How to hack to an embedded device? On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a primary vector used by engineers, researchers, and hackers to extract program code or data, modify memory contents, or affect device operation on-the-fly. Depending on the complexity of the target device, manually locating available →
Slashdot informs (and I have seen it also on other news) that the Matriculation Examination Board of Finland (Upper Secondary School Exams) has opened an international hacking contest to find flaws and exploits in Digabi Live. Digabi Live is a Live Debian based operating system to be used in the all-digital final exams by the →
Are you afraid of hackers? If not yet check out the scariest new tricks at this year’s twin computer crime conferences, Black Hat and Def Con. The top 10 new reasons to be afraid of hackers article tells that it’s traditional for these skilled programmers to unveil their greatest exploits at the conventions, prompting a →
HTML5 has opened many new possibilities for developers. Now you can use web technologies to build full mobile applications, not just web pages. When you are building those application you need to know The Security Risks of HTML5 Development, because HTML5 includes a number of useful features that pose as double-edged swords from a security →
For the last week news sources have been full of controversy over the NSA’s controversial PRISM surveillance program (check the latest comments on my Security trends for 2013 article) after top-secret slides detailing the massive electronic surveillance programme were leaked last week by ex-CIA techie Edward Snowden. If those newspaper reports are accurate, the NSA’s →
The recommended way when you need to do SSH communications (let it be SSH or SCP) from a script is to use secure public key authentiaction to authenticate with the other end. With this you can open SSH connections without putting any passwords to your scripts. But sometimes the best solution is what you can →
Well known security guru Bruce Schneier has an interesting blog posting titled The Politics of Security in a Democracy. It tells that terrorism causes fear, and we overreact to that fear. Our brains aren’t very good at probability and risk analysis: We think rare risks are more common than they are, and we fear them →
Supervisory Control and Data Acquisition (SCADA) systems are used for remote monitoring and control in the delivery of essential services products such as electricity, natural gas, water, waste treatment and transportation. SCADA software runs on regular computers, but is used by owners of critical infrastructure and other various types of industrial facilities to monitor and →
Finnish Communications Regulatory Authority Viestintävirasto had a Tietoturva nyt! 2013 security seminar two weeks ago. Viestintävirasto has now published the seminar presentations. Most of the presentations are in Finnish, but there are also four presentations in English. If networking and cyber security interests you those are worth to check. →
There is so much data available on the Internet that even government cyberspies need a little help now and then to sift through it all. Wired article Use These Secret NSA Google Search Tips to Become Your Own Spy Agency tells that the National Security Agency produced a 643-page book Untangling the Web: A Guide →