Information Security News
More than two years before coming under FBI questioning about possibly hacking into the in-flight entertainment system of a commercial plane while it was in mid air, a security researcher told peers he accessed the computer controls of other highly sensitive aviation and aeronautics systems, including the International Space Station.
Chris Roberts of One World Labs told an audience in 2012 that he bypassed the on-board firewall of a Boeing 737 plane he was traveling on and made contact with the Apache Tomcat webserver the firewall was protecting. He told the same audience he accessed communications systems NASA uses to control the International Space Station and changed the temperature. It was impossible to confirm the veracity of those claims, which went largely unnoticed until Friday, when an FBI search warrant application came to light alleging Roberts told agents he took control of a jet plane and briefly caused it to climb and fly sideways.
The 2012 talk—titled By Land, By Sea, By Air—has already touched off howls of protest from some researchers who say even the passive accessing of restricted parts of a plane while it's in flight is grossly reckless. Critics also argue the behavior would likely be a violation of the Computer Fraud and Abuse Act, which makes it a felony to gain unauthorized access to protected computer systems.
Posted by InfoSec News on May 18http://insidecybersecurity.com/Cyber-General/Cyber-Public-Content/industry-cyber-info-sharing-body-to-launch-new-isao-for-insurers/menu-id-1089.html
A new vulnerability arised in Safari Web Browser that can lead to an address spoofing allowing attackers to show any URL address while loading a different web page. While this proof of concept is not perfect, it could definitely be fixed to be used by phishing attacks very easily.
There is a proof of concept http://www.deusen.co.uk/items/iwhere.9500182225526788/. From an iPad Air 2 Safari Web Browser:
From same iPad using Google Chrome:
The code is very simple: webpage reloads every 10 milliseconds using the setInterval() function, just before the browser can get the real page and so the user sees the real" />
We are interested if you notice any phishing attacks using this vulnerability. If you see one, please let us know using our contact form.
Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference
NEW YORK -- The necessity for greater cybersecurity information sharing was stressed by speakers from academia, government and finance, Friday, at the Conference on Internet Governance and Cyber-Security, held by the Columbia University School of ...
From the department of things that aren't what they seem, researchers have demonstrated a new address-spoofing exploit that tricks Safari users into thinking they're visiting one site when in fact the Apple-made browser is connected to an entirely different address.
The recently published proof-of-concept exploit causes the Safari address bar to display dailymail.co.uk even though the browser is displaying content from deusen.co.uk. It works on fully patched versions of iOS and OS X. Malicious attackers might use the bug to dupe Safari users into thinking they're connecting to a trusted site instead of one that's phishing their login credentials or attempting to install malware.
The demo code isn't perfect. On the iPad Mini Ars tested, the address bar periodically refreshed the address as the page appeared to reload. The behavior might tip off more savvy users that something is amiss. Still, many users would surely fail to spot the unusual refresh. What's more, the refresh behavior wasn't observed on a MacBook Pro Ars also tested.
On Monday the Federal Trade Commission (FTC) sent a letter to the bankruptcy court presiding over RadioShack's supervised asset sell-off suggesting a compromise that would allow RadioShack to sell its database of information from 117 million customers.
The sale of the data—which includes names, addresses, e-mail addresses, phone numbers, and purchase histories—has caused concern among consumer protection advocates. The states of Tennessee and Texas recently filed objections to RadioShack's plan to find a buyer for its database, saying that the company promised in various privacy policies that it would not resell customer data to third parties. AT&T and Apple also objected to the sale of portions of the database, saying that that information actually belongs to them and not to RadioShack as per RadioShack's business agreements with those companies.
Posted by InfoSec News on May 18http://www.telegraph.co.uk/technology/internet-security/11612659/GCHQ-spies-given-immunity-from-anti-hacking-laws.html
Posted by InfoSec News on May 18http://motherboard.vice.com/read/someone-hacked-a-billboard-in-atlanta-to-display-goatse
Posted by InfoSec News on May 18http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/
Posted by InfoSec News on May 18http://www.pircenter.org/en/blog/view/id/208
Posted by InfoSec News on May 18http://www.darkreading.com/attacks-breaches/first-example-of-sap-breach-surfaces/d/d-id/1320382
Posted by InfoSec News on May 18http://carnal0wnage.attackresearch.com/2015/05/normal-0-false-false-false-en-us-x-none.html
Monday review - the hot 22 stories of the week
Tags: computer security, Infosec, monday review, news, security news, weekly roundup. How likely are you to recommend Naked Security to a friend or colleague? 0 1 2 3 4 5 6 7 8 9 10. Vote. Take Our Poll · The phone that keeps an eye on your eyes - 60 ...