Darren Pauli

Contact Mail Follow Twitter RSS feed
Dragon's Lair (early Laserdisc game)

Pioneer slaps 80s LASERS on cars for driverless push

Sound system bods Pioneer have completed a trial of laser-outfitted cars in a bid to have vehicle mapping technology in commercial use as early as 2018. Retro-tech fans will be tickled to hear that the Japanese consumer-tech giant based its work on Laserdisc technology with its roots in the 1980s. Pioneer hacked its tech into …
Darren Pauli, 04 Sep 2015

Boffins build magnetic field cloak 'wormhole', could help MRI scanners

Alvaro Sanchez, (left), with Carles Navau, and Jordi Prat-Camps (right). Scientists have created what is being dubbed a 'wormhole' that can split a magnetic field and lead to better MRI scanning. The wormhole allows a magnetic field to be transported across space but it is not the kind of cosmic tunnel popularised by …
Darren Pauli, 04 Sep 2015

Netflix releases reflected XSS audit tool for biz

Netflix has continued its contribution to the open source security community with the release of a tool to better help developers and admins identify cross-site scripting. The Sleeping Puppy tool joins Netflix's released security tools including Fully Integrated Defense Operation automated incidence response platform, the …
Darren Pauli, 03 Sep 2015

Almost all .science malicious, .cricket rigged, boffins find

Almost every one of the hundreds of thousands of websites in 10 top level domains including all under .review and .zip are malicious, according to research. More than 95 percent of the hundreds of thousands websites in each of ten top level domains (TLDs) including .country, cricket, .science, and .party are flogging spam, …
Darren Pauli, 03 Sep 2015

Shabby but persistent espionage group turn tables on researchers

Researchers investigating an active online espionage group have themselves been targeted in persistent social engineering attacks. Eyal Sela and Cedric Pernet of ClearSky and Trend Micro say the attackers from the Rocket Kitten group targeted an unnamed security bod at the former company with social engineering Facebook …
Darren Pauli, 03 Sep 2015

Choc Factory sends website app pluggers to page two mobile cesspit

Google is demoting mobile websites with full screen app advertisements possibly consigning it to the cesspit of the internet that is search result page 2. The move will target websites that splash large ads plugging an app with little close buttons that are hard to tap with fat fingers. Choc Factory engineer Daniel Bathgate …
Darren Pauli, 02 Sep 2015

SOHOpeless: Belkin router redirection zero-day

Security bod Joel Land has reported zero-day holes in a popular model of Belkin router allowing attackers to yank cleartext credentials, spoof DNS responses, and pop admin interfaces. The Belkin N600 DB Wireless Dual Band N+ box released in 2012 and selling for around AUD$150 contains five vulnerabilities from slack randomness …
Darren Pauli, 02 Sep 2015

Croc country cops' mobile facial matching a festival party pop

Cops in crocodile-infested Northern Australia will use facial recognition matched to photos from CCTV and body-worn cameras to capture felons across the vast state. The law will identify potential criminals from its network of 190 CCTV cameras and those in use in the Northern Territory's ongoing trial of body-worn cameras …
Darren Pauli, 02 Sep 2015

Big Blue bops modular menace

IBM threat researcher Limor Kessem has found a new modular malware credential stealer that could become a significant enterprise threat. The malware dubbed CoreBot is an advanced tool currently a credential harvester that operates with sophisticated plugins designed to allow VXers to add extra functionality and offensive …
Darren Pauli, 02 Sep 2015

Mac malware has a neat trick to install itself on OS X fans' machines

Mac malware that relied on a security exploit so small it fitted in a tweet has been upgraded to infect OS X machines after Apple closed that particular hole. The malware once used the patched OS X DYLD_PRINT_TO_FILE vulnerability that grants attackers root privilege escalation through trivial code. This was fixed in the OS X …
Darren Pauli, 01 Sep 2015

Google bods reform DEMOCRACY in coconut or vitamin water quandry

Google has developed an internal utopian voting system for its office events, which its creator hopes to make an official product. So far 11,000 internal staff have cast some 75,000 votes on Google office events like Halloween contests and building names. Some 4,200 staff voted in a Mircokitchen food event in which vote …
Darren Pauli, 01 Sep 2015

US mulls unprecedented Chinese sanctions in wake of hacks – report

The US government is reportedly mulling "unprecedented" sanctions against China in response to hacking. Anonymous White House officials, speaking to the Washington Post, did not provide details on specific economic sanctions which, we're told, have already been drafted and are under consideration. It's understood that unnamed …
Darren Pauli, 01 Sep 2015

Data retention soggy with SPAM

Telcos will be required to retain data on spam, failed email, and borked voice over IP phone calls under the Australian Federal Government's looming data retention plan. Data retention comes into effect 15 October. It requires telecommunications providers retain metadata information on subscribers but not the content of …
Darren Pauli, 01 Sep 2015

Jailbreaking pirates popped in world's largest iCloud raid – 225,000 accounts hit

The largest Apple iCloud raid in history has seen nearly a quarter of a million accounts compromised by malware targeting app pirates. The hack spree, affecting at least 225,000 valid Apple cloud accounts, is hitting jailbroken iThings – devices that have had Cupertino's strict device security controls bypassed and disabled. …
Darren Pauli, 31 Aug 2015

Ruskie ICS hacker drops nine holes in popular Siemens power plant kit

Ilya Karpov of Russian security outfit Positive Technologies has reported nine vulnerabilities in Siemens industrial control system kit used in critical operations from petrochemical labs and power plants up to the Large Hadron Collider. The holes, now patched, also include two for Schneider Electric kit and cover a mix of …
Darren Pauli, 31 Aug 2015

Linux Foundation releases PARANOID internal infosec guide

Linux Foundation project director Konstantin Ryabitsev has publicly-released the penguinistas' internal hardening requirements to help sysadmins and other paranoid tech bods and system administrators secure their workstations. The baseline hardening recommendations are designed that balance security and convenience for its …
Darren Pauli, 31 Aug 2015

Boffins laugh at Play Store bonehead security with instant app checker

An armada of university researchers have devised a novel method of detecting malicious applications on Android app, and by way of demonstration have dug up 127,429 shady software offerings, including some bearing exploits for a whopping 20 zero days. The scheme dubbed MassVet is the brainchild of eight researchers: Kai Chen; …
Darren Pauli, 31 Aug 2015

Friday beers scam up 240 percent, inflicts $1.2 billion in damages

Fake email supplier scams are booming and have inflicted $1.2 billion in damages to businesses globally in the past year according to the FBI. The scams formally known as "business email compromise" involved a fraudster compromising the email account of an existing supplier and attempting to steal funds by tricking staff into …
Darren Pauli, 31 Aug 2015

Spooks, plod and security industry join to chase bank hacker

A group of security boffins have joined police and intelligence spooks in a clandestine mission to identify those behind distributed denial of service (DDoS) extortion attacks against major banks. An attacker using the handle DD4BC (DDoS for Bitcoins) is launching large DDoS attacks against banks and other big business in the …
Darren Pauli, 28 Aug 2015

Malvertising maniac messes MSN, serves corrupted creative

A chap who might just be the world's worst malvertising marauder has popped MSN, potentially compromising some of the site's 10 million daily visitors with an exploit kit so capable it p0wns almost half of those who encounter it. The attacker, understood to be an individual dubbed Fessleak, smashed MSN after popping Yahoo!, …
Darren Pauli, 28 Aug 2015

Hardened Linux stalwarts Grsecurity pull the pin after legal fight

The gurus behind the popular and respected Linux kernel hardening effort Grsecurity will stop providing free support for their stable offering. In future, only paying sponsors will get stable patches to shore up their kernels' defenses. The public stable patches will not be distributed beyond the next two weeks in response to …
Darren Pauli, 27 Aug 2015

Malware menaces poison ads as Google, Yahoo! look away

Feature Online advertising has become an increasingly potent threat to end-user security on the internet. More hackers than ever are targeting the internet's money engine, using it as a powerful attack vector to hide exploits and compromise huge numbers of victims. Malvertising, as poisoned ads are known, is as deadly as it is diverse …
Darren Pauli, 27 Aug 2015

FireEye intern VXer pleads guilty for Darkode droid RAT ruse

A former FireEye intern has pleaded guilty to creating and selling the Dendroid malware on the raided Darkode criminal forum. Morgan Culbertson, 20, of Pittsburgh, pleaded guilty before a Pittsburgh federal judge and faces sentencing 2 December. He faces a maximum of 10 years prison and a $250,000 fine, and has no prior …
Darren Pauli, 27 Aug 2015

Boffins promise file system that will NEVER lose data

Six MIT research boffins have demonstrated a system capable of recovering all data in the event of a crash that was previously constrained to high-end theory. The team will October showcase the first albeit slow file system "mathematically guaranteed" to not lose data during crashes. Authors Haogang Chen; Daniel Ziegler; Tej …
Darren Pauli, 26 Aug 2015

Devs are SHEEP. Which is good when the leader writes secure code

Programmers with security chops are seen as more productive and influential workers whom other coders strive to emulate, according to security researchers from North Carolina State University and Microsoft Research. A sextet of security researchers has produced a trio of studies on the topic, finding that programmers are …
Darren Pauli, 26 Aug 2015

Carders fleece $4.2 million from Victoria's MyKi transport agency

Scammers have inflicted some AUD$4.2 million in damages of damage to Public Transport Victoria (PTV) by buying and selling MyKi travel cards loaded with cash stolen from credit cards. The agency in the southern Australian state coughed up the dough to international credit card holders whose cards were fleeced. MyKi cards are …
Darren Pauli, 25 Aug 2015

Gored Ashley Madison love nest stumps up $500k for hackers' heads

The much-hacked and hated sexual sin-bin Ashley Madison is offering $500,000 Canadian Dollars (US$377,000) to anyone who can provide information leading to the arrest of the those behind its hacking. Records on some 30 million members of the online hoping-for-adultery site were leaked in the hack, along with internal emails …
Darren Pauli, 25 Aug 2015

Body-worn cameras a 'Pandora's Box' says ex Vic Police chief Nixon

Gartner: The Former police commissioner for the Australian state of Victoria, Christine Nixon, says body-worn cameras are a 'Pandora's Box' that cause more problems than they fix. Body-worn cameras are being used, or trialled, by police forces in all six Australian states and are widely used or contemplated around the world. …
Darren Pauli, 25 Aug 2015

Hacker slaps Dolphin, Mercury browsers, squirts zero day

Mobile security guy Rotologix has popped two popular not-Chrome not-Firefox Android browsers, gaining the power to commit remote code execution using zero-day flaws. The holes affect Dolphin Browser and Mercury Browser which have something in the realm of 100 million and one million installs respectively. For comparison …
Darren Pauli, 24 Aug 2015

Even 'super hackers' leave entries in logs, so prepare to drown in data

Gartner: Super hackers basically don't exist, your incident response plan sucks, and you should relish the opportunity to drown in data: such are the lessons from incident response fanatic Anton Chuvakin. The analyst, physicist, and former director of Security Warrior Consulting gave delegates of the Gartner Security and Risk …
Darren Pauli, 24 Aug 2015

High-heeled hacker builds pen-test kit into her skyscraper shoes

MILDLY NSFW A Chinese hardware hacker has hidden a penetration-testing toolkit into her high-heeled shoes. The Wi-Fi-popping platforms were forged in a 3D printer, and contain compartments to smuggle hacking hardware past strict security checks in data centres and the like, and later retrieved. The hacker and pen-tester, who goes by the …
Darren Pauli, 24 Aug 2015

Telstra News spews banking trojan after malvertising attack

Australia's dominant telco, Telstra, has been serving one of the world's most dangerous hacking tools after its news site was infected with malvertising. Malwarebytes researcher Jerome Segura says the attackers were likely dropping the Tinba trojan, considered to be the world's smallest malware by file size at about 20kb and …
Darren Pauli, 24 Aug 2015

NASA reveals Cassini probe's last glimpse of Saturn's icy moon Dione

NASA has released images from the Cassini probe's last fly-by of Saturn's moon Dione. The August 17 encounter captured Dione's icy pockmarked landscape from a distance of 474 kilometres above the moon's surface. Cassini came within 100km of Dione in December 2011. The images offer another look at the haunting moon and were …
Darren Pauli, 21 Aug 2015

Geeks on quest for world's most pointless YouTube video

Four tech geeks are seeking the most useless, unpopular, waste-of-space YouTube videos as part of an international competition, dubbed NoTube. The online contest, hosted in Switzerland, seeks to find videos on the mammoth Google video attic that make a mockery of YouTube's user-created content slogan 'broadcast yourself'. …
Darren Pauli, 21 Aug 2015

Blue Termite hacker group eating Japanese business from within

Kaspersky researcher Suguru Ishimaru says an advanced threat group is breaking convention and hacking high-end Japanese industries from within the country. The group is popping the kind of targets sophisticated groups prefer, such as government agencies, financial firms, and manufacturing organisations. Ishimaru says the …
Darren Pauli, 21 Aug 2015

Unholy Hong Kong hackers hit evangelicals with IE 0day

Hackers are already using an Internet Explorer vulnerability disclosed this week to hack members of an evangelical church. The attackers compromised the website of the Evangelical Lutheran Church of Hong Kong, injecting a malicious iFrame that redirects the faithful to a malicious website sporting the Internet Explorer …
Darren Pauli, 21 Aug 2015

iOS storing enterprise credentials in directory anyone can read

Security bod Kevin Watkins says Apple is storing enterprise credentials in a readable-by-anybody directory that is ripe for data theft. The sandbox vulnerability (CVE-2015-3269) affects all apps that use the managed app configuration setting in devices that have not applied the most recent iOS 8.4.1 update. Watkins says …
Darren Pauli, 21 Aug 2015

Activist pens pirate's map to 'liberating' academic journals

The cause of those who feel that information wants to be free, and that academic research should always be, have a new tool: a guide to defeating tracking traps that could identify document leakers. An activist using the alias Storm Harding (@StormHarding) told the Chaos Communications Camp in Zehdenick, Germany, his "purely- …
Darren Pauli, 20 Aug 2015

Net scum respect their elders so long as it leads to p0wnage

Net scum are employing both cool new attacks like the Angler exploit kit and oldies-but-goodies such as macroviruses in their undergoing something of a generational clash, with Cisco reporting both Word macros and the sophisticated Angler exploit kit are the most popular attack vectors this year. Blackhats dumped macros as an …
Darren Pauli, 20 Aug 2015

Holes found in Pocket Firefox add-on

Information security man Clint Ruoho has detailed server-side vulnerabilities in the popular Pocket add-on bundled with Firefox that may have allowed user reading lists to be populated with malicious links. The since-patched holes were disclosed July 25 and fixed August 17 after a series of botched patches, and gave attackers …
Darren Pauli, 20 Aug 2015

Google reveals OnHub WiFi router, complete with GLOWING RING

Google will shortly release its first WiFi router and has made automatic updating a frontline feature. The new "OnHub" is designed to offer a rather more pleasant experience for home users, starting with a cute coffee cup form factor and extending to an app-driven user interface. Google's even banished blinking lights [Heresy …
Darren Pauli, 19 Aug 2015

Microsoft drops rush Internet Explorer fix for remote code exec hole

Microsoft has released an out-of-band patch for Internet Explorer versions 7 through 11, to close a dangerous remote code execution flaw allowing attackers to commandeer machines. The attack will be a highly useful tool in hacker arsenals likely allowing them to build powerful phishing, watering hole, and malvertising …
Darren Pauli, 19 Aug 2015

Anti-botnet initiatives USELESS in sea of patch-hating pirates

Three Dutch researchers have crunched data gleaned from efforts to battle the Conficker bot and declared anti-botnet initiatives all but useless for clean up efforts. Conficker was born in 2008 spreading aggressively through a since patched remote code execution Microsoft vulnerability (MS08-067) that affected all operating …
Darren Pauli, 18 Aug 2015

Veedub flub hubbub stubs car-jack hack flap

Dutch and British researchers Roel Verdult and Baris Ege, the duo behind the revelation that many VW cars have a security flaw, have now revealed that Ferraris, Maseratis, Pontiacs, and Porches that use Megamos Crypto transponders can be stolen. The duo demonstrated how the Megamos engine immobiliser, which unlocks when an …
Darren Pauli, 18 Aug 2015

Ransomware blueprints published on GitHub in the name of education

Turkish security bod Utku Sen has published what appears to be the first openly available source code for ransomware – free for people to use and spread. The "Hidden Tear" ransomware, available to GitHub, is a functional version of the malware the world has come to hate; it uses AES encryption to lock down files and can …
Darren Pauli, 18 Aug 2015

Ten years after the Samy worm its discoverer's voice is lost in the din

It has been 10 years since Sydney security bod Wade Alcorn disclosed how cross-site scripting vulnerabilities could be weaponised, a revelation that would one week later see the proof of concept become the fastest-spreading worm ever. There is no direct link between Alcorn's disclosure and Samy Kamkar's eponymously named worm …
Darren Pauli, 17 Aug 2015

Adobe pays US$1.2M plus settlements to end 2013 breach class action

Adobe has paid an undisclosed amount to settle customer claims and faces US$1.2 million in legal fees after its 2013 data breach which compromised the details of 38 million users. The creative content king was served a November 2013 class action lawsuit filed in California in which it is claimed "shoddy" security practises …
Darren Pauli, 17 Aug 2015

Choc Factory patches zero day Google for Work hack hole

Google has patched a vulnerability in the Google Admin application that could allow attackers to steal enterprise accounts. MWR Labs researcher Rob Miller reported the sandbox-hopping hole, rated medium severity, which can be exploited by malware residing on a user's device. The flaw can be used to steal Google for Work …
Darren Pauli, 17 Aug 2015

Boffins nail 2FA with 'ambient sound' login for the lazy

Internet users who think two taps on a smartphone is two taps too much may soon be able to use seamless second factor authentication that verifies a person is in possession of their phone by matching ambient noise sound prints. Researchers Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun of the …
Darren Pauli, 17 Aug 2015

Facebook hands hackers $100k for breaking browsers

Four researchers have scored US$100,000 from Facebook for revealing 11 bugs affecting platforms including the Chrome and Firefox browsers using novel vulnerability discovery methods. The Georgia Institute of Technology team of PhD students Byoungyoung Lee and Chengyu Song, and professors Taesoo Kim and Wenke Lee discovered the …
Darren Pauli, 14 Aug 2015