vulnerabilities
Latest
Google search opens SCADA systems to doomsday scenarios
Google, the service so great it became a verb, can now add security risk to its roster of unintended results. The search site played inadvertent host to remotely accessed Supervisory Control and Data Acquisition (SCADA) systems in a Black Hat conference demo led by FusionX's Tom Parker. The security company CTO walked attendees through the steps required to gain control of worldwide utility infrastructure -- power plants, for one -- but stopped short of actually engaging the vulnerable networks. Using a string of code, unique to a Programmable Logic Controller (the computers behind amusement park rides and assembly lines) Parker was able to pull up a water treatment facility's RTU pump, and even found its disaster-welcoming "1234" password -- all through a Google search. Shaking your head in disbelief? We agree, but Parker reassured the crowd these types of outside attacks require a substantial amount of effort and coordination, and "would be extremely challenging to pull off." Panic attack worn off yet? Good, now redirect those fears to the imminent day of robot-helmed reckoning.
Skype for Android update adds US 3G calling, fixes personal data hole
Verizon Android users have had 3G Skype calling since this time last year, but the latest app release -- v1.0.0.983 for those of you keeping tabs -- brings 3G calling to the masses, without the need for a VZW-sanctioned app. The update also patches a rather significant security hole discovered last week, which could let third-party apps get hold of your personal information. We're glad to see that's no longer the case, and who's going to object to free calling as part of the deal as well? Make sure your phone's running Android 2.1 (2.2 for Galaxy S devices) and head on over to the Android Market to get updated.
Skype for Android vulnerable to hack that compromises personal info
If you didn't already have enough potential app privacy leaks to worry about, here's one more -- Android Police discovered that Skype's Android client leaves your personal data wide open to assault. The publication reports that the app has SQLite3 databases where all your info and chat logs are stored, and that Skype forgot to encrypt the files or enforce permissions, which seems to be a decision akin to leaving keys hanging out of the door. Basically, that means a rogue app could grab all your data and phone home -- an app much like Skypwned. That's a test program Android Police built to prove the vulnerability exists, and boy, oh boy does it work -- despite only asking for basic Android storage and phone permissions, it instantly displayed our full name, phone number, email addresses and a list of all our contacts without requiring so much as a username to figure it out. Android Police says Skype is investigating the issue now, but if you want to give the VoIP company an extra little push we're sure it couldn't hurt.
Researcher will enable hackers to take over millions of home routers
Cisco and company, you've got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic's Craig Heffner claims he's got a tool that can hack "millions" of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He's already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply -- for the love of Mitnick, change your default password! -- but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.
Charlie Miller to reveal 20 zero day security holes in Mac OS X
Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders down within 'Documents.' The famed Apple security expert is planning yet another slam on OS X at CanSecWest, where he'll reveal no fewer than 20 zero day security holes within OS X. According to Miller, "OS X has a large attack surface consisting of open source components, closed source third-party components and closed source Apple components; bugs in any of these types of components can lead to remote compromise." He also goes on to reemphasize something he's been screaming for years: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." In other words, Apple users are "safer" (due to the lack of work that goes into hacking them), "but less secure." So, is this a weird way of applying for a security job in Cupertino, or what?
Security company discloses iCal vulnerabilities
Core Security, in an advisory that showed a contentious argument with Apple, disclosed three iCal bugs that attackers could exploit using malicious servers, web sites, and .ics email attachments. "The vulnerabilities may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeatedly execute a denial of service attack to crash the iCal application," said Core Security. The advisory states that iCal 3.01 running on Mac OS X 10.5.1 is still vulnerable, but it's unclear if the latest version of both iCal and Mac OS X (3.02 and 10.5.2, respectively) fix the problems. Apple asked Core Security to delay publication of its findings, but Core Security set May 21 as its drop-deadline. Core Security first reported the bugs in January. Apple fixed one of the bugs in a security release in March (2008-002), but thought that the others were not as critical as Core Security did. After Apple pushed back the release date for the remaining patches several times, a frustrated Core Security said they would release details of the bugs. [Via Macworld] Update (June 1, 2008): The Washington Post notes that Mac OS X 10.5.3 patches the vulnerability.
Symantec talks Mac security
What might Apple's surging sales of Macs have to do with the security of your computer? Possibly, a lot. In a recent CIO interview (conducted by our very own Lisa Hoover), Ollie Whitehouse, an architect for Symantec's Advanced Threat Research Team said that as the Mac keeps growing in popularity, so will the exploits. This theory has been around for as long as OS X, if not longer but lately it seems to be gaining some credibility. There was the Mac "virus" last year, though it actually managed to infect less than 50 Macs in the wild. There was the report of a "dramatic increase" in OS X malware recently. And just yesterday ZDNet posted an article on vulnerabilities found in three operating systems: Leopard, Windows Vista, and Windows XP. They said that Mac OS X had the most vulnerabilities of the three (though it is worth noting that they are "vulnerabilities," not actual exploits. Windows still reigns supreme on that front).Could these analysts be right? Should we be worried about the continued security of our chosen platform? Should Apple start focusing on OS X's security rather than simply adding more features? Only time will tell, but one thing is certain: it is a scary world out there.
