It has long been supposed that the GSM mobile phone system was pretty secure and safe from hackers, well, it is, ish… Needless to say that there are ways and means for well-resourced and connected spooks and security agencies, but to date it has been beyond the ability of the average backyard nosey parker, but maybe not for much longer.

Engadget reports that Chris Paget, who has a track record for breaking supposedly secure technology in a helpful way of course, he’s one of the good guys. He has revealed what could be a sizeable flaw in 2G GSM.

At the recent DefCon security conference he was able to trick a number of mobile phone users into making calls through his laptop.

The idea appears to be absurdly simple. Basically he set up his laptop connected to a couple of small antennas as a phoney (pun intended) mobile base station, indistinguishable to phones and most users from the real thing. His kit exploited a feature in the GSM system that tells the phone to log onto the base station with the strongest signal. More »

Windows users might dismiss Apple’s new ultra-light, ultra-sleek iPad as just another frivolous toy for Mac heads.

But add remote-computing software and services, and the iPad’s combination of light weight and nicely sized screen makes Apple’s pad a dandy Windows terminal.

I’m writing this story on my iPad, using Microsoft Word for Windows 2007 that’s actually running on my home-office desktop PC. I’ve pulled off this stunt thanks to the handful of remote computing apps designed to work with iPad (and iPhone). Yes, I can have my Apple cake and Windows, too.

Even Adobe Flash, which Steve Jobs declared persona non grata on iPads and iPhones, now has a place on the iPad screen. Flash videos don’t run well (due to the slow screen refresh rates typical of remote-control software), but they do run. Even with a strong Wi-Fi signal, Flash videos were choppy at best.

The ingredients for this Windows/iPad trick are a PC that’s left on, remote-control software on the iPad and PC, and a good Wi-Fi or 3G connection. More »

In their hunt for market dominance, social networks Facebook, Google Buzz, and Microsoft Live are redefining what social means and in the process, straining the bounds of personal privacy.

Facebook, the big daddy of these three, has made quiet changes to its privacy settings, ones that members need to understand if they are going to manage the distribution of their personal information.

I find Facebook useful, mostly as a way to stay in touch with a select set of my friends and former co-workers. It’s not my public soapbox nor a window into my personal life, left open to the world for that, I have blogs and Twitter.

As much as I like Facebook, it has a flaw that I’ll never see in my blogs and hopefully never see with Twitter. It seems the proprietors of Facebook find it necessary, desirable, or profitable to change member privacy settings, usually with little notice to members. In every case I can think of, privacy settings have become more relaxed more open, if you will. More »

Microsoft will continue to recommend BitLocker technology in concert with Trusted Platform Module (TPM) hardware to customers looking to protect sensitive data on mobile computers in the eventuality that the device is stolen or lost, the company said. Paul Cooke, Microsoft director, Windows Client Enterprise Security, notes that attackers can potentially access the secrets stored on TPM hardware inside a computer running Windows 7 with BitLocker, but that the company had labored to make such a scenario highly unlikely.

“With our design for BitLocker in Windows 7, we took into account the theoretical possibility that a TPM might become compromised due to advanced attacks like this one, or because of poor designs and implementations. The engineering team changed the cryptographic structure for BitLocker when configured to use enhanced pin technology,” Cooke stated.

Essentially, an attacker would not only need physical access to a protected computer, but also have to break the TPM for the appropriate secret, and get the user-configured PIN as well. According to Cooke, provided that customers take the necessary steps to make sure the PIN is sufficiently complex, a hack would be infeasible. In this context, an attacker would simply not be able to get the key necessary for the unlocking of the BitLocker protected disk volumes. More »

Want to know just how easy it is to hack Windows 7? It actually takes only a few actions on behalf of the end users to literally hand over a computer to an attacker, in spite of the fact that the computer in question is running the final version of Windows 7, along with security software. The antivirus is useless from the get go, as it is incapable of detecting a zero-day custom hack, let alone prevent or block it in any manner. At the same time, the mitigations of Windows 7 in the default security configuration are also by passed.

But better yet, do you want to witness a Windows 7 RTM yourselves? Then just have a look at the video embedded at the bottom of this article. You will be able to see a hack put together by a non-Microsoft security researcher and demoed at TechEd. And of course, you’ll also be able to find out the steps you need to take in order to protect your environment against this type of attack.

“Marcus Murray, security consultant at TrueSec, shows us a hacking demo he created of Windows 7 using Excel over the internet. After this he explains what security features in Windows 7 you could have used to prevent this hack from occurring. More »