An interesting article on Bleepingcomputer with another White Hat discovery: Now how to hack a PDQ car washing machine to damage the car it is washing. Not a very advanced hack, a poor web-server implementation with am authentication bypass. I wonder if this can also be used for free car washing?
Category: Security
Nation State hacking and it’s impacts (this time in the Middle East)
Nation State hacking gets little attention outside of when stupid mistakes are made (Stuxnet springs to mind), but is still prevalent. An op-ed by Adam Segal in NY Times has a good update on the recent activities in the Middle East, focusing on the alleged UAE hacking’s into Qatar news ond government systems. As was noted by Peter G. Neumann, this is not the first time we have seen this lately. Continue reading “Nation State hacking and it’s impacts (this time in the Middle East)”
DEFCON 25 – Wired’s favorite Black Hat Hacks
Summary article from Wired on the best of the Black Hat hacks shown DEFON 25. From hacking smart guns, to hacking Teslas and other cars, new Botnet technologies and their take downs and the general worry that is IOT. Well worth a read.
DEFCON 25 – Electronic Voting Machines hacked
A write up on Alternet on the DFCON 25 hack attack on American Electronic Voting with an attached video showing the hacks done live. The attacks took from minutes to hours, but all where hacked and altered with little or no traces left behind. Another warning on using technology before it is ready for the use you intend. The safety in electronic voting has always been questioned, here is further argumentation against using the technology for elections until it is fault proof.
Bitcoin Hard Fork – What Now?
There has been a serious amount of unrest in the Bitcoin community over how to address the block chain constraints and increase the processing efficiency of Bitcoin. The initial conflict around “Bitcoin Improvement Proposal 91” was initially addressed and closed. The current argument over Segwit2x has however not been resolved, and the argument has now led to a hard fork of bitcoin and the creation of Bitcoin Cash for those that wanted to changes in the block chains. Turmoil on conversions, who will support what, and how to move forward with Bitcoin. I am sure the other digital currencies are happy about this chaos!
Amazon Echo as an illegal monitoring device
The woes of IOT and the very basic security features supported keeps on giving gifts to hackers. An article on help net security reports on MWR InfoSecurity research showing that an Amazon Echo can be HW hacked to have microphones “always on”. Only for 2015 and 2016 editions, only with physical access. Never the less, the first stumbling steps in attacking our connected homes.
Brickerbot claims to brick 60K Modems/Routers in India
An interesting article on Bleeping Computer on a claim from a Brickerbot Dev that hey have bricked 60.000 modems and routers in Indian blocking subscribers on Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL) form accessing the internet. The obvious path of attack: default usernames / passwords exposed to internet. The joy of our IOT world continues!
Another White Hat is arrested after reporting flaws
Another example of the perils of trying to help companies keep their website safe. The 18 year old Hungarian found a gaping hole in the security for Budapest’s Transport Authority. The resulting arrest enraged the Hungarian public, and the way the company handled the issues is a 101 course on how not to respond to public outrage. For those that want an English summary, here is an article on The Register.