6 C
Tuesday, November 21, 2017
Home Tags Wireless Networking

Tag: Wireless Networking

A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device.  The vulnerability i...
A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and r...
18-month-long slurp grabbed expiry dates, codes – the lot US chain Rosen Hotels & Resorts has become the latest to confirm a malware-based breach of its payment processing systems. The breach covered an extended period between September 2, 2014 to February 18, 2016 - or almost 18 months.

The unauthorised access was tied to certain locations, primarily at its restaurants. While Rosen does operate several other properties in central Florida, it’s not immediately clear how many properties are affected. In a statement (below), the hotel chain confirmed that payment card data (including cardholder name, card number, expiration date, and internal verification code) was exposed by the breach. It’s unclear how many records have been affected. Rosen Hotels & Resorts is in the process of identifying and notifying affected parties. We received unconfirmed reports on February 3, 2016 of a pattern of unauthorized charges occurring on payment cards after they had been used by some of our guests during their stay. We immediately initiated an investigation into these reports and hired a leading cyber security firm to examine our payment card processing system. Findings from the investigation show that an unauthorized person installed malware in RH&R’s payment card network that searched for data read from the magnetic stripe of payment cards as it was routed through the affected systems.
In some instances the malware identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the malware only found payment card data that did not include cardholder name. No other customer information was involved. Cards used at RH&R between September 2, 2014 and February 18, 2016 may have been affected. We are working with the payment card networks to identify the potentially affected cards so that the banks that issued them can be made aware and initiate heightened monitoring on those accounts.

For guests where the findings show that the payment card information involved included their name and for whom we have a mailing address or e-mail address, we will be mailing them a letter or sending them an e-mail. We are also supporting law enforcement’s investigation. “It’s troubling to see another malware attack be so successful – and even more troubling that it persisted over a prolonged period of time without being detected,” said Kevin Watson, chief exec at Florida-based Netsurion, a provider of remotely-managed security services for multi-location businesses. “We counsel our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative target for cybercriminals.” More commentary on the infosec angle to the breach can be found in a post to Tripwire’s State of Security blog here. As infosec veteran Graham Cluley points out, Rosen Hotels is only the latest in a long and growing line of hotel chains to have had their customers’ data stolen by criminal hackers. Other corporate victims have included Mandarin Oriental, Trump, Hilton, Marriott, Sheraton and Westin. Malware infections of Point of Sale terminals have been behind many of these breaches. ® Sponsored: Network monitoring and troubleshooting for Dummies
SpeedCast to provide the Government of Afghanistan with secured and efficient connectivityDubai, United Arab Emirates, March 9, 2016 - SpeedCast International Limited (ASX: SDA), a leading global satellite communications and network service provider, today announced that it has been appointed by NEDA Telecommunications (“NEDA”), the first licensed Internet Service Provider in Afghanistan, to build a satellite connected secured private network for one of the ministry offices of the Government of Afghanistan (“End User”). Under this multi-year service agreement, SpeedCast will build a new satellite-based private network with over 50 sites to deliver required connectivity and service levels to the End User.

The new private network aims to provide reliable and secured connection that allows improved efficiency and productivity by extending connection coverage for the End User. “We are happy to work with SpeedCast,” said Ahmad Ihsan, CEO of NEDA Communications. “SpeedCast has been our main backbone network provider for the past few years.

Their experience with the Afghanistan market and their expertise in satellite communications is instrumental to our success.

This new network will open the door to a new market opportunity for us.” “SpeedCast has been serving the service providers and the private sectors in Afghanistan over the last decade, by providing connectivity and value added services to the region,” commented Pierre Jean Beylier, CEO of SpeedCast. “We are excited to work with NEDA, a truly pioneering service provider in Afghanistan and it is our pleasure to work with the NEDA team who are dedicated to bring in new technology to connect Afghanistan to the rest of the world.” “We are happy to witness the success of NEDA and support their growth, by providing our expertise and bringing in the latest technology to the region. We will continue to work hand in hand with NEDA to expand our footprints in the market and connect users in the region to the rest of the world,” added Mr.

Beylier. ENDS About NEDA CommunicationsFounded in 2003 as the first licensed ISP in Afghanistan, starting with dial-up and moving swiftly into wireless broadband services. Neda Telecommunications quickly established itself as the leading Internet Service Provider in Afghanistan with a presence in most major cities and plans to roll out still further.

For today, NEDA is the preferred ISP for most of the Banks and Ministries in Kabul. More information about NEDA can be found at http://neda.af. About SpeedCast International LimitedSpeedCast International Limited (ASX: SDA) is a leading global satellite communications and network service provider, offering high-quality managed network services in over 90 countries and a global maritime network serving customers worldwide. With a worldwide network of 33 sales and support offices and 31 teleport operations, SpeedCast has a unique infrastructure to serve the requirements of customers globally. With over 5,000 links on land and at sea supporting mission critical applications, SpeedCast has distinguished itself with a strong operational expertise and a highly efficient support organization.

For more information, visit www.speedcast.com. Social Media: Twitter | LinkedIn SpeedCast® are trademark and registered trademark of SpeedCast International Limited in Hong Kong and other countries.

All other brand names, product names, or trademarks belong to their respective owners. © 2016 SpeedCast International Limited.

All rights reserved. For more information, please contact:Media Contact Information:Clara So,Head of MarketingSpeedCast International Limited+852 3919 6894clara.so@speedcast.com Investor Contact Information:Ian Baldwin,Chief Financial OfficerSpeedCast International Limited+61 (0) 2 9086 2785ian.baldwin@speedcast.com
Barry Mattacott, marketing director at security specialist Wick Hill Group, looks at the security risks of linking more and more smart devices to our networks.

Are we just creating ever more vulnerable endpoints in today’s world of the Internet of Things?Back in the good old days, we nailed the front door up tight with a firewall and we knew, that with good security on our gateway, our network was safe from the nasties of the outside world.

But those pesky kids in their bedrooms, not to mention state sponsored cybercriminals, worked out that they could circumnavigate our state-of- the-art firewall by looking for a way in at the opposite end of our network - the endpoint. Barry Mattacott, marketing director Wick Hill So now we all agree that securing the endpoint is essential, but just where is it and what does it look like?Since those early days, there has been a massive proliferation of endpoints and security issues have grown alongside them. You can't go anywhere or do anything without risking an infection. A recent survey found that almost two thirds of USB sticks that were lost/found on public transport were infected with malware.
I guess this raises several issues.

Definitely, don't plug any old USB stick you find into your computer - that's how Stuxnet got its start in life after all.

The survey also begs the question, of why so many of these USB sticks are infected.

Could it be that people are deliberately infecting USBs and "losing" them? Infected USBs can today be considered a fairly traditional attack vector, along with code attached to downloaded files and drive-bys leaping out of infected websites to get you.

The security industry has made a pile of cash developing products to protect us and it's all fairly much in hand. But now we have a game changer because endpoints aren’t the same as they were.

Firstly, we had the revolution that was the mobile endpoint. Mobile phones and tablets are now huge players on our networks.

They have effectively put network endpoints in our pockets and allowed us to take them down the pub and lose them. The technology to protect them has been available for some time, but the adoption has been woefully slow. You would have thought US Federal Agencies would be right on top of it, but a 2015 survey found 61 percent of agencies do not apply their network security policies to mobile devices! So what does the future hold for the endpoint? Without doubt, the Internet of Things (IoT) means they are going to be everywhere! Network attached security systems that give you video pictures of your front door and allow callers to leave recorded messages, are essentially connecting your door bell to your main processor (home PC). Your Hive controlled heating system is connecting you to the Internet. Despite these being serious systems, many have arrived on our networks and in our homes with gaping holes in their security.

British Gas took a thrashing in the national press when their control system was found to be a burglar's dream, easily allowing access to the heating schedule, which could tell them if the owner was at home, or even if they were away for an extended period of time. Even cars have become endpoints. Until recently they were fairly much self-contained. Yes, they communicated with the Internet and manufacturers’ control networks and as such they were hackable. We saw hackers demonstrate that they could take control of a Jeep and run it off the road.

This triggered a recall of 1.4 million cars by Chrysler in order to patch the operating system.

But they were somebody else's problem in that they didn't communicate with your network, so were not one of your endpoints. But car manufacturers, including Ford, are developing on-board systems to allow you to carry out vital activities like turning on your smart kettle whilst on the road.

This requires them to connect via the Internet to your own network. On the one hand, that kettle might be ever so smart in that it carries significantly more processing power than the 64 Kb memory operating at 0.043 MHz in the Apollo guidance system that put man on the moon. On the other hand, it's not smart enough to be fully secured against man-in-the-middle attacks that will allow a hacker to penetrate your network.

And once they are in, will they be able to access your car sitting in the driveway and steal it? It doesn't really matter how secure Ford makes your car, if your kettle is going to leave the door open. Why? Why is it that the Internet of Things is so woefully behind the curve regarding security?To start with, your average kettle manufacturer doesn't have a great pedigree in network security.

They might make an awesomely efficient kettle but in the current climate they will find it difficult to find and employ a suitable security expert.

They are also in a rush.

They have just come up with the world saving idea of adding internet connectivity to your kettle, so obviously they are in a huge rush to get it to market before everyone else thinks of it and beats them to it.

And of course, functionality will always beat security. No one wants to go through multi-factor authentication every time they want a cup of tea. So what can you do about it? Purchase (and attach to your network) with care. When it comes to the Internet of Things, you are putting your trust in the hands of others.

There is little that you personally can do to ensure that your TV, kettle, car, fridge, etc., etc. is secure. One piece of advice is to look out for names that you feel you can trust with security. Manufacturers are starting to come up with solutions for these gaping security holes.

Gemalto, for example, is emerging as a front runner in the field of IoT security.

They have hardware modules, platforms and service solutions that allow you to connect and protect any machine-to-machine or electronic consumer device.

They are currently working with all sorts of OEMs, mobile network operators and industrial manufacturers in various markets. http://www.gemalto.com/iot Barracuda Networks felt the need to bring out a brand new range of products designed to protect the Internet of Things and Machine to Machine connectivity.

Their S Series currently includes Barracuda NextGen Firewall Secure Connector 1 (SC1) and the Barracuda NextGen Secure Access Concentrator (SAC).

These two appliances will make it a lot easier and infinitely more secure for enterprises to benefit from and roll-out largescale deployments of devices like Automated Teller Machines (ATMs), point-of-sale kiosks, wind power stations and networked industrial machines in remote locations. https://www.barracuda.com/products/nextgenfirewall-s Another well-known name in security, Kaspersky Lab, is making a move in the automotive space and is currently in talks with most of the world’s car manufacturers, particularly around the area of securing self-driving cars.

They are looking to secure not only the industrial controls of the production process but also the connected car. Kaspersky Lab is coming at this from a great place as they are already involved in protecting Ferrari.

Aside from the usual endpoint protection they also integrate with existing complex infrastructure, including industrial technologies and mobile devices.
In future, if your car is protected by Kaspersky, then you can probably be pretty sure your kettle can’t steal it! http://www.techworld.com/news/startups/kaspersky-looks-secure-self-driving-cars-factories-theyre-made-in-3615206/ You can also do some research on good old Google.

Thinking about stuffing a EZCast Streamer in your TV’s USB port? A quick check online will find a recent report from Check Point which revealed that the wi-fi network the EZCast sets up, can easily be breached, allowing the attacker access to your main network, where they can wreak havoc or steal confidential data.
So don't be in a rush to buy.

And check it out before you do. http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf One important thing to check is whether the firmware on the product you are buying can be updated. Users of SimpliSafe wireless home alarm systems recently found out that the system is stupidly easy to hack with basic sniffing equipment, allowing its PIN to be grabbed from 30 metres away.

But to really rub salt into the wounds, the hardware apparently cannot be patched or updated to overcome the vulnerability, which leaves owners with no choice but to junk their system. http://thehackernews.com/2016/02/hack-home-security-alarm.html So what’s the best tactic if you don’t want to fall victim to security weaknesses in your clever consumer devices, intelligent cars and machine-to-machine equipment which makeup the Internet of Things? The best advice would be to try and resist the frivolous items like kettles and door bells and stick to things made by reputable manufacturers, preferably ones that have some sort of pedigree in networking. ENDS About the authorBarry Mattacott is marketing director of Wick Hill Group, which is based in Woking, Surrey and Hamburg Germany. Wick Hill Group is part of Rigby Private Equity (RPE), a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc.
Specialist distributor Zycko is also part of RPE, and in co-operation with Zycko, Wick Hill can offer a pan-European service which provides a common proposition and consistent delivery for vendor and reseller partners covering 13 countries. Users of products sourced through Wick Hill include most of the Times Top 1000 companies, in addition to many non-commercial organisations, government departments and SMEs across all business sectors.

Through its channel partners, the company has delivered IT solutions to more than a million users world-wide. Wick Hill currently has offices in Woking, Surrey, with sister offices in Hamburg. ENDS For further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com, Wick Hill https://www.wickhill.com or www.twitter.com/wickhill.

For pic of Barry Mattacott please go to https://www.wickhill.com/company/press/pictures or contact Annabelle Brown.
The vendor security evaluation framework provides questions that organizations need to ask to accurately assess a third-party's security and privacy readiness, Google said. Google has released a framework to open source that it implements internally to...
Google addressed 19 security vulnerabilities, seven of them rated critical, in its latest Android security update.  The updates addressed critical security vulnerabilities in the keyring component, MediaTek Wi-Fi Driver, Conscrypt, the libvpx library, Mediaserver component, and the Qualcomm Performance component.

The most severe vulnerability is the remote code execution flaw in Mediaserver that could be exploited through multiple methods, including email, Web browsing, and MMS, when processing maliciously crafted media files. Mediaserver still vulnerable Google has patched more than two dozen Mediaserver flaws since August, when the original Stagefright flaw was disclosed.
Since then, Google's internal security team has been identifying and fixing other security vulnerabilities scattered throughout the rest of the Mediaserver and the libstagefright library code. The steady stream of Mediaserver vulnerabilities has slowed, as this month's update fixed only two critical flaws (CVE 2016 0815, CVE 2016 0816) and three high-priority issues in Mediaserver. "During the media file and data processing of a specially crafted file, vulnerabilities in Mediaserver could allow an attacker to cause memory corruption and remote code execution as the Mediaserver process," wrote Google in the security bulletin. Google also patched an information disclosure vulnerability in libstagefright (CVE 2016 0824), two elevation of privilege vulnerabilities in Mediaserver (CVE 2016 0826, CVE 2016 0827), and two information disclosure vulnerabilities in Mediaserver (CVE-2016-0828, CVE 2016-0829).

They are all rated as high priority because they cannot be used for remote code execution, but they can be used by attackers to gain elevated capabilities, such as Signature or SignatureOrSystem permissions, which most third-party apps should not have access to.

The information disclosure flaws can be used to bypass security measures, while the elevation of privilege flaw could be used by a malicious app to execute arbitrary code. The critical flaw in libvpx (CVE 2016 1621) is related to previous Mediaserver vulnerabilities, as attackers could exploit this issue to cause memory corruption and remote code execution as the mediaserver process.

The flaw can be triggered with remote content, such as MMS messages or playing media files through the browser. Multiple elevation of privilege bugs fixed The remaining critical vulnerabilities are elevation of privilege flaws.

The Conscrypt bug (CVE 2016 0818) could allow a specific type of invalid certificate to be trusted, resulting in a man-in-the-middle attack.

A malicious app could trigger the flaw in the Qualcomm performance component (CVE 2016-0819) to execute arbitrary code in the kernel.

The only way to repair the compromised device would be by re-flashing the operating system.

The Kernel Keyring bug (CVE 2016-0728) will also let a malicious app execute arbitrary code locally, requiring reflashing the operating system. However, the Kernel Keyring component is protected in Android versions 5.0 and above because SELinux rules prevent third-party applications from accessing the vulnerable code, according to the bulletin. The final critical vulnerability in the MediaTek Wi-Fi kernel driver (CVE 2016 0820) could also be abused by a malicious app. While another MediaTek flaw (CVE 2016 0822) could result in arbitrary code execution, it was rated only as high priority because the attacker would first have to compromise the conn_launcher service, "which may not even be possible," Google said. The patches for Qualcomm and MediaTek components are posted on the Google Developer site and not in the Android Open Source Project repository. High priority and medium priority bugs also addressed Google fixed a mitigation bypass vulnerability in the kernel (CVE 2016 0821) that could let attackers bypass security measures in place.

The vulnerability is related to a change made to poison pointer values in the Linux kernel back in September.

The updates also addressed an information disclosure vulnerability in the kernel (CVE 2016 0823) that could result in malicious apps locally bypassing exploit mitigation technologies like ASLR in a privileged process.

The bug was also fixed in the Linux upstream back in March 2015. The information disclosure vulnerability in the Widevine Trusted Application component could allow code running in the kernel context to access information in TrustZone secure storage, Google said in its bulletin. Like the high-priority Mediaserver flaws, this bug could be used to gain permissions typically not granted to third-party apps.

The final high-priority bug is a remote denial-of-service flaw in Bluetooth that could allow an attacker within a certain distance of the target device to block access.

The attacker could cause an overflow of identified Bluetooth devices in the component, leading to memory corruption and service stop.

The issue could potentially only be fixed by flashing the device, Google said. The two moderate-priority bugs are in the Telephony component and the Setup Wizard.

The information disclosure vulnerability in the telephony component could allow an app to access sensitive data on the device.

The elevation of privilege vulnerability in Setup Wizard can be exploited by an attacker who has physical access to the device and can perform a manual device reset. Patch if possible None of these issues have been exploited in the wild. Builds LMY49H or later and Android M with Security Patch Level of "March 01, 2016" or later contain fixes for these issues.

The Build information is available through the Settings app on Android devices, under the About phone option.

The Security Patch Level is shown in the same location on Android M devices and some Samsung devices running the latest Lollipop versions. Since phone makers and carriers control when the updates are actually pushed to Android devices, for most users, the best ways to stay up-to-date with the security fixes are to buy Nexus devices, upgrade to newer devices frequently, or install custom Android versions themselves. Partners, including handset makers and phone carriers, received the bulletin on Feb. 1.

The Nexus devices will receive over-the-air updates and the patches are expected to be posted to the Android Open Source Project repository. Non-Nexus devices will follow schedules determined by the manufacturers or the carriers. While Samsung has committed to updates for its latest models, many Android phones remain on older versions. Google's Android Security team is actively monitoring for abuse with Verify Apps and SafetyNet, which both warn users of potentially harmful applications about to be installed. Introduced in Android 4.2, Verify Apps works by scanning all .apk packages downloaded from Google Play and other sources for potentially harmful applications. "Google's systems use machine learning to see patterns and make connections that humans would not," Elena Kovakina, a senior security analyst at Google, said in Febrary at the Kaspersky Lab Security Analyst Summit. Verify Apps scan for known attack vectors and scenarios such as phishing, rooting operations, ransomware, backdoors, spyware, harmful sites, SMS fraud, WAP fraud, and call fraud.

Because it's enabled by default, most malicious attacks are thwarted, Kovakina said.

An example is the recent Lockdroid malware, which could have affected a large percentage of Android devices, but turned out to have not infected any Android users. Even if users can't update their Android devices to the latest versions, the SafetyNet and Verify Apps features filter out the majority of bad apps which could take advantage of these flaws.
Good news if you've got a Nexus, otherwise you're at risk Another month, another patching cycle for Android.

Google's mobile OS has picked up seven critical patches, ten classed as high priority, and a pair of moderately important fixes. In short, playing back a booby-trapped video or receiving a message with malware hidden in it could lead to malicious code running on a vulnerable Android device that hasn't been patched. "We have had no reports of active customer exploitation of these newly reported issues," the March advisory states. "Partners were notified about the issues described in the bulletin on February 1, 2016 or earlier.
Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository over the next 48 hours." Most of the critical flaws were found by Google's internal security team, and nearly half deal with programming blunders in Android's Swiss-cheese-like mediaserver library, some directly and some indirectly via libvpx. Being able to inject malware into mediaserver, via a message or video, is bad because, according to Google, "the mediaserver service has access to audio and video streams as well as access to privileges that third-party apps could not normally access." A critical flaw in Qualcomm's implementation on Android would also lead to a permanent root that would require re-flashing the operating system to fix.

The same drastic fix would also be needed if the kernel keyring component flaw isn't fixed. Meanwhile, moves to strengthen Android against the attacks involving libstagefright only get a high severity rating, as do yet more fixes for Mediaserver.

The full list of bugs – some reaching as far back as Android 4.4 as well as versions 5 and 6 – are below: Issue CVE Severity Remote Code Execution Vulnerability in Mediaserver CVE-2016-0815, CVE-2016-0816 Critical Remote Code Execution Vulnerabilities in libvpx CVE-2016-1621 Critical Elevation of Privilege in Conscrypt CVE-2016-0818 Critical Elevation of Privilege Vulnerability in the Qualcomm Performance Component CVE-2016-0819 Critical Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver CVE-2016-0820 Critical Elevation of Privilege Vulnerability in Keyring Component CVE-2016-0728 Critical Mitigation Bypass Vulnerability in the Kernel CVE-2016-0821 High Elevation of Privilege in MediaTek Connectivity Driver CVE-2016-0822 High Information Disclosure Vulnerability in Kernel CVE-2016-0823 High Information Disclosure Vulnerability in libstagefright CVE-2016-0824 High Information Disclosure Vulnerability in Widevine CVE-2016-0825 High Elevation of Privilege Vulnerability in Mediaserver CVE-2016-0826, CVE-2016-0827 High Information Disclosure Vulnerability in Mediaserver CVE-2016-0828, CVE-2016-0829 High Remote Denial of Service Vulnerability in Bluetooth CVE-2016-0830 High Information Disclosure Vulnerability in Telephony CVE-2016-0831 Moderate Elevation of Privilege Vulnerability in Setup Wizard CVE-2016-0832 Moderate The vast majority of Android users aren't going to be getting these updates soon enough, however. Nexus owners will get a push this week, and Samsung's better than most at pushing out fixes, but some other handset owners may carry these flaws until they upgrade their hardware. In the meantime, the malware writers will be getting busy reverse-engineering the Android patches and designing code to exploit the flaws.
In the PC sphere this can take as little as 48 hours, although for mobile it's taking a little longer. ® Sponsored: DevOps: hidden risks and how to achieve results
Zombie hand cookies.Rakka Verizon Wireless has agreed to pay a $1.35 million fine and give users more control over "supercookies" that identify customers in order to deliver targeted ads from Verizon and other companies.
Verizon's use of the supercookies without properly notifying users violated a net neutrality rule that requires Internet providers to disclose accurate information about network management practices to consumers, the FCC said. Verizon's settlement with the Federal Communications Commission, announced today, stems from an investigation into the carrier's "practice of inserting unique identifier headers [UIDH] or so-called 'supercookies' into its customers’ mobile Internet traffic without their knowledge or consent," the FCC said.
Verizon began inserting the identifier—which could not be deleted by consumers—into its subscribers' HTTP Internet traffic in December 2012 and made some limited disclosures in its privacy policy.

But the company "did not specifically disclose the presence of UIDH and its uses until October 2014," the FCC said. ProPublica reported in January 2015 that an online advertising clearinghouse called Turn was taking advantage of the unique identifiers, also known as "zombie cookies," and using them "to respawn tracking cookies that users have deleted." Shortly after that, Verizon said it would offer customers a way to opt out. Verizon's failure to disclose "accurate and adequate" information to consumers about the supercookies violated transparency requirements from the FCC's 2010 net neutrality rules, the FCC said.

Those were the same rules that Verizon sued to overturn. While a federal appeals court mostly sided with Verizon, the ruling upheld the transparency rule that Verizon violated with its supercookies. (This is separate from the FCC's latest net neutrality rules, which are also being challenged in court by broadband industry groups.) The FCC also said that Verizon's actions violated customer data privacy requirements in Section 222 of the Communications Act. Verizon has to implement a three-year compliance plan. "Verizon Wireless is notifying consumers about its targeted advertising programs, will obtain customers’ opt-in consent before sharing UIDH with third parties, and will obtain customers’ opt-in or opt-out consent before sharing UIDH internally within the Verizon corporate family," the FCC said. This is the second time the FCC has taken action against a company for violating the transparency rule.

The first was a $100 million fine levied against AT&T for throttling the wireless Internet connections of customers with unlimited data plans without adequately notifying the customers about the reduced speeds.

AT&T is appealing the decision.
VIDEO: Once again the RSA Conference decided to use unencrypted WiFi, and once again it's time to (re)learn why that's a bad idea. SAN FRANCISCO--Security experts from around the globe descended on the Moscone Center here this week for the annual RSA ...
Even a $35,000 government-ready flying machine can't escape hackers. Pricier means more secure, right? Not exactly.

A security researcher has found that many expensive police drones are vulnerable to hacks.  At San Francisco's RSA conference this week, Nils Rodday showed off flaws in a $35,000 drone's radio connection, opening the device to hackers more than a mile away.  According to Wired, Rodday was able to take full control of a government-ready quadcopter using only a laptop and cheap radio chip.

But any hacker who can reverse-engineer the drone's flight software can take control of the device, sending new navigation commands and blocking those from the actual operator. Rodday, an IT security consultant with IBM Germany, conducted his drone research as a graduate student at the University of Twente in the Netherlands and University of Trento in Italy.

The results were published in a final project called "Exploring Security Vulnerabilities of Unmanned Aerial Vehicles." Sworn to secrecy by the drone manufacturer, Rodday did not disclose the specific machine he tested, or who sells it.

But he did reveal two serious security oversights: poorly encrypted Wi-Fi connecting the drone to its user, and an even less-secure radio protocol. The unprotected drone is an easy target for a man-in-the-middle attack conducted by someone who could be more than a mile away, sending commands to reroute or reprogram the flying machine. "If you think as an attacker, someone could do this only for fun, or also to cause harm or to make a mess out of a daily surveillance procedure," Rodday told Wired. "You can send a command to the camera, to turn it to the wrong side so they don't receive the desired information…or you can steal the drone, all the equipment attached to it, and its information." The unidentified manufacturer has been alerted to the security flaws, and intends to fix the problem in its next model, the magazine said. Unfortunately, the same patch cannot be applied to those drones already flying around. What's worse, Rodday's discovery is likely not confined to just one unmanned aerial vehicle; it could extend to commercial quadcopters, as well. In December 2013, hacker and security analyst Samy Kamkar built SkyJack—a Parrot AR UAV equipped with a Raspberry Pi, engineered to autonomously seek out, hack, and wirelessly take over other drones within Wi-Fi distance.
Last week, Patrick Wardle published a nice analysis of a new Backdoor and Dropper used by HackingTeam, which is apparently alive and well.
Since HackingTeam implants are built on-demand for each target, we wanted to take a closer look: to see how it works and what its functionality reveals about the possible interest of the attackers behind this latest Backdoor. Encryption key The main Backdoor component receives its payload instructions from an encrypted Json configuration file.
In order to decrypt the configuration file, we began by using known keys, but none of them were able to decrypt the file. Upon checking the binary file we were able to identify that the function used to encode the file is still AES 128, so we started to look for a new encryption key. We located the initialization of the encryption routine, where the key is passed as an argument. By following this code we were able to find the new key used to encrypt the configuration file. As you can see, the key is 32 bytes long, so just the first 16 bytes are used as the key.

By using this key on our script we successfully decrypted the configuration file, which turns out to be a Json format file carrying instructions on how that particular Backdoor needs to operate on the target’s OS X machine: What does the implant do? It takes screenshots It synchronizes with or reports stolen information to a Linode server located in the UK, but only when connected to Wi-Fi and using a specific Internet channel bandwidth defined by the Json configuration file: It steals information on locally-installed applications, address book entries, calendar events and calls. OS X allows iPhone users to make such calls straight from the desktop when both are connected to the same Wi-Fi network and trusted. It spies on the victim by enabling frontal camera video recording, audio recording using the embedded microphone, sniffing local chats and stealing data from the clipboard. It also steals emails, SMS and MMS messages from the victim, which are also available on the OS X desktop when an iPhone is paired. Among other functionalities it also spies on the geolocation of the victim. It’s interesting to note that the Json file says that the start date of the operation is October 16 (Friday), 2015.

This indicates that this is a fresh HackingTeam Backdoor implant. For some reason the attacker was not interested in any emails sent to or from the target before that date but only from then on. Kaspersky Lab detects the above-mentioned Backdoor implants as Backdoor.OSX.Morcut.u and its dropper as Trojan-Dropper.OSX.Morcut.d Reference samples hashes: 0eb73f2225886fd5624815cd5d523d08e2b81bed4472087dca00bee18acbce04 Command and control servers: 212[.]71[.]254[.]212