Security & Privacy

Keystrokes can be recovered remotely

Wired keyboards, like those found on desktop PCs, emit electromagnetic waves that can be read remotely, according two Swiss researchers.

Researchers Martin Vuagnoux and Sylvain Pasini of the Swiss Security and Cryptography Laboratory at LASEC/EPFL, were able to recover keystrokes from wired keyboards at a distance up to 20 meters (about 65 feet), even through walls, simply by reading the electromagnetic emanations of the peripheral device. The experiments focused on wired keyboards attached to a computer either by PS/2 or USB connections.

In two videos, Vuagnoux demonstrates the attacks.

In the first video, he shows how only the … Read more

Report: As stock market drops malware rises

Here's more evidence of a connection between the economic crisis and cybercrime. PandaLabs reported on Wednesday about a direct correlation between the recent stock market declines and increases in targeted cyberattacks.

For instance, while the U.S. stock market saw declines between September 1 and October 9, the volume of malware threats grew, doubling to more than 24,000 per day between September 8 and September 10 alone and to more than 30,000 per day on September 16.

The recent malware spikes could be due to the fact that cybercriminals now have fewer possible targets with the consolidation … Read more

Study: Malware risks are growing exponentially

A new report from security services provider ScanSafe finds that companies are at increasing risk of having employees inadvertently download backdoors and password stealers onto corporate computers from Web sites that have malicious software hidden on them.

A company in ScanSafe's focus group faced a nearly 500 percent greater risk of exposure to those threats in September than was faced in January of this year, according to ScanSafe's Global Threat Report released on Tuesday.

Companies in the energy sector are at greater risk from Web-based malware than other industries, the report concludes. The energy sector, worldwide, faces a … Read more

Webroot launches consumer security suite

Webroot, the maker of SpySweeper, on Tuesday announced a new security suite for Windows XP and Vista. The product, Webroot Internet Security Essentials (WISE), provides antivirus, antispyware, a personal firewall, along with a few utilities. It includes up to 2GB of online file storage for backup. It does not include Parental Controls.

The product includes Webroot's own Spysweeper and Windows Washer products. Antivirus support comes from a licensing agreement with Sophos. For the personal firewall, Webroot uses a custom version of PWI's PrivateFirewall product. And for online backup, Webroot has partnered with SOS Online Backup.

Priced at $59.… Read more

Microcosm of a massive security problem

A few weeks ago, I gave a presentation to a number of companies about the future of endpoint security. During this presentation, I had the opportunity to ask these folks a number of questions about their IT infrastructure and their plans for it.

There were only about 20 organizations represented, so this was far from a statistically significant research project. Nevertheless, there were some interesting trends:

1. Only one of the organizations was upgrading its endpoint to Vista. It turns out that the one company is a Microsoft business partner so it has to do so. Others said they have … Read more

Google, eBay up, but indexes down

Despite a down day for the broader markets Friday, a handful of tech stocks swam against the tide, posting modest single-digit gains.

Google, Symantec, and eBay were just some of the tech companies to finish the day in the black. The CNET Tech Index was down a modest 1.59 points to end the day at 1,185.55.

Google closed up 5.53 percent to $372.54 a share, which comes as little surprise considering the tech titan posted stronger-than-expected third-quarter earnings results on Thursday. And on Friday, a number of analysts released largely positive comments on the quarter, … Read more

Internet-scale 'man in the middle' attack disclosed

Correction at 3:15 p.m. PDT: This post initially misstated the meaning in this context of ASN. It stands for Autonomous System Notation.

In Black Hat's October Webinar on Thursday, Anton Kapela, datacenter manager at 5Nines Data, spoke about Internet-scale "man in the middle" attacks.

The talk reprised a last-minute substitution presentation he gave along with Alexander Pilosov at this year's Defcon conference in August. During the conference, the two researchers intercepted all conference Internet traffic at the Riviera Hotel in Las Vegas and ran it through their servers. According to Black Hat founder and … Read more

Note to McCain, Obama: Don't forget information security

Regardless of whether you favor Barack Obama or John McCain, you have to admit that the next president will inherit a monumental mess.

Each candidate has been scrambling to explain how he plans to right the financial ship, reign in growing health-care costs, improve education, and balance the budget. Yikes!

As if this wasn't enough, the new president and Congress also have an obligation to figure out how to proceed with a strategic plan for IT and information security.

Now I understand that economic, social, and national security issues should have precedence, but the fact is that the federal … Read more

Botnets on cell phones in 2009?

About 15 percent of all online computers are infected with bots, says a new report (PDF) on emerging threats for 2009 from Georgia Tech Information Security Center. And according to Patrick Traynor, assistant professor at Georgia Tech's School of Computer Science, "We'll start to see the botnet problem infiltrate the mobile world in 2009."

In Traynor's view, if botnets, or large networks of infected computing devices, gain a foothold on mobile devices, they could be used to create a distributed denial of service attack on the cellular network itself, inconveniencing thousands of cell-phone customers.

But … Read more