Blog

The MacBook Air was the first computer to fail in a hacking contest between laptops made by Apple, Windows and Linux at the CanSecWest security conference in Vancouver, British Columbia.

Charlie Miller, the participant who was able to hack into the MacBook in two mintues, won $10,000 – plus the MacBook laptop that he successfully hacked.

No one was able to hack into any of the machines through the network on the first day of the contest, however, yet Mr Miller was able to do so once the event’s organisers allowed the hackers to direct human operators from the three machines to visit websites and open emails.

While details of the hack are not being made public, experts are assuming that the vulnerability must be within Apple’s Safari browser because Mr Miller was only able to use software preinstalled on the Mac laptop.

Rich Mogull, the new security writer at Tidbits wrote: “Although we need to take contests like these with a grain of salt, we can’t dismiss the results. Since it took Mr Miller only two minutes to compromise the MacBook Air, it’s clear that he walked in the door with a complete exploit ready to go.”

If you enjoyed this post, make sure you subscribe to my RSS feed!

GNUCitizen said they have found a serious security bug in the BT Home Hub that could let hackers steal identities and commit other types of fraud by controlling calls routed over the internet.

With BT’s Home Hub a widely used router, the ability reach many homes is a serious threat to many customers as the bug can still be sent out even if the default password for the hub has been changed. For the bug to activate, a user of VoIP would have to visit a website that has some kind of malicious code.

Adrian Pastor, one of the hackers GNUCitizen, said that “we believe this is gonna be very hot in the VoIP fraud arena”, in an email.

To resolve the issue, BT has disabled the Remote Assistance features that allow support professionals to gain control over the device, according to Mr Pastor.

As a result however, Mr Pastor said: “Now we have been able to come up with a new technique to steal VoIP calls”.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Widgets and gadgets that users add on to their PCs could pose a security threat, according to Finnish security company Finjan.

Finjan’s Malicious Code Research Centre has found that add-ons that add functions to websites contain code which make the PC they are on more vulnerable to hackers.

The security model that gadgets and widgets have must now be completely revised to take these findings into account, Finjan stated.

Finjan chief technology officer Yuval Ben-Itzhak said: ‘As widgets become common in most modern computing environments, from operating system to web portals, their significance from a security standpoint rises.’

He added: ‘Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and thus should be developed with security in mind.’

Corporations may need to deal with a ‘vast array’ of new security considerations, added Mr Ben-Itzhak.

Meanwhile, a new report from Symantec has warned that internet crime has gone from simply causing trouble to a multi-million pound industry.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Trojans have topped threat lists during the first six months of the year, according to a new report.

Security firm BitDefender Labs says that Trojans were the most popular form of malicious threat in the first half of 2007, along with mass mailers.

The Netsky worm also continued to keep its place in the top ten threat list, with all of the malware in the table accounting for two-thirds of total web viruses.

Viorel Canja, head of BitDefender Labs, called the shift from viruses to Trojans ‘an interesting trend’.

‘Although the popularity of mass mailers is slowly receding, variants are still present and pose a very real risk to computer systems used by consumers and small businesses,’ he added.

A recent report from information security services provider SecureWorks revealed that the number of hackers targeting banking institutions has soared by 81 per cent since 2006, with attackers using the Gozi, Prg and BBB Trojans in particular.

If you enjoyed this post, make sure you subscribe to my RSS feed!