According to the Wall Street Journal, Iraqi insurgents have been regularly using a satellite-snooping software called “Sky Grabber”  (cost = $26) to monitor live Predator video feeds.

The Predator transmits video over an unencrypted link, so there’s no major hacking going on here, but it’s obviously a huge issue – and we’d say the bigger problem is that Pentagon officials have known about this flaw since the 1990s, but they didn’t think insurgents would figure out how to exploit it.

Way to underestimate, guys.

The WSJ says the military is working to encrypt all Predator feeds from Iraq, Afghanistan, and Pakistan, but it’s slow going because the Predator network is more than a decade old and based on proprietary tech – too bad it’s not proprietary enough to keep prying eyes out of it.

Recently, reports have surfaced that the non jailbroken versions of the highly popular Apple iPhone may be vulnerable to direct memory attack, because of attempts to force execution of unsigned code.

A student at the University of Milan recently announced that he had found a way to force unsigned code to be run using a sophisticated memory hack.

Limitations imposed by Apple code-signing requirements have meant that security researchers had overlooked non jailbroken phones due to the native security already present. The general consensus was that difficulties in exploiting a platform requiring code signing, such as the iPhone, are wide ranging and innumerable, compared to the exploiting of other more mundane devices.

Thanks to software updates dealing with existing security issues, Apple has managed to create a device that is relatively secure because of their proprietary code-signing requirements. This code signing has resulted in enhanced security for the iPhone device, when compared to other more open platforms.

The details of the announcement regarding this potential exploit show that hackers can upload non-executable code to memory and then, by simply changing a register, can make that code executable. With the latest version of the iPhone operating system due to ship any day now, this may only be a temporary problem.

But if this attack exists and remains un-patched, the possibilities for remote attackers to exploit the Apple iPhone are endless. It could range from remote eavesdropping to stealing sensitive information and credit card details.

Whilst the Apple platform is fundamentally secure due to the way the software company has locked the iPhone down, numerous vulnerabilities have been revealed in the past.

With the new iPhone 3.0 OS, it will be interesting to see which vulnerabilities Apple managed to eliminate and also what weaknesses the new operating system will create.

Numerous examples of malicious software have been found on hundreds of ATM machines running Microsoft Windows.  This ‘software’ is apparently able to record card numbers and details that are contained in the magnetic strip on the back of cards.

Up until now, this exploit has only been found on ATM machines located in Eastern Europe, but it looks to be that the software is highly advanced, and before long it may make its way to the west.

This highly advanced exploit not only records card details, but it also gives full access to the ATM machine functions.  From printing money to rebooting the machine, criminals need only insert a special ‘card’ which allows them to literally do anything they want.

It would seem that the evolution of the ATM machine has ensured that it is now vulnerable to attack because of the developers desires for it to remain ‘user-friendly’.  But has user friendly gone one step too far in this case?  The vulnerable ATM machines all run a standard version of Windows XP which obviously, has major vulnerabilities.

It would seem that simply securing parts of a computer inside a steel cage is no longer enough to deter these attackers and they have found a way to load their sinister software without banks actually knowing.

Looking at this, one can only make the realistic conclusion that ATM machines are no longer simply ‘thin clients’.  It is ironic to see that banks are putting their trust in operating systems such as Windows XP straight out of the box.

Evidence supporting the security limitations of Windows XP has existed since before 2003.  Even the NSA admits that standard editions of XP are flawed and vulnerable.  As a result, USAF actually petitioned Microsoft for a locked-down and secure version of the operating system.  Why didn’t banks think of that?