Lost+Found: Hackers - false, scapegoats, captchas and apps
Too short for news, too good to lose; Lost+Found is a roundup of useful security news. In this edition, there's a false hacker alert, a hacker scapegoat, hacking CAPTCHAs and hacking apps on a mobile device, restyled government trojans, advice on identity and defective Wi-Fi.
- When people know fire alarm tests are going to take place, its known that they can be somewhat ineffective. Employees of the city of Tulsa, Oklahoma must have been aware of this truism as they engaged an independent security firm to conduct unannounced security tests for the city. The tests were so unexpected that the city believed a real attack was taking place. After two weeks of being offline, and after running a $20,000 mail out to inform 90,000 citizens that their details may be in the hands of hackers, the city of Tulsa found out that they'd not been hacked.
- Actress Linday Lohan says it was hackers who left a now-deleted Hitler-themed message on her Twitter feed, but her comments about hurricane Sandy preceding it wasn't any more sensitive or tasteful.
- CAPTCHAs are meant to keep robotic intruders out, but with a bit of hacking magic the may also provide exactly the opposite.
- Core Security has discovered a vulnerability in Broadcom's Wi-Fi chips found in various devices including older iPhones. The hole lets you push other WLAN users off the net but then using deauth packets already works.
- Sure, you can play Angry Birds on smartphones, but pentesters can have fun with their phone in their own way – if the right apps are installed.
- The various government trojans have a companion now with the Anonymous Edition – collect them all ... or not.
- Telling people your real details on untrusted web sites? A UK Governement official recently suggested that you don't to avoid your details being harvested by fraudsters, advice dismissed as "totally outrageous" by an MP concerned about cyber-bullying.