Search Results for “Andy Greenberg”


October 14, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
Researcher Planted Tiny Spy Chip in Cisco Motherboard to Give Remote Attacker Deep Control Using Only $200 in Equipment

A tiny spy chip could be planted in a company’s hardware supply chain with as little as $200 in equipment security researcher Monta Elkins will show at the CS3sthlm security conference later this month. Using a $150 hot-air soldering tool, a $40 microscope, and some $2 chips, Elkins was able to alter a Cisco firewall in a way that he says most IT admins wouldn’t notice, yet would give a remote attacker deep control. Elkins used an ATtiny85 chip, about 5 millimeters square, that he found on a $2 Digispark Arduino board and programmed to launch an attack as soon as the firewall boots up in the target’s data center; he then soldered it to the motherboard of a Cisco ASA 5505 firewall. Elkins said he could have reprogrammed the firmware of the firewall to make it into a more full-featured foothold for spying on the victim’s network.

Related: TechSpot, Slashdot, Security News | Tech Times, Boing Boing, HotHardware.com, Security – Computing, LinuxSecurity – Security Articles, Naked Security


August 8, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
Memory Bugs in Boeing 737 and 787 Crew Information and Maintenance System Could Allow Attackers Access to Safety-Critical Systems, Researcher

A fully unprotected server on airplane maker Boeing’s network, seemingly full of code designed to run on the company’s giant 737 and 787 passenger jets, was discovered byIOActive security researcher Ruben Santamarta, a finding that led him to further discover security flaws in one of the 787 Dreamliner’s components in the plane’s multi-tiered network. Santamarta said he found memory corruption bugs in the plane’s Crew Information Service/Maintenance System that could allow an attacker to gain a foothold inside a restricted part of a plane’s network. Santamarta said the attack could pivot from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane’s safety-critical systems, including its engine, brakes, and sensors. Boeing flatly denies that such an attack is possible.

August 10, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
Eighteen-Year-Old High School Student Found Flaws in School Software That Could Have Allowed Hackers Deep Access to At Least Five Million Students’ Data in 5,000 Schools

Serious bugs in the web interfaces of two common pieces of software sold by tech firms Blackboard and Follett that could allow hackers deep access to at least five million students’ data used by more than 5,000 schools were discovered by eighteen-year-old high school student Bill Demirkapi. The common bugs of so-called SQL-injection and cross-site-scripting vulnerabilities were found in Blackboard’s Community Engagement software and Follett’s Student Information System. In Blackboard’s case, Demirkapi found 5 million vulnerable records for students and teachers, including student grades, immunization records, cafeteria balance, schedules, cryptographically hashed passwords, and photos. Follett thanked Demirkapi for finding the bugs, which the company said were fixed in July 2018. Blackboard also thanked Demirkapi, but argued that based on its analysis no one else had accessed those records through the vulnerability he exposed.

August 12, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
Phone Phreaker Can Listen Into Elevators Because Elevator Phone Installers, Building Managers Don’t Change Default Reprogramming Passwords

Elevator phones can be abused for serious privacy invasion and even sabotage because too many phone installers and building managers don’t change their default reprogramming passwords from easily guessable default codes allowing anyone to tamper with their settings, freelance security researcher Will Caruana discovered. Using the techniques of phone phreakers, Caruana figured out many of the passwords from over 80-plus elevator phones by hunting down elevator phone manuals, googling documentation, and buying a dozen elevator phones off Ebay over the last year. Caruana and other phone phreakers have phoned into elevator phone numbers and eavesdropped on conversations in the elevators. Stairwell phones, emergency phones at swimming pools, callboxes on college campuses, and other push-to-call phones in random buildings across the country are similarly exposed.

December 20, 2015
Steve Ragan / CSO Online

Steve Ragan / CSO Online  
Database leak exposes 3.3 million Hello Kitty fans

April 18, 2019
If Then / Slate

If Then / Slate  
How to Make Sense of WikiLeaks

April Glaser is joined by guest host Siva Vaidhyanathan, director of the Center for Media and Citizenship at the University of Virginia and author of several books about social media and the internet, including a recent one on Facebook, Antisocial Media: How Facebook Disconnects Us and Undermines Democracy. Wired writer Andy Greenberg joins the show to talk about the recent indictment against WikiLeaks founder Julian Assange, the threats the case poses to press freedom, and how Assange’s ideology has been much more fluid than that of his alleged co-conspirator, Chelsea Manning.

November 25, 2015
Jeremy Kirk / PC World

Jeremy Kirk / PC World  
This gizmo knows your Amex number before you’ve received your new card

A device built by legendary hacker Samy Kamkar calls into question the security of payment cards as the U.S. continues to grapples with card fraud.Kamkar’s device, nicknamed MagSpoof, is about the size of a U.S. quarter, and it’s safe to say it would be a fraudster’s dream.

September 15, 2016
Associated Press

Associated Press  
‘Fancy Bears’ Release More Medical Data on 25 Athletes from Eight Countries

The hacking group called Fancy Bears, widely believed to be the same arm of the Russian government that has hacked Democratic party organizations, released more medical records yesterday on twenty-five athletes from from eight countries stolen from the World Anti-Doping Agency.

[expand title=”More”]

ABC News: U.S.: WADA Confirms Another Hacking of Its Athletes Database
The Fiscal Times: How Safe Is Our Medical Data? Russian Hackers Leak Records of US Olympic Athletes
CNNMoney.com: Russian hackers release secret data of 25 more Olympic athletes
Security Brief: Russian hackers steal Olympic athletes data: Insights and advice from Webroot
NBC Washington : Russian Hackers Post ‘Medical Files’ of Williams, Biles
DataBreachToday.com: Hackers Dump US Olympic Athletes’ Drug-Testing Results
IB Times : US Olympic athletes caught doping? Everything you need to know about the Wada Fancy Bears leaks
TASS: Russia’s boxer Aloyan denies taking banned drugs after hackers leak medical info
SC Magazine : Fancy Bear hacks World Anti-Doping Agency
Sputnik International: Russian Boxer Aloyan Tested Positive For Stimulant in Leaked WADA Documents
Dark Reading : Olympic Athletes’ Medical Data Compromised By Russian Hackers
Global Security Magazine : World Anti-Doping Agency hacked – commentary
eSecurityPlanet: World Anti-Doping Agency Breached by Russian Hackers
Kyiv Post: Radio Free Europe/Radio Liberty: WADA says Russian hackers leaked data of 25 more athletes
HOTforSecurity: Russian hackers leak confidential medical info on US Olympic athletes
Chicago Tribune: Doping agency hack raises new ethical questions
The Guardian: Russian sports minister Vitaly Mutko denies link to Wada hackers
Sputnik International: Russian Sports Ministry to Ask Law Enforcers to Assist WADA in Cyberattack Probe
VOA News : US Olympians Respond to Medical Data Hack
RTE.ie : WADA condemns ongoing cyber attacks
Mashable: Simone Biles responds to Russian hacker attack of anti-doping agency
The Huffington Post : WADA: Hackers Leak Another Batch Of Athlete Data
The Week: Simone Biles responds to Russian hack by getting candid about her ADHD

October 4, 2016
Joseph Menn / Reuters

Joseph Menn / Reuters  
Yahoo Searched All Customers’ Incoming Emails on Behalf of Intel Agencies

Three former employees and other knowledgeable person informed Reuters that Yahoo secretly built a custom software program to scan all customers’ incoming emails on behalf of the NSA or FBI or both.The company complied with a classified U.S. government demand and began scanning hundreds of millions of emails starting last year.

[expand title=”More”]

Zero Hedge: Yahoo Admits It Secretly Hacked All User Accounts For US Intelligence
DataBreachToday.com: Yahoo Hacked by Cybercrime Gang, Security Firm Reports
Threat Brief: Yahoo hack spurs push for legislation
PCMag.com: Yahoo Data Breach Hit 500M+ Accounts
E-Commerce Times: Garden-Variety Cybercrooks Breached Yahoo, Says Security Firm
Ars Technica: Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
Lawfare : United States v. Ganias and the Case for Selective Seizures of Digital Evidence
CNBC: Yahoo secretly scanned customer emails for US intelligence
SC Magazine: ALERT: Yahoo scanned all arriving customer email at gov’t intel’s behest, Reuters
Ubergizmo : Yahoo Reportedly Scanned User Emails For The NSA
The Hacker News: Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency
BBC News : Yahoo ‘secretly scanned emails for US authorities’
SlashGear » security: Sources: Yahoo spied on its own users’ emails for U.S. government
Digital Trends: Yahoo may have scanned users’ emails on behalf of U.S. spy agencies
Extreme Tech : From civil liberties champion to turncoat: Yahoo built specialized software to spy on users for the NSA
HackRead: Yahoo built a software to secretly scan user emails for the NSA
Fusion: Yahoo built a special tool to scan incoming emails for the government, reports Reuters
Techdirt: Yahoo Secretly Built Software To Scan All Emails Under Pressure From NSA Or FBI
The Verge: Yahoo helped US spies scan all its emails in real time for a single phrase
ZDNet : Yahoo “scanned customer emails” under top-secret order
Silicon Beat : Report: Yahoo scanned user emails at U.S. government’s request
Consumerist: Yahoo Reportedly Built Tool To Snoop On All Its Emails For U.S. Government
Ubergizmo: Yahoo Reportedly Scanned User Emails For The NSA
emptywheel: The Yahoo Scans Closely Followed Obama’s Cybersecurity Emergency Declaration
Newsweek: In 2015, Yahoo Built a Secret Program to Scan Customer Emails
Network World Security: Yahoo may have allowed US government to search user emails
The Week: Yahoo allowed the U.S. government to search all incoming emails for specific intelligence
SiliconANGLE: Report: Yahoo hack may have compromised up to 3B accounts
TechEye : Big Tech reacts in horror to Yahoo’s spying story
WIRED » Andy Greenberg: How Did the Feds Get Past Yahoo’s Encryption? Yahoo!
The Hacker News: Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency
DataBreachToday.com: Report: Yahoo Complied with Government Spying Order
Digital Trends: Yahoo may have scanned users’ emails on behalf of U.S. spy agencies
SC Magazine: Yahoo, complying with U.S. intelligence directive, searched emails
Network World Security: US tech giants say they didn’t do Yahoo-style email spying
HackRead: Yahoo built a software to secretly scan user emails for the NSA
Extreme Tech : From civil liberties champion to turncoat: Yahoo built specialized software to spy on users for the NSA
Apple Insider : Yahoo created program to scan customer emails for U.S. intelligence agencies, report says
Redmond Magazine : Yahoo Reportedly Bulk Scanned E-Mails for U.S. Intelligence
Huffington Post : Yahoo ‘Secretly Scanned Emails For US Authorities’
The Next Web : Yahoo has been secretly scanning your email and handing it over to US intelligence
Israel Herald : Yahoo gave U.S. intel agencies access to email accounts: report
Morning Consult: Yahoo Surveillance Report Rekindles FISA Fight
VatorNews: Yahoo let the NSA have real-time access to all emails
BGR : Shocking! Yahoo reportedly snooped on users’ emails for US intelligence agencies
Israel National News: Yahoo secretly searches users’ emails
Los Angeles Times: Yahoo helped the U.S. government spy on emails, report says
The Hill: Yahoo scanned customer emails for US intelligence agencies: report
The Hill: Cybersecurity: ACLU blasts Yahoo’s secret email searches for government
The Inquisitr News: Yahoo Spied For The NSA Or FBI? U.S. Internet Company Scanned Millions Of Emails Looking For Specific Information Asked By Intelligence Agencies
The Tech Portal: Yahoo reportedly handed over access to all of its e-mail accounts to U.S. Intelligence agencies
Washington Post: Yahoo scanned all of its users’ incoming emails on behalf of U.S. intelligence officials
BuzzFeed – Tech: The Internet Is Pissed Yahoo Built The US A Custom Tool For Email Spying
Silicon Republic: Yahoo accused of scanning users’ emails for US intelligence
Boing Boing: Yahoo secretly scanned its users’ email for U.S. intelligence services
EFF: Yahoo Email Surveillance: the Next Front in the Fight Against Mass Surveillance
Security – Computing: Yahoo built tool to enable US intelligence to bulk-search customers’ emails
The Guardian: Yahoo may have let the government spy on emails. Now will we embrace encryption? | Trevor Timm
South China Morning Post: Revealed: Yahoo secretly scanned millions of customers’ emails for US intelligence agencies
PogoWasRight.org: Yahoo secretly scanned customer emails for U.S. intelligence – sources
V3.co.uk : Yahoo built app to bulk-scan emails on behalf of US government
SFGAte.com: Yahoo scanned emails at behest of NSA, FBI, report says
Fast Company: Edward Snowden tweets: Stop using Yahoo today
WND: Yahoo scanned customer emails for NSA, FBI
Techdirt: Basically All Big Tech Companies Deny Scanning Communications For NSA Like Yahoo Is Doing
BusinessLine – Home: Yahoo secretly scanned customer emails for US intelligence: sources
eTeknix: Yahoo Secretly Scanned Customer Emails for US Government
Washington Free Beacon: Report: Yahoo Granted NSA, FBI Access to Scan Customer Emails
The Drum: Report: Yahoo scanned email accounts for US intelligence
TechnoBuffalo: Yahoo snooped on your email for the U.S. government
Techradar: Yahoo gave the US government access to all user emails, report says
Quartz: Yahoo reportedly helped the US government spy on all its users’ emails, as they came in
Errata Security: The Yahoo-email-search story is garbage
The Intercept: Delete Your Yahoo Account
emptywheel: The Yahoo Scans Closely Followed Obama’s Cybersecurity Emergency Declaration
PC Tech Magazine: Yahoo Secretly Scanned Emails for US Authorities
Security Affairs: Reuters – Yahoo allowed US government to secretly scanning customer emails
MacRumors: Yahoo Secretly Scanned Millions of Customer Emails for U.S. Authorities
Infosecurity Magazine: Report Claims Yahoo Secretly Searched Emails for US Government
VentureBeat: Yahoo secretly scanned customer emails for U.S. intelligence, sources say
The Security Ledger: Exclusive: Yahoo Secretly Scanned Customer Emails for NSA | Reuters
Heavy.com: Yahoo Scanned Millions of Email Accounts for NSA
Slashdot: Yahoo Secretly Scanned Customer Emails For US Intelligence
The Week: Yahoo allowed the U.S. government to search all incoming emails for specific intelligence
[/expand]