If you think that texting while driving is your biggest vehicle-related tech concern, a new report from McAfee may make you think twice. It seems that with each passing model year cars get more and more high tech. Unfortunately, the benefits of the technology come with increased risk that hackers can find and exploit security holes and wreak havoc with your car.
The car used to be a purely mechanical contraption. Now there are onboard computers and embedded systems that constantly monitor and adjust various aspects to optimize power and fuel efficiency. Power seats, anti-lock braking systems, electronic stability controls, GPS navigation, communication systems and more all rely on software. We even have vehicles now that will automatically stop even if you don't react fast enough, or that can parallel park to squeeze your car into tight spots without your help.
The thing with software, though, is that it is imperfect. Hopefully the developers do everything within their power to write secure code and ensure there aren't any obvious holes, but software is complex and it is virtually impossible to validate every possible use case and scenario. Eventually, a hacker will stumble upon a vulnerability in the software systems of your car, and that is when the danger begins.
Cybercriminals are always looking for easy ways to break into your network, whether at work or at home. In a talk at this summer's DefCon 19 conference, security researcher Deral Heiland demonstrated various ways to compromise Internet-ready consumer-grade multifunction printers. These include printers that can scan to a file, scan to email, and fax documents, and the vulnerabilities he found are similar across all vendors.
If you haven't taken the time to access the administration control panel webpage for your printer and change its default passwords, do so now. Unfortunately, that will only slow down a very persistent criminal.
For example, Heiland demonstrated that if you did change the default Toshiba printer password from 123456 to something unique, a criminal can simply add an extra backslash to the URL to gain administrator access to the device. And he said that if you copy the URL from the HP Officejet printer login page and then add "page=" to the end when you paste it back in, this will bypass any new passwords that have been added to those printers. This could let a hacker access sensitive documents that have been recently scanned or printed.
About a month ago I received an email from Blizzard Entertainment stating that a new World of Warcraft account had been started using my personal Gmail address. Someone with the user name of "Zhang" was hoping to do a little night elf adventuring using my data. I got on the phone with Blizzard right away, and they canceled the account faster than you can say Ogrimmar.
"Oh yeah," the Blizzard rep added, "you might want to change your Gmail password." I realized at that point that I'd been hacked, just like high-ranking U.S. officials were in June and just now, as Iranian citizens have been.
There was a moment of horror as I realized what kind of private data someone with access to my account could find about me.
Facebook recently rolled out a number of changes to the social networking site. One of the changes eliminates the concept of Facebook Places, but instead incorporates location-aware updates at virtually every level of Facebook. You might want to think twice, though, before broadcasting your location to the anonymous masses online.
Facebook has had a Foursquare-like check-in system for its mobile app for a while. Facebook Places has limited functionality, though, intended primarily for logging in at restaurants and retailers, and it doesn't provide any means for someone with a notebook or tablet to record location data.
Maybe that's a good thing. Do you want your entire social network--including some tenuous relationships with people you have never actually met in real life--to know that you are with your family having dinner at The Olive Garden?
Everybody loves cookies, those little packets of code that websites leave in your browser. We love them because they make Web browsing more convenient by saving our usernames, passwords and other unique data from one session to the next. Marketing companies love them because they uniquely identify visitors and can be combined with traffic logs to compile a profile of your interests and browsing habits.
As long as you are a willing participant, this sort of tracking can be a good thing; browser cookies allow online retailers to tailor their websites to your needs and ensures you are more likely to see advertisements for products and services relevant to your interests. The problem is that lots of unscrupulous companies are using underhanded techniques to sneak cookies into your browser even when you don’t want them. They’re called supercookies, and they can be stopped with a few free utilities and some simple precautions.
Of course, you can disable storage of standard HTTP cookies via your browser’s privacy controls. Unfortunately, many popular websites now track users with unique data packages designed to circumvent your browser’s privacy filter. These souped-up data packages are colloquially known as supercookies, and they typically take advantage of alternate storage areas within your browser to store unique snippets of code and replicate that site’s HTTP cookie in the event you block or delete it from your browser.
Dog Wars is a game that involves raising your dog to be the most vicious dog on the circuit and taking on other virtual dogs in fights to the death. The app itself is offensive to many--in fact, it prides itself on being so provocative that you would never find something like it on the iPhone app store.
The app sparked some backlash from animal activists that wanted the developer to voluntarily pull it. Those protests landed on deaf ears, so apparently some more resourceful animal activists decided to create a rogue version to try and publicly shame users who partake in the barbaric game.
The source code for a patch that strips protection from the builder so the SpyEye malware development kit can be disassembled is now publicly available thanks to Xyliton and the Reverse Engineers Dream Crew (RED Crew). At face value, this is great news because it helps the security industry understand and combat SpyEye, but there is also a down side.
Opening the secrets of the software will help security researchers combat the threat, but it also exposes the source code to other malware developers who can now adapt and morph SpyEye into a new, more insidious threat. Just as the security industry unveils and defangs SpyEye, new SpyEye variants will appear that continue to thwart efforts to block it.
A blog post from Damballa Labs declares, "SpyEye has been on everyone's priority list of threat discussions for quite some time, and is now going to become an even more pervasive threat. The same thing happened when the Zeus kit source code was released in March 2011."