Hacks To Be Truly Paranoid About

snydeq writes: Nothing is safe, thanks to the select few hacks that push the limits of what we thought possible, InfoWorld's Roger Grimes writes in this roundup of hacks that could make even the most sane among us a little bit paranoid. "These extreme hacks rise above the unending morass of everyday, humdrum hacks because of what they target or because they employ previously unknown, unused, or advanced methods. They push the limit of what we security pros previously thought possible, opening our eyes to new threats and systemic vulnerabilities, all while earning the begrudging respect of those who fight malicious hackers."

Card skimmers

[phantomfive]

The only really worrisome one to me is the ATM card skimmers, because if you go to an unknown ATM, it's hard to know if it has a skimmer on top or not. Furthermore, it has increased dramatically over the past few years, up 300% from last year.

I submitted an article on the topic, but it was rejected. Bottom line: be careful when using ATMs, especially at bars and in Florida. Recently New York and Philadelphia have been increasingly targeted.

Re:Duh

[garyisabusyguy]

Either the demographic of /. has changed dramatically or simply clickbait

I have not read InfoWorld in a while, but I was kinda surprised that they would be the source of such a, *ahem*, mundane article

Complacent CIOs & CEOs

[BoRegardless]

Given the dozens and dozens of reported hacks against large orgs over the last 2 year, I can only conclude there is a large disregard for properly addressing security that starts right at the top of the C suite in big companies.

That is at least as troubling for smaller companies, who likely have less resources to deal with security.

Java, [...] most bug-filled, hackable software

[geekpowa]

A light-weight article, typified by this:

Java, one of the most bug-filled, hackable software products the world

Indeed criticism should be leveled at Java for trying to retain one of it's original design intents of being a web safe sandbox while at the same time trying to be a golden hammer in pretty much every other problem/solution domains, server backend, rich client, embedded device etc meaning the platform got so huge and unwieldly it was too difficult to keep it secure if nothing because of it's sheer weight. But to call it the most hackable software products is just stupid and ignorant. Does the author understand the basic concept of memory management exploits? Buffer overruns exploits are virtually non-existant in Java, caused only by rare defects in the JVM itself.

Extreme hack No. 1: ATM hacking

[nickweller]

"Most automated teller machines (ATMs) contain a computer that runs a popular OS, so it should come as no shock that they can be hacked. For the most part, this means Microsoft Windows"

Nothing to disagree with so far ..

"ATM OSes often include an implementation of Java, one of the most bug-filled, hackable software products the world has ever known"

Only when run on top of Microsoft Windows. Sun Microsoft Systems were under the delusion that they owned Java. Originally designed to be a write-once-run-anywhere technology. At least before Microsoft innovated a Java Language Council(excluding Sun), took control of Java (JFC) and licensed it back to Sun (AFC) :) ref

Years later Oracle acquired Suns interest in Java and sued Google for including Java API calls in Android. Curiously enough Microsoft is 'licensing' patented Android technology to the handset manufacturers and Oracle isn't going after Microsoft.

ANY Firmware

[Burz]

Check this incident out. Naturally, Qubes could not protect him because his laptop did not have an IOMMU. But the real interesting thing to me is where/when this implant was actually put in his system (he says he bought it new, in person, and the symptoms appeared sometime after a period of normal behavior).