broken-lock

As we have been working with Windows 8 and Windows 2012 server we have become increasingly concerned about security. Although Microsoft has claimed that they have improved security through items like the locked UEFI boot process there are still glaring omissions in security that keep popping up very recently it was noted that despite the claims from Microsoft of a more secure login process the password hint is exposed in the SID database and easily recovered remotely. We also found that users’ contact lists are also left in the open (and in plain text) and available to anyone that can gain remote elevated privileges; which is what almost all Viruses and Malware try to do.

Wednesday, 26 September 2012 22:17

Samsung Galaxy S3 remote reset hack

samsung-logo

It looks like there is a simple hack, containing of only one line of code that can start an unstoppable factory reset on the Samsung Galaxy S3. According to security researchers there is a simple USSD (Unstructured Supplementary Service Data) code that can do some serious harm to S3 owners. USSD is a session based GSM protocol unlike SMS and MMS, and it is used to send messages between a mobile phone and an application server. With the advancements in technology there are more than few services based on USSD, some of them are social networking apps, mobile banking, prepaid recharge/account balance, even the NFC technology and QR codes.

anonymousIf there is one thing that you can say Anonymous has done that has a measurable positive effect it is exposing the level of Corporate and Government Ignorance. Ignorance is not an admissible excuse any longer in this day and age and is often used in court when someone says they did not know they were breaking the law. Since this is generally accepted why is anyone willing to give companies that show massive amounts of ignorance (which is just really lack of forethought or cost cutting) when it is discovered that their systems are not secure? We are shocked that this is at all acceptable considering the data breaches going back as far as 2009. Still we continually hear about this product or that network is suddenly discovered to be insecure. Exactly how is that possible?

Welcome to Black Hat and DEF CON 2014
Published in Shows and Events
Saturday, 02 August 2014 16:51

Welcome to Black Hat and DEF CON 2014

We are on the ground in Las Vegas, NV to cover Black Hat and DEF CON 2014. We will be bringing you coverage of the latest in hacks, exploits and the tools that are supposed to protect you from the “bad guys”. We also brought along some fun toys that are perfect to travel security. Granted nothing we brought it going to keep you 100% safe, but in the real world every little bit helps.

bfscam01

No sooner has Facebook given pages the ability to make offers to people then we see one of the first cams using the new system. Now, we all know that Facebook has to do something to keep people interested and in particular they need to give businesses the ability to push their products on other Facebook users. This can help Facebook generate more revenue… blah, blah, blah. However Facebook really does need to do something about their anti-spam and scam detection tools they are pretty much non-existent.

News light-virus-1

There is trouble in the Google Play Store as someone (Symantec) has discovered a Trojan downloader application that appears to be rather prevalent in the form applications masquerading as different applications (two of the most downloaded were Mario Brothers and GTA 3 Moscow City). The new malware appears to be concentrating on the Eastern European area right now as it utilizes premium SMS services that are tied to specific regions using certain numbers.

facebook_moneyRemember when we told you that Facebook was going to allow companies to pay to promote certain posts? Well it is now in full swing as it looks like Facebook has rolled out the service to everyone’s pages. Over the last week we have been having issues with posting links on the DecryptedTech Facebook page, yet when we reported the issue there was almost no response from Facebook about the issue. As it turns out this issue was due to the changes that Facebook was making behind the scenes.

Security concerns are about more than just weak passwords and malware.
Published in News

Since the beginning of 2014 the IT world has been rocked by more than a few major breaches. The number of credit cards and user information now up for sale is staggering. So how have these attacks managed to get in and make off with so much data so quickly? Of course there are the usual suspects in these cases, weak passwords and users downloading malware on their systems that allow a potential attacker into their system.

Darkhotel Attack Targets Hotel Guest Wireless Networks
Published in News

The targeting of travelers is something that is a very old idea. To the would-be attacker you are getting a target that is not familiar with their surroundings and (in many cases) has a lot of money on them. In the “old days” the target was the cash they brought with them. This quickly changed to a number of scams to get access to their credit card numbers and the cash that they protected. Still the idea was to go after the traveler because they were easy targets when they were out and about.

Wednesday, 02 January 2013 11:05

New LinkedIn phishing email making the rounds

Code

It seems that LinkedIn cannot catch a break. After a rather large data breach that resulted in the theft of a large number of user account information (including unsalted passwords protected by an outdated encryption scheme) there is now a new phishing email making the rounds that is aimed specifically at LinkedIn users.  Although phishing emails that target users of social networks are nothing new this one is the first that we have seen that targets LinkedIn users and also appears to be sent directly to LinkedIn user email addresses.