E-Z Life » Exploit

Android Network Toolkit lets you exploit local machines at the push of a button

Joe Pollicino — Mon, 08 Aug 2011 06:18:00 +0000

Defcon 2011 is in full hacking swing, and Itzhak Avraham — “Zuk” for short — and his company Zimperium have unveiled the Android Network Toolkit for easy hacking on the go. Need to find vulnerabilities on devices using nearby networks? The app, dubbed “Anti” for short, allows you to simply push a button to do things like search a WiFi network for potential targets, or even take control of a PC trojan-style. To do this, it seeks out weak spots in older software using known exploits, which means you may want to upgrade before hitting up public WiFi. According to Forbes, it’s much like Firesheep, and Zuk refers to Anti as a “penetration tool for the masses.” Apparently, his end-goal is to simplify “advanced” hacking and put it within pocket’s reach, but he also hopes it’ll be used mostly for good. Anti should be available via the Android Market this week for free, alongside a $10 “corporate upgrade.” Consider yourself warned.

Android Network Toolkit lets you exploit local machines at the push of a button originally appeared on Engadget on Mon, 08 Aug 2011 02:18:00 EDT. Please see our terms for use of feeds.

Permalink | Forbes | Email this | Comments

Share

Hide Sites

Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video)

Sean Buckley — Fri, 05 Aug 2011 13:22:00 +0000

Mere numbers aren’t enough to describe cash prizes for Microsoft, it seems. The firm’s inaugural Bluehat security competition’s introduction video opted for a clearer term: “mad loot, lots of it.” The big M hopes the hefty first prize of $200,000 will inspire the creation of the next generation of defensive computer security technology. The most innovative “novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities” (phew!) will take home the aforesaid mad loot, while second and third places will receive $50,000 and an MSDN Universal subscription, respectively. The winner won’t be announced until Blackhat 2012, of course, and applicants have until April to submit their prototypes and technical descriptions. Hit the break for the official announcement video, complete with CG backgrounds and prize euphemisms.

Continue reading Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video)

Microsoft offers ‘mad loot’ Bluehat prize to entice security developers (video) originally appeared on Engadget on Fri, 05 Aug 2011 09:22:00 EDT. Please see our terms for use of feeds.

Permalink | Microsoft | Email this | Comments

Share

Hide Sites

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun

Joe Pollicino — Sat, 23 Jul 2011 03:59:00 +0000

Those batteries have probably met a worse fate than the white MacBook line they came from. According to Forbes, Charlie Miller’s managed to render seven of them useless after gaining total access to their micro-controllers’ firmware via a security hole. Evidently, the Li-on packs for the line of lappies — including Airs and Pros — are accessible with two passwords he dug up from an ’09 software update. Chuck mentions that someone could “use them to do something really bad,” including faulting charge-levels and thermal read-outs to possibly even making them explode. He also thinks hard-to-spot malware could be installed directly within the battery, repeatedly infecting a computer unless removed. Come August, he’ll reportedly be detailing the vulnerability at the Black Hat security conference along with a fix he’s dubbed Caulkgun, which only has the mild side-effect of locking-out updates by Apple. Worth being safe these days, though. Right? Full story in the links below.

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun originally appeared on Engadget on Fri, 22 Jul 2011 23:59:00 EDT. Please see our terms for use of feeds.

Permalink Electronista | Forbes | Email this | Comments

Share

Hide Sites

Microsoft to malware: your AutoRunning days on Windows are numbered

Joe Pollicino — Sun, 19 Jun 2011 01:17:00 +0000

Beware, malware. The Windows AutoRun updates for Vista and XP SP3 that Microsoft released in February have so far proven successful in thwarting your file corrupting ways. Although Windows 7 was updated to disable AutoPlay within AutoRun for USB drives — freezing the ability for a virus to exploit it — the aforementioned versions had remained vulnerable up until right after January. Fast-forward to the period between February and May of this year, and the updates have reduced the number of incidents by 1.3 million compared to the three months prior for the supported Vista and XP builds. Amazingly, when stacked against May of last year, there was also a 68 percent decline in the amount of incidents reported across all builds of Windows using Microsoft’s Malicious Software Remove Tool. There’s another fancy graph after the break to help illustrate, and you’ll find two more along with a full breakdown by hitting the source link down under.

Continue reading Microsoft to malware: your AutoRunning days on Windows are numbered

Microsoft to malware: your AutoRunning days on Windows are numbered originally appeared on Engadget on Sat, 18 Jun 2011 21:17:00 EDT. Please see our terms for use of feeds.

Permalink CNET | Microsoft | Email this | Comments

Share

Hide Sites

Adobe dominates Kaspersky Lab’s top ten PC vulnerabilites list

Christopher Trout — Fri, 20 May 2011 01:19:00 +0000

Being number one is usually an honor, but not when it comes to Kaspersky Lab’s top ten PC vulnerabilities list. Unfortunately for the software giant, Adobe took top dishonors for Q1 this year, pulling in five total spots on the list, including the top three. According to the security firm, all of the vulnerabilities appearing on the list allowed cyber-criminals to control computers at the system level. The number one spot was occupied by a vulnerability in Acrobat Reader that was reportedly detected on 40 percent of machines running the application, while Flash Player flaws took second and third. Other dishonorees included the Java Virtual Machine, coming in at fourth and fifth place, Apple QuickTime, Winamp, and Microsoft Office. That ain’t bad, considering Microsoft ruled the vulnerabilities roost in 2010.

Adobe dominates Kaspersky Lab’s top ten PC vulnerabilites list originally appeared on Engadget on Thu, 19 May 2011 21:19:00 EDT. Please see our terms for use of feeds.

Permalink The Inquirer | Kaspersky Lab | Email this | Comments

Share

Hide Sites