Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 8:57 PM on 2015.05.24 Permalink |

    Bank-heist malware’s servers phone home to Russian spookhaus 

    Possible prank sees trojan that lifted $300 million suggest Kremlin as controller

    Trend Micro researcher Maxim Goncharov says one of the world’s most sophisticated and dangerous bank-robbing trojans is now pointing to Russia’s Federal Security Service (FSB).…

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 9:00 AM on 2015.05.24 Permalink |

    Researcher who exploits bug in Starbucks gift cards gets rebuke, not love 

    A security researcher said he found a way to game Starbucks gift cards to generate unlimited amounts of money on them. Both he and the coffee chain are grumbling after he used a fraudulent card to make a purchase, then repaid the amount and reported the vulnerability.

    Egor Homakov of the Sakurity security consultancy found a weakness known as a race condition in the section of the Starbucks website responsible for checking balances and transferring money to gift cards. To test if an exploit would work in the real world, the researcher bought three $5 cards. After a fair amount of experimentation, he managed to transfer the $5 balance from card A to card B, not just once as one would expect, but twice. As a result, Homakov now had a total balance of $20, a net—and fraudulent—gain of $5.

    The researcher went on to visit a downtown San Francisco Starbucks location to make sure his attack would actually work. He used the two cards to make a $16.70 cent purchase. He went on to deposit an additional $10 from his credit card “to make sure the US justice system will not put us in jail over $1.70,” he explained in a blog post. Here’s where hurt feelings—and arguably an overreaction on the part of both parties—entered into the story. Homakov wrote:

    Read 5 remaining paragraphs | Comments

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 2:10 PM on 2015.05.23 Permalink |

    Cops don’t have to give man his own license plate reader data, court finds 

    A San Diego, California court has ruled that a tech entrepreneur will not be allowed to access his license plate reader (LPR) records from a regional government agency.

    Earlier this month, Superior Court Judge Katherine Bacal handed down a six-page decision to Michael Robertson, finding that he does not have the right, under the California Public Records Act (CPRA), to access records of his own license plate as scanned by members of the San Diego Association of Governments (SANDAG).

    Judge Bacal found that the LPR records were exempt from the CPRA, under a provision of the law that protects “records of investigation,” and under a catch-all section if releasing such records is not in the public interest. As she wrote in the Statement of Decision:

    Read 7 remaining paragraphs | Comments

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 8:00 AM on 2015.05.23 Permalink |

    VR headset company Fove is betting on eye tracking to compete 

    SAN FRANSCISO—At a Kickstarter launch party in a swanky downtown hotel, employees and friends of year-old company Fove milled about, ready to talk to anyone and everyone about their contributions to a new virtual reality headset. VR headsets are old news at this point—Oculus Rift, Samsung Gear VR, Sony’s Project Morpheus have all run the press gamut a few times over. But Fove wants to leapfrog the traditional players by coming to the starting line with something that none of those incumbents have (at least thus far): an eye-tracking system.

    Fove says the eye-tracking system will eventually allow for foveated rendering—a cutting-edge way of reducing the processing demands of VR headsets by generating a high-resolution image only for the immediate area that a player is looking at, allowing peripheral areas to be rendered with less definition.

    Fove just met its Kickstarter goal of $250,000, which it will use to produce an SDK headset with a 5.8 inch display with 2560×1440 resolution, and a 0.8 pound weight. What sets it apart, though, are the infrared sensors that bounce IR light off the user’s retinas, to measure the distance between the eyes and the direction they’re each pointing. Kickstarter backers have been able to secure development headsets for between $300 and $400, and Fove aims to ship by Spring 2016. The development platform will integrate content from Unity, Unreal Engine, and eventually Cryengine.

    Read 18 remaining paragraphs | Comments

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 5:23 AM on 2015.05.23 Permalink |

    Control Server for Money Grabbing Carbanak Points to Russian Security Service 

    The IP address for a command and control (C&C) server employed by Carbanak, an advanced piece of malware used in attacks targeting financial institutions directly, now resolves to a domain that appears to be owned by the Russian Security Service (FSB), researchers found.

    In February, security researchers at Kaspersky published a report on the read more)

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 3:58 AM on 2015.05.23 Permalink |

    Malware Achieves Privilege Escalation via Windows UAC 

    As good as a defensive mechanism User Account Control (UAC) is for Windows users against actions requiring administrator privileges, users can be tricked to run an app with elevated rights without raising any suspicion.

    Researchers at Cylance security company developed proof-of-concept malware that can achieve this via Windows Command Prompt (cmd.exe) and the Registry Editor (regedit.exe), although the list of programs can be extended.

    The focus was on these two utilitie… (read more)

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 1:50 AM on 2015.05.23 Permalink |

    Malicious SVG Files Used for Ransomware Delivery 

    A recently discovered malicious email campaign revealed a less common method to deliver malware by using SVG files (images with support for interactive and animation features), to hide links to downloading crypto-malware.

    Researchers that caught a sample email and analyzed the behavior of the nasty SVG say that the payload appears to be CryptoWall, judging by some indicators associated with this malware family.

    The ransom message displayed to the victim after data encryp… (read more)

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 1:27 AM on 2015.05.23 Permalink |

    Senate adjourns, rejects compromise metadata surveillance bill 

    In the early hours of Saturday morning, the United States Senate halted the advance of a compromise bill that aims to end metadata collection under Section 215 of the Patriot Act.

    Given that the USA Freedom Act cannot seemingly advance in the Senate, there is a very strong possibility that the relevant portions of the law will expire as of the stroke of midnight on June 1, 2015.

    The Senate voted 57-42 to reject the measure, and also immediately rejected a 60-day extension of the existing law on a 54-45 vote. The bill, which previously passed the House of Representatives just over a week ago, has the support of the White House.

    Read 11 remaining paragraphs | Comments

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 9:25 PM on 2015.05.22 Permalink |

    Oculus and founder sued by Hawaiian head-mounted display startup 

    A Hawaii-based company called Total Recall Technologies (TRT) is suing Facebook-owned Oculus Rift and its founder Palmer Luckey, saying that Luckey used confidential information he learned from the company in 2011 to build his own head-mounted display.

    In a complaint filed in the Northern California US District Court (PDF), TRT says that its two partners, Ron Igra and Thomas Seidl, developed and patented a method to take video of a real-world scene and display it in a head-mounted display using an “ultra-wide field of view.” Seidl met Luckey in 2010 in connection with his work on developing head-mounted displays, and contacted him in 2011 to build a prototype for TRT.

    “At all relevant times, the information provided to Luckey by TRT was confidential, and TRT expected the information to remain confidential,” the complaint says.

    Read 2 remaining paragraphs | Comments

  • Profile photo of Storm-9-Net News

    Storm-9-Net News 7:17 PM on 2015.05.22 Permalink |

    eBay bug turns phishing email links into malware-stuffed booby prizes 

    Crims could smuggle nasties in files ‘downloaded’ from web souk

    eBay is racing to fix a second serious security flaw that may allow criminals to spread malware through files seemingly hosted by the online tat bazaar.…

compose new post
next post/next comment
previous post/previous comment
show/hide comments
go to top
go to login
show/hide help
shift + esc
%d bloggers like this:
Skip to toolbar