As the world keeps on getting excited with IOT and the security (or lack thereof) is getting a lot of attention. Karl Marx famously stated that “History repeats itself, first as a tragedy, second as a farce” so a look at the same issues in current infrastructures such as remote terminal units (RTU) Programmable logic controller (PLC) and the latest discovery with the Ovarro RTU proves that the history like Stuxnet is an relevant exaple of the problems IOT will face.
Category: Uncategorized
ATM Hacking, summary of the latest techniques
Trend Micro has put up an report on the latest techniques used to hack ATM’s with a focus on the recent emergence of purpose written malware and their impacts. A good read!
Equifax hack = Failure to patch Struts
As the dust settles on arguably the largest identity hack in history people have been trying to figure out exactly what went wrong. It was known that the hack used an known vulnerability with the Apache Struts framework, found in March of this year. An analysis by Ars Technica hints at an failure by Equifax to apply the patches and block the Jakarta file upload multipart parser issues when found.
Blaming OSS for your mistakes is only valid if you keep it up to date, Equifax’s mistake is a lesson for us all.
Electronic voting – will we ever get it right?
Another online / electronic voting system has been torn to pieces in an hack test. The German “PC-Wahl” system – used to by the German states to capture, aggregate and tabulate the votes during an election was tested by the German WhiteHats The Chaos Computer Club (CCC). The findings were sobering, the system full of holes to be exploited and thus German elections can be in theory be tampered with.
The end of Symantec as a Root CA
Symantec’s CA services have been in a lot of trouble in the last couple of years, caught multiple times issues certificates to others that the owners of the domains. They have been or are being removed as trusted root CA’s among the browser manufacturers. Google (and thus Chrome) last ones to publish their plans. Bleepingcomputers has a nice breakdown of the steps agreed between Google and Symantec – in essence demoting Symantec to be a child of a more trusted root CA. There is an opening for Symantec to start a new CA root attempt, but one must expect that they’ve burnt their fingers enough in this business area.
Microsoft iPad Touch Cover discovered
The German IT website Winfuture has found a filing with ICAO (In German, use google translate) to rate the device as flight safe and ready. This is the only known reference to the “Model 1719”, also a correct numbering in the Microsoft ecosystems (Holo Lens is 1688, Surface Book 1796). The document also identifies an on-board battery, so maybe finally there will be a iPad keyboard with back light capabilities?
Roger Waters & Eric Clapton – Lunatic Rave
As Roger waters was touring in 1984 with his “The Pro’s and Con’s of Hitchhiking ” he was supported by Eric Clapton on guitar. This bootleg is the only known soundboard recording from the tour. First disc is all Pink Floyd, the second the promoted album. This was around the wars on the rights to Pink Floyd. Continue reading “Roger Waters & Eric Clapton – Lunatic Rave”
How the Citadel Banking Trojan Authors really got caught
Brian Krebs has posted an interesting and moderately detailed rundown on how the FBI managed to track and capture the creators of the Citadel Trojans. The fact that the authors decided to crowd source the support of the Trojans to it’s customers and the subsequent fallout speaks volumes about the issues related with the commercial distribution and support of Dark Net services.