Quantcast

Archive: 2013

Beyond Information Warfare 6: Possible Solutions

This part contains Winn Schwartau’s summary on what could be done to reduce the destructive impact of technology weaponization and other types of abuse. Swarming and self-organization. Is everybody familiar with John von Neumann’s Automaton theory? Quick brief comments, simple rule set: if I am here, in...

Beyond Information Warfare 5: Bio-Engineering and Distributed Intelligence

Winn Schwartau’s emphasis within this section is on advancement of bio-engineering and computer power increase, and the way these can possibly be weaponized. Some stuff is amazing these days, some of the new technologies. We are going to have bio-engineered prosthetics. And can we fuck with that...

Beyond Information Warfare 4: Exploitable Cutting-Edge Technology

Delving deeper into the weaponization aspect, Winn Schwartau gets down to describing such technologies as HERF, EMP, un-manned vehicles, and flying bots. Next thing I’m really interested in is EMP and HERF (see right-hand image). Why do I care about EMP and HERF? It makes some other technology useless –...

Beyond Information Warfare 3: Technology Weaponization

The concept of weaponizing new technologies is what Winn Schwartau covers in this section, focusing in particular on IPv6, voice simulation, and mobile. What we have to look at is life cycle (see right-hand image). One of the things that you get – there’s no magic here, there’s just standard life...

Beyond Information Warfare 2: Fortress Mentality That Doesn’t Work

Winn Schwartau is listing drawbacks of generally adapted defensive postures and dwells on the concept of weaponization with regard to new technology. Defensive postures were initially set up by US military. And it was based upon the model developed in the 1970s, and effectively it said: “We’re going...

Beyond Information Warfare: Winn Schwartau on Attack Mindset Methodology

Distinguished security specialist Winn Schwartau delivers an engaging talk at DerbyCon, covering the issues of technology being exploited and weaponized. Hi! How many guys are actually hacking here? We’re going to talk about some issues that really got me crazy in the last couple of years – thanks to...

Stop Fighting Anti-Virus 4: The Cert Signing Trick

Penetration tester Andy Cooper now touches upon another hurdle with antiviruses where signing a malicious payload with a valid cert may help bypass the defense. I have a third idea that I’ve come up with, which is cert signing. Whenever it comes down to certs, we know that SSL certs for websites are iffy...

Stop Fighting Anti-Virus 3: Impetus through Embarrassment

What Integgroll highlights in this part is some stimuli for antivirus vendors to enhance their products, including bypass research and pentesting overall. However, there is this other group of people (see right-hand image), the other definition of Luddite – in fact, the number 1 definition whenever you...

Stop Fighting Anti-Virus 2: Pursuit of Better Protection

Integgroll now draws some parallels between the physical and cyber world while depicting the hypothetical struggle needed for refining antivirus efficiency. So, why am I here? I’m going to tell you a little story about a pentest I was on a little while back. What ended up happening with this pentest is I...

Stop Fighting Anti-Virus: Pentester’s Viewpoint

Penetration tester Andy Cooper, when participating in DerbyCon event, shares his perspective of methods for evading the regular antivirus defenses. So, I was at DerbyCon and I couldn’t get my AV working. Fortunately, Adrian Crenshaw was able to jump in and actually assist me and fix this problem. Anyways,...

Hacking, Surveilling, and Deceiving Victims on Smart TV 5: Conclusion

This final section of SeungJin Lee’s Black Hat presentation outlines hidden photo and video recording on Smart TV, and contains the takeaways for the study. We’ve implemented two surveillance programs. One is taking pictures and sending the photos to my server automatically. The second is recording video...

Hacking, Surveilling, and Deceiving Victims on Smart TV 4: Ways to Deploy Surveillance

In this section of the presentation, beist compares Smart TV and smartphones in terms of compromising and focuses on actual TV surveillance on the code level. Before we move on to how I implemented surveillance programs, I want to mention the comparison of surveillance between smartphone and Smart TV. I did...

Hacking, Surveilling, and Deceiving Victims on Smart TV 3: Exploitable Vulnerabilities

Moving on with his Black Hat talk, SeungJin Lee describes the discovered security weaknesses of Smart TV technology which can be used for deploying attacks. I’m going to show three vulnerabilities in the app store. When your Smart TV installs a program from app store, it first downloads an XML file (see...

Hacking, Surveilling, and Deceiving Victims on Smart TV 2: Attack Vectors

Having outlined the key features of Smart TV technology, SeungJin Lee is now focusing on reverse-engineering its exploitable components for the attack purpose. I’m going to talk about the Smart TV attack vectors (see right-hand image). I want to say that Smart TV has almost the same attack vectors as...

Hacking, Surveilling, and Deceiving Victims on Smart TV

Special guest at the Black Hat USA event SeungJin Lee, aka beist, from the Korea University highlights the main vectors for exploiting Smart TV technology. I’m going to talk about Smart TV hacking. Let me introduce myself: SeungJin Lee; my handle is ‘beist’ and I’m from Korea University – the name...

Under Attack 6: The Challenge of Taming the Cyber Genie

Gordon Corera makes a judicious point here that the undoubted benefits from using computers and the downside of our increasing vulnerability go hand in hand. Over at the State Department in the office of Chris Painter, lead negotiator on cyber issues, the walls are filled with posters of films over the...

Under Attack 5: Massive DDoS Attacks and Stuxnet

BBC reporter’s focus in this entry lies in the realm of the infamous cyber attack on Estonia in 2007 and facts behind Stuxnet as viewed by renowned experts. The first signs that one state might be prepared to use the cyber realm to attack another came in Europe in 2007. The conflict began with a monument,...

Under Attack 4: Cyber Threats to Critical Infrastructure

Gordon Corera and his interviewees dwell in this part of the series on cyber attacks targeting components of critical infrastructure, and their consequences. Everyone says they’re under attack in cyberspace. But they all have different ideas of what that means. Part of this is about nations finding their...

Piriform CCleaner review

Free Without exaggeration, CCleaner is an excellent system optimization tool. Usability:  Features:  Efficiency:  Support:  Overall:  Download Maintaining a healthy computer is not restricted to only keeping malicious software away; it’s a matter of troubleshooting a...

Under Attack 3: Who Spies on Whom?

The issues raised here by Gordon Corera as he’s taking more interviews largely include the attribution of cyber attacks and espionage to specific nation states. Cyber attacks may be launched through computer networks, but they’re still about people. Attackers research employees in a target company,...

Under Attack 2: Major Security Agency Executives on Industrial Espionage

In this part, high-level executives of GCHQ, MI6, BAE Systems and the RSA reveal some information about attempted data breaches and cyber attacks targeting their organizations as well as powerful businesses. On the outskirts of Cheltenham in South West England sits GCHQ. For decades it’s been Britain’s...

Under Attack: BBC’s Study of Contemporary Cyber Threats

This series reflects contemplations and interviews by BBC’s Gordon Corera with executives and experts regarding the present-day state of the cyber threatscape. I’m Gordon Corera, and for the BBC World Service I’ve been looking at the extent to which cyberspace is being used to steal, spy and wage war....

Web Application Hacking 5: Tools for Decrypting SSL and TLS Traffic

This is the final part of the lecture describing Convergence as an alternative to the CA system, also covering sslstrip, sslsniff and other tools compromising SSL / TLS protocols. Let’s get back to the problem of secure protocol. (Slide 38) The problem with SSL and the secrecy is that everyone is a CA...

Web Application Hacking 4: Notorious CA Hacks

Find out in this part of the lecture at FSU about the most outrageous certificate authority attacks of the last years and the consequences they could lead to. So, about securing the Internet. Let’s go over some important certificate authority attacks (see right-hand image). Now in this first slide I used...

Web Application Hacking 3: Hurdles for Securing the Internet

This part of the lecture encompasses an insight into the trust issues associated with certificate authorities, SSL vulnerabilities, and CA scoping problems. So, who can become a certificate authority? Any ideas? You, me, anyone really. What’s the problem here? The problem is when you visit a website and...

Web Application Hacking 2: Components of Public Key Infrastructure

From this entry, which is a follow-up on the dedicated lecture at FSU, you can learn an in-depth outline of how digital certificates and certificate authorities work. Certificates are composed of a public and a private key. I should mention that there was a point where there was only one root certificate...

Remove Qone8.com (Start.qone8.com) Hijacker / Browser Redirect

Qone8.com obtrusively meddles with one’s online surfing by hijacking the web browser on the affected computer. Ultimately, this activity leads to your default homepage getting modified (to start.qone8.com) and your web search provider changed in a forcible fashion (to search.qone8.com). Moreover, no matter...

SUPERAntiSpyware Licenses Giveaway for Halloween!

Not only is Halloween a scary and mystical holiday, it’s all about lots of fun and gifts, too! Following the tradition, we at Privacy PC are happy to announce a major giveaway of security software licenses to our readers, courtesy of SUPERAntiSpyware. Winner of the Privacy PC Bronze Award in the...

Web Application Hacking – SSL / TLS Infrastructure and Attacks

This article highlights the issues raised at the Florida State University lecture for “Offensive Security” regarding SSL and TLS protocols, namely their background, infrastructure, flaws and known crypto attacks. The outline for today’s talk is we’re going to go over SSL and TLS and cover its...

CyberGhost 5 VPN review

Free Whether you are a free or paid user, CyberGhost VPN provides online anonymity and privacy while featuring ease of use and intuitiveness. Usability:  Features:  Efficiency:  Support:  Overall:  Download Whereas browsing online anonymously used to be perceived as the...