Hackers Can Mess With Traffic Lights to Jam Roads and Reroute Cars

This article is about if you can actually hack the traffic system to reroute traffic. The system is comprised of magnetic sensors embedded in roadways that wirelessly feed data about traffic flow to nearby access points and repeaters, which in turn pass the information to traffic signal controllers. This system lacks basic security there is no encryption or authentication setup for this system. You could use a packet sniffer to easily capture the data. the data will be in plain text this data can be used to confuse the system to make it work improperly. This could be used maliciously to  cause  major accidents.  Nothing is being done by the company to fix this issue the vice president of the company Sensys Networks, Brian Fuller, told WIRED that the Department of Homeland Security was “happy with the system,” and that he had nothing more to add on the matter.

source: http://www.wired.com/2014/04/traffic-lights-hacking/

A New Zero Day Bug Found in IE

ImageAdvisory 2963983

According to a statement put out by Microsoft late last Saturday, there was a zero day bug discovered that can affect IE browsers going all the way back to IE6. While this effects nearly 25% of the internet browsing user base, there will be no patch for the recently deprecated Windows XP.

How the bug works

The bug lies within how Internet Explorer handles objects stored in memory that have been deleted or not properly allocated. This vulnerability can allow the remote execution of code within the current users session. An attacker could develop a site, and once a user accesses it they would fall victim to this exploit.

Microsoft is planning to release a patch for this as quickly as possible.



Microsoft Advisory

Droidpak Trojan

Symantec researchers have found what they are calling the first known example of Windows malware specifically designed to infect Android devices. This new Android banking malware leverages vulnerable PCs to install itself on Android mobile devices.

Droidpak is a trojan designed to exploit the Windows operating system and gain a foothold on the victim’s computer. After Droidpak settles in, it contacts a remote command & control server. Then the remote server sends a configuration file back to the infected Windows computer. The configuration file references a website. The infected computer tries connecting to the website. If successful, an Android malware file will begin downloading.

Droidpak to successfully install its payload – Android.Fakebank.B will show up as a “Google App Store” application.

Once installed, Android.Fakebank.B looks to see if there are any mobile banking apps installed on the Android device. Symantec said the version of Android.Fakebank.B studied was specifically targeting Korean-banking applications. If Android.Fakebank.B finds a familiar banking app; it attempts to make the user believe the currently installed banking app is malware, should be removed, and replaced by Android.Fakebank.B. If the user agrees and loads Android.Fakebank.B, the malware is in position to steal login credentials and possibly account information when the user logs in using what is thought to be the correct banking app.

Symantec mentions that, “Android.Fakebank.B also intercepts SMS messages on the compromised device.”  Experts suggest turning off USB debugging on Android devices. Most people will not use USB debugging as it’s a developer tool, and used to side-load Android applications from a computer.

Several things have to go right before the Droidpak/Android.Fakebank.B malware combination can successfully steal banking information, but that was also the case with the first versions of banking malware targeting PCs.

Source: http://www.techrepublic.com/blog/it-security/droidpak-a-sneak-attack-on-android-devices-via-pc-malware/

An Eavesdropping Lamp That Livetweets Private Conversations

Conversnitch is a device built for less than $100 that resembles a lamp. This device listens to nearby conversations and posts snippets of transcribed audio to Twitter.

The creators, Kyle McDonald and Brian House hope to raise questions about the nature of public and private spaces when anything can be broadcast by internet-connected listening devices.

The gadget is constructed from a Raspberry Pi miniature computer, a microphone, an LED and a plastic flower pot. It is powered by any standard bulb socket. The audio is captured and uploaded, via the nearest open Wi-Fi network to Amazon’s Mechanical Turk crowdsourcing platform, that post lines of conversation to their twitter account.

I think this is interesting because proves that conversations might not be private anymore. This device was in many places where people thought no one was listening to them. It is open source so anyone can recreate this experiment in a place near you.


Twitter with the conversations: https://twitter.com/conversnitch

Video showing someone installing these gadgets: http://vimeo.com/87564506

Code on GitHub: https://github.com/brianhouse/Conversnitch


Source: http://www.wired.com/2014/04/coversnitch-eavesdropping-lightbulb/

A new way to end cable.

After searching the internet for some time now looking for a good article to do this mini blog on I noticed that there is alot of controversy about the Aereo supreme court case. There is alot of controversy whether or not Aereo is in violation of the broadcasters copyrights. Aereo claims to be a company that it does not broadcast anything, but is an “antenna-renting service” and that each user has his/her own antenna they use to watch certain shows that are stored on a cloud. The reason this case is truly going to the supreme court is because Aereo chargers its users 8 – 12$ a month but does not use the money to pay the networks the same way the cable company does. Depending how the Supreme court rule this could determine what kind of new companies can start up.


sources: https://www.yahoo.com/tech/aereo-delivers-great-local-tv-service-to-cord-cutters.-for-now.-82916180311.html