Stories by Lucian Constantin

Researcher hijacks insecure embedded devices en masse for Internet scanning project

An anonymous researcher created a massive botnet by hijacking about 420,000 Internet-accessible embedded devices with default or no login passwords and used it to map the entire Internet.

Site hosting leaked celebrity data goes offline

A site that published the private information and credit reports of several celebrities and other public figures last week went offline on Sunday. The last person to have his alleged private information exposed on the site was CIA director John Brennan.

Internal-use SSL certificates pose security risk for upcoming domain extensions

The practice of issuing SSL certificates for internal domain names with unqualified extensions could endanger the privacy and integrity of HTTPS communications for upcoming generic top-level domains (gTLDs), according to a security advisory from the Internet Corporation for Assigned Names and Numbers (ICANN).

Researchers find vulnerability in EA's Origin platform

Users of Origin, the game distribution platform of Electronic Arts (EA), are vulnerable to remote code execution attacks through origin:// URLs, according to two security researchers.

3G and 4G USB modems are a security threat, researcher says

The vast majority of 3G and 4G USB modems handed out by mobile operators to their customers are manufactured by a handful of companies and run insecure software, according to two security researchers from Russia.

Security appliances are riddled with serious vulnerabilities, researcher says

The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, according to a security researcher who analyzed products from multiple vendors.

Researchers resurrect and improve CRIME attack against SSL

Two researchers from security firm Imperva have devised new techniques that could allow attackers to extract sensitive information from users' encrypted Web traffic.

Java's security problems unlikely to be resolved soon, researchers say

Since the start of the year, hackers have been exploiting vulnerabilities in Java to carry out a string of attacks against companies including Microsoft, Apple, Facebook and Twitter, as well as home users. Oracle has made an effort to respond faster to the threats and to strengthen its Java software, but security experts say the attacks are unlikely to let up any time soon.

Lack of HTTPS on iOS App Store left users open to attacks, researcher says

Until late January, Apple's App Store servers did not encrypt all communications with iOS clients, which exposed users to several potential attacks, according to a Google security researcher.

The Android malware problem is not hyped, researchers say

Recent reports from antivirus companies seem to suggest that the number of Android malware threats is growing. However, there are still many skeptics who think that the extent of the problem is exaggerated.

Kaspersky Internet Security 2013 bug can lead to system freeze

Kaspersky Lab's Internet Security 2013 product contains a bug that can be exploited remotely, especially on local networks, to completely freeze the OS on computers running the software.

Deutsche Telekom unveils real-time map of global cyberattacks

Deutsche Telekom launched a Web portal Wednesday that provides a real-time visualization of cyberattacks detected by its network of sensors placed around the world.

LinkedIn wins dismissal of lawsuit seeking damages for massive password breach

Professional social networking service LinkedIn won the dismissal of a lawsuit seeking damages on behalf of premium users who had their log-in passwords exposed as a result of a security breach of the company's servers last year.

Cybercriminals using digitally signed Java exploits to trick users

Security researchers warn that cybercriminals have started using Java exploits signed with digital certificates to trick users into allowing the malicious code to run inside browsers.

Oracle releases emergency fix for Java zero-day exploit

Oracle released emergency patches for Java on Monday to address two critical vulnerabilities, one of which is actively being exploited by hackers in targeted attacks.