All articles by Robert Vamosi

Hard-coded Credentials Still Haunt Many Legacy IoT Products

While it’s good that more remote sensors are communicating with each other, in some cases providing sensitive information in real time, bad security practices among manufacturers of those devices remain –specifically, hard-coding admin passwords. Experts speaking at Black Hat USA 2014 and at DefCon 22, sister security conferences held last week.

Cisco VoIP Phones Affected By On Hook Security Vulnerability

In the new motion picture Skyfall, James Bond uses fewer gadgets than in previous films, but a future 007 might not have to rely upon Q at all, instead taking advantage of ordinary gadgets, according to one researcher. On Wednesday at the Amphion Forum in San Francisco researcher Ang Cui demonstrated an attack on common Cisco-branded Voice over read »

The Best Hacking Film You Haven’t Seen (Yet)

When was the last time you saw a good documentary about the origins of computer hacking? Well, Code 2600, a new documentary film from a young filmmaker named Jeremy Zerechak comes really close to being both accurate and entertaining while at the same time scaring the pants off anyone who doesn’t yet know that computer data is read »

Outsmarting Power Grid Vulnerabilities

An electrical system first built in the 1880s by Thomas Edison then added to every year since can only replace the existing devices wholesale or find ways to retrofit the devices already in the field. Each, as Benjamin Jun of Cryptography Research points out, has its security pros and cons. read »

Redefining Identity Protection, One Free App At A Time

A new iPhone app promises notify you when the FBI or other law enforcement agents find your personal information in a cyber criminal’s database.

Fortunately, the app also has the tools to protect you from identity fraud, and most of them are free.

href=””>read »

Report: Anonymous Turns To Denial Of Service Attacks As A Last Resort

In 2011, members of Anonymous targeted a major organization, first posting recruiting videos on YouTube and then making various tools available to

volunteers worldwide to download and use during a planned attack. But the target was ready; its security defenses held against the onslaught of vigilantes

online. Its files were not stolen. Its Web
Safeguarding Your Toaster Against Malware

In a few years just about every electronic gadget, even your toaster, will connect to the Internet, fulfilling the vision of what’s known as the “Internet

of Things.” The problem is we don’t yet think of these individual gadgets that connect as tiny computers. And we certainly don’t think about having to update

them for security reasons. That read »

Son of Stuxnet

It had to happen: Someone has released the next-step toward the next-generation Stuxnet virus, although the target of this new virus remains unclear.

According to Symantec, the next threat, dubbed “Duqu” because the code has the code string ~DQ within it, is a surveillance-based Trojan horse, designed to

relay information back to a read »

A Secure Software Model Matures

It is one thing to say you have secure software, it is quite another to back that up with security best practices. Building Security In Maturity Model

(BSIMM) is a secure software development lifecycle model that grew out of scientific observations around software security practices at nine companies ranging

from Adobe to Google, and Wells Fargo read »

Rockwell SCADA Patch Expected Soon

Within the next seven days, Rockwell Automation will release a patch for a supervisory control and data acquisition (SCADA) vulnerability first made public

last Friday.

Initially security researcher Luigi Auriemma posted code for a denial of service attack vulnerability only affecting Rockwell Automation’s RSLogix 5000

Programmable Logic read »

Bitsquatting: Machine-Garbled Internet Connections

You did not request that strange Web site on your browser, but your computer may have. According to new research presented at both the annual Black Hat USA

and DefCon conferences this week in Las Vegas, hardware flaws, heat and cosmic rays may be flipping 1s and 0s and changing URL addresses.

This isn’t typosquatting, where the bad actor