The Mountain View, Calif., company, in conjunction with the others, submitted its comments -- more like grave concerns -- on the practice in a note to the Federal Trade Commission and the Department of Justice. The companies assert that patent transfers to patent assertion entities (PAEs), aka patent trolls, undermine patent peace, and Google et al are pushing the government … Read more
A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.
The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites -- including one called Proxybox.name -- that claim to provide proxy access, VPN services, and antivirus scanning. Proxybox.name requires users to download what it calls "functional, simple, and convenient" proxy software.
Vikram Thakur, principal manager at Symantec Security Response, told CNET this afternoon that:
What … Read more
LAS VEGAS -- While Apple was making its decidedly lackluster Black Hat debut just one floor up, security researcher Jonathan Zdziarski was explaining the dark art of iOS app hacking to a smaller but still crowded room.A senior forensics scientist at viaForensics, he clearly didn't have much faith in the security of apps running on iOS. "iOS can be infected through a new zero-day, or you can take a phone and run real fast. Apparently, bars are a great way to pick up iPhones," he said as the audience chuckled, clearly remembering the two separate lost iPhone prototype incidents. … Read more
LAS VEGAS -- It's been a double-whammy of stardom for the attendees of the 15th annual Black Hat USA conference. Many people here suffered a line more commonly associated with Comic-Con or CES to get into an exclusive performance by electronica and trance legend Paul Oakenfeld at Club PURE last night.
And then this morning, they rubbed the hangover from their eyes and the ringing from their ears to listen to an on-stage conversation with noted science fiction author Neal Stephenson in the Caesar's Palace convention center.
Stephenson spoke for almost an hour with Brian Krebs, the investigative journalist who writes about security. While they ranged from his childhood influences to his books to his non-writing projects, Stephenson's face lit up as they discussed his recent Kickstarter project, "Clang." … Read more
LAS VEGAS -- Apple today gave its first-ever talk at the Black Hat security conference, and it left me feeling like I'd had a really disappointing Match.com date with the hottest guy on the dating site.
The vaunted Apple decided to show up after snubbing the event for 15 years. As manager of the platform security team at Apple, Dallas De Atley seemed to have everything a Black Hat attendee could want -- popularity, experience, discriminating taste, a good sense of style, and a promising future. Playing hard to get only makes us want you more.
But 15 … Read more
Facebook is to widen its "bug bounty" program to reward researchers who spot holes in its corporate network.
Facebook already pays a bug bounty to outside hackers who report weaknesses in its products, but the move extends the program to its own infrastructure, too.
Rewarding "white hat" companies and individuals who unearth vulnerabilities in Web services and report them, rather than exploit them, is "not a new concept. The reasoning is thus: entice individuals with cash … Read more
Researchers said today that they have noticed some new features and changes to the data-stealing malware Mahdi and have uncovered a reference to "Flame," which could potentially indicate some connection to the malware of the same name that also has numerous infections in Iran.
"Last night, we received a new version of the #Madi malware. Following the shutdown of the Madi command and control domains last week, we thought the operation is now dead. Looks like we were wrong, Nicolas Brulez of Kaspersky Labs wrote in a post on its SecureList blog.
The new version, compiled just … Read more
LAS VEGAS -- There's much more to hacking than just the Hollywood portrayal of a speed typing contest, say the computer security professionals who've developed a new hacking-themed card game called Control-Alt-Hack.
Control-Alt-Hack is based on Steve Jackson Games' Ninja Burger, but from the characters to the mission cards to the entropy cards, the demystification of white hat computer security is the name of this game. Game co-designer, security researcher, and University of Washington Computer Security and Privacy Research Lab honorary member Adam Shostack said at the Black Hat 2012 confab here that when it comes to teaching … Read more
LAS VEGAS -- Security specialist Charlie Miller demonstrated at the Black Hat security conference today a way to hijack an Android smartphone via the Near Field Communication (NFC) technology that's turned on by default on the device, and said he's found problems with NFC implementations on Nokia as well.
NFC tags have built-in antennas and are found in stickers and smart cards that are designed to transfer data to NFC readers, to send specific phone numbers and Web addresses to smartphones and other benign purposes. They require close proximity, a few centimeters or so, for data to be … Read more
LAS VEGAS -- With all the intensity and sincerity of a drill sergeant rallying his troops to war, former FBI Executive Assistant Director Shawn Henry urged hackers to do their part to fight the biggest cybermenace out there: cadres of unknown attackers infiltrating government and corporate networks to steal data and potentially do worse.
"I implore all of you to be committed to your cause, because the stakes are too high. And I believe our failure to step up is a failure to society," Henry, wearing a business suit and sporting a shaved head, told the crowd during … Read more