security

  • Back in 1999, Eric Raymond coined the term "Linus' Law," which stipulates that given enough eyeballs, all bugs are shallow.  Linus' Law, named in honor of Linux creator Linus Torvalds, has for nearly two decades been used by some as a doctrine to explain why open source software should have better security.

    In recent years, open source projects and code have experienced multiple security issues, but does that mean Linus' Law isn't valid?  The key question isn't about software development models, but rather about having an architectural design that makes software more resilient. A good article on a subject we often get asked about.

  • Internet of Things (IoT) SecurityThe Internet of Things (IoT) security problem isn't going away. The connected network of billions of devices – from smart doorbells to office printers – is regularly found to have privacy problems and be open to attack by potential hackers.

    The latest security issue is that Google's artificial intelligence Home speaker and the Chromecast, the firm's streaming device, have been found to reveal a user's precise physical location. It's been found that some commands the Home and Chromecast devices receive are transmitted across unsecured HTTP connections and without any form of authentication.

  • Smoking Can Be Bad For Your Computer AlsoSecurity researchers have demonstrated how e-cigarettes can easily be modified into tools to hack computers.  With only minor modifications, the vape pen can be used by attackers to compromise the computers they are connected to - even if it seems just like they are charging.  

    Giving a presentation at BSides London, Ross Bevington showed how an e-cigarette could be used to attack a computer by fooling the computer to believe it was a keyboard or by tampering with its network traffic.

  • hackerIn the wee hours of Wednesday morning, a host of prominent Twitter accounts were compromised and, as a result, began spouting swastika-laden propaganda in support of Turkey's president Recep Erdoğan ahead of a referendum next month which could consolidate his power. So now's a good time to check your own accounts and make sure you close the backdoor that let this happen to other people.

  • ddosRecently security consultanct Brian Krebs' website was hit with a giant Distributed Denial of Service attack designed to take his website offline and disrupt his work.
     
    The botnet was made up of nearly 400,000 benign devices such as CCTV camers, video recorders and routers which were all internet connected as part of the 'Internet of Things' (IoT) and used weak passwords such as 12345, admin and password to bombard the site with 665 Gigabits of traffic per second beating the previous record of 363 Gbps.
     
    This is entirely the fault of the device manufacturers who don't enforce stronger passwords or hard-code the default passwords in to the device making it unable to be changed.
  • yahoosBut only in 2014. Maybe they got notified by telegram?
     
    Yahoo says "state-sponsored" hackers stole information from about 500 million users in what appears to be the largest publicly disclosed cyber-breach in history. The breach included swathes of personal information, including names and emails, as well as “unencrypted security questions and answers”. The hack took place in 2014 but has only now been made public.
     
    The data taken includes names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data, Yahoo said.
  • nca logoThe UK’s National Crime Agency (NCA) has issued a warning to UK online banking consumers to guard against the possibility of having been infected by the Dridex malware, also known as Cridex and Bugat, stating that there could be ‘thousands of infected computers’ in the UK. The NCA are joining with the FBI in the United States to ‘sinkhole’ the botnet which is responsible for the spread of the malware. The report indicates that Windows users are the primary targets of the attacks.
     
    The Dridex malware is a new strain of the Cridex breed, and infects users via macro actions which launch when opening infected documents which are often sent as spam emails about invoices, parcel delivery notes and fake banking alerts.
  • SuperfishThe adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.
     
    Some users are reporting that the adware actually installs its own self-signed certificate authority which effectively allows the software to snoop on secure connections, like banking websites and email.
     
    This is a bad thing because it allows the software to decrypt communications between secure sites and their users.
  • NSAThe NSA (the National Security Agency from the colonies, not the Norfolk Shopowners Association apparently) seems to have been meddling around with malware placed directly into users hard drives. 
     
    The report found exploits for hard drives made by many of the largest brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi.

Contact Us

Wintercorn Consulting Limited,

The Union Building,

51-59 Rose Lane,

Norwich, Norfolk,

NR1 1BY

0800 228 9933

Wintercorn Norwich