Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep

A hacker duo pretty much just made the case for going old school and steering clear of “smart” and “connected” vehicles as they remotely attacked one. Charlie Miller and Chris Valasek revealed 20 of the “most hackable” vehicles last year, but this year at Black Hat they will blow people’s mind when they present “Remote Exploitation of an Unaltered Passenger Vehicle.”It’s not the first remote hack; when DARPA’s Dan Kaufman remotely hacked a car for 60 Minutes, he triggered the windshield wipers, blasted the car’s horn and then disabled the brakes. That and a report (pdf) claiming that nearly all new cars can be hacked led to a lawsuit against GM, Ford and Toyota for "dangerous defects in their hackable cars."To read this article in full or to leave a comment, please click here

Watch hackers remotely immobilize a car while it’s traveling on a highway

One brave Wired journalist agreed to drive a Jeep on a St. Louis highway while two hackers hacked it remotely, taking control of everything from the air conditioning to the transmission. The entire ordeal was captured on video, which you can view with the article at Wired.  The hackers, Charlie Miller and Chris Valasek, had just two years earlier performed a similar hack while the same journalist drove a car slowly in a parking lot. The bigger difference that time was that the hack was performed through a laptop that was hardwired to the car's onboard diagnostic port, and which the hackers controlled from the backseat. In that case, they limited their exploits to toying with the seatbelt and honking the horn.To read this article in full or to leave a comment, please click here

Watch hackers immobilize a car while it’s traveling on a highway

One brave Wired journalist agreed to drive a Jeep on a St. Louis highway while two hackers hacked it remotely, taking control of everything from the air conditioning to the transmission.The entire ordeal was captured on video, which you can view with the article at Wired. The hackers, Charlie Miller and Chris Valasek, had just two years earlier performed a similar hack while the same journalist drove a car slowly in a parking lot. The bigger difference that time was that the hack was performed through a laptop that was hardwired to the car's onboard diagnostic port, and which the hackers controlled from the backseat. In that case, they limited their exploits to toying with the seatbelt and honking the horn.To read this article in full or to leave a comment, please click here

Gigamon launches security delivery platform for visibility into malicious network traffic

If you're familiar with Gigamon, you likely know them as the market-leading vendor in the emerging "visibility fabric" space. The company's products provide businesses with pervasive and intelligent network data across physical and virtual environments. The GigaVUE portfolio delivers the appropriate network traffic to management tools and platforms. I've often said that "you can't manage what you can't see," and Gigamon provides the necessary visibility data so organizations can improve the management of their IT infrastructure.However, Gigamon's information can also be used to help businesses improve their security posture. If you can't manage what you can't see, then it stands to reason that you can't secure what you can't see. One of the challenges with traditional security approaches is that it primarily focuses on preventing breaches, but once the perimeter has been penetrated, there's no way to detect it or remediate against it.To read this article in full or to leave a comment, please click here

Worry

"

The first thing, when one is being worried as to whether one will have to have an operation or whether one is a literary failure, is to assume absolutely mercilessly that the worst is true, and to ask What Then? If it turns out in the end that the worst is not true, so much the better; but for the meantime the question must be resolutely put out of mind. Otherwise your thoughts merely go round and round a wearisome circle , now hopeful, now despondent, now hopeful again—that way madness lies.

" C.S. Lewis —

LinkedInTwitterGoogle+FacebookPinterest

The post Worry appeared first on 'net work.

The Upload: Your tech news briefing for Tuesday, July 21

New mainframe slows sales decline at IBMSales fell 13 percent in the second quarter at IBM, and profit dropped 16 percent—but things could have been worse if it weren’t for sales of the recently launched Z13 mainframe. IBM blamed much of the decline on a strong dollar and the sale to Lenovo of its low-end server business.Tech companies go on a spending spree in WashingtonIBM could have boosted its results by $1.8 million in the second quarter by eliminating its spending on lobbyists. Instead, it increased its spend by 7 percent. Other companies spent more, however: Amazon doubled its lobbying budget to $2.15 billion, while Facebook’s expenditure on lobbying rose by a quarter to $2.7 billion in the quarter. Apple and Intel each spent about $1.25 million, both up from the year-earlier quarter. Alone among the big tech companies, Google cut spending to $4.62 million—but at that level, it’s hard to tell whether peer pressure or thrifty new CFO Ruth Porat were behind the reduction.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, July 21

New mainframe slows sales decline at IBMSales fell 13 percent in the second quarter at IBM, and profit dropped 16 percent—but things could have been worse if it weren’t for sales of the recently launched Z13 mainframe. IBM blamed much of the decline on a strong dollar and the sale to Lenovo of its low-end server business.Tech companies go on a spending spree in WashingtonIBM could have boosted its results by $1.8 million in the second quarter by eliminating its spending on lobbyists. Instead, it increased its spend by 7 percent. Other companies spent more, however: Amazon doubled its lobbying budget to $2.15 billion, while Facebook’s expenditure on lobbying rose by a quarter to $2.7 billion in the quarter. Apple and Intel each spent about $1.25 million, both up from the year-earlier quarter. Alone among the big tech companies, Google cut spending to $4.62 million—but at that level, it’s hard to tell whether peer pressure or thrifty new CFO Ruth Porat were behind the reduction.To read this article in full or to leave a comment, please click here

InfoSec pros spend most time, money on self-inflicted problems

According to a new survey of Black Hat attendees released last week, InfoSec professionals are spending the biggest amount of their time and budgets on security problems created within the organization itself. Security vulnerabilities introduced by their own application development teams consumed the most amount of time for 35 percent of respondents. Purchased software and systems were in second place with 33 percent of respondents. Dealing with sophisticated targeted attacks was sixth on the list, with 20 percent of respondents choosing it as one of the three areas where they spent the most time. Meanwhile, 57 percent said that their biggest concerns were sophisticated attacks directed at their organization.To read this article in full or to leave a comment, please click here

An Update on the UrlZone Banker

UrlZone is a banking trojan that appeared in 2009. Searching its name or one of its aliases (Bebloh or Shiotob) reveals a good deal of press from that time period along with a few technical analyses in 2009 [1] [2], 2012 [3], and 2013 [4]. Despite having a reputation of evolution, there doesn’t seem to be very many recent updates on this malware family though. Is UrlZone still a threat and if so, how has it changed?

To explore that, this post takes a look at a recent UrlZone malware sample to see if it is still an active threat. It then gives an update on the command and control (C2) communications as they have changed since being previously documented. These are then put together in some proof of concept code that downloads and decrypts the webinject configuration file (the bread and butter of any banker malware) to see what financial institutions are being targeted.

Sample

The sample analyzed for this post has an MD5 of:

01fd0f1ad59ad5403c9507bfb625fe0c

For the “stop using md5 now” converts, it has the following SHA256:

39bbde33922cd6366d7c2a252c4aadd4dfd7405d5271e3652940a7494b885e88

The sample’s compilation date is 2015-06-12 12:01:03. This date seems legit as Continue reading

Facebook, Amazon, Apple pick up spending on lobbying

Apple, Facebook and Amazon.com have increased their expenses on trying to influence U.S. politicians and policy at the federal level, but Google still outstrips them in spending though it reduced expenditure in the second quarter.Amazon’s spending on lobbying increased by 103 percent to a record US$2.15 million in the second quarter of 2015, according to data collated by advocacy group Consumer Watchdog from filings by the company. Facebook’s expense rose to $2.69 million in the quarter, up 27 percent from $2.12 million in the second quarter of 2014. The social networking company outstripped its first quarter spending of $2.44 million by 10 percent.To read this article in full or to leave a comment, please click here

Add Brocade MLX & VDX Support to HP IMC

HP IMC 7.1 E0303P13 does not support configuration backups for Brocade MLX & VDX devices. But they do have an extensible model, so it’s easy to add support. Here’s how to do it, and how to fix the Brocade ICX support.

Here’s the steps to add support for MLX & VDX devices to HP IMC:

  1. Download the current set of adapters from GitHub.
  2. Unpack the zip file, and copy the adapters into place.
  3. Add Device Series & Device Model definitions.
  4. Restart IMC, re-synchronise, and check file transfer modes.

Going into a bit more detail:

NB: Yes, I do work for Brocade. That doesn’t mean that these adapters are fully supported by Brocade. I’ll help out however I can, but can’t promise anything.

NetOps Custom Adapters

This GitHub repository maintains a set of 3rd-party developed adapters for HP IMC. You can download individual files, create a local copy of the repo using Git, or just download a zip file containing all current scripts from here.

On the IMC server, adapters are stored at (IMC)/server/conf/adapters/ICC. You’ll see directories for all supported vendors there:

[root@imc ~]# cd /opt/iMC/server/conf/adapters/ICC
[root@imc ICC]# ls
3Com    Alcatel-Lucent  Aruba Networks  Avocent  Cabletron  Dell  Enterasys         F5       Fortigate  H3C              Hillstone  IBM                Continue reading

My BIS/Wassenaar comment

This is my comment I submitted to the BIS on their Wassenaar rules:

----
Hi.

I created the first “intrusion prevention system”, as well as many tools and much cybersecurity research over the last 20 years. I would not have done so had these rules been in place. The cost and dangers would have been too high. If you do not roll back the existing language, I will be forced to do something else.

After two months, reading your FAQ, consulting with lawyers and export experts, the cybersecurity industry still hasn’t figured out precisely what your rules mean. The language is so open-ended that it appears to control everything. My latest project is a simple “DNS server”, a piece of software wholly unrelated to cybersecurity. Yet, since hackers exploit “DNS” for malware command-and-control, it appears to be covered by your rules. It’s specifically designed for both the distribution and control of malware. This isn’t my intent, it’s just a consequence of how “DNS” works. I haven’t decided whether to make this tool open-source yet, so therefore traveling to foreign countries with the code on my laptop appears to be a felony violation of export controls.

Of course you don’t intend Continue reading

Google to begin closing Google+ Photos on Aug. 1

The end is near for Google+ Photos, the photo sharing service that’s part of the company’s social network.Google will begin closing down the service on Aug. 1 on Android, with the Web and iOS devices to follow soon after.For a time, Google touted the service as a key element in Google+, with a range of editing tools and image enhancement technologies rolled out over the years.But Google hinted that its days might be numbered when the company rolled out its new Google Photos service at Google I/O in May.To read this article in full or to leave a comment, please click here

Show 246 – Design & Build #4 – Data Center Migration

Join us for a step-by-step discussion of what's involved in a data center migration, including new builds, cloud/hybrid options, power & cooling, team preparation and planning, and execution.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 246 – Design & Build #4 – Data Center Migration appeared first on Packet Pushers Podcast and was written by Ethan Banks.

1 3,390 3,391 3,392 3,393 3,394 3,841