Security Flaw Found in Steam
Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system Steam. When your browser accesses a URL that begins with the command “steam://”, it will prompt your copy of steam to launch and perform some operation. Usually, such an operation would be to launch a game, or install or uninstall software. http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf
Pacemaker Hacker Says Worm Could Possibly ‘Commit Mass Murder’
At Ruxcon BreakPoint security conference in Melbourne, Barnaby Jack showed how an attacker with a laptop, located up to 50 feet from a victim, could remotely hack a pacemaker and deliver an 830-volt shock. In the talk named “mass murder, Windows exploits, hacking Apple and owning spy agencies.” He was just one presenter and he showed a video that he doesn’t want released to the public since the manufacturer would be named. http://blogs.computerworld.com/cybercrime-and-hacking/21163/pacemaker-hacker-says-worm-could-possibly-commit-mass-murder
“White Hat” Hackers Gathered in Houston to Talk Strategy
The 3rd annual HouSecCon took place a week ago. With attendance up 40% from 2011, it was exciting to be a part of this growing event. I was invited to speak again this year. “Get off your AMF and don’t REST on JSON”. My mobile web app sec related talk happened to go over real well at the conference. So good in fact, that the local FOX 26 network highlighted the current state of mobile web application security in their 5 o clock broadcast. http://www.myfoxhouston.com/story/19799259/2012/10/11/white-hat-hackers-gather-in-houston-to-talk-strategy
Can Science Stop Crime?
University of Washington computer scientist, Tadayoshi Kohno (@yoshi_kohno), was featured in PBS’s NOVA scienceNOW on Wednesday (October 17) for his work that shows how easy it is for a bad guy to highjack not just your laptop but your kids’ toys, medical devices, even your car. http://www.pbs.org/wgbh/nova/tech/can-science-stop-crime.html
The Cloud is a Scary Place
Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such as Paypal, Facebook, Mozilla, Google, and Twitter. With bug bounties in place, the opportunity to discover security vulnerabilities can offer significant gain for white hats. http://www.zdnet.com/hacking-google-the-three-israeli-white-hats-rooting-out-the-webs-security-holes-7000005542/
Last updated byat .