Null pune 1st March-news bytes


Published on

News Bytes

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Null pune 1st March-news bytes

  1. 1. Security NEWS Bytes Bhavna Kulshrestha
  2. 2.  From April 8 2014, technical assistance for Windows XP will no longer be available, including automatic updates.  2.2 million ATMs worldwide, 95% of them still using Win XP.  A bit of a reprieve: ATMs using Windows XP Embedded, support lasts until early 2016. Support is ending soon!!
  3. 3.  An Israeli security startup that uses smartphones & high-frequency sounds for identity verification.  A password replacement or Two- Factor authentication layer on top of traditional password.  The Idea : Visit SlickLogin enabled site, tap login button, hold your phone close to laptop & Your IN..!!!  How it works: Uses protocols to verify your phone’s position (Wi-Fi, NFC, GPS, Bluetooth) SlickLogin joins Google
  4. 4.  Entry into the system was through a refrigeration, heating & cooling company in Pennsylvania.  Large retail operations have a team that routinely monitors energy consumption & temperatures in stores to save on costs.  To support this solution, vendors need to be able to remote into the system .  Target estimates say that the breach exposed approx 40 million debit and credit card accounts between Nov. 27 & Dec. 15, 2013. “Target” Hackers broke in through HVAC Vendor
  5. 5.  Sentient Hyper-Optimized Data Access Network, is the "Google for hackers."  A search engine for servers, routers, load balancers, PCs & collects info on over 500 million devices every month.  Identifies by scanning the Internet for ports typically associated with HTTP, FTP, SSH and Telnet.  A new way to browse the Shodan in the form of an add-on: “Shodan Maps." Scariest Search Engine on the Internet Just Got Scarier…
  6. 6.  Tinder connects to Facebook profiles & offers matches based on proximity  A vulnerability allowed the attacker to potentially pinpoint the exact location to within 100 feet.  Using GPS data collected by Smartphone, one could determine a user’s location (latitude, longitude) simply by entering a member's Tinder identification number. Tinder App Allowed Users to Precisely Locate Others
  7. 7.  Brought key decision makers and thought leaders from the industry and government.  Well known for its speakers & talks where new vulnerabilities are responsibly disclosed along with their prevention mechanisms.  Highlights of Nullcon 2014 include: Nullcon BlackShield, Nullcon Ammo, Nullcon 2014 Exhibition, Nullcon Job Fair, Nullcon Training India's most popular security conference returns for the fifth year
  8. 8.  Two security researchers developed a home-made gadget called 'CAN Hacking Tools (CHT)’  Capable to give away the entire control of your car to an attacker from windows & headlights to its steering & brakes.  Device uses the Controller Area Network (CAN) ports that are built into cars for computer-system checks.  Injecting a malicious code to CAN ports allows to send wireless commands remotely from a computer. Hacking a Car remotely with iPhone sized Device
  9. 9.  Security researchers at the University of Liverpool, Britain have demonstrated a WiFi virus that can spread between computer networks.  Named as 'Chameleon', it self-propagates over WiFi networks from AP to AP but doesn’t affect working of AP.  POC: Replaces the firmware of the vulnerable (AP) with a virus-loaded version  Propagates to next victim in network  Research shows that this kind of attack is undetectable to any Antivirus and Wireless Intrusion Detection System (IDS).  However, this is created for demo purpose in research lab only. Chameleon virus that spreads across Wi-Fi APs
  10. 10.  Hacker gained access to thousands of passports of law enforcement and military officials.  EC-Council says its servers have not been compromised.  Domain redirection was done at the DNS Registrar & traffic was re-routed from Authentic EC-Council Servers to a Host in Finland known for hosting other illegal websites. EC-Council Web Site Hacked, Defaced
  11. 11. 3 Lakh Android devices infected by Premium SMS sending malware  Panda Labs has identified malicious Android apps that sign up users for Premium SMS services without their permission.  Four malicious apps found free in the app store : "Easy Hairdos", "Abs Diets", "Workout Routines" and "Cupcake Recipes”.  App gets phone number of the device, connects to a webpage and registers to premium service.  Average scammed user gets charged $20 by these apps & around 300,000 plus users downloaded them. Scammers have made $6 million from unsuspecting users.
  12. 12. Thank You..!!