InfoSec links October 20, 2014

Finding a Video Poker Bug Made These Guys Rich -- Then Vegas Made Them Pay - Kevin Poulsen - WIRED

Williams could see that Kane was wielding none of the array of cheating devices that casinos had confiscated from grifters over the years. He wasn't jamming a light wand in the machine's hopper or zapping the Game King with an electro­magnetic pulse. He was simply pressing the buttons. But he was winning far too much, too fast, to be relying on luck alone.

Signed Malware = Expensive "Oops" for HP - Brian Krebs - Krebs on Security

Earlier this week, HP quietly produced several client advisories stating that on Oct. 21, 2014 it plans to revoke a digital certificate the company previously used to cryptographically sign software components that ship with many of its older products. HP said it was taking this step out of an abundance of caution because it discovered that the certificate had mistakenly been used to sign malicious software way back in May 2010.

Everything you need to know about the POODLE SSL bug - Troy Hunt - troyhunt.com

Which brings us to POODLE. Whilst I doubt we’ll see the same mass hysteria as we did last month, it is (and will continue) hitting the news and like the other two biggies this year, it’s serious enough to warrant attention and obscure enough to result in wild speculation and a general misunderstanding of the underlying risk. Let me share what I know based on the questions I’m hearing.

This post first appeared on Exploring Information Security.

WiFi Infosec links July 2, 2014

Bad Guys are Watching You (via insecure Wi-Fi) - Stefan Tanase - Kaspersky Lab Daily

WiFi security is really bad. I would be wary of joining any WiFi network out in public. Especially if it says free, and even more so if you were heading to Sao Paulo for the World Cup. The gist of the article here is that WiFi networks have bad security and so do apps.

And the World Cup Security Centre's WiFi password is... - Graham Cluley - GrahamCluley.com

Dear organizations,

When you bring a photographer and a media person who is going to communicate to the public, please. PLEASE! Be very consciousness about what's around you.

Sincerly,

/Facepalm

"Free" Wi-Fi from Xfinity and AT&T also frees you to be hacked - Sean Gallagher - ars technica

What this world really needs is WiFi everywhere, because it's proven to be a secure way to communicate with the internet. Oh wait... This is a good article that goes into more technical detail and how you device can be pwned connecting to a public WiFi network.

This post first appeared on Exploring Information Security.

InfoSec fun links June 10, 2014

Alleged robber caught after trying to befriend his victim on Facebook - Lisa Vaas - Naked Security

Apparently, mugging someone and then trying to friend them on Facebook is the new thing for criminals. Not much else to say here, except /facepalm.

Secret Service Software Will 'Detect Sarcasm' Social Media Users - Aliya Sternstein - Nextgov

Humans can barely do this! Now some software is going to do it? Good luck with that.

14-year-old code crackers hack Winnipeg ATM - Doug Lunney - Toronto Sun

ATMs are notoriously insecure. Not only can skimmers be placed on them and 90% of them around the world are running Windows XP, but also default settings aren't being changed on them. Two teenagers found a manual online for an ATM machine that allowed them to get into the operators mode. The best part of the story is that they went to the bank and informed the staff that they had done it, they didn't believe them. So the got permission to get proof and returned with six documents printed out from the operator mode. Only then did the staff take them seriously. Welcome to the world of security research kids.

 This post first appeared on Exploring Information Security.