Great video from Tinkernut.com.
I’ve played with the services that the video recommends and am fairly impressed.
The Ghostery plug-in is great! If you are familiar with NoScript (You use that right?) it works fairly similar. When run it shows all the tracking programs that the website you are viewing is using. You have the choice to block them all or individually.
GhostVPN seems to be a quick and easy to use VPN service that offers a bandwith limited free account and claims that they do not track you at all.
If you are concerned about your internet privacy, check out the video above!
Black Hat’s Barnaby Jack Statement:
We have lost a member of our family. Everyone would agree that the life and work of Barnaby Jack are legendary and irreplaceable. Barnaby had the ability to take complex technology and intricate research and make it tangible and accessible for everyone to learn and grow from. Beyond his work in our industry, Barnaby was an incredibly warm hearted and welcoming individual with a passion for celebrating life. We all have a hilarious and upbeat story about Barnaby. He is truly a shining example of what we love about this community. (Continue Reading…)
Latest BlackHat news, Courtesy of DarkReading:
‘Hangover’ Persists, More Mac Malware Found
Attackers behind the Operation Hangover cyberspying campaign out of India found dropping OS X malware, covering their tracks online
Researchers To Highlight Weaknesses In Secure Mobile Data Stores
At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices.
‘Tortilla’ Spices Up Active Defense Ops
New free Tor tool due out at Black Hat USA aims to make the Tor anonymizing network easier to use for all types of Intel-gathering
Black Hat USA 2013: Complete Coverage
Articles leading up to and live coverage from Black Hat USA 2013, July 27 – Aug. 1
Flaws in the GPS system have been known for a while now, but when a security team took over a 210 foot super yacht by spoofing a GPS signal, more than a few eyebrows were raised.
Using about $3,000 worth of equipment GPS expert Todd Humphreys and his security team from the University of Texas were able to take over the navigation system of a large ship in the Mediterranean.
“We injected our spoofing signals into its GPS antennas and we’re basically able to control its navigation system with our spoofing signals,” Humphreys told Fox News.
After spoofing the GPS guidance signal, Humphreys’ team took the ship through a series of turns, and navigational changes that if done by a real attacker, could have put the ship at great risk.
The ship Captain, Andrew Schofield and his crew could not detect anything amiss.
“Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference,” Schofield said. “I was gobsmacked — but my entire deck team was similarly gobsmacked”
This is very concerning as planes could also be attacked with similar techniques. A few months ago we talked about how plane controls could be attacked with SIMON and PlaneSploit.
GPS navigational navigational security need to be addressed and secured so this doesn’t happen in real life.
For more information see the original FoxNews article.
Google has released a security update that patches two separate vulnerabilities that could modify apps without changing their digital signature. Thus malicious apps could be installed without triggering a warning.
The first was discovered in February of this year by BlueBox Security. They found that if you took two application install files, one legitimate and one hacked – but using the exact same file name, you could get Android to install the hacked one.
When the resulting zipped APK file is processed and installed, Android would correctly check the digital signature on the first file to verify it’s legitimacy, but would actually install the second file!
According to BlueBox, 99% of Andoid devices are vulnerable to this attack. Sophos has a great step by step write up on it here, or if you are at Black Hat USA 2013 later this month be sure to check out Jeff Forristal’s talk, “Android: one root to own them all“
The second vulnerability was published last week on a Chinese website called the ‘Android Security Squad Blog‘ (Google Translation). According to the site, the signature verification process can be attacked by modifying file headers.
Apparently malicious code can be added into the file headers, which at the time of the post’s writing was not checked by the Android’s signature verification process.
Both vulnerabilities have since been patched by Google. But the problem is how long will it take device manufacturer’s to implement the changes and push them out to end user devices? Of concern too is older devices that are no longer being updated.
According to The Verge, Google has made changes to the Google Play store updating mechanism to help prevent attacks like this from happening, and Sophos recommends using an Android Anti-virus program to protect against the vulnerability.