An upcoming paper of the 24th USENIX Security Symposium presents a new and interesting possibility to bridge the air gap of a secure system by using GSM frequencies. The data is sent out by special use of the target computer itself and an old cellular phone can be used for the reception and demodulation of
After some (very weird) technical problems with my server, my page and blog are finally back online. So please look out for upcoming posts, some are already in preparation!
Attacks are getting increasingly sophisticated – not only wrt. the preparation and execution (e.g., advanced use of social engineering techniques), but also wrt. the exploited carriers. Malware out of the box Pre-installed malware can be found increasingly. E.g., have a look at the iPod, different USB sticks or sniffer malware installed within the firmware of
A study published by McAfee / Intel Security gives new estimations about the annual global cost of cybercrime. Three values are extrapolated, $375 billion in best case, $445 billion as mid, and about $575 billion as worst case. Of course, such estimations are very difficult to compile. Therefore, the study gives a good overview how
This sounds like science fiction or a scene in Matrix: Recently, Dragos Ruiu published some information about a malware called BadBIOS. Therefore this nasty piece of malicious code is able to hide itself in the BIOS, to bridge the air gap using ultrasonic sound and the PC speaker / microphone and other quite sophisticated stuff.
The Dark Mail Alliance is working on a new end-to-end encrypted protocol for email. The Alliance consists of Silent Circle and Lavabit, two mail services that closed down to protect their customers in context with the NSA spying scandal. In contrast to available solutions, the new protocol will be designed without the need for unprotected
Well, that was a surprise: the ICS-CERT obviously has the opinion, that default passwords are no vulnerability. Maybe it wouldn’t be as bad if someone else says such a (strange) thing – but it was the Industrial Control Systems Cyber Emergency Response Team. These guys are working in an important area of Cyber Security, so
The Freedom of the Press Foundation launched SecureDrop, an Open Source Submission Platform for Whistleblowers. It is a system to help journalists communicate anonymously. It can be installed as, e.g., a Contact Us page on a organization’s website. Two unique identifiers are used, one seen by the whistleblower and one by the organization. By that,
During the past months, Skype has been conspicuous again – it seems that they have allowed the NSA the access to their servers since 2011. In May 2013, The H Security reported that Microsoft accessed websites shortly after their URLs had been sent within a Skype session. First, this was interpreted as an automated analysis
‘Tor Stinks’ is an interesting but definitely not unexpected headline of a top-secret presentation of the NSA, as reported by the Guardian. This is in contrast to some articles which have been published during the past weeks, talking about the insecurity of the TOR service. For example, heise Security wrote that TOR users can be