Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

1.4 billion Android devices vulnerable to hijack attacks

Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data. The vulnerability is in the design and implementation of RFC 5961, a relatively new Internet standard. Ironically, it’s intended to prevent certain classes of hacking attacks. The way it is written now, an blind […]

Continue Reading...

Posted in Mobile Application Security, Open Source Security | Comments Off on 1.4 billion Android devices vulnerable to hijack attacks

 

White House launches software code-sharing program

Last week, the White House Office of Budget and Management release its Federal Source Code policy, requiring government agencies to share some of the code it creates. The new Federal Source Code policy is part of President Obama’s 2014 Second Open Government National Action Plan. The proposal requires agencies, when commissioning new custom software, to […]

Continue Reading...

Posted in Open Source Security | Comments Off on White House launches software code-sharing program

 

Keyless entry crypto failure affects millions of older Volkswagens

Researchers have disclosed a cryptographic flaw that affects keyless entry systems for Volkswagens manufactured between 1995 and 2016. In a paper, researchers Flavio D. Garcia and David Oswald, University of Birmingham; Timo Kasper, Kasper & Oswald GmbH; and Pierre Pavlidès, University of Birmingham, were able to recover the cryptographic algorithms and keys from electronic control […]

Continue Reading...

Posted in Automotive Security | Comments Off on Keyless entry crypto failure affects millions of older Volkswagens

 

Criminal hackers target Oracle’s MICROS point-of-sale system

A Russian cybercrime group has breached hundreds of point-of-sale computer systems from Oracle. On Monday, KrebsonSecurity reported the data breach. Oracle acknowledged to the site that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS […]

Continue Reading...

Posted in Data Breach | Comments Off on Criminal hackers target Oracle’s MICROS point-of-sale system

 

19-year-old gets United Airlines bug bounty: 1M air miles

A security researcher from Amsterdam has received a bug bounty of one million free air miles from United Airlines after reporting 20 major bugs. Although 19-year old security researcher Olivier Beg from Amsterdam received one million air miles from United Airlines, he will still have to pay any associated taxes. For example, according to Netherlands […]

Continue Reading...

Posted in Uncategorized | Comments Off on 19-year-old gets United Airlines bug bounty: 1M air miles

 

Up to 900 million Android phones vulnerable to Qualcomm flaw

Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones. Dubbed “QuadRooter” by researchers at Checkpoint, the quartet of flaws are in the chip firmware. The flaws could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device.” Once an attacker […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Up to 900 million Android phones vulnerable to Qualcomm flaw

 

Car-hacking duo returns to Black Hat USA 2016

Dr. Charlie Miller and Chris Valesek once again hacked a vehicle, although not remotely. They also announced their retirement from car hacking. In their latest talk at Black Hat, the pair used what they called “Message Confliction” to control a car driving at speeds of around 30 mph. They were not able to do so […]

Continue Reading...

Posted in Automotive Security, Webinars | Comments Off on Car-hacking duo returns to Black Hat USA 2016

 

Kaminsky argues for internet survival in keynote at Black Hat USA 2016

A noticeably thinner but no less perkier Dan Kaminisky proposed fixing the Internet (“this Internet”) in his Black Hat USA 2016 keynote address. Kaminsky, who famously broke then fixed the DNS-backbone of the Internet, opened by talking about an isolated web browser with only 14 system calls. He said that the term “sandbox” was wrong. […]

Continue Reading...

Posted in Web Application Security | Comments Off on Kaminsky argues for internet survival in keynote at Black Hat USA 2016

 

Dell patches software ‘backdoor’ in SonicWALL Global Management

Six software vulnerabilities, some critical, in Dell’s SonicWALL Global Management have been patched. An advisory last week from Digital Defense disclosed six vulnerabilities in the Dell SonicWALL Global Management System (GMS). The vulnerabilities could allow command injection, unauthorized XXE, default account, and unauthorized modification of virtual appliance networking information. GMS a used by enterprise organizations […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Dell patches software ‘backdoor’ in SonicWALL Global Management

 

U.S. Department of Transportation wants more cybersecurity sharing

U.S. Department of Transportation Secretary Anthony Foxx urges automakers to share information about cybersecurity. Speaking at the Billington Cybersecurity Summit in Detroit, Foxx stressed industry collaboration aimed at keeping cars safe from being hacked. “There is no one company that can do on its own what all companies can accomplish together,” Foxx said. He added, […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on U.S. Department of Transportation wants more cybersecurity sharing