Tag Archive for: ‘win’

Hackers win Tesla Model 3 at security competition with $530,000 exploit

/in


Despite these flaws, the researchers noted that Tesla is doing an excellent job of making the car difficult to hack by putting in place a sophisticated system of sandboxes, which isolates components and makes it more difficult to gain greater privileges by simply breaking into one of them.

TOCTOU attack

The Synacktiv team demonstrated two different exploits. At first, it took them less than two minutes to compromise the Model 3’s Gateway system, which serves as the energy management interface for communication between Tesla vehicles and Tesla Powerwalls.

They inserted the required malicious code using a Time of Check to Time of Use (TOCTOU) attack, a strategy that takes advantage of the brief interval between when a computer examines something like a security credential and when it really uses it.

They weren’t hacking a genuine Model 3 for safety concerns, but they would have been able to open the front hood and doors of the vehicle even while it was moving.

Source…

One 0-day; Win 7 and 8.1 get last-ever patches – Naked Security

/in


As far as we can tell, there are a whopping 2874 items in this month’s Patch Tuesday update list from Microsoft, based on the CSV download we just grabbed from Redmond’s Security Update Guide web page.

(The website itself says 2283, but the CSV export contained 2875 lines, where the first line isn’t actually a data record but a list of the various field names for the rest of the lines in the file.)

Glaringly obvious at the very top of the list are the names in the Product column of the first nine entries, dealing with an elevation-of-privilege (EoP) patch denoted CVE-2013-21773 for Windows 7, Windows 8.1, and Windows RT 8.1.

Windows 7, as many people will remember, was extremely popular in its day (indeed, some still consider it the best Windows ever), finally luring even die-hard fans across from Windows XP when XP support ended.

Windows 8.1, which is remembered more as a sort-of “bug-fix” release for the unlamented and long-dropped Windows 8 than as a real Windows version in its own right, never really caught on.

And Windows RT 8.1 was everything people didn’t like in the regular version of Windows 8.1, but running on proprietary ARM-based hardware that was locked down strictly, like an iPhone or an iPad – not something that Windows users were used to, nor, to judge by the market reaction, something that many people were willing to accept.

Indeed, you’ll sometimes read that the comparative unpopularity of Windows 8 is why the next major release after 8.1 was numbered Windows 10, thus deliberately creating a sense of separation between the old version and the new one.

Other explanations include that Windows 10 was supposed to be the full name of the product, so that the 10 formed part of the brand new product name, rather than being just a number added to the name to denote a version. The subsequent appearance of Windows 11 put something of a dent in that theory – but there never was a Windows 9.

The end of two eras

Well, this month sees the very last security updates for the old-school Windows 7 and Windows 8.1 versions.

Windows 7 has now reached the end of its three-year pay-extra-to-get-ESU period (ESU is short for extended security updates), and…

Source…

Bigger Fleets Win | Proceedings

/in


I’ve heard a lot of people saying recently, ‘Quantity has a quality all its own.’ And I just want to be clear: No, it doesn’t. That’s one of the dumbest damn things I’ve ever heard.”1 With respect to the quoted speaker, not only does quantity have a quality all its own, but it also almost always proves decisive in naval warfare when professional competence is equal.

Using technological advantage as an indicator of quality, historical research on 28 naval wars (or wars with significant and protracted naval combat) indicates that 25 were won by the side with the larger fleet. When fleet size was roughly equal, superior strategy and substantially better trained and motivated crews carried the day.2 Only three could be said to have been won by a smaller fleet with superior technology.3

When professional naval competence and strategic acumen were equal, the larger fleet usually won, even when the smaller fleet possessed technological advantages at the start of the conflict. A primary reason is that technological advantages were inevitably short-lived.4 In a war between equally competent technological near peers—absent a series of amazing strokes of luck—the larger fleet always won.5 (See Table 1.)

With the growing potential of a naval engagement between a shrinking U.S. fleet and a growing People’s Liberation Army Navy (PLAN), the three examples of technologically advanced but smaller fleets’ victories are not reassuring:

  • The Byzantine Empire’s naval forces versus Vikings, Slavs, Turks, and Arabs to about the year 1000 AD/CE. At that time, the Arabs learned to employ the equivalent of Greek fire.

• The Portuguese in the Indian Ocean versus Mamluks, the Ottoman Empire, and Indo-
regional allies, 1500–1580.

• The British East India Company and various European nations versus Imperial China circa 1840–1900.

All other wars were won by superior numbers or, when between equal forces, superior strategy, or admiralship. Often all three qualities act together, because operating a large fleet generally facilitates more extensive training and is often an indicator that leaders are concerned with strategic requirements. In the Napoleonic…

Source…

Eurovision 2022 Ukraine Kalush Orchestra Win Russia Hacking Threat

/in


The same Russian threat actors that this week targeted Italian parliamentary and military websites and threatened to disrupt U.K. National Health Service (NHS) services, could now have the Eurovision Song Contest 2022 final in their crosshairs.

The Killnet threat group has threatened to “send 10 billion requests” to the Eurovision online voting system and “add votes to some other country.”

What is Killnet?

The pro-Kremlin Killnet cybercriminal group boasts of conducting “military cyber exercises” to improve member skills, appears to be mostly involved in reasonably straightforward, if disruptive, Distributed Denial-of-Service (DDoS) attacks.

MORE FROM FORBESRussian Military Hackers-$10 Million Reward Offered By U.S. GovernmentBy Davey Winder

According to threat intelligence experts at Cyjax, Killnet first emerged back in March following the Russian invasion of Ukraine. Using the newly launched ‘Killnet Botnet DDoS’ resource, its first target was the Anonymous hacktivist collective. This involved disrupting “the Anonymous website.” Or, at least, it would have if such a thing existed.

As Cyjax explains, there is no central Anonymous website. “It’s more likely that an independent generic Anonymous website was targeted to boost morale for the Russian side,” Cyjax says.

Killnet threatens to disrupt Eurovision 2022 final voting

In an apparent attempt to prevent or disrupt the online voting for current Eurovision favorites from Ukraine, the Kalush Orchestra, Killnet has hinted it could target Eurovision servers. In a Telegram message, the group claimed to have already disrupted the voting system. Or, rather, that the DDoS Botnet might be behind earlier voting difficulties.

Russia was banned from competing in Eurovision 2022 following the invasion of Ukraine, and the Kalush Orchestra has stated that a win would be a morale booster for the people of Ukraine.

A Eurovision spokesperson said that the voting system has “a wide range of security measures in place to protect audience participation” and this year will be no different in that regard.

Killnet also appears to…

Source…