Tag Archive for: Researchers

Researchers add software bugs to reduce the number of… software bugs

/in

Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities.

The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools.

By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT’s Lincoln Laboratory and Northeastern University.

They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities. “The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA,” says Brendan Dolan-Gavitt, a computer science and engineering professor at NYU’s Tandon School of Engineering.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Researchers steal data from a PC by controllng the noise from the fans

/in

Even the noise from your PC’s fans could be used to steal the data inside. Researchers in Israel have found a way to do just that by hijacking the fans and manipulating the sounds they create.

The research from Ben-Gurion University of the Negev shows how data could be stolen from “air-gapped” computers, which are not connected to the Internet.

These air-gapped computers are isolated and often used for sensitive information. To hack them, attackers typically need to gain physical access and install malware, possibly through a USB stick. 

To read this article in full or to leave a comment, please click here

Network World Security

Google’s Android Security Rewards has given researchers over $550000 in 1 year – VentureBeat

/in

Android Central

Google's Android Security Rewards has given researchers over $ 550000 in 1 year
VentureBeat
Google announced today that it has paid out more than $ 550,000 to 82 security researchers that have detected vulnerabilities within the Android mobile operating system. This was done under the auspices of the company's Android Security Rewards program …
Google's Android Security Rewards program has paid out more than $ 550000 so farAndroid Central
Google pays out more than $ 550000 via its Android Security RewardsPhandroid.com
Google paid out $ 550k for Android Security Reward bounties in the last year, is upping bounty amountsAndroid Police
Softpedia News –9 to 5 Google –Phone Arena
all 7 news articles »

“android security” – read more

Researchers help shut down spam botnet that enslaved 4,000 Linux machines

/in

Spam. (credit: Sean MacEntee)

A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down.

Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom “packer” to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines’ operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service.

“There was a script automatically monitoring the CBL for the IP addresses of all the spam-bots,” researchers from security firm Eset wrote in a blog post published Thursday. “If one was found to be blacklisted, this script requested the delisting of the IP address. Such requests are protected with a CAPTCHA to avoid automation, but OCR (or an external service if OCR didn’t work) was used to break the protection.”

Read 2 remaining paragraphs | Comments

Technology Lab – Ars Technica