News

Remember how we told you about that some of the world’s most sensitive infrastructure hardware could be vulnerable by simply searching for them on Google? Well now we hear that even your car can be compromised with the right gear, as a group of security experts showed at Black Hat in Las Vegas. By setting up their own GSM network (granted not an easy task) the group was able to unlock and then start a Subaru SUV.

What they did was to capture authentication messages sent from the control server to the car. Once they had these in hand they were able to send commands to the car using an Android based smart phone and that was pretty much it.

As more and more of the world goes wireless you have to worry about what security is (and can honestly be put) in place to protect from this type of attack. It is not uncommon for banks to run wireless as a backup (that is still open and in a passive state) many security cameras will operate over 3G now as well. With the SCDA vulnerability and one I have recently heard of that affects banking applications on both Android and the iPhone you have to wonder just who is in charge of keeping these things safe?

Source Engadget

Discuss this on our Forum

There are times when companies just forget about the impact to consumers. Most times these little oversights are caught and removed before the products or services are dropped on the unsuspecting consumers. Still there are times when these things get pushed out because the company in question is too big or too arrogant to believe they can’t do what they want.

A good example of this is Google Street View. There is nothing like a free service that allows anyone to see your home, the cars you drive etc. Google even had the temerity to send their cars onto clearly marked private roads.

Now let’s move forward to today, Facebook wants to put facial recognition software into their API to quickly tag people in photographs. The problem is that this software collects data about the people in the pictures. There is also no easy way to remove this data by the user. Facebook thinks that collecting this and other data is ok (as it is not in violation of any US law which are notorious for not protecting privacy or fair usage). However, Facebook did not count on some very strict (as they should be) privacy laws in Germany. Germany has actually declared the new feature illegal and is going after Facebook to disable the feature and to remove all data collected by the service.

I only wish that there were laws this protective of the average citizen in the US.

Source Fudzilla

Discuss this on our Forum

In what has to be humorous to those of us that called this last year (yes I was one of them) it has now come out that HTML5 is more full of holes than your average sieve. According to a study out now it appears that HTML5 opens up some serious risks including allowing malicious code to execute cross-domain APIs, ClickJacking, Frame impersonation and worse. One of the problems is that HTML5 (like many other things from Apple) is not compatible with other standards on the net. Some of the “security” features that exist on to prevent cross scripting and window framing (where you put a frame inside a legitimate window to execute malicious code) are rendered useless by the technology in HTML5.

Other items that are bundled into the code are vulnerabilities that allow a service to register itself as a content handler without notifying the user, and a caching API that can be skimmed to collect user information (location, time of last visit and possible the actual page visited) in much the same way that Google’s Chrome browser can. In all there are some 50 Vulnerabilities that were listed in the report which is of serious concern considering Apple’s push to put this technology in place. Perhaps Apple feels that they can ignore these and continue on with their charmed life, or that their OS would be impervious to any threats. No matter the cause, considering Steve Jobs’ impassioned rants about Adobe and how their products are security risks it is more than a little amusing.

Source The Inquirer

Talk about this in our Forum

Not all that long ago (about a year to be exact) I engaged in a little online debate with someone about LTE Vs WiMax. At the time I was told that LTE was better and that WiMax would be a losing battle. I agreed with the comment about speed, but hastily added that MiMax is not a losing battle. You see the problem is that people often misunderstand that WiMax and LTE are not different hardware technologies (at least not on the backbone) but differ in the protocols used to push the data across that hardware. Clearwire was aware of this when they built their network; they knew that they could get WiMax out now and still shift over faster and for less money than the much of the competition can get LTE off the ground.

The down side is that Clearwire waited too long to start the conversion and have lost quite a bit of money on this deal. Of course they also could have had contractual restrictions that required them to reach a certain level of loss before they could make the shift in existing markets (read Sprint/Nextel)… that is pure guess work on my part but I have heard of worse in business. No matter what the reason the thing is that Clearwire is going to make the switch and will start in their existing markets to make the shift less costly and also to start off building revenue on the investment.

Now we have to figure out if the existing Radios inside the current handsets can be “flashed” to support the LTE protocol.

Source CNET

Discuss in our forum