Energizer's Duo USB battery charger has been around for a couple of years now, but the company has just now fessed up to a fairly significant vulnerability in the software for the device after being informed of the problem by CERT. While the software was intended to simply let you keep watch on the battery charging status, it apparently also opened up a backdoor that allowed commands to be executed remotely, including the ability to list directories, send and receive files, and run programs. That vulnerability is only found in the Windows version of the software, and Energizer has already discontinued the product altogether and removed the download from its website. Anyone that already has the software installed is advised to first uninstall it and then remove the Arucer.dll file from the Windows system32 directory.
[Thanks, Michael]
Energizer confirms software vulnerability in Duo charging software originally appeared on Engadget on Mon, 08 Mar 2010 16:19:00 EST. Please see our terms for use of feeds.
Permalink 
Bleeping Computer |
MarketWatch |
Email this |
Comments
back door,
BackDoor,
battery charger,
BatteryCharger,
charger,
duo,
energizer,
energizer duo,
EnergizerDuo,
hack,
vulnerability
If there's one thing a security company should avoid, it's
tempting the hackers to unravel their
promises. As we've seen time and time again, there are few (if any) completely uncrackable technologies, but Verayo sure seems confident about its next-generation
RFID chips. Dubbed "unclonable," this new product family -- which is led by the Vera M4H -- promises to make mass transit tickets, secure IDs and access cards more secure, and
unlike the original, this one touts a "non-networked, unlimited authentication" feature. We also get the impression that the company has worked to drive costs down with this newfangled line, but we're still not sure we'd trust our lives to this thing. Anyone down to really put these claims to the test?
Verayo launches next-generation of 'unclonable' RFID chips, hackers get wide-eyed originally appeared on Engadget on Mon, 08 Mar 2010 07:08:00 EST. Please see our terms for use of feeds.
Permalink |
Business Wire |
Email this |
Comments
Still hanging around on
Windows XP? Perfectly acceptable. Still using Internet Explorer to browse the world wide web? Just a wee bit less forgivable, but we understand that some of you simply can't get around it. If we just rung your bell, you might want to rip the F1 key right off of your keyboard (at least temporarily), as a recently discovered vulnerability in VBScript -- which can only bother Windows 2000, Windows XP and Windows Server 2003 -- could allow malicious code to weasel its way right into your life with a single keystroke. As the story goes, some ill-willed web sites are encouraging users to smash the F1 key in order to access a Microsoft Help file, and when said key is depressed, "arbitrary code could be executed in the security context of the currently logged-on user."
Microsoft has promised to fully investigate and resolve the issue in due time, but 'til then, we'd highly suggest
avoiding your F1 key like the plague switching to Firefox.
Microsoft tells IE faithful on Windows XP to avoid F1 key originally appeared on Engadget on Tue, 02 Mar 2010 16:49:00 EST. Please see our terms for use of feeds.
Permalink Switched |
Microsoft |
Email this |
Comments
error,
f1,
hack,
hackers,
ie,
ie 6,
ie 7,
ie 8,
Ie6,
Ie7,
Ie8,
internet explorer,
internet explorer 8,
InternetExplorer,
InternetExplorer8,
microsoft,
operating system,
OperatingSystem,
os,
problem,
solution,
VBScripts,
vulnerability,
windows xp,
WindowsXp,
WinXp
Even
DARPA understands that its futuristic
bubble shield can be penetrated given the right circumstances, and when it does, the soldier behind it is going to need some serious healing. In a hurry. In the entity's newest budget, there's $6.5 million tucked away "for the creation of a scaffold-free tissue engineering platform, which would allow the construction of large, complex tissues in vitro and in vivo." As you well know, this type of mad science has
been around for quite some time, and now it looks as if DARPA is ready for the next best thing: "non-contact forces." Put simply, this alludes to replacing scaffolds with magnetic fields or dielectrophoresis, which could purportedly "control cell placement in a desired pattern for a sufficient period of time to allow the cells to synthesize their own scaffold." It's still too early to say how close we are to being able to instantaneously heal soldiers on the battlefield, but frankly, the public is apt to never know for sure.
DARPA longs for magnetic body healers, crazy respawn camps originally appeared on Engadget on Wed, 24 Feb 2010 04:22:00 EST. Please see our terms for use of feeds.
Permalink |
DARPA [PDF], Wired |
Email this |
Comments
darpa,
government,
heal,
healing,
health,
magnet,
magnetic,
medicine,
military,
muscle,
Pentagon,
science,
us,
usa,
war,
wargadget,
wound,
wounds
Want your stolen gear back? Don't call some gung-ho superhero who's as likely to blow up your small grocery store as he is to catch those perps, call GadgetTrak instead. The little startup company has grown since we last heard of it
back in 2007, and is now operating a $25 per year tracking service that has delivered a statistically significant 95 percent success rate on reuniting gadgets with their owners. Available for Mac OS and Windows laptops, as well as mobile phones (BlackBerrys, WinMo, and iPhone) and even removable USB storage, the software's intelligent enough to
remotely activate your webcam and ping the incriminating info back directly to you -- no data is sent to GadgetTrak. Check out some recent news coverage of the software and its implementation in local schools after the break.
Continue reading GadgetTrak retrieves 95 percent of stolen laptops, puts RoboCop to shame (video)
GadgetTrak retrieves 95 percent of stolen laptops, puts RoboCop to shame (video) originally appeared on Engadget on Mon, 22 Feb 2010 07:16:00 EST. Please see our terms for use of feeds.
Permalink |
GadgetTrak |
Email this |
Comments
data security,
DataSecurity,
device tracking,
DeviceTracking,
gadget tracking,
GadgetTracking,
gadgettrak,
gadgettrak mobile security,
gadgettrak usb,
GadgettrakMobileSecurity,
GadgettrakUsb,
ken westin,
KenWestin,
laptop tracking,
LaptopTracking,
mactrak,
pc-trak,
theft,
trace,
tracing,
Track,
tracking,
webcam,
wifi,
wifi tracking,
WifiTracking,
wireless,
wireless tracking,
WirelessTracking
Betcha didn't know that
USB flash drives weren't allowed in the US military. Or maybe you did -- you know, considering that one with Japan-US troop deployment maps
went missing in mid-2008.
Oops. At any rate, the Department of Defense has reportedly lifted said ban, but as with anything related to The Man, gobs of red tape will be involved. For starters, they won't be reintroduced "wholesale," instead being reserved for "mission essential applications." We're also told that the drives themselves must contain specific security features, and administrators will be able to track the use of 'em from the outset. For those unaware, the ban was originally put into place just over a year ago after virus-laden USB keys disrupted military networks, presumably flashing Blingee'd faces of
Kim Jong-il onto CIA surveillance screens. Or not, but that'd be pretty hilarious.
DoD eases ban on thumb drive use for US military, our enemies rejoice originally appeared on Engadget on Mon, 22 Feb 2010 00:57:00 EST. Please see our terms for use of feeds.
Permalink Fark |
DefenseNews |
Email this |
Comments
army,
defense,
department of defense,
DepartmentOfDefense,
DoD,
dodge,
flash drive,
FlashDrive,
google,
government,
military,
national security,
NationalSecurity,
usa,
usb,
USB drive,
usb flash drive,
UsbDrive,
UsbFlashDrive
We'll admit to having shared a few login credentials amongst friends here and there in our younger days, but it sounds like the party might soon be over: a company called Scout Analytics has developed a way of identifying a user's "typing cadence," and matching it to how a username and password are entered. It only takes 5 login attempts of around 12 characters for Scout to nab your cadence, and although 1 in 20,000 people will share the same cadence, combining the data with browser info and IP addresses makes it accurate enough for general usage. No word on what sites are using this technique, but we won't be surprised if it starts popping up rapidly -- and sniffing typing cadences becomes the next great malware scourge.
P.S.- Yes, we just wanted to run the picture of the
keyboard pants again. Seriously, can someone please hook us up with those?
Typing 'cadence' used to identify authorized database users, lock everyone else out originally appeared on Engadget on Sat, 20 Feb 2010 01:57:00 EST. Please see our terms for use of feeds.
Permalink |
Ars Technica |
Email this |
Comments
Our British readers will already be painfully familiar with the comical propensity that government officials (even spies!) have for losing sensitive data while on the move. It might be an idea, therefore, to give your forgetful local representative a break with one of these new
Corsair USB drives. The Padlock 2 features OS-agnostic password protection via the keypad you see above plus 256-bit encryption of the data stored on the flash inside. So even if someone is tenacious enough to pry the case open, he'll have a hard time getting anything useful out of it. Oh, and don't worry about forgetting the passcode, there's a procedure for wiping the drive clean and generating a new one. 8GB units are available immediately, and we've spotted them online priced at £46 in the UK and $59 in the good old US of A.
Corsair's Padlock 2 offers 256-bit AES encryption inside a rugged body originally appeared on Engadget on Fri, 19 Feb 2010 06:55:00 EST. Please see our terms for use of feeds.
Permalink Hexus |
Corsair |
Email this |
Comments
256-bit,
aes,
aes encryption,
AesEncryption,
Corsair,
corsair padlock,
corsair padlock 2,
CorsairPadlock,
CorsairPadlock2,
data security,
DataSecurity,
Encrypted,
Encryption,
Flash,
flash drive,
FlashDrive,
hardware encryption,
HardwareEncryption,
memory,
padlock,
padlock 2,
Padlock2,
pin,
rugged,
ruggedized,
software encryption,
SoftwareEncryption,
storage,
usb,
USB drive,
UsbDrive
If we've learned anything from Hollywood it's that
cybersecurity is a growing national concern. And there are a couple approaches the country could take to tackle the problem. The first, which we wholeheartedly endorse, involves relying on tough guys with bad attitudes, short fuses, and a propensity for tattered clothing (at least once the bombs start dropping). The other -- endorsed by Washington think tanks with names like the Bipartisan Policy Center -- would be actual preparation and policy-making. To this end, the Mandarin Oriental Hotel in DC hosted Cyber ShockWave, which only sounds like an awesome energy drink -- in fact, it was a simulated, 12-hour cyber attack held yesterday. In the words of the
Wall Street Journal, organizers intended "to show how the U.S. government would respond to [attacks] against its networks and infrastructure." According to a 367-page November report by the US-China Economic Security Review Commission, the DoD has had to deal with some 54,640 total cyber attacks in 2008 -- with the number of attacks increasing to 43,785 in the first half of 2009 alone. That's a lot of attacks! On second thought, maybe the whole "preparation" and "training" thing
does sound like a good idea. So long as we keep John McClane around -- just in case.
Cyber ShockWave training exercise tests US readiness for cyber-attacks originally appeared on Engadget on Thu, 18 Feb 2010 06:28:00 EST. Please see our terms for use of feeds.
Permalink |
Wall Street Journal |
Email this |
Comments
As it turns out,
Infineon may have been a little bit...
optimistic when it said its SLE66 CL PE was "unhackable" -- but only a little. The company should have put an asterisk next to the word, pointing to a disclaimer indicating something to the effect of: "Unless you have an electron microscope, small conductive needles to intercept the chip's internal circuitry, and the acid necessary to expose it." Those are some of the tools available to researcher Christopher Tarnovsky, who perpetrated the hack and presented his findings at the Black Hat DC Conference earlier this month. Initially, Infineon claimed what he'd done was impossible, but now has taken a step back and said "the risk is manageable, and you are just attacking one computer." We would tend to agree in this case, but Tarnovsky still deserves serious respect for this one. Nice work,
Big Gun.
Christopher Tarnovsky hacks Infineon's 'unhackable' chip, we prepare for false-advertising litigation originally appeared on Engadget on Fri, 12 Feb 2010 10:31:00 EST. Please see our terms for use of feeds.
Permalink Yahoo! News |
DarkReading |
Email this |
Comments
black hat,
black hat conference,
black hat dc conference,
BlackHat,
BlackHatConference,
BlackHatDcConference,
Christopher Tarnovsky,
ChristopherTarnovsky,
infineon,
infineon sle66 cl pe,
InfineonSle66ClPe,
sle66,
sle66 cl pe,
Sle66ClPe,
tpm
