Surviving the Week 10/19/12

Security Flaw Found in Steam

Hackers could have a new means of accessing your computer through a browser command that uses Valve’s software distribution system Steam. When your browser accesses a URL that begins with the command “steam://”, it will prompt your copy of steam to launch and perform some operation. Usually, such an operation would be to launch a game, or install or uninstall software. http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf

Pacemaker Hacker Says Worm Could Possibly ‘Commit Mass Murder’

At Ruxcon BreakPoint security conference in Melbourne, Barnaby Jack showed how an attacker with a laptop, located up to 50 feet from a victim, could remotely hack a pacemaker and deliver an 830-volt shock. In the talk named “mass murder, Windows exploits, hacking Apple and owning spy agencies.” He was just one presenter and he showed a video that he doesn’t want released to the public since the manufacturer would be named. http://blogs.computerworld.com/cybercrime-and-hacking/21163/pacemaker-hacker-says-worm-could-possibly-commit-mass-murder

“White Hat” Hackers Gathered in Houston to Talk Strategy

The 3rd annual HouSecCon took place a week ago. With attendance up 40% from 2011, it was exciting to be a part of this growing event. I was invited to speak again this year. “Get off your AMF and don’t REST on JSON”. My mobile web app sec related talk happened to go over real well at the conference. So good in fact, that the local FOX 26 network highlighted the current state of mobile web application security in their 5 o clock broadcast. http://www.myfoxhouston.com/story/19799259/2012/10/11/white-hat-hackers-gather-in-houston-to-talk-strategy

housseccon

Can Science Stop Crime?

University of Washington computer scientist, Tadayoshi Kohno (@yoshi_kohno), was featured in PBS’s NOVA scienceNOW on Wednesday (October 17) for his work that shows how easy how to hack roblox is, never mind for a for a bad guy to highjack not just your laptop but your kids’ toys, medical devices, even your car. http://www.pbs.org/wgbh/nova/tech/can-science-stop-crime.html

The Cloud is a Scary Place

Security lapses in XSS, CSRF, SQLi, or authentication bypass are not always easy to uncover for cloud companies such as Paypal, Facebook, Mozilla, Google, and Twitter. With bug bounties in place, the opportunity to discover security vulnerabilities can offer significant gain for white hats. http://www.zdnet.com/hacking-google-the-three-israeli-white-hats-rooting-out-the-webs-security-holes-7000005542/

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*