Lost+Found: Brain hack, iMetasploit, virus bug, knife blues
Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: Researchers hack the brain, iPhones hack computers, malware with an embarrassing bug, Microsoft discovers a proper virus, a script uncovers password hints and knives with expiring certificates
- Hacker attack on the brain: Researchers have used a low-cost brain-computer interface, which was originally designed to control games, to extract sensitive data such as the place and date of birth, banking institute and even debit card PIN from the brains of their test subjects.
- Penetration testers with style can now install Metasploit under iOS – jailbreak required.
- Contrary to initial speculations, the destructive Shamoon malware doesn't seem to be a cousin of the Flame-related Wiper trojan after all. Kaspersky Lab discovered an embarrassing programming flaw in the malware's date comparison routine that the anti-virus experts hesitate to attribute to the highly professional Flame developer team.
- Microsoft has found something that is rare these days: a proper virus – malware that infects the files on a computer. The malware's motives remain unclear; named "Floxif", it exclusively targets DLLs.
- That the password hints of Windows users can be extracted from the registry using a script is interesting, but it does not constitute a new security hole – after all, Windows readily displays these hints to anyone who has access to the computer.
- Victorinox, the traditional Swiss pocket knife manufacturer, is ending its excursion into the high-tech world for the time being and has said that it will no longer offer knives with encrypted USB memory modules. The software for existing models will cease to be maintained, which will affect knife owners as soon as 15 September: that is the expiry date of the VeriSign certificate for secure.exe, the program that is required to access the pocket knives' protected memory area. The manufacturer, whose corporate slogan is "companion for life", has advised its customers to back up their stored data elsewhere before that date. Dissatisfied customers are eligible for a refund.