Displaying items by tag: Hacking

DEF CON 22, Las Vegas, NV - The thought of getting a root kit or back door on a critical system is always a bad one. These pieces of malicious code allow an attacker to continue to exploit your network and move laterally increasing their foot hold. The good news is that in most cases you can find and remove these holes either by paving the system (formatting and reinstalling) or by cleaning (not always the best choice).

DEF CON 22, Las Vegas, NV Aug 2014 – One of the most concerning things about the future of the internet and technology in general is the fact that the “bad guys” have the advantage. We have known about this for a very long time, but because of the state of the security industry many have allowed themselves to be blinded to just how bad it is and also how our current methods of patching and fixing are not working.

One of the biggest issues in security is not the number of bad guys out there or the number of zero day exploits that exist in the wild. Sadly it is that far too many companies and people do not update their devices and software. Now I know that it is a pain to run updates on every device you own, but in most cases these updates are important. This is the case we find with the recent brouhaha over a version of cryptolocker (SynoLocker) that appears to target Synology NAS devices with an older (and unpatched) version of Disk Station Manager (DSM).

Security should be a priority in any company, but it should be even more paramount in places where lives are at risk. So we have to wonder how someone ever allowed a security flaw in aircraft inflight systems that would allow for someone to compromise the aircraft. This is the claim of security researcher Ruben Santamarta has made and he plans to prove it at Black Hat 2014.

One thing I find interesting is the lack of any real memory in the technical press. It seems that the people that write about trends and events happening in the technical world often do not remember what has happened before. We saw this with the HeartBleed bug and are seeing it again with BadUSB. If you do not know what this is, well it is a new exploit found in the fundamental way USB works.

The world is connected now, there is simply no getting around it. We have a multitude of devices that are now connected to the internet. I am not talking about security systems or cameras, I am talking about our TVs, refrigerators, air conditioning systems, lighting and the list goes on. The idea of the connected home used to be the stuff of science fiction, but not anymore.

We are on the ground in Las Vegas, NV to cover Black Hat and DEF CON 2014. We will be bringing you coverage of the latest in hacks, exploits and the tools that are supposed to protect you from the “bad guys”. We also brought along some fun toys that are perfect to travel security. Granted nothing we brought it going to keep you 100% safe, but in the real world every little bit helps.

Following on the heels of the removal of a talk about unmasking users of the TOR network we are now hearing that someone has been attacking the anonymity service for the last 5-6 months in an attempt to ind out who is using the service. The TOR Project has just warned its users about an attack that is trying to expose users.

It is always a bad day when you find out there is a problem. Even if it is as simple as your coffee pot not working (ok bad choice for many). Things are made worse when you find out it is a problem that just cannot easily be fixed or worked around. This is the case in a new Android based vulnerability that was discovered by Blue Box Security (the same guys that found the Master Key issue) a few months ago.

On Friday we wrote about a talk that was canceled at Black Hat 2014. This talk was to discuss a flaw in the Tor anonymizing network that would allow almost anyone to identify users on the network. This morning we find out that the Russian government is actually offering a reward (around $111,000) to anyone that can come up with a reliable method to do this very thing.