CRAIG YOUNG

1115 0

CraigYoungCraig Young is a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team (VERT). He has identified and responsibly disclosed dozens of vulnerabilities in products from Google, Amazon, IBM, NETGEAR, Adobe, HP, Apple, and others. His research has resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame. Craig’s presentations on Google authentication weaknesses have led to considerable security improvements for all Google users. Craig won in track 0 and track 1 of the first ever SOHOpelessly Broken contest at DEF CON 22 by demonstrating 10 0-day flaws in SOHO wireless routers. His research into iOS WiFi problems more recently exposed CVE-2015-3728 that could allow devices to inadvertently connect to malicious hot spots. Craig has more recently turned his attention to a different part of the wireless spectrum with research into home automation products as well as RFID/NFC technology.



Articles by CRAIG YOUNG

VERT Threat Alert: Return Of Bleichenbacher’s Oracle Threat (ROBOT)

VULNERABILITY DESCRIPTION A team of researchers, including Tripwire VERT’s Craig Young has announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw. The problem is that these implementations allow an attacker to identify whether or not a chosen ciphertext has proper PKCS#1 v1.5 padding when decrypted. This allows for a classic …

0 comments

Medical Devices Hit By Ransomware For The First Time In US Hospitals

In the aftermath of the WannaCry attack, Medical devices at U.S. Hospitals have now been hit by ransomware by a stolen National Security Agency Hacking tool. Craig Young, Security Researcher at Tripwire was on hand to comment and gives his reasoning to why these hospital vulnerabilities were not fixed beforehand. Craig Young, Security Researcher at Tripwire: “Medical devices often use …

0 comments

Android Pattern Locks Opened Using Video Recordings

Scientists from China and the UK have published research that reveals how to break Android’s pattern lock system using videos of people entering their patterns. Craig Young, Principal Security Researcher at Tripwire commented below. Craig Young, Principal Security Researcher at Tripwire: “Password based authentication is the best option in terms of securing an Android device. …

0 comments

Hackers Can Turn Headphones Into A Microphone And Listen In

Researchers have been able to turn headphones into a microphone to unknowingly eavesdrop in background. Researcher designed a code called ‘Speake(a)r, which ‘retasks’ a computer’s outputs to inputs – allowing them to record audio even when the headphones were in the output-only jack.  Craig Young, Security Researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “It …

0 comments

15% Of Home Routers Are Unsecure

About 15 percent of all home routers are unsecure, according to a study recently released by ESET. ESET took a look at home 12,000 routers and found that 15 percent had weak passwords with the default ‘admin’ being the username. Craig Young, Security Researcher at Tripwire: “Frankly ESET’s numbers are strikingly low compared to what I’d …

0 comments

New JavaScript Malware Shuts Down Your PC If You Terminate Its Process

Researchers from Kahu Security have come across a new malware variant, coded in JavaScript, which hijacks your browser’s homepage but will also shut down your computer if you detect the intrusion and attempt to terminate its process. Craig Young, Security Researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “A key take away …

0 comments

Group Claiming To Be The Armada Collective Threatens DDoS Attacks

Following the news that cybercriminals claiming to be the Armada Collective have sent out extortion emails threatening independent and small businesses with DDoS attacks, Craig Young, Security Researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “In my opinion, businesses are best to never pay DDoS extortionists and instead are better served saving …

0 comments

Don’t Pay Ransom To DDoS Extortionists

Cybercriminals claiming to be the Armada Group, are threatening small businesses around the world with DDoS attacks if they don’t play them a ransom in bitcoin. Craig Young, Cybersecurity Researcher at Tripwire commented below. Craig Young, Cybersecurity Researcher at Tripwire: “In my opinion, businesses are best to never pay DDoS extortionists and instead are better …

0 comments

Inteno Router Flaw Could Give Remote Hackers Full Access

Security experts are warning of a critical new router vulnerability which could allow remote attackers to replace the firmware on a device to take complete control over it, and monitor all internet traffic flowing in and out. Craig Young, Security Researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire:  “It is always difficult …

0 comments

Vulnerable Smart Home IoT Sockets Act As Bridge To Take Down Full Networks

Researchers have discovered critical security flaws in connected smart plugs which can give attackers access to a full home network — as well as your email account. Craig Young, Security Researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “This is entirely unsurprising to anyone who’s been paying attention to the IoT market.  …

0 comments