,000 second prize instead for research in security defense.
• From TechRepublic: Has Microsoft gotten better at security or just less relevant?
(Posted in InSecurity Complex by Elinor Mills)
August 3, 2011 11:17 p.m. PT

Android users see doubling of malware

Apps infected with malware grew five-fold since January, Lookout mobile threat report finds.
(Posted in InSecurity Complex by Elinor Mills)
August 2, 2011 7:53 p.m. PT

Researchers warn of SCADA gear exposure

Google searches find critical infrastructure equipment that could be remotely controlled over the Internet.
(Posted in InSecurity Complex by Elinor Mills)
August 2, 2011 4:02 p.m. PT

DefCon Kids joins adult hacker conferences

Hacker offspring get their own DefCon as talks on critical infrastructure hacks run next door to social-engineering contests for kids.
(Posted in InSecurity Complex by Elinor Mills)
August 2, 2011 4:32 a.m. PT

Journalist faces charges over transit card flaw reports

Brenno de Winter says case is hindering his writing about smart-card security and other security news and restricting his travel.
(Posted in InSecurity Complex by Elinor Mills)
August 1, 2011 4:21 p.m. PT

previous coverage

Stanford researcher exposes Microsoft's Wi-Fi database

To pressure Microsoft to curb access to its geolocation database, researcher creates Web page that lets people send queries based on their--or someone else's--computer's unique Wi-Fi address.
• Microsoft's Web map exposes phone, PC locations
• Microsoft curbs Wi-Fi location database
(Posted in Privacy Inc. by Declan McCullagh)
July 29, 2011 11:36 a.m. PT

Automated stock trading poses fraud risk, researcher says

In the trade-off between speed and security, big traders are choosing speed to maximize profits.
(Posted in InSecurity Complex by Elinor Mills)
July 27, 2011 6:45 p.m. PT

Expert hacks car system, sees SCADA risk

Embedded systems that rely on cellular networks and lack authentication and encryption have holes that attackers can easily exploit, researcher says.
• Remote unlock and start for cars hacked
(Posted in InSecurity Complex by Elinor Mills)
July 26, 2011 6:18 p.m. PT

Researcher: Mac notebook batteries can be hacked

New findings from Accuvant security researcher Charlie Miller suggest that Apple's notebook computer batteries are susceptible to digital hackery that could cause permanent damage.
(Posted in Apple Talk by Josh Lowensohn)
July 22, 2011 5:43 p.m. PT