Hackers can silently control Siri from 16feet away
Siri helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.
It can use radio waves to silently trigger voice commands on any #Androidphone or #iPhone that has Google Now or Siri enabled, if it also has a pair of headphones with a microphone plugged into its jack.
Their clever hack uses those headphones' cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone's operating system to be audio coming from the user’s microphone.
Without speaking a word, a hacker could use that radio attack to tell Siri or#Google Now to make calls and send texts, dial the hacker's number to turn the phone into an eavesdropping device, send the phone's browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.
What goes into selecting a Web Pentesting consultant?
->OWASP Top 10 Concepts
->Decent Development Background Coding Basics:
->Having a Hacker thinking psychology
->Knowledgeable in UNIX/Linux
->Participated in Bug Bounty Programs(Added Bonus)
->Attended a security conference
->Has published exploits or disclosures in Exploit-DB, Packet Storm, or other Vulnerability Databases
->Security certification is also a plus
Knowing to code helps an pentester to understand white box logic.
Familiarity with OWASP top-10 helps design POCs and the know how of application vulnerabilities and attack vector.
Bug Bounties and Disclosures proves his/her research oriented bent of mind showing him as an exceptional researcher and learner.
Knowledge of Linux is must to handle PT distros such as Backtrack/Kali.
Certifications show he's willing to invest time to learn concepts and build his concepts and foundations. Security Conferences attendance shows his like-mindedness to mingle with hackers and keep upto date with trending hacker world.
Above points can be taken as a sampling basis.A lot more goes into making oneself a great hacker and researcher!
CCTV Cameras bait to launch DDoS attacks
Researchers found that that IOT cameras can be infected with a variant of a known malware program known as :Bashlite, or Lightaidra or GayFgt, specially designed for ARM versions of Linux.
The target of the DDoS attack was a rarely-used asset of a large cloud service, serving millions of users worldwide.
All of the compromised cameras monitored by the researchers were logged from multiple locations in almost every case, suggesting that several different hackers were abusing the weakness of unsecured CCTV cameras.
Top targeted countries for CCTV botnets around the world include India, China, Iran, Indonesia, US, and Thailand.
Hackers can hack your chip & credit card pin
Chip-and-Pin Card Fraud:Man-in-the-Middle Attack
-> Advantage of a long-known vulnerability in Chip-and-PIN systems to perform a "man-in-the-middle" (#MITM) attack.
->The flaw is a known protocol vulnerability in Chip and Pin cards that, in 2006, allowed criminals to use a genuine card to make payments without knowing the card's PIN.
How it works?
->Hobbyist chip (dubbed a FUNcard),fraudsters insert onto the card’s original chip - accepts any PIN entry.
A typical EMV transaction involves three steps
2) Cardholder verification
When a buyer inserts the altered card, the original chip allows to respond with the card authentication as normal. But, during cardholder authorization, the POS system would ask to enter a PIN.
In this case, the fraudster could respond with any PIN, and the fraudulent chip comes into play and will result in a "YES" signal regardless of whatever random PIN the thief has entered.
The attacker intercepts the PIN query and replies that it is correct, whatever the code is!
Fixed—at least in Europe,researchers declined to fully detail new security measures.
All Android devices vulnerable to new LTE security flaw
AT&T and #Verizon's implementations of LTE are said to be vulnerable to "to several issues" that could result in eavesdropping, data spoofing, and over-billing for potentially millions of phones.
Android devices on these networks are at most risk because the software "does not have appropriate permissions model" for LTE networks.
LTE (also known as #4G) relies on packet switching, a common way of sending data across the internet, rather than the old method of circuit switching.
This new method of sending data allows for new kinds of attacks, particularly against the Session Initiation Protocol (#SIP), nowadays more commonly used in voice calls and instant messaging.
Researchers have found a method that exploits the way that SIP works, by spoofing phone numbers for calls or text messages.
It's also possible for an attacker to obtain free bandwidth for more data-intensive activities, like video calling, without incurring any additional costs.
In some cases, an attacker can establish multiple SIP sessions at the same time, which could lead to a denial-of-service attack on the network
Payment Card IndustryData Security Standard in nutshell
PCI DSS requirements
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software on all systems commonly affected by malware
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Let's learn today on IDS - Intrusion Detection Systems
Let's learn today on IDS - Intrusion Detection Systems: #isoeh
NIDS vs HIDS
An agent on a host identifying intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state.
In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category. An example of a HIDS is OSSEC.
Platform identifying intrusions by examining network traffic and monitors multiple hosts.
->Gain access to network traffic by connecting to a network devices for port mirroring, or a network tap.
->Sensors are placed at choke points in the network to monitor,in the demilitarized zone (DMZ) or at network borders.
PIDS vs VMDS
->Detects & pinpoints location of intrusion attempts on perimeter fences of critical infrastructures.
->Electronics or advanced fiber optic cable technology in perimeter fence,for detection of disturbances on the fence
->VM based IDS
Detect intrusions using virtual machine monitoring.
Quick tip: For all those annoyed with utorrent ads
Disable ads from uTorrent:
-> Open Options > Preferences > Advanced.
Here you’ll find a large list of flags for the app and a filter box.
-Disable & set false the following
Top 5 Wifi hacking tools:
In every #seminar/workshop i am bombarded with questions what is the best tool to hack wifi password. So thought to write on it.
Before that let me tell you that there are two major types of wifi encryption is there.#WEP and #WPA.
WEP is out dated and can be #cracked within minutes. WPA and WAP2 are difficult to crack.
2.Kismet:This is the wi-fi 802.11 a/b/g/n layer2 wireless network #sniffer and IDS. It works with any wi-fi card which supports rfmon mode. It passively collects packets to identify networks and detect hidden networks.
3.CoWPAtty : Easy to use but works little bit slow. An automated dictionary #attacktool for WPA-PSK.
4.Airjack :- Wi-Fi 802.11 packet injection tool. This wireless cracking tool is very useful in injecting forged packets and making a network down by denial of service attack. This tool can also be used for a man in the middle attack in the network.
5.AirSnort: Good for #breaking WEP #passwords. It works by passively monitoring transmissions, and then computing the encryption key when enough packets have been gathered. Though no updates are available for this tool but it's still good one.
There are many tools which i didn't list here. Let me know your
favourite #wifi hacking tools also. Happy Hacking..
Shoot down drones
US company #Battelle has developed a shoulder-mounted rifle to deal with unwanted drones flying around.
"#DroneDefender" the revolutionary weapon specifically designed to target and knock drones out of the sky at a range of just 400 meters,is incepted without totally destroying them.
The Battelle DroneDefender utilizes radio waves to neutralize in-flight Drones and force them to land or hover or return to its point of origin.
#DroneDefender emits radio pulses that interrupt the communications system of the drone (both drone and #GPS signal it sends out) and makes it think that it gone out of range, thereby preventing the drone from accepting any additional commands from its operator.
Federal Employees 5.6 million fingerprints Stolen in OPM
Nearly 5.6 Million Fingerprints of its federal employees were also stolen in the massive data breach took place in April this year.
The OPM, the US government agency that handles all federal employee data, reported that some 1.1 Million Fingerprints were stolen. which escalated to increased to 5.6 Million.
Apple acknowledges ISOEH for reporting its website encryption vulnerability
The Apple website is not secure. While surfing the Apple site http://www.apple.com/ I have found several encryption related vulnerabilities. Here are those:-
1) www.apple.com site is supporting SSL 2.0(on port 443) cipher with weak encryption.
2) in SSL v3.0 the site is supporting few weak encryption as follows which a malicious user can exploit.
3) The site is supporting TLS v1 which is strong but the following encryption in TLS should be removed
EXP-DES-CBC-SHA 40 bits.
4) The webserver /lib/prototype.js file is affected.
5) A possible sensitive directory had been found at following directories.
Appraisal letter from Apple:-
Re: Apple Developer Feedback
Thank you for contacting Apple Developer Support regarding the Developer website.
We appreciate that you have taken the time to send us your feedback. Please be assured that all of your comments have been forwarded to the appropriate Apple team.
If you have further questions or comments, please let us know.
Apple Developer Support
Ajkaal covers SMU and CU website vulnerabilities exposed by ISOEH
a) About the university: Sikkim Manipal is one of the largest private University in India. The Institute attracts students from all over the country, with over 1700 students enrolled in the various engineering disciplines. 102 full-time faculties are employed.
Type of problem: SQL Injection
Vulnerable Portal: http://portal.smude.edu.in/
User Name: *sanjay*
[any name will work]
Password: *' OR ''='
*Choose "*Center Login*" radio button
Effect: You have access to the main admin panel. Option to download & print ALL student records, contact information, admit cards for upcoming examinations, assignments, results, etc. Option to change password.
b) Calcutta University is the oldest existing University in Indian Subcontinent. Founded 1857, it is ranked 39th in the world.
Vulnerability: The main page is spreading virus. www.caluniv.ac.in It has iframe code injection & pulling virus from the Russian site pantscow.ru
Hundreds will be infected while checking for results on the website.