black-hat

Symantec: Russian criminals sell Web 'proxy' with backdoors

A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.

The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites -- including one called Proxybox.name -- that claim to provide proxy access, VPN services, and antivirus scanning. Proxybox.name requires users to download what it calls "functional, simple, and convenient" proxy software.

Vikram Thakur, principal manager at Symantec Security Response, told CNET this afternoon that:

What … Read more

iOS app hacking alive and well

LAS VEGAS -- While Apple was making its decidedly lackluster Black Hat debut just one floor up, security researcher Jonathan Zdziarski was explaining the dark art of iOS app hacking to a smaller but still crowded room.

A senior forensics scientist at viaForensics, he clearly didn't have much faith in the security of apps running on iOS. "iOS can be infected through a new zero-day, or you can take a phone and run real fast. Apparently, bars are a great way to pick up iPhones," he said as the audience chuckled, clearly remembering the two separate lost iPhone prototype incidents. … Read more

Pen and sword equally mighty for science fiction's Stephenson

LAS VEGAS -- It's been a double-whammy of stardom for the attendees of the 15th annual Black Hat USA conference. Many people here suffered a line more commonly associated with Comic-Con or CES to get into an exclusive performance by electronica and trance legend Paul Oakenfeld at Club PURE last night.

And then this morning, they rubbed the hangover from their eyes and the ringing from their ears to listen to an on-stage conversation with noted science fiction author Neal Stephenson in the Caesar's Palace convention center.

Stephenson spoke for almost an hour with Brian Krebs, the investigative journalist who writes about security. While they ranged from his childhood influences to his books to his non-writing projects, Stephenson's face lit up as they discussed his recent Kickstarter project, "Clang." … Read more

Ho-hum first date with Apple at Black Hat

LAS VEGAS -- Apple today gave its first-ever talk at the Black Hat security conference, and it left me feeling like I'd had a really disappointing Match.com date with the hottest guy on the dating site.

The vaunted Apple decided to show up after snubbing the event for 15 years. As manager of the platform security team at Apple, Dallas De Atley seemed to have everything a Black Hat attendee could want -- popularity, experience, discriminating taste, a good sense of style, and a promising future. Playing hard to get only makes us want you more.

But 15 … Read more

Mahdi malware creators add new features

Researchers said today that they have noticed some new features and changes to the data-stealing malware Mahdi and have uncovered a reference to "Flame," which could potentially indicate some connection to the malware of the same name that also has numerous infections in Iran.

"Last night, we received a new version of the #Madi malware. Following the shutdown of the Madi command and control domains last week, we thought the operation is now dead. Looks like we were wrong, Nicolas Brulez of Kaspersky Labs wrote in a post on its SecureList blog.

The new version, compiled just … Read more

Hacking, the card game, debuts at Black Hat

LAS VEGAS -- There's much more to hacking than just the Hollywood portrayal of a speed typing contest, say the computer security professionals who've developed a new hacking-themed card game called Control-Alt-Hack.

Control-Alt-Hack is based on Steve Jackson Games' Ninja Burger, but from the characters to the mission cards to the entropy cards, the demystification of white hat computer security is the name of this game. Game co-designer, security researcher, and University of Washington Computer Security and Privacy Research Lab honorary member Adam Shostack said at the Black Hat 2012 confab here that when it comes to teaching … Read more

Researcher uses NFC to attack Android, Nokia smartphones

LAS VEGAS -- Security specialist Charlie Miller demonstrated at the Black Hat security conference today a way to hijack an Android smartphone via the Near Field Communication (NFC) technology that's turned on by default on the device, and said he's found problems with NFC implementations on Nokia as well.

NFC tags have built-in antennas and are found in stickers and smart cards that are designed to transfer data to NFC readers, to send specific phone numbers and Web addresses to smartphones and other benign purposes. They require close proximity, a few centimeters or so, for data to be … Read more

Ex-FBI agent tells hackers to 'step up' against cyberattacks

LAS VEGAS -- With all the intensity and sincerity of a drill sergeant rallying his troops to war, former FBI Executive Assistant Director Shawn Henry urged hackers to do their part to fight the biggest cybermenace out there: cadres of unknown attackers infiltrating government and corporate networks to steal data and potentially do worse.

"I implore all of you to be committed to your cause, because the stakes are too high. And I believe our failure to step up is a failure to society," Henry, wearing a business suit and sporting a shaved head, told the crowd during … Read more

How to stay safe at Black Hat and DefCon

LAS VEGAS -- From journalists hacking the press room Ethernet to RFID skimmers swiping your ID without even touching your credit card, the war stories you've heard about Black Hat and DefCon are true more often than not.

The best way to avoid getting hacked at the annual security conferences is to not show up. Go somewhere disconnected, like a nice mountain retreat, instead of hitting the paranoia pills with several thousand other security professionals and obsessives in Vegas' urban playground.

But if you must go to Sin City, there are some actions you can take to protect your … Read more