Black Hat

(get it in RSS or Atom)

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Pwnie Awards for Heartbleed, "goto fail", Mt. Gox

Pwnie Awards

The golden My Little Pony statuettes have been passed out at the Black Hat Security 2014 conference, commemorating select infosec glories and groans. Best song: the haunting "SSL Smiley Song", sung to the tune of "Jingle Bells".

Monday review - the hot 20 stories of the week


It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

SSCC 159.5 - Black Hat USA 2014 Conference Special [PODCAST]

The Black Hat USA 2014 conference is over, and Naked Security's Chester Wisniewski was there in fabulous Las Vegas to take it all in.

And, as we all know, what happens in Vegas...

...gets faithfully reported on the internet!

Car hackers build anti-car-hacking gadget

Cars. Image courtesy of Shutterstock.

Besides yet more white-knuckled car-jacking stunts, security researchers Charlie Miller and Chris Valasek also plan to unveil at next month's Black Hat conference a prototype device meant to foil the type of hacks they've been throwing at cars.

Hackers to demo a $20 iPhone-sized gadget that zombifies cars

Hackers to demo a $20 iPhone-sized gadget that zombifies cars

At Black Hat Asia next month, researchers plan to show a palm-sized device that costs less than $20 to build from off-the-shelf, untraceable parts and that, depending on the car model, can screw with windows, headlights and even the truly scary, make-you-crash bits: i.e., steering and brakes.

Apple to fix iPhones' vulnerability to boobytrapped chargers

iPhones and iPads will be vulnerable until they get the iOS 7 update, which is scheduled for release later this year. Until then, you might want to avoid plugging into sleazy charging stations, though truth be told, a successful attack sounds kind of James Bond-ishly esoteric.

Watch where you plug in, folks - researchers hack iPhones with a charger

Watch where you plug in, folks - researchers hack iPhones with a charger

Researchers from the Georgia Institute of Technology plan to discuss their attack, dubbed "Mactans", and how it succeeded in compromising the latest generation devices with the latest version of iOS at the Black Hat USA Conference in July.

SSCC 97 - Black Hat and DEF CON review, broken crypto, Frak, smart meters and hacking transit

Sophos Security Chet Chat

Peter Szabo from SophosLabs joins Chet to chat about 4 more talks from this year's Black Hat and DEF CON conferences. Topics include MS-CHAPv2, Frak, smart meters and hacking public transit.

SSCC 96 - NFC hacking, audio steganography, IPv6 security and automated malware analysis

Sophos Security Chet Chat

Peter Szabo, a senior threat researcher with SophosLabs, joins Chet this week to to share what they learned at this year's Black Hat and DEF CON conferences. They discuss NFC, a file disinfection framework, steganography and the dangers of IPv6 and DNSSEC.

Hackers would never be hired by security vendors....right?

Careers section in Newspaper

Customers build a relationship based on trust with security vendors. After all, customers who buy security solutions like anti-virus or anti-spam grant security companies access to update computers and devices. Question is should security companies open their doors to people known to have dabbled in grey and black-hat hacking?

Android keylogging with no access to keystrokes?


July and August often produce some intriguing and unusual computer security research.

We've already written about BlackHat and DEFCON. Here's something from the USENIX HotSec workshop to pique your interest.

Macbooks, Korea, Spamford busted, phones lost, Anonymous threat - 60 Sec Security


No, the headline isn't a misprint. 90 Second News is now 60 Second Security!

Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month. So here you go. 60 Second Security, once every two weeks.

BH 2011: Bit-squatting - DNS hijacking without exploitation


Researcher Artem Dinaburg presented his paper about memory errors leading to mistaken DNS lookups at last week's Black Hat conference in Las Vegas, Nevada. He showed how attackers could use techniques similar to typosquatting to compromise users as a result of hardware errors.

BH 2011: Hacking medical devices for fun and insulin


At this year's Black Hat 2011 conference Jay Radcliffe presented research on the security of consumer medical devices, specifically the hackability of modern insulin pumps. The results are not promising...

Tavis Ormandy and Sophos


Researcher Tavis Ormandy has examined Sophos's anti-virus product - not in terms of possible vulnerabilities - but instead looking at how various components of were implemented.

Having assessed Tavis's report, Sophos can assure customers that their protection is not compromised.

Could hackers set fire to your Apple battery with a virus?


Modern battery packs have their own processor and firmware. Along with many other peripherals in your computer, your battery is field-reprogrammable.

So is an "incendiary" virus really possible for your Macbook battery, as some stories seem to suggest?

Privacy threats to dominate security landscape in 2011?

rPrivacy threats to dominate security landscape in 2011?

At Hack in the Box, we decided to have a bit of fun. My Sophos Malaysia colleagues purchased a veritable flotilla of rubber ducks - in traditional bathtime-duck yellow - and tricked me into an autograph session. Duck signing ducks, geddit?

Podcast with SophosLabs on Black Hat and Defcon

Defcon 18: Barely Legal

The past week and a half have been more than a bit crazy. Between the release of our mid-year threat report and attending Black Hat USA 2010 and Defcon I have barely had a moment to think. Fortunately Vanja Svajcer Read more…

Microsoft shortcut fix and Black Hat 2010 roundup

Black Hat logo

Microsoft announced Friday that they will be releasing an out of band patch for what has been known as the Windows shortcut vulnerability. The fix will be released on Monday August 2nd at approximately 10 AM Pacific Daylight Time (1700 Read more…