Satellite phones are considered to be inherently secure and a safe way for people to talk without fear of someone listening in. This is the perception because the phones use encryption to encode the audio before it is transmitted and then decrypt it when it is received on the other end. It is all nice a seamless and the whole process leaves people feeling a little more secure.

The problem is that a research team from the Ruhr University Bochum in Germany have just blown a big hole in that sense of security with the announcement that they have broken  the two common types of encryption used in the two types of satellite phone standards used around the world.

The secret encryption algorithms have been shown to be easily broken in sharp contrast to other more common encryption schemes, like AES and Blowfish. The researchers discovered this when they reverse engineered phones that use the GMR-1 and GMR-2 standards and found that even with a modest PC running open source software the encryption could be broken within an hour.

The team will be presenting their paper (PDF) to the IEEE Symposium on Security and Privacy 2012 but in it they say:

“Contrary to the practice recommended in modern security engineering, both standards rely on proprietary algorithms for (voice) encryption,” the researchers wrote in the paper. “Even though it is impossible for outsiders (like us) to decide whether this is due to historic developments or because secret algorithms were believed to provide a higher level of ‘security,’ the findings of our work are not encouraging from a security point of view.”

via Ars Technica

It seems, according to the team, that the main security principal behind the proprietary encryption algorithms being ‘secure’ was the fact that they were propriatary and ‘secret’ in the first place. As we have seen though this is often far from the case.

Secure satellite phones not so secure as crypto crack makes them vulnerable is a post from: The Inquisitr

Oh boy you can be that this is going to go over really well but it seems that the ‘hactivist’ group Anonymous has managed to intercept a private conference call between four agents of the FBI and two members of an investigation team at Scotland Yard in Britain.

Not only did they managed to intercept the call but they have made it available for download and they have made it available as a stream on YouTube.

The call lasts for sixteen minutes which they accessed by entering in the conference call password when prompted to by the automated voice. The subject of the call was the arrest of Ryan Cleary and Jake Davis, two suspected members of the LULZsec hacking group, and the Met’s subsequent prosecution of the two men.

Sophos, a security software company, believes that Anonymous was able to do this due to the accessing of an officer’s email account and then using the information contained in an email, which they later posted to the web, to access the confidential conference call.

And here is the stream via YouTube of the conference call.

via The Next Web

Anonymous steps up its game and posts intercepted FBI and Scotland Yard conference call is a post from: The Inquisitr

Okay this is definitely one that I didn’t see coming but according to researchers at Columbia University there is a vulnerability affecting millions of printers that could literally see them being hacked into setting themselves on fire.

Professor Salvatore Stolfo has found that the devices are totally open and exploitable; which is possibly due to the increasing amount of technology that is being crammed into printers while at the same time security has been lagging.

One of the leading printers found to have this vulnerability is the HP LaserJet line of printers that allows hackers to push unauthorized firmware updates to the printers. Apparently the HP printers will go out to the web before printing to see if there are any updates that it might need. The problem is that the printers don’t do any kind of source check before downloading and installing any updates. this means that anyone with any kind of know-how can trick the printers into accepting the bad update.

When it came to demonstrating the kind of damage that could be done Professor Stolfo showed how it was possible to get the printer to overheat the fuser until it melts, and while there are protection switches to stop the printer from actually catching on fire Stolfo showed that it could be done.

There are more subtle applications as well. In another demonstration, an infiltrated printer was used to copy printed documents and send them off to hackers. In this case, tax returns being printed on an infected device were copied and sent off to hackers where they could be scanned for information like social security numbers. And of course, any hackers who wanted to just disable printers in an entirely mundane fashion could do that as well, easily.

via Geekosystem

Of course this possibility of hacked printers never thought it would happen as they push for an Internet of Things eh.

image via chaz6.com on Flickr

HP printers prone to an exploits that could light them on fire is a post from: The Inquisitr

It never seems to fail but for some reasons companies live under some kind of illusion that in this day of network access from anywhere that just simply firing the guy that managed your networks without cleaning up their passwords and accounts after them is all you have to do.

Well one company found out the hard way that this isn’t the case after they fired their IT manager.

It seems that 52-year-old Walter Powell wasn’t overly happy when Baltimore Substance Abuse Systems Inc felt that they no longer needed his services in 2009. So rather than take his firing lying down Powell decided to hack into his previous employer’s network from home and install some keylogging software in order to collect company passwords.

The coup de grâce for Powell was when he took remote control of his former CEO’s PowerPoint presentation to the company board of directors and projected pornographic images on the 64″ TV.

Needless to say Powell was eventually caught and given a two year suspended sentence, three years’ probation, and 100 hours of community service.

via Naked Security – Sophos

Company fires IT manager, CEO’s presentation replaced with porn is a post from: The Inquisitr

It would seem that following the hack attack against Sony and the Playstation Network gaming company sites have become a real juicy target for hackers.

Earlier today my colleague Daniel McCall posted about the hacking of the English game company Codemaster’s site getting hack and now we have word that fellow gaming company Epic Games has suffered the same fate.

Best known for the Gears of War franchise Epic Games notified its forum members that both the forums and the website had been successfully attacked. Fortunately no credit card information was lost but user names, email addresses, and encrypted passwords were taken.

As per usual Epic Games is recommending that you might think about changing your passwords if you have used their site in the past. In the meantime the company has forced a password reset for all the forum members.

via SlashGear

Hackers on a roll – Epic Games site and forums hacked is a post from: The Inquisitr

Wow, will the hacking of Sony ever stop?

One has to wonder, because every time we turn around lately some other division of Sony is getting hacked. The newest attack, against Sony Pictures, was launched by a group called LulzSec and they aren’t being the least ways shy about their success.

In a simple text file titled “Pretentious Press Statement.txt” the group had this to say about the hack:

“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

So what did they get away with this time?

Well:

• A link to a vulnerable sonypictures.com webpage.
• 12,500 users related to Auto Trader (Contest entrants?) including birth dates, addresses, email addresses, full names, plain text passwords, user IDs and phone numbers.
• 21,000 IDs associated with a DB table labeled “BEAUTY_USERS” including email addresses and plain text passwords.
• ~20,000 Sony Music coupons (out of 3.5 million in the DB).
• Just under 18,000 emails and plain text passwords from a Seinfeld “Del Boca” sweepstakes.
• Over 65,000 Sony Music codes.
• Several other tables including those from Sony BMG in The Netherlands and Belgium.

I think that anyone who has done business online with Sony should immediately change whatever passwords they were using and then maybe think twice about doing nay further business with a company that obviously doesn’t have a clue about even the most basic of web security standards.

via Naked Security – Sophos

The never-ending Sony hackathon – this time it’s Sony Pictures is a post from: The Inquisitr

On Monday, ‘hacktivist’ group Anonymous revealed it was targeting Sony for its treatment of PS3 hacker George Hotz. Later that day, DDOS attacks on the PlayStation Network took down the gaming service temporarily. Sony has since revealed PSN was attacked by ‘an outside party’.

While that won’t have pleased Sony, it also pissed off a lot of innocent gamers, who vented their rage at Anonymous across forums and social networks. That’s … not quite the result Anonymous was angling for.

Hence, after receiving a ton of negative press from this, the group has decided to change tack. In a statement from the hacker group, it revealed it would no longer be targeting PSN as it wanted to avoid crapping on gamers:

“We realize that targeting the PSN is not a good idea. We have therefore temporarily suspended our action, until a method is found that will not severely impact Sony customers. Anonymous is on your side, standing up for your rights. We are not aiming to attack customers of Sony. This attack is aimed solely at Sony, and we will try our best to not affect the gamers, as this would defeat the purpose of our actions. If we did inconvenience users, please know that this was not our goal.”

So there we go. YOU HAVE BEEN WARNED, SONY. ANONYMOUS IS COMING FOR YOU. Err, just as soon as it’s worked out what to do next.

[Via Gamespot]

Anonymous ceases attacks on PlayStation Network is a post from: The Inquisitr

Since then, there’s been a rap video, a lawsuit brought by Sony against Hotz, and accusations from Sony that the hacker had fled to South America (he was actually on spring break).

Things could get interesting for Sony now that Anonymous has entered the fray, and by ‘interesting’ I do of course mean ‘quite bad’. Anonymous, which has previously hacked Gawker, Amazon, Mastercard, and computer ‘security’ firm HBGary, released the following threatening statement on its site:

[Via Anonymous]

Anonymous declares war on Sony over PS3 hacking case is a post from: The Inquisitr

George ‘Geohot’ Hotz is the hacker who very publicly breached the PlayStation 3′s security, and is now lined up for a date with Sony’s lawyers. Or, he would be … if he wasn’t currently gadding about South America somewhere.

According to Sony, the much-admired/maligned hacker is attempting to escape his date in court and failed to hand over various devices to Sony for inspection, despite a court telling him to do so. The company’s also claiming Hotz lied to the court about having a PlayStation Network account. In short, someone‘s in the shit.

Here’s an extract from court documents Sony just filed:

“Over the last several weeks. Hotz has engaged in a campaign to thwart jurisdictional discovery at every turn – regardless of whether the Court has ordered such discovery or not. Most seriously, after Magistrate Judge Spero ordered an inspection of Hotz’s devices and ordered Hotz to appear at a deposition in California, SCEA learned that Hotz had deliberately removed integral components of his impounded hard drives prior to delivering them to a third party neutral and that Hotz is now in South America, an excuse for why he will not immediately provide the components of his hard drives as requested by the neutral.

“Hotz’s attempts to dodge this Court’s authority raise very serious questions.”

Hotz bolting to South America comes after the hacker asked for donations to help him in his legal fight against Sony. And all along I thought this story had peaked in weirdness when Hotz challenged Sony to a rap battle on YouTube:

Shows what I know.

[Via VGHQ]

Sony: PS3 hacker on the run in South America is a post from: The Inquisitr

This is really only the start of the flood of security related issues that are going to come to haunt not just the iPhone but all smartphones.

This story of some German researchers who have successfully been able to reveal stored passwords on a locked iPhone in less than 6 minutes, and that is without cracking the phone’s passcode. As the German researches said:

The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode

There is currently no fix for this so iPhone users might want to think about changing their passwords on a regular basis.

via Redmond Pie

So how long does it take to steal your iPhone passwords? 6 Minutes [Video] is a post from: The Inquisitr

For Sony, the recent hacking of the PlayStation 3 seems to go from terrible to disastrous.

While game piracy is an obvious concern for the platform holder, a new homebrew app has been released that allows users with a modified PS3 to unlock all Trophies in a game automatically. Said trophies even come with a random timestamp, just to make it extra convincing.

Needless to say, this could develop into a nightmare scenario for Sony, with potentially thousands of users everywhere owning unearned Trophies. What is the company going to do about it? Well, it’s Sony, so it’s all about the network updates, baby. Sony gave this statement to CVG:

“We are aware of this, and are currently looking into it. We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details.”

On the plus side, the developers of this insidious little app are currently unable to sync their robbed Trophies with the PlayStation Network. Furthermore, some games simply seem immune to this hack, including Batman: Arkham Asylum and Resident Evil 5: Gold Edition. Your move, Sony.

[Via CVG]

New PlayStation 3 hack automatically unlocks Trophies is a post from: The Inquisitr

It’s been a tough couple of weeks for the poor old PS3, what with dastardly hackers cracking the system wide open and releasing secret codes that will likely see piracy run rampant.

Having already promised network updates in an attempt to make the system secure again, Sony has now asked for restraining orders to be issued against said hackers. To back up its case, Sony has cited the Digital Millennium Copyright Act, the Computer Fraud and Abuse Act, and assorted other bigwig laws.

George “Geohot” Hotz (who became the first hacker to break the system this time last year) and the “hacking group” fail0verflow (who developed the latest hack) are specifically targeted by Sony’s request.

If granted by the court tomorrow, the restraining order will (in theory) censor the hackers and see any information about the hacks removed from the web with a temporary restraining order.

Naturally, that will probably be futile, as trying to wipe information from all over the web is a bit like trying to catch rain in a sieve. It is, at best, a short-term stalling tactic by Sony before it unleashes a bigger lawsuit.

[Via Engadget]

Sony requests restraining order against PS3 hackers is a post from: The Inquisitr

Sony has a problem. Its baby, the PlayStation 3, has been hacked, and the secret codes that open the doors to modified firmware (and hence mass piracy of PS3 games) have been released. Shit’s getting real, in other words, but Sony isn’t going to take this lying down.

In a statement to Edge – the first the company has made since the hackers revealed their work – Sony said it would combat the security breach through a number of network updates:

“We are aware of this, and are currently looking into it. We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details.”

So it looks like downloadable patches will be wheeled out to save Sony’s violated hardware, but wait! One of the hackers responsible has insisted that mere updates won’t achieve a thing. Going by the alias of ‘pytey’, the anonymous programmer informed the BBC:

“The complete console is compromised – there is no recovery from this. The only way to fix this is to issue new hardware. Sony will have to accept this.”

Only time will tell us who’s right – expect this one to run and run.

[Via Edge]

Sony to tackle PlayStation 3 hacks with network updates is a post from: The Inquisitr

A bunch of hackers calling themselves ‘fail0verflow’ claim to have unearthed the so-called ‘private key’ that authorizes PlayStation 3 code to run on the popular console.

fail0verflow are not the first individuals to have broken into the system, but they are reportedly the first to find said elusive key.

This, in theory, will enable full-on game piracy, though the group claims this isn’t their intention: according to this tweet, they simply want to get Linux running on the PS3 … whichever firmware version is running on the console.

We’ll apparently learn more when the group gets around to launching its website. Until then, the hackers intend to give a demo of their achievements at the Chaos Communication Conference tomorrow. Could this open the way for widespread PS3 piracy? If so, we might have another chart to add when 2011′s most pirated games are revealed.

[fail0verflow, via Joystiq]

Hackers crack PS3, gain ‘full control of the system’ is a post from: The Inquisitr

As you can see from the graphic above it takes all of 15 lines of code the get everyone clicking on links that starts an orgy of people talking about having goat sex.

Mat Howie, from Metafilter, posted the above screenshot of what the code, which started all this talk of goat sex, would like, and that we reported on earlier.

Twitter has since patch the loophole but one should note that this type of thing should never have happen in the first place as any decent security review would have thrown up the needed red flags. As one commenter said on another post about this – it’s web security 101 – it should never have happened.

So, how many lines of code does it take to have goat sex on Twitter? is a post from: The Inquisitr

Danger Will Robinson, danger…

Yup another Twitter worm is on the loose folks and apparently when you click on the link that follows WTF. When you do you will find your account suddenly twittering “I like anal sex with goats” and followed with another tweet in your name with WTF and the link.

So here’s a suggestion – don’t click on links that starts with WTF.

Goat sex hot on Twitter right now is a post from: The Inquisitr

What does Hotz’s achievement mean, in real terms? Well, it’s pretty damn significant: we’re talking widespread piracy of PS3 games for the first time, and a dramatic increase in cheaters in online games. Yarr! And also: Ugh! Over at his blog, Hotz confirmed:

“I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3.”

Defenders of Hotz will argue that this opens the door for perfectly legal homebrew on the PS3, and while I’m all for that (having dipped my toe in homebrew on other consoles), let’s face facts: this is going to end up in mass piracy, and that’s predominantly A Bad Thing. According to Hotz, Sony did its best to ward off hackers:

“3 years, 2 months, 11 days…thats a pretty secure system. Took 5 weeks [...] very simple hardware cleverly applied, and some not so simple software.”

Hotz isn’t revealing the fine details of his exploit, for fear that Sony will simply release a patch correcting the hack.

[George Hotz, via Gizmodo]

Sucks: PlayStation 3 hacked at last is a post from: The Inquisitr

Since the news about Twitter’s homepage being hacked has made the rounds of the tech blogosphere not much more has been said about it. Twitter came out with an update post that said it’s DNS records had been comprised and that they were looking in to but once it pointed the finger at its DNS provider Twitter has seem pretty mum on the subject.

Well it turns out that Twitter itself could actually be the culprit behind the comprised DNS records if the report coming out of Computerworld is correct. In the report the CTO, Tom Daly, of Dyn Inc the company that manages Twitter’s DNS records denied that Dyn infrastructure had been comprised. In addition he told the Washington Post that someone using Twitters credentials logged onto the system and made the changes.

“Someone logged in who purported to be a legitimate user of their [DNS] platform account and started making changes,” Daly told the Post‘s Brian Krebs. “It was not a failing on our systems whatsoever.”

Kyle York, Dyn’s vice president of marketing, echoed that in an interview with Computerworld. “No unauthenticated e-mail address associated with the account accessed the [Twitter] account,” York maintained. “This was not an unauthorized breach of our system.”

When asked whether the Twitter account had been used by someone authorized to do so, or if those account credentials had been pilfered by hackers, York declined to answer directly. “You’ll have to read between the lines,” he said. However, he did point to a tweet on Dyn’s own Twitter feed as having the right explanation.

Source: Computerworld

There has been a lot written about the apparent security problems that seem to plague Twitter and this would seem to be yet another incident that can be added to the list of breaches.

That Twitter hack – it’s all on Twitter says DNS provider is a post from: The Inquisitr

For almost as long as there has been OS wars the mantra of the penguin herders has been that the likelihood of Linux ever being vulnerable to tings like viruses and trojans was next to nil. This was something that they liked to hold over the heads of all us dumb Windows users – much like the Mac contingent does as well.

How many times have we heard the chant … “you want to be safe use Linux – Windoze is for losers” or some such similar childishness?

Well now Windows users can tell all those Linux lording geeks to stuff it because just as with any operating system there are weaknesses that can be exploited (usually the person behind the keyboard) and Linux is no different. Regardless of how the Tux lovers might pontificate about the security of Linux the fact is that Linux can be exploited which is exactly what a security researcher has found with the discovery of a cluster of Linux servers that is being used as a special ops kind of botnet. As well it is being used to distribute malware to unsuspecting web surfers.

Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they’ve also been hacked to run a second webserver known as nginx, which serves malware.

"What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution," Sinegubko wrote here. "To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s)."

Source: The Register – Linux webserver botnet pushes malware

While it is unclear how the infection began Sinegubko suggests that it may be because on nothing more than careless administrators who had their passwords sniffed – hence my comment about the biggest security weakness being from behind the keyboard regardless of operating system. Current the network consists of about 100 nodes running the Apache webserver on different distros of Linux.

Linux not so pure and safe after all is a post from: The Inquisitr

Stolen identities are traded on the web all the time. The information can be as simple as credit card information and email address or in some case complete records. It is this type of trading of personal information that a British company by the name Lucid Intelligence intercepts and then stores in their own database. This database contains the records of four million Britons and 40 million people world-wide, most of which are Americans.

The database is controlled by Colin Holder who happens to be a retired Metropolitan police officer. He has spent the last four years collecting all this data through sources that include police departments around the world, which includes both the British police departments and the FBI in the US. AS well he gets information from anti-phishing and hacking groups groups.

Of course all this hasn’t come freely as Mr. Holder has invested £160,000 into the project so far. In order to recoup that money as well as turn a profit Mr. Holder is planning on letting the public access his database but for a fee.

This whole thing isn’t being done without some concerns being voiced about protection of personal data. This in turn has the Information Commissioner keeping a close eye on the database as it grows.

The legality of the database could be put to the test in the coming week. The Information Commissioner’s Office said it could not endorse a commercial service or make a ruling on its validity unless someone made a complaint. But the privacy watchdog said it had “provided advice to help the company comply with the principles of the Data Protection Act”.

Source: Times Online :: Four million British identities are up for sale on the internet

Yup I can see how moving everything we do to the cloud is going to be safer – not!

British ex-cop owns a database of 40 million stolen identities is a post from: The Inquisitr