Here is a pretty cool project that I stumbled upon over at Security Catalyst. The concept is to have a “Honey Pot for mobile storage devices” but each mobile storage device (USB key, iPod, etc…) in reality becomes it’s own “Honey Stick” where the researcher can safely track how many people are plugging these devices […]
The Honey Stick Project: Tracking Mobile Storage Devices Read More »
Another day…another credit card breach! This time 4.2 million credit cards were exposed. I personally smell a bit of TJX in this one… “The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization,” said Hannaford CEO Ron Hodge,
Hannaford Brothers Credit Card Breach Read More »
Larry and Paul from the PaulDotCom Security Weekly Podcast have a very good two part series interviewing pdp and Adrian from GNUCITIZEN. Lots of good information about embedded device hacking and all the cool things GNUCITIZEN is working on. Check out the mp3’s of the Podcast below….better yet…subscribe to the PaulDotCom Security Weekly Podcast! These
GNUCITIZEN on PaulDotCom Read More »
The SANS ISC posted an article titled “Pontsec Disk Encryption Cracked”. Really? Cracked? I was thinking that there was some new cool uber l337 hax0r tool that breaks disk encryption from boot…and no, this isn’t the cold boot attack that has gotten all the attention lately. This is the firewire attack (winlockpwn tool) on Windows
Pointsec Disk Encryption Cracked? Not so fast… Read More »
Interesting article on CNN today about a covert group of Chinese “hackers” who apparently have broken into the Pentagon and other high profile sites. Actually, they “know” someone who broke into the Pentagon, they didn’t actually do it themselves. This isn’t breaking news by any means. There are hackers all over the world trying to
Chinese Hackers or Script Kiddies? Read More »
GNUCITIZEN has released a tool similar to the fat client Goolag Scanner that the cDc released a few weeks ago called GHDB. What makes the GHDB different is that it is browser based and uses JavaScript techniques to scrape information from Johnny Long’s Google Hacking Database without the need for hosted server side scripts. Add
Online Google Hacking, Ethical Penetration Testing Tool Read More »
Well, that didn’t take long…a tool to dump the memory and pull the encryption keys off of encrypted hard drives has been released. Like I said in a previous post, it was only a matter of time and the risk/threat vector of this vulnerability starts to change with the release of a tool. On a
Cold Boot Attack Tool Released Read More »
I recently saw a good webcast presented by Core Security Technologies on “Penetration Testing Ninjitsu”. This was presented by Ed Skoudis who is a very good SANS instructor and is also the author of the book “Counter Hack Reloaded” (I highly recommend all penetration testers read this book). Some of you may have taken his
Penetration Testing Ninjitsu with Ed Skoudis Read More »
I am sure everyone has heard about and watched the YouTube video of the Princeton researchers that conduct cold boot attacks on encrypted hard disks. If you haven’t, I highly suggest you do. As everyone agrees…this is a very significant vulnerability and every organization that uses software to encrypt hard disks should look at ways
Cold Boot Attacks on Encryption Keys- Whats the risk? Read More »
Foundstone always puts together great research and releases great tools. The other day Foundstone released a whitepaper describing all of the new and old 802.11 (Wireless) attacks. The paper gives some really good information about AP Impersonation, Rogue Access Points, Implementation Attacks (WEP, Dynamic WEP, WPA/WPA-2 cracking, including the Cafe Latte attack). The paper even
802.11 Attacks Whitepaper Read More »
