One of the persistent memes that interest me is the impending event sometimes known as “the singularity.” This is a probable future where our electronic devices become self-aware and fully autonomous. We see the beginnings of this happening all around us in devices like Amazon’s Alexa and Echo, The Nest and Google communities of smart devices, self-driving vehicles, and all the Internet of Things (IoT) devices that listen to ...
Sophos Naked Security alerted us to two Android apps that are included in the Google Play Store as legitimate apps. This makes these apps particularly dangerous, if you are following our advice to only install apps from legitimate sources. Once installed, they download a plug-in that harvests your text messages and sends them to a web server. Since the plug-in is downloaded ...
Phone phreaking refers to the exploration of phone systems and networks to discover how they work. It also refers to the exploitation of telephone lines and systems in order to make free long distance calls. Like the term “hacking,” it can refer to both the curious and the criminal.
Time to climb into Mr Peabody’s WABAC Machine for our history lesson. Phone phreaking got its start in ...
Continue Reading →
It has been a couple of weeks since the Google Docs hoax spread across the Internet like wildfire. What have we learned about this exploit?
Originally this appeared to be a phishing campaign, but phishing emails are spoofed clever replicas. These emails were the genuine article, and were sent from Google mail servers, from the hijacked Google accounts of people you were likely to know. This made the exploit difficult to ...
Continue Reading →
A post about an alert I received first from AlienVault, and then from everybody. There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14. If your computers have not been updated with MS17-010, then those computers are vulnerable. Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over ...
Research firm IOActive recently released a an article that revealed some serious security deficiencies on popular Linksys Smart Wi-Fi products. They have notified Linksys, and Linksys is working on the firmware upgrades that will be necessary to fix these issue, and they have issued a security advisory.
Among the vulnerabilities discovered:
A new exploit is using Microsoft Office documents to deliver malware. This is different from the reanimated macro exploits. If this exploit, the target will receive an Office document, such as a Word file, as an email attachment. Opening the attachment causes a malicious HTML application to be downloaded from the attackers C2 server. This is executed as an .hta file, disguised as an RTF file. The result is the ...
Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT). Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point. If only the people who are designing these ...
According to the Department of Homeland Security (DHS), there are seven strategies that will prevent 85% of targeted attacks. To this list I have added a few of my favorites.
If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. This is a security bug that could allow a remote attacker to access your router. This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.
Vulnerabilities such as this ...
Continue Reading →