Secret Service investigating alleged credit card breach at Target

According to the Wall Street Journal and independent journalist Brian Krebs, retail giant Target was hit with a major theft of customers’ credit-card and debit-card data captured in stores over the Black Friday weekend.

The company has nearly 1,800 stores in the United States and over 100 in Canada.

“The Secret Service is investigating—we have no further comment as it is an ongoing investigation,” Brian Leary, a Secret Service spokesperson, told Ars.

Read 5 remaining paragraphs | Comments


Is Volkswagen’s strategy really doomed to fail?

Is Volkswagen's strategy really doomed to fail?

Earlier today Mr. Demuro entertained us with a post about why VW’s strategy is doomed to fail on the heels of Jonathan Browning stepping down as VW Group of America CEO.

Read more…

Perv Utopia: Light on MacBook webcams can be bypassed

The MacBook’s LED indicator is off, but its webcam is very much turned on.

A common pastime among the residents of the Internet’s seedy underbelly is spying on people through their webcams then using the pictures to harass and blackmail the victims. This kind of hacking went mainstream when Miss Teen USA Cassidy Wolf was named as a victim of a blackmail attempt.

In addition to standard computer security advice given to combat this behavior—keep your computer patched, don’t install malware, and so on—it’s commonly suggested that you only use webcams where the activity LED is hardwired to light up whenever the camera is active. Among others, Apple’s line of laptops has been identified as having such hardwired LEDs. However, researchers at Johns Hopkins University have published a paper, first reported on by the Washington Post, demonstrating that even this isn’t good enough. Some hardwired LEDs turn out to be, well, software controlled after all.

As with just about every other piece of modern hardware, the webcams in the computers that the researchers looked at—an iMac G5 and 2008-vintage MacBooks, MacBook Pros, and Intel iMacs—are smart devices with their own integrated processors, running their own software. The webcams have three main components: the actual digital imaging sensor, a USB interface chip with both an integrated Intel 8051-compatible microcontroller and some RAM, as well as a little bit of EEPROM memory.

Read 9 remaining paragraphs | Comments


Select Ting customers can now enjoy Sprint’s Spark LTE

Wireless service provider Ting is launching four devices that support Sprint’s Spark enhanced LTE service. Ting, an MVNO (mobile virtual network operator) that runs on Sprint’s nationwide network, will offer Spark support for the LG G2, Samsung …

New attack steals e-mail decryption keys by capturing computer sounds

In this photograph, (A) is a Lenovo ThinkPad T61 target, (B) is a Brüel&Kjær 4190 microphone capsule mounted on a Brüel&Kjær 2669 preamplifier held by a flexible arm, (C) is a Brüel&Kjær 5935 microphone power supply and amplifier, (D) is a National Instruments MyDAQ device with a 10 kHz RC low-pass filter cascaded with a 150 kHz RC high-pass filter on its A2D input, and (E) is a laptop computer performing the attack. Full key extraction is possible in this configuration, from a distance of 1 meter.

Computer scientists have devised an attack that reliably extracts secret cryptographic keys by capturing the high-pitched sounds coming from a computer while it displays an encrypted message.

The technique, outlined in a research paper published Wednesday, has already been shown to successfully recover a 4096-bit RSA key used to decrypt e-mails by GNU Privacy Guard, a popular open source implementation of the OpenPGP standard. Publication of the new attack was coordinated with the release of a GnuPG update rated as “important” that contains countermeasures for preventing the attack. But the scientists warned that a variety of other applications are also susceptible to the same acoustic cryptanalysis attack. In many cases, the sound leaking the keys can be captured by a standard smartphone positioned close to a targeted computer as it decrypts an e-mail known to the attackers.

“We devise and demonstrate a key extraction attack that can reveal 4096-bit RSA secret keys when used by GnuPG running on a laptop computer within an hour by analyzing the sound generated by the computer during decryption of chosen ciphertexts,” the researchers wrote. “We demonstrate the attack on various targets and by various methods, including the internal microphone of a plain mobile phone placed next to the computer and using a sensitive microphone from a distance of four meters [a little more than 13 feet].”

Read 9 remaining paragraphs | Comments


The EPA Won’t Tell You Which 2013 Models Were The Most Efficient

The EPA Won't Tell You Which 2013 Models Were The Most Efficient

Welcome to Must Read, where we single out the best stories from around the automotive universe and beyond. Today we have reports from Motoramic, Washington Time, and Curbside Classic.

Read more…

Lamborghini Hurácan: Will It Debut This Week?

Lamborghini Hurácan: Will It Debut This Week?

The Lamborghini Huracán might be the replacement for the beloved but aging Gallardo. Or it might be the Lamborghini Cabrera. Either way, we suspect it could this week.

Read more…

Deadspin Globe Report: Boston Marathon Bomber Said He Heard Voices | Gizmodo Your Dog Could Talk Bac

Deadspin Globe Report: Boston Marathon Bomber Said He Heard Voices | Gizmodo Your Dog Could Talk Back With This Mind-Reading Headset | io9 Nope. Oxytocin isn’t going to become the "trust me" drug. | Lifehacker The Future of Car Hacking | Paleofuture DARPA Tried to Build Skynet in the 1980s | Kinja Popular Posts

Read more…

NSA should stop undermining encryption standards, Obama panel says

Encryption technology has come a long way since the Enigma machine.

A presidential advisory committee today recommended that the US government stop any efforts to undermine encryption standards or attack commercial software.

The panel’s report (full text at comes in response to the National Security Agency leaks of Edward Snowden and makes 46 recommendations. Number 29 should please IT security researchers:

We recommend that, regarding encryption, the US Government should:

(1) fully support and not undermine efforts to create encryption standards;

(2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and

(3) increase the use of encryption, and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.

We reported in September on the NSA’s uneasy relationship with encryption researchers, detailing how the agency has helped improve the encryption standards that secure Internet communications while in other cases undermining them. Government officials have routinely joined security researchers at technology conferences—this year, they were asked to stay away from DefCon, one of those annual events.While the White House isn’t obligated to accept the advisory panel’s recommendations, doing so could end any current or future efforts to insert backdoors into encryption standards. Security experts, including Bruce Schneier, have warned that the NSA’s work has undermined the security of the Internet.

Read 5 remaining paragraphs | Comments


Gawker Reddit Forum Encourages Users to Spam College With False Rape Reports | Jalopnik The Craziest

Gawker Reddit Forum Encourages Users to Spam College With False Rape Reports | Jalopnik The Craziest Dash Cam Videos Of 2013 | Jezebel Nearly 1% Of Women Claim They Were Virgins When They Gave Birth | Kotaku Arnold Schwarzenegger Has Killed 509 People. Here They All Are. | Kinja Popular Posts