Ukraine energy utilities attacked again with open source Trojan backdoor

Battered Ukrainian electricity utilities are being targeted with backdoors in attacks possibly linked to those fingered for recent blackouts. The phishing attacks are attempting to get backdoors installed on utility company computers using techniques similar to those seen in the BlackEnergy attacks. BlackEnergy ripped through Ukrainian utilities in what is largely considered the cause of Read more about Ukraine energy utilities attacked again with open source Trojan backdoor[…]

Microsoft explains why Irish Warrant Fight is important

Without trust, Microsoft thinks, nobody is going to use any cloud services, and the Snowden revelations put the trustworthiness of all technology suppliers in the spotlight. So when a warrant arrived at Microsoft’s Dublin data centre one day in 2013, a not uncommon occurrence for a cloud host, Microsoft was ready to kick back. What Read more about Microsoft explains why Irish Warrant Fight is important[…]

Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices used by whitehouse, CIA, NSA, for communications

In the funniest disclosure I’ve read in some time (well, it would be if it wasn’t so terribly dangerous), it turns out that these teleconferencing units had a hardcoded admin account with extra permissions built in with username BlackWidow. In the first “fix”, AMX basically changed the user to Batman. Poor show. SEC Consult: Deliberately Read more about Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices used by whitehouse, CIA, NSA, for communications[…]

Oracle blurts Google’s Android secrets in court: You made $22bn using Java, punk

And Google paid Apple $1bn to put its search into iPhones An Oracle lawyer has blurted out in court how much money Google has made from Android – figures that the web giant has fiercely fought to keep secret. And those numbers are: US$31bn in revenue, and US$22bn in profit, since 2008, when Android was Read more about Oracle blurts Google’s Android secrets in court: You made $22bn using Java, punk[…]

RSA asks for plaintext Twitter passwords on conference reg page

Scores of security bods registering for security outfit RSA’s Executive Security Action Forum (ESAF) have handed over their Twitter account passwords to the company’s website in what is seen something between bad practise and outright compromise. The registration process for the February 29 event asks delegates to enter their Twitter credentials so that a prefab Read more about RSA asks for plaintext Twitter passwords on conference reg page[…]

Intel Driver Update Utility flawed

Basically the driver updater looks over HTTP and downloads an unencrypted, easily parsable XML file with URLs leading to the files to download and execute as admin. A man in the middle attack could easily exploit this. Source: Intel Driver Update Utility MiTM This is a lot like the Drupal update vulnerability.

Rabobank puts NFC payment on all KPN simcards

The simcards have an NFC element that belongs to the Rabobank. I guess that means that Rabobank must then get quite a lot of information from the telco provider that you wouldn’t necessarily want them to have. Worrying. KPN geeft sinds begin dit jaar een nieuw type simkaart uit dat contactloos betalen per telefoon mogelijk Read more about Rabobank puts NFC payment on all KPN simcards[…]

USMC leadership shows how stuck in the mud they are when they try to fling some at Secretary of the Navy

Old sad dickless USMC leadership who can’t handle working with equally competent gay men or women are trying to get rid of mr Mabus who has not only insisted on using them in combat roles if they meet the standards but also (shock! horror!) insisted on exploring alternative fuels. One is the integration of women Read more about USMC leadership shows how stuck in the mud they are when they try to fling some at Secretary of the Navy[…]