The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Urdumela.com Database owned By KiLLerMiNd ! Login as Admin: Database: Vip Account:

Starting with January 1st, 2011, Indian banks will require an additional security code in order to authorise phone banking transactions, according to regulatory guidelines issued by the Reserve Bank of India (RBI). Known as one-time passwords (OTP), these codes are part of what is known as two-factor authentication systems and provide an extra layer of security. The RBI directive is mandatory for all banks that offer phone banking services, including those based on Interactive Voice Response (IVR) systems. IVR refers to technology which offers customers to perform actions via their phone's keypad and get confirmation through pre-recorded audio messages. As their name implies, OTPs can only be used once, meaning that a new code must be generated for each separate transaction. This can be done by the bank and sent to the customer's mobile phone number or via an electronic device called a hardware token, which is supplied to the client in advance. In both cases the cus...

Sonic.net today announced it has been selected to operate and support the trial fiber-to-the-home network Google is building at Stanford University. This experimental project will test new fiber construction and operation methods, while delivering full gigabit speeds to approximately 850 faculty and staff owned homes on campus. Sonic.net will manage operation of the network, provide customer service and support and perform on-site installation and repair. Sonic.net is Northern California’s leading independent Internet service provider. The Stanford trial network is completely separate from the community selection process for Google’s Fiber for Communities project, which is still ongoing. Google’s ultimate goal is to build a fiber-to-the-home network that reaches at least 50,000 and potentially up to 500,000 people, and it plans to announce its selected community or communities by the end of the year. Sonic.net currently operates California’s largest open Internet access network, offer...

In China, a trojan has popped up that uses escalated rights to read out information such as the address book in Android cell phones, and sends the information via the internet to remote servers. As the Lookout blog reports, the contaminant called Geinimi is the most refined method of collecting personal data yet, as it not only acts independently, but can also be remotely controlled by a server. Geinimi hides itself by encrypting the data it needs to run and by using an obfuscator for Java byte code. In addition to the address book, the trojan can also read out the cell phone's position data, device ID (IMEI), SIM card number (IMSI), and a list of the installed apps. It is not yet clear what the developers of Geinimi are ultimately trying to do. Geinimi comes as an add-on for common apps, most of them games sold in third-party app catalogues. According to the Lookout blog, the following applications are affected: Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and...

At the 27th Chaos Communication Congress ( 27C3 ) hacker conference, security researchers demonstrated how open source software on a number of revamped, entry-level cell phones can decrypt and record mobile phone calls in the GSM network. Using a normal laptop and a homemade monitoring device, team leader Karsten Nohl of Berlin's  Security Research Labs  explained that GSM mobile communications can be decrypted in "around 20 seconds." He said his team was able to record and playback entire conversations in plain text. Last year, Nohl and his team showed how they managed to crack the A5/1 encryption algorithm used in GSM, in three months using 40 distributed computers. Since then, he says his team has considerably improved the rainbow tables needed for the attack; the tables are once again available from the BitTorrent peer-to-peer network. Nohl says he has also made a lot of progress with the other hardware and software needed for the attack. Furthermore, the scenar...