hacking   64020

« earlier    

Sprites mods - Hard disk hacking - Hooking up JTAG
what I found was a thread from a guy called Dejan on the HDDGuru forums. Dejan had managed to corrupt the internal flash of his hard disk in some way and wanted to know if there's a way to either boot the controller from external flash, or a method to re-write the flash. For five days, he doesn't get a reponse, but the guy is inventive: the next thing he posts is the message that he has found the pinout of the JTAG-port. That's a major find: the JTAG-port can be used to control a controller like a puppet. You can stop it, restart it, modify memory, set breakpoints etc with it. Dejan then figures out how to dump the boot ROM of the controller, figures out there's a serial port on one of the hard disk headers and manages to restore his flash ROM. He then dumps a few more bits and pointers about the flash update process before finally disappearing into the mists of the Internet again.
jtag  hdd  hacking  electronics 
55 minutes ago by nmcbean
Hacker erklären, welche Messenger-App am sichersten ist - Motherboard
WhatsApp, Signal oder Telegram versprechen heutzutage vor allem eines: sichere Kommunikation. Doch wie unterscheiden sich die Apps und worauf muss man als Nutzer achten? Zwei Messenger-Forscher klären auf.
apps  mobile  messaging  whatsapp  telegram  security  hacking  interview 
8 hours ago by SimonHurtz
OnePlus hack exposed credit cards of up to 40,000 people • CNET
David Katzmaier:
<p>If you bought a OnePlus phone such as the OnePlus 5T between November and January, you'd best check your credit card statement.

The phone maker on Friday confirmed in a statement that its website, oneplus.net, was hacked, potentially exposing the detailed credit card information of up to 40,000 customers. 

The company sent an email to customers saying that card numbers, expiration dates and security codes "may have been compromised."

A malicious script on the company's pages was inserted, harvesting the information from web browsers. The company says it has been removed, but customers who entered information into the site between mid-November 2017 and Jan. 11, 2018 could be at risk.</p>

"A malicious script was inserted"? So that's quite a hack - first into the company web server, and then capturing all those details. This needs quite a lot of explaining by OnePlus.
oneplus  hacking 
22 hours ago by charlesarthur
British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears • Daily Telegraph
Hayley Dixon:
<p>A 15-year-old gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA to gain access to his computers, a court has heard. 

From the bedroom of the Leicestershire home he shared with his mother, Kane Gamble used “social engineering” – where a person builds up a picture of information and uses it manipulate others into handing over more – to access the personal and work accounts of some of America's most powerful spy chiefs .

The teenager persuaded call handlers at an internet giant that he was John Brennan, the then director of the CIA, to gain access to his computers and an FBI helpdesk that he was Mark Giuliano, then the agency’s Deputy Director, to re-gain access to an intelligence database.

He also targeted the US Secretary of Homeland Security and Barack Obama's Director of National Intelligence from his semi-detached council house in Coalville. 

Gamble taunted his victims online, released personal information, bombarded them with calls and messages, downloaded pornography onto their computers and took control of their iPads and TV screens, a court heard.

Mr Justice Haddon-Cave noted: “He got these people in his control and played with them in order to make their lives difficult.

John Lloyd-Jones QC, prosecuting, said that Gamble founded Crackas With Attitude (CWA) in 2015, telling a journalist: “It all started by me getting more and more annoyed about how corrupt and cold blooded the US Government are so I decided to do something about it.”</p>

Impressive. Give him a job. (Thanks multiple readers who sent this.)
cia  socialengineering  hacking 
23 hours ago by charlesarthur
Practical Reverse Engineering Part 1 - Hunting for Debug Ports · Hack The World
In this series of posts we’re gonna go through the process of Reverse Engineering a router. More specifically, a Huawei HG533.
electronics  hacking  hardware  reverseengineering  security 
23 hours ago by whip_lash
Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS). There are no SQL injection, XSS, buffer overflows, or many of the other vulnerabilities you might have seen before. As much as possible, these are AWS specific issues.
security  hacking  education  tutorial  learning  cloud  aws 
yesterday by jefframnani
New botnet infects cryptocurrency mining computers, replaces wallet address • Ars Technica
Dan Goodin:
<p>Satori—the malware family that wrangles routers, security cameras, and other Internet-connected devices into potent botnets—is crashing the cryptocurrency party with a new variant that surreptitiously infects computers dedicated to the mining of digital coins.

A version of Satori that appeared on January 8 exploits one or more weaknesses in the Claymore Miner, researchers from China-based Netlab 360 said in a report published Wednesday. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.

Records show that the attacker-controlled wallet has already cashed out slightly more than 1 Etherium coin. The coin was valued at as much as $1,300 when the transaction was made. At the time this post was being prepared, the records also showed that the attacker had a current balance of slightly more than 1 Etherium coin and was actively mining more, with a calculation power of about 2,100 million hashes per second. That's roughly equivalent to the output of 85 computers each running a Radeon Rx 480 graphics card or 1,135 computers running a GeForce GTX 560M…</p>

Sneaky, and terrifically clever. Satori is a variant of Mirai, the IoT botnet which its author(s) open-sourced in a desperate - and unsuccessful - attempt to be able to deny their authorship.
bitcoin  hacking  cryptocurrency 
2 days ago by charlesarthur
Building a Hacker Space
A cool look from the CCC about building physical spaces for hackers to live in, lots of great experiences in here.
linklist  hacking  space 
3 days ago by seanclynch

« earlier    

related tags

00000  2017  a  a:david-e-sanger  a:nicole-perlroth  a:scott-shane  aadhaar  account  ad  ai  airfare  airline  airlines  america  analytics  android  anit-virus  anti-malware  anti-virus  apk  apple  application  apps  archive  arm  articles  asm  assembly  aws  biometrics  bitcoin  book  books  bug  bugbounty  car  cars  cheatsheet  chromebook  cia  cloud  code  coding  computer  computing  conference  contensecuritypolicy  cool  cpu  cryptocurrency  css  ctf  culture  cybersecurity  d:2017.11.12  database  debian  decompiler  democrats  development  diy  dotnet  education  edward-snowden  electronics  embedded  emulation  encryption  energy  epicfail  esr  f55  f56  facebook  fancybear  fb  file  flight  flights  forum  fraud  freelancing  fun  games  gaming  github  google  growth  hack  hacker  hacks  hardware  hdd  howto  hunt  hype  important  informationsecurity  infosec  intel  intelligence-gathering  internet  interview  javascript  jtag  kaspersky  know-how  language  lasc  layover  learning  lebanon  legal  linklist  linux  livecd  macos  meltdown  messaging  metadata  microcontrollers  microsoft  minicooper  minimalism  mit  mobile  mods  money  networking  nintendo  node  northkorea  npmhacks  nsa  olympics  oneplus  online_business  open-source  opensource  p:the-new-york-times★★  pdf  penetration  pentest  pentesting  pocket  politics  privacy  productivity  programming  projects  propaganda  protocol  python  rdp  read  reading  real  reference  remains  republicans  resource  resources  reverse-engineering  reverse_engineering  reverseengineering  robertmueller  robots  router  rumour  russia  sceptre  scraping  scripting  security  semiconductors  shell  social-media  socialengineering  software  softwareengineering  softwaretesting  space  spying  sql-injection  sql  sqlinjection  stopover  tcpip  technology  telegram  testing  threat  to:investigate  tool  toolkit  tools  totwitter  training  travel  trump  tunnels  tutorial  tweetit  twitter  ubuntu  uk  usa  useful  utilities  very  video  vim  virus  vm  vulnerabilities  vulnerability  w:4000  wapo  web  whatsapp  wifi  windows  wireshark  xss 

Copy this bookmark: