Tuesday, December 26, 2017

Acoustical Attacks against Hard Drives

Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs":

Abstract: Among storage components, hard disk drives (HDDs) have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and significantly-improved areal density. Such advances in HDDs have made them an inevitable part of numerous computing systems, including, personal computers, closed-circuit television (CCTV) systems, medical bedside monitors, and automated teller machines (ATMs). Despite the widespread use of HDDs and their critical role in real-world systems, there exist only a few research studies on the security of HDDs. In particular, prior research studies have discussed how HDDs can potentially leak critical private information through acoustic or electromagnetic emanations. Borrowing theoretical principles from acoustics and mechanics, we propose a novel denial-of-service (DoS) attack against HDDs that exploits a physical phenomenon, known as acoustic resonance. We perform a comprehensive examination of physical characteristics of several HDDs and create acoustic signals that cause significant vibrations in HDDs internal components. We demonstrate that such vibrations can negatively influence the performance of HDDs embedded in real-world systems. We show the feasibility of the proposed attack in two real-world case studies, namely, personal computers and CCTVs.



from Acoustical Attacks against Hard Drives
Posted by at No comments:
Labels:

SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation

Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at no cost to users. It applies cloud security technology to monitor, scan and protect your systems without any worrying. The comprehensive defender and anti-virus … Continue reading SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation

The post SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation appeared first on Security Boulevard.



from SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation
Posted by at No comments:
Labels:

PHP Security Part 2: Directory Traversal & Code Injection

Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies in the fact that user input, which plays a critical role in the security of a web application, is being trusted. This is probably the single point of failure […]

Read More →

The post PHP Security Part 2: Directory Traversal & Code Injection appeared first on Acunetix.

The post PHP Security Part 2: Directory Traversal & Code Injection appeared first on Security Boulevard.



from PHP Security Part 2: Directory Traversal & Code Injection
Posted by at No comments:
Labels:

SSD Advisory – Trustwave SWG Unauthorized Access

Vulnerability Summary The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27. Trustwave Secure Web Gateway (SWG) “provides distributed enterprises effective real-time protection against dynamic new malware, strong policy enforcement, and a unique Zero-Malware Guarantee when managed for you … Continue reading SSD Advisory – Trustwave SWG Unauthorized Access

The post SSD Advisory – Trustwave SWG Unauthorized Access appeared first on Security Boulevard.



from SSD Advisory – Trustwave SWG Unauthorized Access
Posted by at No comments:
Labels:

DevSecOps: 2018 is the Year Quality and Security Finally Merge

A flaw is a flaw is a flaw. And as DevSecOps practices take root in an enterprise, don’t be surprised when software engineering teams are finally able to let this concept bear fruit in a meaningful way—namely through the practical merger between quality assurance and security. Philosophically, the idea that security is at least an..

The post DevSecOps: 2018 is the Year Quality and Security Finally Merge appeared first on Security Boulevard.



from DevSecOps: 2018 is the Year Quality and Security Finally Merge
Posted by at No comments:
Labels:

5 Things to Do to Secure Your Facebook Account From Hackers

Some time back, a Facebook account was irrelevant to hackers. There was no reason to hack anyone’s account since there was no reason for hacking an account in the first place. Ever since it has grown to billions of users, Facebook contains enough data for hackers to use for either monetary gain or blackmail. A […]… Read More

The post 5 Things to Do to Secure Your Facebook Account From Hackers appeared first on The State of Security.

The post 5 Things to Do to Secure Your Facebook Account From Hackers appeared first on Security Boulevard.



from 5 Things to Do to Secure Your Facebook Account From Hackers
Posted by at No comments:
Labels:

Women in Information Security: Tiffany Gerstmar

Last time, I spoke with Stephanie Vanroelen. She’s an OWASP contributor who specializes in web penetration testing. She also organizes BruCON, Belgium’s largest cybersecurity convention, and volunteers at CyberSKool, an information security camp for kids. This time, I have the pleasure of speaking with Tiffany Gerstmar. Working with the US Navy taught her a lot […]… Read More

The post Women in Information Security: Tiffany Gerstmar appeared first on The State of Security.

The post Women in Information Security: Tiffany Gerstmar appeared first on Security Boulevard.



from Women in Information Security: Tiffany Gerstmar
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)