hacking   64743

« earlier    

Hackster.io - The community dedicated to learning hardware.
Hackster is a community dedicated to learning hardware, from beginner to pro. Share your projects and learn from other developers. Come build awesome hardware!
Hardware  hacking  2018  raspberrypi  arduino  electronics  Maker  DIY  Community  iot 
4 hours ago by gresch
The Day That Guccifer 2.0 Quit Hacking The DNC – Disobedient Media
This report will focus on an unreported story: After the fact, the DNC quietly changed an important theme in their Russian hacking narrative. Initially, the DNC passively supported the notion that Guccifer 2.0 stole a copy of a Trump opposition report by penetrating the DNC at the behest of the Russian state. Then over a year later, an un-named ex-DNC official tells us that this document in fact came from Podesta’s emails, not the DNC. This single statement by a DNC official invalidated the circumstantial evidence that had been used to support the DNC’s Russian hacking claims, and represents a groundbreaking contradiction that has gone unobserved by establishment press outlets.
wikiLeaks  DNCemails  hacking 
13 hours ago by Jswindle
9b/chirp: Interface to manage and centralize Google Alert information
Using google alert as an infiltration mechanism, by using the google alert system to delivery shady links directly to your targets...
google  alert  recon  OSINT  security  hacking  pentesting 
14 hours ago by asteroza
Hackers infect over 500,000 routers with potential to cut off internet • CNET
Alfred Ng:
<p>More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers from Cisco's Talos Intelligence Group warn.

The malware, which the security researchers are calling VPNFilter, contains a killswitch for routers, can steal logins and passwords and can monitor industrial control systems. 

An attack would have the potential to cut off internet access for all the devices, William Largent, a researcher with Talos, said Wednesday in a <a href="https://blog.talosintelligence.com/2018/05/VPNFilter.html#more">blog post</a>. 

Attacks on routers hit a sensitive spot not only because they can halt internet access, but because hackers can use the malware to monitor web activity, including password use. In April, US and UK officials warned about Russian hackers targeting millions of routers around the world, with plans to carry out massive attacks leveraging the devices. In that announcement, the FBI called routers a "tremendous weapon in the hands of an adversary."

"Quite anything is possible, this attack basically sets up a hidden network to allow an actor to attack the world from a stance that makes attribution quite difficult," Craig Williams, Talos' director, said in an email.  </p>

At any given time, there are huge botnets built around devices which people don't normally interact with directly. Routers sometimes, video recorders others. Even heat pumps.
hacking  router 
18 hours ago by charlesarthur
‘Too inconvenient’: Trump goes rogue on phone security • POLITICO
Eliana Johnson, Emily Stephenson and Daniel Lippman:
<p>The president, who relies on cellphones to reach his friends and millions of Twitter followers, has rebuffed staff efforts to strengthen security around his phone use, according to the administration officials.

The president uses at least two iPhones, according to one of the officials. The phones — one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites — are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications.

While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was “too inconvenient,” the same administration official said.

The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump’s call-capable phones, which are essentially used as burner phones, are swapped out.

President Barack Obama handed over his White House phones every 30 days to be examined by telecommunications staffers for hacking and other suspicious activity, according to an Obama administration official.

The White House declined to comment for this story, but a senior West Wing official said the call-capable phones “are seamlessly swapped out on a regular basis through routine support operations. Because of the security controls of the Twitter phone and the Twitter account, it does not necessitate regular change-out.”</p>

Security experts reckon that for sure those are hacked by now. Trump's number is not secret to those who want to know it. The model of phone is known. There are exploits. What's stopping them?
trump  phones  security  hacking 
yesterday by charlesarthur
The Verge [cryptocurrency] hack, explained • The Abacus
Daniel Goldman on a cryptocurrency hack where a hacker began spoofing the time on "blocks", suggesting they'd happened earlier than they had:
<p>The algorithm that Verge [the crryptocurrency, unrelated to the tech news website] uses to calculate the current difficulty [of mining] is known as Dark Gravity Wave; it involves taking a weighted average of the rate of block confirmations over a moving two-hour window. It’s a bit complex, and the details don’t really matter here — what matters is this: mining difficulty is a function of recent block frequency, and running calculations on block frequency naturally involves looking at blocks’ timestamps.

And hence the problem: if enough faulty timestamps are getting created, all bets are off. And this is what the hacker did — examining the blockchain data reveals that throughout the duration of the hack(s), every other block was submitted with a timestamp roughly one hour before the present time, tragically confusing the protocol’s mining adjustment algorithm. If the protocol were sentient and fluent in English, it would be saying something like “Oh no! Not enough blocks have been submitted recently! Mining must be too difficult — let’s make it easier!” Since timestamps were continuously being spoofed, the protocol continuously lowered the difficulty, until mining got laughably easy. To give a general idea, the average difficulty in the hours before the initial attack was 1393093.39131, while during the attack, it got as low as 0.00024414, a decrease in difficulty of over 99.999999%. Lower difficulty in submitting a block means more blocks get submitted— in this case, roughly a block every second.
The cleverness of this attack is in how it circumvents the barrier of mining difficulty instead of attempting to burst through it. If the security provided by mining power is a gate surrounding the network — a gate that’s far too strong to break through and too high to climb over — this hack gets past it by finding a way to lower it so close to the ground that it can be stepped over.

If it isn’t already obvious, this is, in and of itself, bad news.</p>

Yeah, it was obvious. It's also obvious that there's no obvious way to fix this (though it's more complicated just than this; there's also an algorithmic attack). Anyone determined enough can do the exact same hack again - though the hacker here clearly got a lot of ducks in a row.
Crypto  hacking 
yesterday by charlesarthur
North Korea targeting defectors with Android malware attacks • ExtremeTech
Ryan Whitwam:
<p>North Korea has been caught tinkering with Android malware again, but this time it’s using both Facebook and Google Play to target North Korean defectors living in South Korea.

According to McAfee, North Korea’s Sun Team hackers perpetrated the attack over the last several months. They likely infected around 100 targets, which isn’t a huge number compared with most malware campaigns. However, these were all highly targeted infiltrations to gather intelligence on political opponents. There are currently around 30,000 North Korean defectors living in the south. 

The hackers used Facebook to distribute links to the malicious apps, focusing on populations and individuals who would have information about defectors. They created convincing fake profiles, often using images stolen from South Korean users as profile photos. Their posts asked the targets to download and test some Android apps hosted in the Play Store. These apps, however, were not what they appeared.

McAfee researchers found three apps uploaded by Sun Team hackers: 음식궁합 (Food Ingredients Info), Fast AppLock, and AppLockFree. All three were listed as “unreleased” in the Play Store, which kept them from garnering unwanted attention. The hackers only wanted to send specific targets to the listings. Upon installation, the apps would ask for access to contacts, SMS data, and local files before sending it all to the malware operators. This data could lead to more targets for future malware attacks, including both defectors and those who help them escape North Korea. McAfee tied the apps together as part of a single attack from the use of identical developer accounts, emails, and IP addresses.</p>

A bit amateurish, that last bit.
northkorea  hacking 
2 days ago by charlesarthur

« earlier    

related tags

(the...  00000  10  2017  2018  2fa  a  activism  alert  algorithms  analysis  and  antivirus  apache  app  archaeology  archive  archlinux  arduino  are  art  artists  assembly  attack  automation  aws  bestpractices  bill  binaries  blackhat  books  breach  bsod  bug  bypass  c#  c  c64  calculator  chain  children  cli  cobaltstrike  code  coding  collaboration  commodore  community  compile  compressed  containers  crime  crypto  ctf  culture  cybersecurity  data  databreach  deal  debian  defensivesecurity  detection  dfir  digital  disk  diskette  distro  diy  dncemails  dns  docker  domain  drm  e-learning  edc  educational  eff  electronics  elm327  embedded_devices  emulation  engine  engineering  esp8266  ethical  exfiltration  exploits  fake  farming  flight  floppy  food  forensics  forum  framework  free  future-history  gdpr  gear  git  github  google  growth  gsm  gui  guide  hack  hackaday  hackernews  hackers!!  hardware  history  hostile  hosting  howto  humor  hurd  i  image  information  infosec  instructables  interesting  ios  iot  iran  it_sicherheit  jamesscott  javascript  jm  kali  kernel  know  lateral  learning  library  linux  list  livestream  low-level  macosx  magazine  maker  malware  marketer  marketing  me:  media  memory  message  mindmap  minimalism  mitm  mobile  modrewrite  module  monitoring  movement  my  name  negative  network  networking  news  nginx  nmap  nonexistent  northkorea  ntfs  nuclear-war  obd-ii  obdii  object  opensource  original  os  osint  oss  osx  our  owasp  payload  pdf  pentest  pentesting  penttest  person  pgp  phishing  phone  phones  pinterest  pocket  politics  powershell  preservation  privacy  productivity  programming  proxy  puzzle  python  quality  radare2  range  ransomware  raspberrypi  reading  recon  record  reference  repair  repository  retrocomputing  revealed  reverse-engineering  reverse  reverseshell  reviews  rootkit  router  russia  s3  sandmap  scan  scanning  script  search  security  shell  shiny  shortcut  signature  sms  social  software  storage  stuxnet  surveilllance  t  tech  technical  technology  template  testing  texts  the  thoughts?  to  toolkit  tools  tractors  training  travel  truck  trump  tumblr  tutorial  type:application  usa  vbscript  video  videogame  virus  vm  volatility  vulnerability  vulnerable  watching!  webdev  who  wifi  wikileaks  windows  winrm  winrs  wishlist  with  worm  you  youtube  |   

Copy this bookmark: