Archive
Newly discovered router flaw being hammered by in-the-wild attacks | Ars Technica
It seems painfully clear to most security researchers now that the Mirai botnet is not finished and may never be unless providers take security seriously.
In an article from Arstechnica,
They explain that the loophole being exploited now deals with remote management ports for devices that our cable and DSL providers use. With most of the home users struggling to setup these devices when they get them home, they seldom change the default passwords and that allows hackers to exploit them. Vendors are also leaving application ports open to the Internet without proper source filtering which allows them to be enumerated by tools like Shodan and Censys.
We simply need to get better at taking ownership of our security posture, both consumers and vendors alike. Let’s all step up out game…
SafetyNet: Google’s tamper detection for Android · John Kozyrakis ~ blog
Interesting article about Google’s idea to test for rooted phones for developers who want to make sure that your phone is ‘safe’ to run their applications.
Stay tuned for more hacking…
I was reading this article about the sentencing of a 17 year old in the UK for a Web attack that happened in 2015. He says he won’t do it again but do we really want that?
http://www.infosecurity-magazine.com/news/talktalk-breach-17yearold-confesses/
It tells us that several websites were vulnerable to a SQL injection attack which leaked personally identifiable info (Pii).
Aren’t we punishing the wrong people here? I mean his motives were to show off his abilities and not to obtain and exploit the data. It also appears that the site already knew about the attack and was not able to do anything to mitigate?
I know that we would all like to live in a world where lost wallets are always returned to us with all the money inside but isn’t the company primarily responsible for continuing to neglect the security of the data?
Until we start legislative accountability for companies that hold service availability over security, we will continue to have breaches. To penalize individuals who help to find these flaws instead of congratulating them is like forgiving the dog and scolding the bone for just being there.
Cirque du Soleil – Ole
Had a great night out in Mexico watching the new Cirque du Soleil production called ‘Joya’. I saw golfer Greg Norman at the event and the only thing I could think of saying to him was ‘Happy 20Th Anniversary’ 😦
Bruce Schneier on the most recent attack vector, USB sticks
Think of it, you walk into a building, see a computer that (hopefully) is locked and you plug in a USB device and walk away. Just like James Bond, you look at your watch and a few minutes pass by. You unplug your device and head back to the Astin Martin…
Well okay this part is fictitious but the rest isn’t. Read more about the the technique in this article.
https://www.schneier.com/blog/archives/2016/11/hacking_passwor.html
RFID hacking for fun (and profit)
I recently received a new proxmark3 easy and began the fun of reader and cloning access badge cards. For those of you unaware of how these little while cards work, allow me to share some fun facts. The Radio Frequency Identification Device (RFID) Card are comprised of a coil of copper wire wrapped in a loop to create an electronic field. They also have an Integrated circuit (IC) embedded in them that is powered when the field is oscillated. Remember how rubbing your hands together creates static electricity?
This oscillating field comes from the reader and is tuned to a specific frequency that can be used to pickup a unique identifier from your card.
Near Field Communication (NFC) uses this mechanism and has a more dense command set which can allow it to utilize encryption.
We use RFID tags on most consumer goods to prevent theft and there was once an idea to embed these into pets and even humans!
With a little computer know-how and about $100.00 you can create a device that can be used to clone these badges in just seconds.
I setup my device to capture some data from my work facility with relative ease. Once stored (captured) from any card, the buffer of the device can now replay the signal to fool any reader.
I wanted to show you what some of the thinest cards would look like when they are scanned. The version I am using is a 37 bit iClass px D8L and it features the facility code and the card holder number (blanked out for security purposes).
Verifying the data from any card is as simple as issuing the command ‘lf search’. Here we can see the card number (known as the TAG ID) that would be registered into the security system along with the format length.
Now for the fun part – we place our valid card on top of our reader and issue the following command – ‘lf hid fskdemod’. This will tell you the TAG ID and will repeat quite a few times until it has sampled the modulated waveform.
Now we place a T5577 card on our proxmark device and type ‘lf hid clone’ followed by the TAG ID number. With any luck, you now have a cloned copy of your card!
Beware of manned security stations using newer technology, they will often look at the face of anyone who had their picture taken while being issued a card. Unless you look very similar to the person whose card you have cloned, you will surely be caught.
Next step is to setup a malware program on the security computer so that your picture is substituted for the card holder and our physical security challenge is successful. I wonder what their favourite website is to use when there is no one coming in and out of the building….hmmm. Nextime.