CyberSec Bulletin

 

GSM Security Hacked

1/13/2010      By: Steven Brower

 

Abstract: German researchers have cracked the GSM security that maintains voice privacy during calls. This encryption hack affects primarily AT&T and T-Mobile Wireless customers since both AT&T and T-Mobile almost exclusively use GSM technologies.

 

Bulletin: German researchers have cracked the GSM security that maintains voice privacy during calls. This encryption hack affects primarily AT&T and T-Mobile Wireless customers since both AT&T and T-Mobile almost exclusively use GSM technologies.

Karsten Nohl, reported to the Associated Press, "that he, working with others online and around the world, created a codebook showing how to get past the GSM encryption used to keep conversations on more than 3 billion mobile phones safe from prying ears." Nohl's information has been made available through many file sharing sites in an effort to "push companies to improve security."

Verizon Wireless and Sprint Nextel customers are largely unaffected by this as the majority of their customers use CDMA phones.

For more information, go to Cellphone Encryption Code Is Divulged.

 

 

 

U.S. Cert Releases New Firefox Vulnerability

1/11/2010      By: U.S. CERT

 

Abstract: The Firefox Browser before version 3.5.7 is susceptible to Denial of Service (DoS) attack through carefully crafted websites.

 

Bulletin: According to U.S. Cert, "The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array."

For More Information, visit U.S. Cert CVE-2010-0220.