Security Experts:

WRITE FOR US
Robert Vamosi's picture

Robert Vamosi

Contact Robert Vamosi

Robert Vamosi, CISSP, an award-winning journalist and analyst who has been covering digital security issues for more than a decade, is a senior analyst for Mocana, a device security start up. He is also the author of When Gadgets Betray Us and a contributing editor at PCWorld, a blogger at Forbes.com, and a former Senior Editor at CNET. He lives in Northern California.

Recent articles by Robert Vamosi

  • Researchers Using the Doppler Effect to Sense Gestures for Input Commands
    Building on its success with the XBox Kinect, which uses motion to influence the actions of a software program, Microsoft is looking at sound as its next frontier for data entry.
  • Sex, Lies and Cybercrime Surveys - Exaggerations Cloud Reality
    Cybercrime is either getting worse or getting better. According to a new report from Microsoft's research team, we simply do not have enough verified data to support either claim. Similar to sex surveys where exaggeration can skew results.
  • Australian Police Go Wardriving
    In Australia, local police will be informing businesses and residents that their wireless signal is unprotected and therefore open for criminal activity.
  • Ford Test Drives New Consumer Firmware Updates
    With a fleet of new cars using the sophisticated infotainment system they developed with Microsoft, Ford has the need to update those vehicles—for both features and security reasons. But how do you update the software in several thousand cars?
  • Trojan Attacks Possible in Quantum Cryptography
    The security of device-independent quantum key distribution (QKD) has been deemed ineffective by a team of Canadian researchers, and at least one commercial product already in use for telecommunications is directly affected.
  • Corporate Video Conferencing Systems Fail Secure Implementation
    State of the art teleconferencing equipment is a must for most organizations today but few have installed it correctly, according to researchers at Rapid 7.
  • Fun and Games Hacking German Smart Meters
    At a recent security conference, researchers demonstrated how they could spoof the energy usage reported from the meter to the utility. All of this is because the utility in question misconfigured its SSL.
  • Unencrypted Data Weakens Google Wallet (For Now)
    Next year you'll be able to do all your holiday shopping without ever opening a physical wallet—or so Google hopes. The previously announced Google Wallet is comfortably into beta. Google is betting that by 2014 half of all smart phones will ship with compatible NFC chips installed.
  • Skimmers are Getting Lucky - The Need to Improve Security of POS Systems
    Unfortunately, there is nothing new or novel against Point of Sale (POS) skimming attacks, only that they continue to happen in the age of smart embedded systems and PCI.
  • Smart Meters Interfering With Home Electronics
    Customers recently noticed something odd after their power company installed installed smart meters in their homes: in some cases other wireless devices stopped working, or behaved erratically.
  • I Know What You Watched Last Summer...
    Researchers have come forward with a way to discern the personal TV viewing habits of the home owner simply by measuring the fluctuation in the power or what’s known as electromagnetic interference (EMI).
  • Pinpointing Duqu's Origin and Intended Targets: The Debate Continues...
    Setting aside questions of its pedigree, what might be Duqu's intended target? Researchers at Symantec coyly suggested it is targeting different industries than Stuxnet, but didn't name any. Duqu's pedigree and the intended target remains the subject of much debate.
  • Man-in-the-Middle Attacks on Voting Machines: Vote Early, Often, and Why Not Vote Remotely?
    Using parts that cost $10, researchers inserted custom hardware into the Diebold AccuVote TS that could read the touchscreen vote as well as alter the stored information.
  • New Prototyping Boards Make DIY Hardware Hacks Easy
    Many security researchers are using open source Arduino boards for rapid prototyping of tools used in hardware analysis. Vendors who do not test their products before selling them into the field are doomed to be targets of future research and, perhaps, attacks.
  • Mobile Industry Slow to Push Android Updates to Users
    With more and more mobile malware being directed at Android-based phones, you’d think the carriers and manufacturers would respond quickly to security and software updates to the underlying operating systems. According to a new survey that doesn't appear to be the case.
  • Guerilla Cyber Warfare: Are We Thinking Defensively?
    Protecting Internet connected devices from the start and protecting them at the chip level needs to be a priority. But do we really need a full-scale cyber attack to make that so?
  • Making Use of Sensitive Data in the Cloud Without Ever Decrypting It
    Microsoft Researchers have proposed a method for Cloud services to operate on sensitive data without exposing it. The idea is to produce encrypted data that can be analyzed. The actual data remains in the control of the owner.
  • Hacking the Human Body SCADA System
    Drawing parallels with the SCADA industry, researcher Jay Radcliffe gave a personal account of his experience of having Type 1 diabetes and how various devices he uses control his diabetes could be manipulated by "evil doers" at this week's Black Hat Conference.
  • Hacking Laptop Batteries
    Laptop batteries use microcontrollers to tell the lithium battery when it's full and when it needs to be recharged. What's intriguing is that cybercriminals could install malware that would remain on the device no matter how many times you reinstalled the operating system.
  • Of Mice and Compromised Keyboards
    Add mice and keyboards to the list of UBS-based peripherals now suspect in any corporate environment. This is hardware hacking that should be of interest to corporate IT staff, especially if your company or industry is targeted for an attack.
  • 0wning Office Printers
    One problem with computer security is that some security professionals only see the word "computer." What about peripherals? While commercial printers have been networked for more than 15 years, yet they are constantly out of computer security's watchful eye.
  • Defeating Skype Encryption Without a Key
    Researchers have found a novel way to decrypt Skype conversations without ever knowing the encryption key. This particular attack has its roots in linguistics. The researchers liken it to how infants break up speech into words without hearing actual pauses and word divisions within a sentence.
  • Spoofing Locations Made Easy
    In the hours proceeding the annual Hack In The Box conference in Amsterdam, researcher Don Bailey visited Boston, Afghanistan, Libya, and at the White House. Or so his tracking device reported...
  • Skimming PIN Pads: Should PCI Standards Push Upgrades to Newer Technology?
    Some newer POS systems in the US have built-in authentication systems designed to protect merchants against the addition of fraudulent PIN pads. Should PCI now require retail businesses to upgrade to newer and better technology?
  • Dirty Harry Pwned!
    New research demonstrates that common Digital Video Recorders (DVR) installed in police cruisers, municipal buses, school buses, and even taxis are open for compromise by anyone with the means to observe the video and audio streams.