By timothy from Slashdot's that's-how-clever-it-was department
links to a NYTimes piece which says "The evidence gathered by the 'early warning radar' of software painstakingly hidden to monitor North Korea's activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation."
From the linked article:For about a decade, the United States has implanted “beacons,” which can map a computer network, along with surveillance software and occasionally even destructive malware in the computer systems of foreign adversaries. The government spends billions of dollars on the technology, which was crucial to the American and Israeli attacks on Iran’s nuclear program, and documents previously disclosed by Edward J. Snowden, the former security agency contractor, demonstrated how widely they have been deployed against China. ... The extensive American penetration of the North Korean system also raises questions about why the United States was not able to alert Sony as the attacks took shape last fall, even though the North had warned, as early as June, that the release of the movie “The Interview,” a crude comedy about a C.I.A. plot to assassinate the North’s leader, would be “an act of war.”Read Replies (0)
By timothy from Slashdot's best-hanging-from-rearview-mirror department
According to a story at Forbes, Digital Bond Labs hacker Corey Thuen has some news that should make you think twice about saving a few bucks on insurance by adding a company-supplied car-tracking OBD2 dongle:It’s long been theorised that [Progressive Insurance's Snapshot and other] such usage-based insurance dongles, which are permeating the market apace, would be a viable attack vector. Thuen says
he’s now proven those hypotheses; previous attacks via dongles either didn’t name the OBD2 devices or focused on another kind of technology, namely Zubie, which tracks the performance of vehicles for maintenance and safety purposes. ... He started by extracting the firmware from the dongle, reverse engineering it and determining how to exploit it. It emerged the Snapshot technology, manufactured by Xirgo Technologies, was completely lacking in the security department, Thuen said. “The firmware running on the dongle is minimal and insecure. It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies basically it uses no security technologies whatsoever.”Read Replies (0)