Internet Security

Combining legacy SCADA systems that have their own weaknesses with Internet technologies is a dangerous mix for protecting systems that provide energy, water and other basic needs, Black Hat presenter says.

Originally posted at InSecurity Complex

Las Vegas is the setting this week for two of the most popular annual security events. First comes Black Hat for the professional crowd, followed by the more antic Defcon gathering.

Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

IOActive's Barnaby Jack reveals at Black Hat how he found ways to remotely log into ATMs without a password and force them to spit out cash.

Apple has shipped a major Safari browser update to fix 15 documented security holes, including a known flaw in the browser’s AutoFill Web Forms feature that can be hacked to steal data from the computerâs address book.

The tool, called Enhanced Mitigation Experience Toolkit (EMET) works by applying security mitigation technologies to arbitrary applications to block against exploitation through common attack vectors.

The United Arab Emirates (UAE) has described RIM’s device as a threat posing “serious social, judicial and national security repercussions” due to the country’s inability to successfully eavesdrop on users, and the fact that transmitted data is stored offshore. Does the BlackBerry really pose a threat to national security?

Adobe will give anti-virus, intrusion prevention/detection and corporate network security vendors a headstart to add signatures and filters to protect against security flaws in its widely deployed product suites.

The company will begin sharing vulnerability information early with security vendors just as Microsoft does. Plus: a new toolkit from Redmond.

Originally posted at InSecurity Complex

Microsoft’s Matt Thomlinson argues that community-based defense is important to fight cybercrime and stay ahead of malicious hacker attacks.

SecureWorks uncovers bizarre criminal operation that uses digital techniques to aid in old-school check counterfeiting.

Originally posted at InSecurity Complex

Verizon's annual data breach report combines data from the U.S. Secret Service and covers more than 143 million compromised records.

Originally posted at InSecurity Complex

Firefox 4 beta 2 continues Mozilla's push to release new features and under-the-hood improvements to beta testers faster.

Originally posted at The Download Blog

Google has shipped a new version of its Chrome browser to fix three high-risk security holes that expose web surfers to malicious hacker attacks.

Acquisition price for mobile security provider SMobile is about $70 million in cash, companies say.

Originally posted at InSecurity Complex

Michal Zalewski: Indefinite vulnerability secrecy hurts us all by removing all real incentives for improvement, and giving very little real security in return.

Researchers at mobile security firm Lookout say many security issues with Android and iPhone apps result from innocent coding mistakes in third-party software.

Originally posted at InSecurity Complex

Researcher to give talk on ATM security holes that was canceled a year ago, but talk on Chinese cyber army is axed after Taiwan complains.

Originally posted at InSecurity Complex

Seven holes are fixed, six researchers who found them are paid bounties, and Google urges all software makers to fix serious problems within 60 days.

Originally posted at Deep Tech