Mrz 17 23

In this new paper title „LED-it-GO: Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED“ researchers at Ben-Gurion University Cyber Security Research Center present a method how data can be stolen with a maximum bit rate of 4000 bits per second from an isolated „air-gapped“ computer’s hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors.

Find out more:
* Cameras can Steal Data from Computer Hard Drive LED Lights
* PDF version of the paper
* LED-it-GO – youtube video

written by d45id \\ tags: , , , , , ,

Mrz 17 15

android malwareResearchers from Check Point Mobile Researcher Team detected several infections in 36 Android devices from different manufacturer. Security breaches in Andorid devices are noting new today but the attack is intressting because the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain….

Find out more in Preinstalled Malware Tareting Mobile Users

written by d45id \\ tags: , , , ,

Mrz 17 13

alertScientists from the Northeastern University in Boston get the most popular out of 100,000 JavaScript libraries, according to their view, and tested on 133,000 websites in which versions the libraries are used.

As a result of their study, they describe that 37 percent of the scanned domains use at least one vulnerable version. At 10 percent, two or more vulnerable JavaScript libraries are in use. In addition, many of the websites analyzed load libraries such as SWFObject and YUI, which no longer receive support.

In their selection, the scientists have chosen widespread libraries such as Bootstrap and jQuery. 75,000 of the websites examined can be found in the Alexa ranking – the rest are randomly selected pages with .com domain.

Paper:
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

written by d45id \\ tags: , , , , , , , ,

Feb 17 23

SHAtteredThe hash function SHA-1 is finally broken. In a joint research project, Google and a team from the CWI Institute in Amsterdam created two different PDF files with the same SHA-1 hash.
The fact that SHA-1 is unsecure is already known since 2005.

written by d45id \\ tags: , , , , , , , ,

Feb 17 03

passwdMicrosoft Windows contains a memory corruption bug in the handling of SMB traffic. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys.

written by d45id

Nov 16 17

poisontapSamy Kamkar released an amazing new tool suite for Raspberry Pi Zero which can siphons cookies, exposes the internal router and installs a persitend web-based backdoor on your locked computers.

Project site: https://samy.pl/poisontap/
Source code: https://github.com/samyk/poisontap

written by d45id \\ tags: , , , , , ,

Okt 16 07

motion-codeSociété Générale and Groupe BPCE preparing to roll out a new credit card where the CVV code changes every hour.

 

written by d45id \\ tags: , , , , ,

Okt 16 07

moral
What life should be saved and whom can you forgot?
Who plays the game of MIT researchers not only learns about the abysses of morality, but also about the problems of the AI cars of tomorrow.

Find out more:

written by d45id \\ tags: , , , , ,