Home > Resources > Security News

Security News

14/May/2020  clock.jpg   Consumer IoT Devices: 50% actively spying on you

Internet of Things (IoT) devices are increasingly found in everyday homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential privacy risks, since these devices can communicate information about their users to other parties over the Internet. [...] Using the largest known set of controlled experiments (34,586) comprising 81 devices in the US and UK, along with uncontrolled experiments consisting of an IRB-approved user study, we are the first to quantify such information exposure across different networks, geographic regions, and interactions with devices.

Anna Maria Mandalari

19/Jul/2018  clock.jpg  IOT vulnerabilities let hackers spy on victims

Vulnerabilities discovered in IOT devices, with Wi-Fi capabilities and smartphone-controlled navigation controls, would allow control over the device as well as the ability to intercept data on a home Wi-Fi network. "That's not even the worst-case scenario, at least for owners"...

18/May/2018  clock.jpg  NSA backdoors and bitcoin

Many cryptographic standards widely used in commercial applications were developed by the US Government's National Institute of Standards and Technology (NIST). Normally government involvement in developing ciphers for public use would throw up red flags, however all of the algorithms are part of the public domain and have been analyzed and vetted by professional cryptographers who know what they're doing. Unless the government has access to some highly advanced math not known to academia...

04/Mar/2017  clock.jpg  SHA1 has been broken - Upgrade to SHA2!

SHA-1 is weak and can't be trusted. This is bad news because the SHA-1 hashing algorithm is used across the internet, from Git repositories to file deduplication systems to HTTPS certificates used to protect online banking and other websites. Now researchers at CWI Amsterdam and bods at Google have managed to alter a PDF without changing its SHA-1 hash value. Now you can trick someone into thinking the tampered copy is the original. The hashes are completely the same.

02/Mar/2017  clock.jpg  Hidden backdoor found in chinese internet of things devices

The Telnet interface of the GoIP is documented as providing information for users of the device through the use of logins "ctlcmd" and "limitsh". An additional undocumented user, namely "dbladm" is present which provides root level shell access on the device. Instead of a traditional password, this account is protected by a proprietary challenge-response authentication scheme.

08/Feb/2017  clock.jpg  Faulty emulators - A threat for your machinery

Installing a faulty emulator on your machinery is a severe threat, specially when it's about emulators with internal design flaws that may show up only after a long term usage. Checking the lifetime and endurance of the media supports being used inside your emulators, and apply preventive maintenance is not enough. Emulators should be ground checked before installation on machinery, to make sure that no crash test reports have been created by other "unlucky" customers and related security alerts issued.

15/May/2015  clock.jpg  Sourceforge & Slashdot - The ultimate spy

It's important to check and be aware of the privacy policy that is being applied by different platforms & services. Some privacy policies are really too extended and intrusive. Should you explicitely (or implicitely!) accept them, then you are de facto completely giving away any right to have a minimum degree of privacy.

23/Jan/2014  clock.jpg  Skype, Google, Microsoft, ... they are all spying us

Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

John Young


12/Nov/2012  clock.jpg  All the crypto code is probably broken

Do you keep up on the latest proceedings of the IACR CRYPTO conference? No? Then chances are whenever you have tried to use a cryptographic library you made some sort of catastrophic mistake which would lead to a complete loss of confidentiality of the data you're trying to keep secret.

Jonathan Zittrain

02/Jul/2012  clock.jpg  The Flame attack

The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Tuesday.



Deep in Details

Kaspersky Lab

Global Digital Forensics

15/Jan/2011  clock.jpg  The Stuxnet Worm analysis

The worm itself now appears to have included two major components. One was designed to send Iran's nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.


Deep in Details

Ralph Langner

Bruce Dang