Category Archives: Hacking

Magic Weapons: China’s political influence….

At a time when there is controversy about the rejection by various countries of Huawey equipment, it is interesting to find more about hacks attributed to sources within China. It is also interesting to read the report by professor Anne-Marie Brady about the influence of that country in New Zealand. For memory, her office and home were burglared following the publication of the report, and the breaks on her car were sabotaged. Probably a coincidence, as the police found nothing to incriminate anyone.

The report is very interesting, and worth the effort to read to the end. It is available on the Wilson Center web site and can also be directly downloaded from here.

I do not believe that the attacks are one way in any case.

Wanted Chinese Hackers

Google Chrome Security Advisory

As reported by CERT New Zealand, attackers might be able to attack and take control of your computer if you do not have the latest version of Chrome.
You need to check the version of Chrome used. Anything earlier than 72.0.3626.121 is vulnerable.

How do you check if you are at  risk?

The instructions from CERT are:

“If you are on a laptop or desktop computer, open Chrome and visit chrome://settings/help. If you are not up-to-date, visiting the page should automatically update your browser.

If you are on a mobile device, like a mobile phone or tablet, open Chrome and visit chrome://version. If you are not up-to-date, visit your app store and download the update.”

Don’t take a chance. Check if you need to update, or use the latest version of Firefox.

As a general advice, you always need to update promptly any software installed on any of you devices to minimize exposure. An attacker would try to identify what you are running, then exploit whatever unpatched vulnerability encountered, as in this example.

 

1.2 billions usernames and passwords stolen

Passwords Stolen

Passwords Stolen
Image courtesy of chanpipat / FreeDigitalPhotos.net

Huge amount of usernames and passwords stolen

500 millions email addresses have been compromised, representing 1.2 billions usernames and passwords stolen by a Russian gang. The breach was discovered by Hold Security .The company did not reveal who exactly is affected, as it usually is the custom in the industry. Big players are involved, and you need to pay Hold security in order for them to recoup the costs, if you want to know if your company is affected.

How can you protect yourself?

One way to stay protected, is to use a password manager to create complex passwords. This allows to use different password for different sites and services. If one set of credential gets compromised, this does not affect the other services.  This is however not of much value if your PC has been compromised, or if the email servers themselves have been compromised.

It looks like so far, the hacked email addresses are only being used for sending spam.

Sources

 NY times

 BBC

Hold Security

Hold Security

Wall Street journal

 

 

 

 

 

 

 

 

 

The Next Level in Hacking

Hackers have been able to access cars by building a device costing less than $30. The purpose was to be able to tune the car, which cost a lot if done commercially. Since the device needs to be plugged into the car, this is not wireless hacking. However, the device could potentially be used for malicious purposes, such as applying the emergency brakes, turn the headlights on or off and change the power steering controls. Let’s hope they do not add a wireless module to it.

Source:

Hackers Can Take Over Your Car With This Simple $26 Device

Jalopnik, 11th February 2014