Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Beyond Information Warfare 2: Fortress Mentality That Doesn’t Work

Winn Schwartau is listing drawbacks of generally adapted defensive postures and dwells on the concept of weaponization with regard to new technology. Defensive postures were initially set up by US military. And it was based upon the model developed in the 1970s, and effectively it said: “We’re going...

Beyond Information Warfare: Winn Schwartau on Attack Mindset Methodology

Distinguished security specialist Winn Schwartau delivers an engaging talk at DerbyCon, covering the issues of technology being exploited and weaponized. Hi! How many guys are actually hacking here? We’re going to talk about some issues that really got me crazy in the last couple of years – thanks to...

Stop Fighting Anti-Virus 4: The Cert Signing Trick

Penetration tester Andy Cooper now touches upon another hurdle with antiviruses where signing a malicious payload with a valid cert may help bypass the defense. I have a third idea that I’ve come up with, which is cert signing. Whenever it comes down to certs, we know that SSL certs for websites are iffy...

Stop Fighting Anti-Virus 3: Impetus through Embarrassment

What Integgroll highlights in this part is some stimuli for antivirus vendors to enhance their products, including bypass research and pentesting overall. However, there is this other group of people (see right-hand image), the other definition of Luddite – in fact, the number 1 definition whenever you...

Stop Fighting Anti-Virus 2: Pursuit of Better Protection

Integgroll now draws some parallels between the physical and cyber world while depicting the hypothetical struggle needed for refining antivirus efficiency. So, why am I here? I’m going to tell you a little story about a pentest I was on a little while back. What ended up happening with this pentest is I...

Stop Fighting Anti-Virus: Pentester’s Viewpoint

Penetration tester Andy Cooper, when participating in DerbyCon event, shares his perspective of methods for evading the regular antivirus defenses. So, I was at DerbyCon and I couldn’t get my AV working. Fortunately, Adrian Crenshaw was able to jump in and actually assist me and fix this problem. Anyways,...

Hacking, Surveilling, and Deceiving Victims on Smart TV 5: Conclusion

This final section of SeungJin Lee’s Black Hat presentation outlines hidden photo and video recording on Smart TV, and contains the takeaways for the study. We’ve implemented two surveillance programs. One is taking pictures and sending the photos to my server automatically. The second is recording video...

Hacking, Surveilling, and Deceiving Victims on Smart TV 4: Ways to Deploy Surveillance

In this section of the presentation, beist compares Smart TV and smartphones in terms of compromising and focuses on actual TV surveillance on the code level. Before we move on to how I implemented surveillance programs, I want to mention the comparison of surveillance between smartphone and Smart TV. I did...

Hacking, Surveilling, and Deceiving Victims on Smart TV 3: Exploitable Vulnerabilities

Moving on with his Black Hat talk, SeungJin Lee describes the discovered security weaknesses of Smart TV technology which can be used for deploying attacks. I’m going to show three vulnerabilities in the app store. When your Smart TV installs a program from app store, it first downloads an XML file (see...

Hacking, Surveilling, and Deceiving Victims on Smart TV 2: Attack Vectors

Having outlined the key features of Smart TV technology, SeungJin Lee is now focusing on reverse-engineering its exploitable components for the attack purpose. I’m going to talk about the Smart TV attack vectors (see right-hand image). I want to say that Smart TV has almost the same attack vectors as...