Surviving the Week 10/19/12

Security Flaw Found in Steam

Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system Steam. When your browser accesses a URL that begins with the command “steam://”, it will prompt your copy of steam to launch and perform some operation. Usually, such an operation would be to launch a game, or install or uninstall software. http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf

Pacemaker Hacker Says Worm Could Possibly ‘Commit Mass Murder’

At Ruxcon BreakPoint security conference in Melbourne, Barnaby Jack showed how an attacker with a laptop, located up to 50 feet from a victim, could remotely hack a pacemaker and deliver an 830-volt shock. In the talk named “mass murder, Windows exploits, hacking Apple and owning spy agencies.” He was just one presenter and he showed a video that he doesn’t want released to the public since the manufacturer would be named. http://blogs.computerworld.com/cybercrime-and-hacking/21163/pacemaker-hacker-says-worm-could-possibly-commit-mass-murder

“White Hat” Hackers Gathered in Houston to Talk Strategy

The 3rd annual HouSecCon took place a week ago. With attendance up 40% from 2011, it was exciting to be a part of this growing event. I was invited to speak again this year. “Get off your AMF and don’t REST on JSON”. My mobile web app sec related talk happened to go over real well at the conference. So good in fact, that the local FOX 26 network highlighted the current state of mobile web application security in their 5 o clock broadcast. http://www.myfoxhouston.com/story/19799259/2012/10/11/white-hat-hackers-gather-in-houston-to-talk-strategy

housseccon

Can Science Stop Crime?

University of Washington computer scientist, Tadayoshi Kohno (@yoshi_kohno), was featured in PBS’s NOVA scienceNOW on Wednesday (October 17) for his work that shows how easy it is for a bad guy to highjack not just your laptop but your kids’ toys, medical devices, even your car. http://www.pbs.org/wgbh/nova/tech/can-science-stop-crime.html

The Cloud is a Scary Place

Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such as Paypal, Facebook, Mozilla, Google, and Twitter. With bug bounties in place, the opportunity to discover security vulnerabilities can offer significant gain for white hats. http://www.zdnet.com/hacking-google-the-three-israeli-white-hats-rooting-out-the-webs-security-holes-7000005542/

Last updated by at .

About Dan Kuykendall

Dan Kuykendall is the CTO and Co-CEO at NT OBJECTives. Dan is a founder of NT OBJECTives and has been with the company for more than 10 years. He is responsible for the strategic direction and development of products and services and works closely with technology partners to make sure integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most accurate because of its sophisticated automation techniques. Dan joined NT OBJECTives from Foundstone, where he was responsible for the portal interface to the company’s flagship product, FoundScan. Prior to Foundstone, Dan was the founder of the Information Security team in the United States branches of Fortis. Dan is a regular blogger on web application security issues on ManVsWebApp.com and co-hosts An Information Security Place Podcast. His has presented on the topics of mobile and application security at many of the top security industry conferences such as ISSA (2011), B-Sides (2012-2013), OWASP AppSecUSA (2012), HouSecCon (2010-2012), ToorCon (2013) and THOTCON (2013). Dan has been involved with Web Application Security Consortium and is a regular contributor to many open source development projects including founding the RPM Builder, phpGroupWare and podPress projects. Connect with Dan on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *