Panda Releases Free Security Tool for Autorun

Thursday, March 26th, 2009

Panda, an antivirus software company, has a new free Panda USB Vaccine available for download that can disable the Windows Autorun feature for an entire PC or a particular USB drive. The Autorun feature in Windows can make it easier to install software - and it can also be exploited by ...

Stealthy router-based botnet worm squirming

Tuesday, March 24th, 2009

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm targeting routers and DSL modems. The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem (above) and launching denial-of-service attacks on some Web sites. Some ...

Researchers unveil persistent BIOS attack methods

Monday, March 23rd, 2009

Apply all of the browser, application and OS patches you want, your machine still can be completely and silently compromised at the lowest level--without the use of any vulnerability. That was the rather sobering message delivered by a pair of security researchers from Core Security Technologies in a talk at the ...

Attacking SMM Memory via Intel CPU Cache Poisoning

Saturday, March 21st, 2009

As promised, the paper and the proof of concept code has just been posted on the ITL website here. A quote from the paper: In this paper we have described practical exploitation of the CPU cache poisoning in order to read or write into (otherwise protected) SMRAM memory. We have implemented two ...

RFID Passports Secretly Copied

Monday, February 2nd, 2009

If you have an RFID-lojacked passport but don't keep it in a faraday cage wallet, this video of Chris Paget's war-driving exploits—plucking information off them from afar—should make you think real hard about it. Cruising through downtown San Francisco in his car with a $250 homebrew RFID reader setup consisting of ...