Ashley Madison Data Leak Analysis from Dr. Chaos – Deadline Has Passed

romney_ashley_madison

I posted about the Ashley Madison breach HERE. For those that are not following this, Ashley Madison, the popular affair website was breached by a group calling themselves The Impact Team. They threaten to leak customer records if Ashley Madison didn’t shutdown their website. Ashley Madison is still up and the deadline has passed so The Impact Team posted access to all 30 million customer records. My buddy Aamir aka Dr Chaos summed up the current state of this situation. His post can be found HERE.

Hackers attacked Ashley Madison (known as AM by its users), the dating site for married couples that promotes infidelity. They walked away with 30 million records containing site user information. While the initial ramifications seem obvious, the story continues to unfold with recent news that email addresses were discovered that originated from government agencies, high level politicians, and certain celebrities. The data represents a treasure trove of sensitive and extremely private data that has a high potential for causing damage to individuals. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Hacker shows he can locate, unlock and remote start GM vehicles

carhacker1

Wow another automobile attack! This time the hacker can abuse anybody using the OnStar RemoteLink mobile app. In summary, don’t use the OnStar RemoteLink app until a patch is available or you may find one day that somebody has been joy riding in your car.

Samy Kamkar posted about this vulnerability on Computerworld including a video demonstrating his tool built to abuse this vulnerability in the app. The original post and video can be found HERE. He will be talking more about this next week at the Blackhat/DEFCON conferences.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Analyze Malware With Cuckoo Sandbox

cuckooPeople have asked me to recommend a tool that can be used to analyze files for viruses that does more than standard anti-virus. Usually the need is to prove something being flagged by a security product is actually malicious verses a false positive alert. There are enterprise level sandbox solutions such as Cisco’s ThreatGRID sandbox that offer this (more on this found HERE) however one very popular open source free option is Cuckoo. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Talos on Phishing: Hook, Line and Sinker: Catching Unsuspecting Users Off Guard

phishing-attack

Cisco’s research team Talos wrote a interesting article on their research on Phishing. The original post can be found HERE. For those that don’t know what Phishing is, its the cyber attack where a malicious party pretends to be a legitimate source with the goal to trick a victim into clicking a email, accessing a website, or just giving up sensitive data. Here is the Talos article.  Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (1 vote cast)

Book Review: Penetration Testing With Raspberry Pi

raspberrypiBerislav Kucan from net-security.org posted a nice writeup on the book Aamir Lakahni and I wrote on penetration testing using a Raspberry Pi. The original write up can be found HERE.

Introduction

Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Breaking SSH, VNC, and other passwords with Kali Linux and Hydra

crackedMy buddy Aamir Lakhani aka drchaos wrote a great post on breaking SSH, VNC and other services. The original post can be found HERE.

Hydra is a very fast and effective network login cracker. It will help you perform brute force attacks against SSH servers, VNC, and other services. When you launch Hydra it will launch the GUI in Kali, however in this tutorial we will use xHydra, which is the command line version of the tool. The command line version of the tool gives you much for flexibility in how to use the tool.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

4 Million Records Stolen – U.S. Office of Personnel Management Hacked!

www.usnews

According to datalossdb.org, the U.S Department of the Interior, U.S. Office of Personnel Management lost 4 Million records from a massive data breach. Dataloss lists “At least 4 million names, dates and place of birth, Social Security numbers, benefit selections, job assignments, performance ratings and training information of current and former Federal employees compromised by hackers”. USNEWS.com wrote the following article about this breach found below (original post found HERE).  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Nasa and Verizon plan to monitor US drone network from phone towers

drone1Have you ever thought about building a drone? Or maybe buying one? Well according to a post on theguardian.com, Nasa may start monitoring your efforts using their own drone system. The original article can be found HERE. What is interesting is the massive increase in commercial drone usage. For example, check out this video about Lilly, a drone camera that will follow and film you HERE while you are doing outdoor activities such as snow boarding. How does Nasa plan to monitor these as they become more popular?  I feel like that drone scene from Starwars episode 1 is becoming a reality.

lillydrone3

 

 

 

 

Exclusive: Federal agency is developing technology to track commercial and civilian drones via cell coverage, with first tests of air traffic control system set for this summer. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)