From The Blog

Displaying items by tag: Hacking

Want to play a trick on your iPhone owning friends? Well we have a good one for you. According to Reddit there is a sequence of symbols and Arabic characters that will cause an iPhone to crash and reboot. Oh the joy you will have playing this game over and over with your friends. To add even more to the fun the original text that caused the issue will still be in the messenger app. That means if you open it up… your phone reboots again.

Published in News

On March 2 2015 CVE-2015-1187 was released. This alert indicated that a simple cross-site request forgery allowed someone (the “bad” guys) to hijack DNS settings on a wide range of routers. By doing this they were able to point people to their own DNS server and in turn direct them to malicious sites. These sites could be anything they wanted them to be from phishing sites to sites with malware intended to compromise the target system. The exploit is a pretty smart one especially when you take into account the fact that the bad guys do not need to remotely manage the target router to get this going.

Published in News

Over the weekend there was a lot of talk about how Windows in particular is vulnerable to a flaw that is linked to SMB. This flaw could allow someone to grab user information by forcing a redirect to a malicious server using the SMB protocol. The way it works is pretty simple; if you give someone a URL that begins with the work “file” then Windows (and some other systems) will think that you want to use SMB to connect to a file share. If the server that the link (URL) points to uses even basic authentication then you can try and tempt a user to put in their own credentials and grab them during the exchange.

Published in News
Tuesday, 24 March 2015 11:15

PoS systems are the new compromise cash cow...

The Point of Sale (PoS) station is probably one of the most targeted devices in recent years. There are multiple reasons for this: older operating systems, the need to POS users to have admin rights, generic logons for the “windows” accounts, and more. Most PoS softare is very resistant to attempts to properly secure it including getting all sorts of bent out of shape when you try to apply restrictive security policies to them. I have even seen them stop working because the removable drive mount option is removed from USB ports using a group policy object.

Published in News
Tuesday, 24 March 2015 09:33

More hacking fun with the UEFI BIOS

Back in August of 2014 while covering DEFCON 22 we sat in on a talk about how insecure the UEFI BIOS was and how it could potentially grant a malicious person ring zero access to your system. The talk was given by Corey Kallenberg and Xeno Kovah and they showed just how easy it would be to plant non-removable malware into the UEFI BIOS as well as how easy it would be to kill the BIOS remotely by affecting only two lines of code in the BIOS.

Published in News

Gasp! There has been another published attack on the TOR Project. This time the attack and compromise technique comes from the gang at Princeton. The Princeton team claims that their new methods are around 95% successful and only require traffic in one direction. The information that they have presented is interesting and certainly could be used to grab information from users of the anonymous service, but it is not really new and not surprising to hear about.

Published in News
Tuesday, 30 December 2014 11:19

Sony hack was probably not from Korea… Go figure

So the big Sony Hack that everyone was talking about and that the US government blamed on Korea might not have been state sponsored after all. Despite the FBI’s initial (and way too fast) conclusion that the source of the attacks were from North Korea there was ample evidence that this was not the case from the start. Anyone familiar with the way an attack happens knows that the majority are going to be pushed through multiple proxies and will have some sort of obfuscation to hide who is doing what including using code that might have been used before.

Published in News

Edward Snowden is the gift that keeps on giving. After walking out on the NSA with a ton of secret documents detailing the extent that the agency and their partners were digging into ordinary people’s lives he started to release them. Even after the first and very damaging release of documents Snowden promised that there was more and worse to come. We have seen some pretty bad things coming from the classified document stash including a report that was recently published by Der Speigel.

Published in News

The concept of the fingerprint ID has been around for a long time and, for the most part, has been seen as a rather secure method of locking your things away. At least that is the way it is seen by the public. For most of the security crowd finger print ID as a security system have one major flaw in them, they are all little more than optical scanners. If you can fool the scanner, which does not do much more than compare one image to another, then you are in.

Published in News
Wednesday, 17 December 2014 15:50

Leaked Sony Emails are Both Funny and Sad...

If we have said it once, we have said it a thousand times, there is no such thing as a secure network or system. This is especially true when the network is, by design, intended to deal with external user or customer connections. We are, of course, talking about the Sony (Pictures) breach and the subsequent treasure trove of emails and documents that have been flowing from that event since. Sony is in a very bad way since the hack as they have (stupidly) kept some rather sensitive information on their servers that is no open for the public to see.

Published in News
Page 12 of 28