Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Typo halts billion dollar bank theft

Criminal hackers looking to steal roughly a billion dollars from a bank in Bangladesh were stopped by a common mistake: a spelling error. Although smaller transfers between the Bangladesh central bank and the Federal Reserve Bank of New York did go through, a large transfer of between $850-$870 million was stopped at a transfer bank, […]

Continue Reading...

Posted in Financial Services Security | Comments Off on Typo halts billion dollar bank theft

 

Smart home, dumb software mistake

Over the weekend, Hive, which is an automated home thermostat system run by British Gas. suffered a glitch, causing dozens of customers to boil with rage – literally. In a statement reported by The Memo, a Hive representative said: “We are aware of a temporary glitch affecting a very small number of customers, where a […]

Continue Reading...

Posted in Internet of Things | Comments Off on Smart home, dumb software mistake

 

U.S. to re-negotiate Wassenaar Arrangement

After six months of feedback from the US security community, the United States said on Tuesday it would re-negotiate the Wassenaar Agreement, particularly the part covering hacking and surveillance—cybersecurity. In a letter from the National Security Council’s Senior Director for Legislative Affairs, Caroline Tess, made public by the White House on Tuesday to the Associated […]

Continue Reading...

Posted in Government Security | Comments Off on U.S. to re-negotiate Wassenaar Arrangement

 

New OpenSSL flaws to be patched

On Tuesday, the first day of RSA 2016, the OpenSSL project will released updates, specifically versions 1.0.2g, 1.0.1s. All that is known is that the organization ranks these with maximum severity “high”. According to the OpenSSL Policy, high means the patch will include issues that are of a lower risk than critical, perhaps due to […]

Continue Reading...

Posted in Open Source Security | Comments Off on New OpenSSL flaws to be patched

 

When your anti-malware program has a zero-day

Software intended to protect your computer from malware and remote attackers shouldn’t be vulnerable to exploitation, yet that is what one security researcher is finding. Discovering password manager vulnerability Earlier this month, Tavis Ormandy, a Google Project Zero security researcher, disclosed his latest such vulnerability, this time affecting Trend Micro’s Password Manager. He found that […]

Continue Reading...

Posted in Uncategorized | Comments Off on When your anti-malware program has a zero-day

 

Nissan Leaf app flaw allows remote access

A security researcher disclosed on Wednesday that certain Nissan Leaf models can allow their heating and air-conditioning systems to be hijacked because of a flaw in its companion app. Security researcher Troy Hunt found that the NissanConnect app needed only the vehicle identification number (VIN) for any Nissan Leaf car to take control. However, he […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on Nissan Leaf app flaw allows remote access

 

Asus settlement prompts federal monitoring

On Tuesday, the Federal Trade Commission (FTC) announced a decision to require network hardware manufacturer Asus to provide and maintain a comprehensive security program for the next 20 years and also be subject to audits. The action stems from a remote attack on Asus routers in February 2014. “Routers play a key role in securing […]

Continue Reading...

Posted in Uncategorized | Comments Off on Asus settlement prompts federal monitoring

 

Software flaw postpones Lockheed Martin’s F-35

Lockheed Martin’s new F-35 fighter jet won’t begin testing to see how it will perform in combat until at least August 2018, one full year later than planned, according to sources. That’s because of software vulnerabilities. The F-35 has been characterized as a flying computer, with more than 8 million lines of software code, so […]

Continue Reading...

Posted in Government Security, Software Architecture and Design | Comments Off on Software flaw postpones Lockheed Martin’s F-35

 

Mac apps vulnerable to third-party update flaw

A number of Mac apps, including popular ones such as Camtasia and uTorrent, are susceptible to man-in-the-middle attacks, according to new research. A vulnerability found in Sparkle, a third-party software framework used by Mac apps to receive updates, could allow a remote attacker to install malicious code. According to Ars Technica, the vulnerability involves the […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Mac apps vulnerable to third-party update flaw

 

Backdoor found in government AV equipment

A supplier for audio-visual equipment to the US federal government on Thursday issued an update to its products that removed a potential backdoor that could allow “higher privileges than even administrative access to the system via the backdoor,” according to the researchers who first reported it. AMX, a division of the audio-visual company Harman, is […]

Continue Reading...

Posted in Uncategorized | Comments Off on Backdoor found in government AV equipment