hacking   66172

« earlier    

GitHub - zardus/preeny: Some helpful preload libraries for pwning stuff.
Preeny helps you pwn noobs by making it easier to interact with services locally. It disables fork(), rand(), and alarm() and, if you want, can convert a server application to a console one using clever/hackish tricks, and can even patch binaries!
binary  hacking  library  preload  ld_preload 
21 minutes ago by whip_lash
Nest hack: North Korea missile attack hoax targets family • Mercury News
Matthias Gafni:
<p>Laura Lyons was preparing food in her kitchen Sunday when the lazy afternoon took a turn for the absurd. A loud squawking - similar to the beginning of an emergency broadcast alert - blasted from the living room, the Orinda mother said, followed by a detailed warning of three North Korean intercontinental ballistic missiles headed to Los Angeles, Chicago and Ohio.

"It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate," Lyons said Monday. "It sounded completely legit, and it was loud and got our attention right off the bat… It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on."

Lyons and her husband stood slack-jawed in the living room, terrified but also confused because the television continued airing the NFC Championship football game. As their scared eight-year-old son crawled underneath the rug, the couple realized the apocalyptic warning came from their Nest security camera atop their living room television.

After many panicked minutes and phone calls to 911 and to Nest, the couple learned they likely were the victims of a hacker. And that panic turned to anger when they found out that Nest knew that there had been a number of such incidents - none involving nuclear strike scenarios - but failed to alert customers. Lyons said a Nest supervisor told them Sunday they likely were the victims of a "third party hack" that gained access to their camera and its speakers.

A Google spokesperson - the search engine owns Nest - said Nest was not breached in this incident.

"These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of the security risk," the company said in an email statement. "We take security in the home extremely seriously, and we’re actively introducing features that will reject comprised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials."

The Lyons are not alone. Reports from across the country indicate a growing problem of hackers accessing the Wi-Fi-enabled cameras from Nest and other similar companies.</p>

They didn't think to turn the TV to a news channel? Perhaps in an emergency one doesn't act rationally. Bet the hacker has some fun footage that will be shared in forums. (Thanks to Paul Guinnessy for the link.)
nest  hacking  camera 
3 hours ago by charlesarthur
Researchers discover state actor’s mobile malware efforts because of YOLO OPSEC | Ars Technica
"...As a result, the researchers were able to view communications between members of that [state-sponsored hacking] team and representatives of a number of zero-day and hacking-services providers as they explored purchasing the tools needed to gain access to their targets."
security  hacking  dopost 
11 hours ago by niksilver
773M password ‘megabreach’ is years old • Krebs on Security
Brian Krebs on the "megahack" that was big news last week:
<p>Collection #1 offered by this seller is indeed 87GB in size. He also advertises a Telegram username where he can be reached — “Sanixer.” So, naturally, KrebsOnSecurity contacted Sanixer via Telegram to find out more about the origins of Collection #1, which he is presently selling for the bargain price of just $45.

Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his “freshest” offering. Rather, he sort of steered me away from that archive, suggesting that — unlike most of his other wares — Collection #1 was at least 2-3 years old. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained.

By way of explaining the provenance of Collection #1, Sanixer said it was a mix of “dumps and leaked bases,” and then he offered an interesting screen shot of his additional collections. Click on the image below and notice the open Web browser tab behind his purloined password trove (which is apparently stored at Mega.nz): Troy Hunt’s published research on this 773 million Collection #1.

<img src="https://krebsonsecurity.com/wp-content/uploads/2019/01/sanixer.jpg" width="100%" /><br /><em>Sanixer says Collection #1 was from a mix of sources. A description of those sources can be seen in the directory tree on the left side of this screenshot.</em>

[CTO of Hold Security, Alex] Holden said the habit of collecting large amounts of credentials and posting it online is not new at all, and that the data is far more useful for things like phishing, blackmail and other indirect attacks — as opposed to plundering inboxes. Holden added that his company had already derived 99 percent of the data in Collection #1 from other sources.</p>

So it's basically like the fluff-covered sad-looking pick'n'mix sweet trays in Woolworths of old.
data  breach  password  hacking 
yesterday by charlesarthur
Research: 4 new ways browser history can be exposed - SlashGear
A recent study by the University of California, San Diego, showed four new ways to expose Internet users’ browsing histories. They also showed the ways in which these histories could and can be used to target internet users with various attacks. Most of these attacks take aim psychologically, targeting the trust users have in details to which they believe only their closest friends and family have access.
privacy  hacking  netnarr 
yesterday by cogdog
On Hacking MicroSD Cards « bunnie's blog
An Arduino, with its 8-bit 16 MHz microcontroller, will set you back around $20. A microSD card with several gigabytes of memory and a microcontroller with several times the performance could be purchased for a fraction of the price.

While SD cards are admittedly I/O-limited, some clever hacking of the microcontroller in an SD card could make for a very economical and compact data logging solution for I2C or SPI-based sensors.

Slides from our talk at 30C3 can be downloaded here, or you can watch the talk on Youtube below.
hacking  hardware  electronics  youtube  bunniestudios 
yesterday by richardneish

« earlier    

related tags

1990s  5g  affaits  android  archive  arstechnica  art  attack  audio  bestpractices  binary  blockchain  book  breach  breadboard  breaking  brutforce  bugbounty  bunniestudios  bypass  camera  card  cards  cars  cats  ccc  cli  code  computing  conference  construction  cpu  cranes  crime  crowdstrike  cryptocurrency  culture_of_online_life  custom  cyber-spectrum  cyber  cybercrime  cybersec  cybersecurity  cylance  daily  data  databreach  ddod  ddos  defcon  detection  develop  devices  disinformation  dns  dol  dopost  dork  dragon  echelon  editors  edr  elections  electronics  elisp  emacs  email  ep2019  escape  espionage  essen  ethereum  ev  event  experiment  firmware  flexible  fp  fractal  fraud  from-inoreader  fun  games  gaming  ghdb  google  government  gradius  graphics  hack  hacker  hackers  hardware  history  howto  humor  influencers  informationsecurity  infosec  infrastructure  injection  instagram  insurance  interface  internet  iot  journalism  kb  kernel  language  lazarus  ld_preload  leak  legal  lego  lib  library  linux  lisp  loader  mac-internals  mac  maersk  malware  memory  metagame  microcode  microsd  mimikatz  model3  mondelez  money  mouse  mt  multiuse  nest  netnarr  news  nibble  northkorea  notpetya  novel  ohforfuckssake  oneplus  opensource  osint  osx  oxygenos  paganini  papers  password  passwords  path  payments  pentest  pentesting  people  perf  performance  phishing  phone  pierluigi  politics  preload  presentations  press_column  privacy  productivity  progress  pwn  pwned  python  raspberry-pi  raspberrypi  redteam  reference  report  research  resource  resources  retro  reverse-engineering  robots  rootkit  rpi  russia  sandbox  scooters  scp  sdcard  search  sec  secrey  security  server  shell  socialengineering  spectre  speedrun  spies  spy  spying  ssh  surveillance  syscall  technology  template  tesla  theregister  tips  tools  totwitter  type:article  type:tool  ui  ukraine  unicode  university  unix  us  usa  ux  vpn  vr  vulnerability  wallet  web  weird  wifi  windows  wired  wireless  writing  wtf  youtube  zurich 

Copy this bookmark: