Security Update for Firefox

Mozilla moved the scheduled Firefox update up a few days to address a zero-day exploit. If you use the Firefox browser, please update to the 3.6.2 release. The new version addresses this exploit.

I had an error on the security patch for mine, so I had to download the full version, then reboot. Once I rebooted the error went away.

Photocopy Machines a Gold Mine for Hackers

The Star has an excellent article on the security risk of high-tech copy machines. According to the article, many modern xerox type machines have hard drives that store images of data that is photocopied.

The problem is that when the copying is complete it appears that the data on the drive is not deleted and can be retrieved. According to Victor Beitner, a security expert who reconfigures photocopy machines for re-sale, these copiers are computers. They can be accessed remotely just like any computer and the data can be retrieved from the drive.

But that is not all, when the machines are removed from service, the data is still on the internal drive. Government offices, defense contractors, even medical offices need to be made aware of this.

If your company is using a photocopier with an internal hard drive, make sure that the data is erased before the machine is junked or resold. Your photocopy technician or the system manufacturer should be able to assist you in this task.

Are Wireless Keyboards a Security Risk? Meet KeyKeriki

How secure are wireless keyboards? Could they be hacked? The answer, unfortunately, is yes. I read a while back that wireless keyboards could theoretically be hacked, thus they are a security risk. Well, now it has been done.

Meet KeyKeriki, a universal wireless keyboard sniffer. It appears that when it came to wireless keyboard design, that security was not a top priority. Some keyboards use no encryption and most use an easily broken encryption. The KeyKeriki can even decrypt Microsoft’s xor encryption. It is not just for sniffing keystrokes, it can also be used to send commands to your computer.

According to the creators, “Keykeriki is build around the Texas Instruments TRF7900 chip controlled by an ATMEL ATMEGA 8-bit microcontroller. For logging abilities, an SDCard interface is built into the board layout, as well as an additional USART channel for future hardware extensions, that we’d like to call “backpacks”. The whole board can be powered directly via the USB bus or a stable 5V power source.”

The cost of such device? It has been released as open-source, so you can download the schematic and software for free. So if you are on a secure system, never, ever use a wireless keyboard, as whatever you type could be intercepted. For more information, see Remote-Exploit.

Cyberwarriors Tested at Cyber Defense Competition

Yesterday the Western Regional Collegiate Cyber Defense Competition started at Cal Poly Pomona. The competition was created to test the skills of our next generation of cyber warriors. The winners of the competition will compete at the National CCDC event in April 2010. Winners will also receive complementary admission to the world renown Black Hat Security Conference. Black Hat was founded by Jeff Moss, who is currently an advisor to the Homeland Security Advisory Council. The competition sounds realistic, according to the competition website:

You have just been hired as the network and security administrators at a small company and will be taking administrative control of all information systems. You know very little about the network, what security level has been maintained, or what software has been installed.

You have one hour to familiarize yourself with the network and systems and to begin the security updates and patches before the red team starts actively attacking your company. In the midst of all the commotion, you have to keep up with the needs of the business and user demands while maintaining service level agreements for all critical Internet services. Welcome to the first day of the National Collegiate Cyber Defense Competition (CCDC).

The competition runs until March 28th, for more information see the competition website.