Quantcast

Archive: Dec 2013

Beyond Information Warfare 6: Possible Solutions

This part contains Winn Schwartau’s summary on what could be done to reduce the destructive impact of technology weaponization and other types of abuse. Swarming and self-organization. Is everybody familiar with John von Neumann’s Automaton theory? Quick brief comments, simple rule set: if I am here, in...

Beyond Information Warfare 5: Bio-Engineering and Distributed Intelligence

Winn Schwartau’s emphasis within this section is on advancement of bio-engineering and computer power increase, and the way these can possibly be weaponized. Some stuff is amazing these days, some of the new technologies. We are going to have bio-engineered prosthetics. And can we fuck with that...

Beyond Information Warfare 4: Exploitable Cutting-Edge Technology

Delving deeper into the weaponization aspect, Winn Schwartau gets down to describing such technologies as HERF, EMP, un-manned vehicles, and flying bots. Next thing I’m really interested in is EMP and HERF (see right-hand image). Why do I care about EMP and HERF? It makes some other technology useless –...

Beyond Information Warfare 3: Technology Weaponization

The concept of weaponizing new technologies is what Winn Schwartau covers in this section, focusing in particular on IPv6, voice simulation, and mobile. What we have to look at is life cycle (see right-hand image). One of the things that you get – there’s no magic here, there’s just standard life...

Beyond Information Warfare 2: Fortress Mentality That Doesn’t Work

Winn Schwartau is listing drawbacks of generally adapted defensive postures and dwells on the concept of weaponization with regard to new technology. Defensive postures were initially set up by US military. And it was based upon the model developed in the 1970s, and effectively it said: “We’re going...

Beyond Information Warfare: Winn Schwartau on Attack Mindset Methodology

Distinguished security specialist Winn Schwartau delivers an engaging talk at DerbyCon, covering the issues of technology being exploited and weaponized. Hi! How many guys are actually hacking here? We’re going to talk about some issues that really got me crazy in the last couple of years – thanks to...

Stop Fighting Anti-Virus 4: The Cert Signing Trick

Penetration tester Andy Cooper now touches upon another hurdle with antiviruses where signing a malicious payload with a valid cert may help bypass the defense. I have a third idea that I’ve come up with, which is cert signing. Whenever it comes down to certs, we know that SSL certs for websites are iffy...

Stop Fighting Anti-Virus 3: Impetus through Embarrassment

What Integgroll highlights in this part is some stimuli for antivirus vendors to enhance their products, including bypass research and pentesting overall. However, there is this other group of people (see right-hand image), the other definition of Luddite – in fact, the number 1 definition whenever you...

Stop Fighting Anti-Virus 2: Pursuit of Better Protection

Integgroll now draws some parallels between the physical and cyber world while depicting the hypothetical struggle needed for refining antivirus efficiency. So, why am I here? I’m going to tell you a little story about a pentest I was on a little while back. What ended up happening with this pentest is I...

Stop Fighting Anti-Virus: Pentester’s Viewpoint

Penetration tester Andy Cooper, when participating in DerbyCon event, shares his perspective of methods for evading the regular antivirus defenses. So, I was at DerbyCon and I couldn’t get my AV working. Fortunately, Adrian Crenshaw was able to jump in and actually assist me and fix this problem. Anyways,...

Hacking, Surveilling, and Deceiving Victims on Smart TV 5: Conclusion

This final section of SeungJin Lee’s Black Hat presentation outlines hidden photo and video recording on Smart TV, and contains the takeaways for the study. We’ve implemented two surveillance programs. One is taking pictures and sending the photos to my server automatically. The second is recording video...

Hacking, Surveilling, and Deceiving Victims on Smart TV 4: Ways to Deploy Surveillance

In this section of the presentation, beist compares Smart TV and smartphones in terms of compromising and focuses on actual TV surveillance on the code level. Before we move on to how I implemented surveillance programs, I want to mention the comparison of surveillance between smartphone and Smart TV. I did...

Hacking, Surveilling, and Deceiving Victims on Smart TV 3: Exploitable Vulnerabilities

Moving on with his Black Hat talk, SeungJin Lee describes the discovered security weaknesses of Smart TV technology which can be used for deploying attacks. I’m going to show three vulnerabilities in the app store. When your Smart TV installs a program from app store, it first downloads an XML file (see...