Security

List of dangerous shell commands

https://docs.google.com/forms/d/e/1FAIpQLSfTwnopvY7UYcSf-1QOkHTFUkow4mPeuses7ibDRAxPs7BptQ/viewform It is not uncommon to see trolls tricking new Linux/Unix users run commands as a joke. This page tries to collect the commands you should be warned of.

Hackers Show Proofs of Concept to Beat Hardware-Based 2FA – Motherboard

https://motherboard.vice.com/en_us/article/8xazek/hackers-show-proof-of-concepts-to-beat-hardware-based-2fa “Hardware security devices are an improvement… However, we need to be mindful of our hardware, and just because we say this magic token is secure, we don’t implicitly assume that.” Hardware tokens provide possibly the best way to add an extra lock onto your account. Two-factor authentication sent by SMS can be intercepted. It is probably

Hackers are coming for your jewels with this safe-cracking robot

http://mashable.com/2017/07/28/safe-cracking-robot-defcon/#4DUijhH.lgqL If hackers want what’s on your computer, chances are they can find a way to get it. But what about your non-digital goods you keep in a safe at home? Turns out those aren’t that secure, either.  At the 25th annual DEF CON in Las Vegas professional tinkerer and founder of SparkFun Electronics Nathan

Wireless & IoT protocols & their security tradeoffs | EDN

http://www.edn.com/design/systems-design/4458666/Wireless—IoT-protocols—their-security-tradeoffs?utm_content=buffer01b00&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer Many products suddenly become hacking targets when their products become smart and connected. This article is about securing them. The issue is that bad press and major security and privacy issues might slow down the adoption of IoT for improving our lives. Many end users are already skeptical to connect simple devices we rely

Reverse Engineering Hardware of Embedded Devices

http://blog.sec-consult.com/2017/07/reverse-engineering-hardware.html?m=1 Nowadays, we are living in a world dominated by embedded systems. Everyone can be spied on through various channels. Routers, IP-cameras, phones, and other embedded devices are affected by security vulnerabilities and are therefore easily hack-able.  This article covers some basic hardware reverse engineering techniques on PCB-level, which are applicable to any electronic embedded

18 Extensions For Turning Firefox Into a Penetration Testing Tool

http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/ Mozilla has a website add-on section that has thousands of useful add-ons in different categories. Some of these add-ons are useful for penetration testers and security analysts. These penetration testing add-ons helps in performing different kinds of attacks, and modify request headers direct from the browser.  This article lists a few popular and interesting Firefox add-ons

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

http://thehackernews.com/2017/07/ssh-credential-hacking.html?m=1 WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems. BothanSpy implant is for Microsoft Windows Xshell client. Gyrfalcon targets the OpenSSH client on various distributions of Linux OS: CentOS,

Linux Foundation launches the Open-source EdgeX Foundry for IoT standardisation

https://www.open-electronics.org/linux-foundation-launches-the-open-source-edgex-foundry-for-iot-standardisation/ Security is the Achilles heel of the Internet of Things, according to Steven J. Vaughan-Nichols on ZDNet. The lack of common IoT development standards is part of this problem. This is why the Linux Foundation, along with 50 companies, has announced The EdgeX Foundry. The group will build a common open framework for IoT

OutlawCountry: CIA’s Hacking Tool For Linux Computers Revealed

https://fossbytes.com/outlawcountry-cia-hacking-tool-linux/ Wikileaks has published fresh documents that deal with the CIA’s hacking and spying on Linux machines using a malware strain called OutlawCountry. This tool consists of a kernel module that creates invisible netfilter table for creating new rules with iptables command. Those rules can modify and redirect the network traffic. The OutlawCountry’s prerequisites for operation are

A new Petya-like malware hit

We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry. With echoes of WannaCry, infections spread fast. The research is still in progress -Some security researchers describe malware as variant of Petya; others say it’s a brand new sample. The low-level attack works in the