Tuesday, August 21, 2012

Time to get serious

Wow, how does the summer get busier than the school year? Time to get back into the swing of things.  What started as taking two weeks off for vacation quickly turned into almost two months off here. Tons of interesting stuff going on lately.  BlackHat and DEFCON had all kinds of cool news.  Wish I could have gone out there this year.  Anyhow, here are a few of the latest notable items:
  • Here's one to get you thinking.  An article from Reuters entitled Insight: Experts hope to shield cars from computer viruses. Apparently a few research groups have published papers on possible vulnerabilities with vehicle computer systems.  I guess that shouldn't be too surprising.  After all, some form of a computer probably controls most of a car.  You would hope the more critical systems are isolated, but who knows.  Anyone else picturing the scene from iRobot where Will Smith is "experiencing a car accident"?
  • An update on the hotel door lock hacking. Seems the manufacturer came up with several solutions.  First and easiest is to put a cap on the data port.  Ok, it's a start, but far from foolproof.  The second is to replace the circuit board in each lock.  However, as of right now, it appears the lock maker is looking for the hotels and businesses who use these locks to foot the corrective costs.  Not inexpensive to say the least.  How many will?
  • Oh, this is really cool.  So you have probably heard about the iPhone SMS bug, right? The short of it is that it possible to spoof SMS messages to look like they are from your bank or something equally important.  Basically, a potential for many different social engineering attacks.  Well, Apple recently came out with a fix - use iMessage instead of SMS.  So instead of tackling the problem, they just advise you to avoid it.  Super.
  • By now everyone has seen plenty on the Mat Honan hack.  I'd like to say it's hard to believe something like that could happen, but there are more and more stories every day about pwning help desks.  There was a good follow-up article by Kim Zetter on How not to become Mat Honan.  Basic security 101.