Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

civil rights Rig an election for around 25 bucks

Rig an election for around 25 bucks

Actually $26, according to a study conducted by Argonne National Laboratory in Illinois, which was able to hack a Diebold voting machine with “about $26 and an 8th-grade science education.” In light of the rapidly approaching 2012 U.S. Presidential Election, it seems there may be a need to give serious attention to securing our election

Cybercrime Corner Facebook, the natural home of the hoax

Facebook, the natural home of the hoax

You may have noticed a lot of excitement about Facebook's latest attempts to prune your privacy, and you'll probably see more commentary on this blog. Here's something a little different: a good old-fashioned chainletter that seems to be flourishing despite all its logical flaws. The story is at SC Magazine's Cybercrime Corner, to which I

Facebook How much photo data does Facebook really have?

How much photo data does Facebook really have?

According to a post by a Facebook Photos engineer, they receive around 200 million photo uploads per DAY, or about 6 billion per month. A separate post says Facebook currently hosts 4% of all photos ever taken. Specifically, it hosts 140 billion photos out of 3.5 trillion photos taken in history. Also, we see “it

Apple New Apple OS X Malware: Fake Adobe Flash Installer

New Apple OS X Malware: Fake Adobe Flash Installer

A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then

Malware Towering Qbot Certificates

Towering Qbot Certificates

New stolen digital certificates are used by the multi-purpose backdoor Qbot. The criminals behind the Qbot trojan are certainly not inactive. As I mentioned in a blog post earlier this month, after a quiet summer we have seen a batch of new Qbot variants. An interesting fact is that the malicious binaries were digitally signed.

data leakage OnStar to still gather vehicle data after service expires

OnStar to still gather vehicle data after service expires

Unless you specifically cancel the 2-way communication aspect, the default setting will be to continue a communication link to OnStar once the subscription expires, raising the ire of customers who wonder what the company does with the data. OnStar says that data is anonymized, but customers fear data showing current vehicle location doesn’t seem very

Cracked software Britain to ISP’s: speed up blocks on pirate sites

Britain to ISP’s: speed up blocks on pirate sites

Following the recent landmark Newsbin2 ruling requiring ISP’s to take a more active role in policing pirate websites, UK ISP’s are working to speed the court ordered actions though to block pirated sites. The implementation details haven’t been finalized between the creative industries and ISP’s, but copyright-owners seem to be optimistic. The goal is to

Adobe PDF Trojan Appears on Mac OS X

PDF Trojan Appears on Mac OS X

  A new trojan has been released targeting the Macintosh Chinese-language user community.  The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands.   When the user opens the “PDF” file, it attempts to mask the installation

civil rights Senate cybersecurity bill one step closer to law

Senate cybersecurity bill one step closer to law

This morning we recorded a podcast posing the question “can legislation solve cybercrime?” Well, The Senate Judiciary Committee seems eager to play a part, passing a measure yesterday attempting to thwart computer attacks. Measure S.1151 sets a national standard for data breach notification, replacing the various state initiatives already in place. It also makes concealing

General When Trends Collide: Spear Phishing, Security Awareness, COVS and More

When Trends Collide: Spear Phishing, Security Awareness, COVS and More

The news that Japan's top defense contractor and weapons maker, Mitsubishi Heavy Industries, fell victim to cyber attacks in August is likely to increase the pressure to improve information system security from Tokyo to the Pentagon and every government contractor, outside vendor, and supplier in between. As pointed out in the Reuters report, the Japanese contractor–commonly

Cybercrime Google+ fix cybercrime – use your real name?

Google+ fix cybercrime – use your real name?

Google+ seems to be continuing building steam and putting itself on the map as a contender, not merely an also-ran to the Facebook behemoth. Part of its strategy is to enforce the use of real names, not just the more common online pseudonym. The logic goes that this will reduce the likelihood that cybercriminals might

Cybersecurity 2.1 million users’ data breached in Massachusetts

2.1 million users’ data breached in Massachusetts

Since 2010 that is, following a law enacted in 2007 that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Attorney General Martha Coakley’s office released the information, including a breakdown of the data. It seems her office received 1,166 data breach