Aug 13 27

Das Raspberry-Pi Maskottchen „Babbage“ machte am vergangen Samstag in einem Höhenballon und ausgestattet mit Raspberry-Pi-Elektronik einen spektakulären Ausflug in die Stratosphäre bis er in einer Höhe von knapp 39 Kilometern – vermutlich auf Grund eines versagenden Widerstandes – aus dem Ballon fiel ….

written by d45id \\ tags: ,

Aug 13 20

iOS-secAuf dem USENIX Security Symposium präsentierten Tielei Wang, Kangjie Lu, Long Lu, Simon Chung und Wenke Lee vom Georgia Institute of Technology verschiedene Techniken, mit denen sie die AppStore Sicherheitsvorkehrungen gegen Maleware und Viren überlisten können.

Das Paper mit dem Titel „Jekyll on iOS: When Benign Apps Become Evil“  ist hier (oder hier)  zu lesen.

written by d45id \\ tags: , , , ,

Aug 13 06

cachestructOn the European security conference OHM 2013 a security researcher has demonstrated an attack that would allow a hacker to access and modify the Flash Firmware on a hard drive and program it to protect his access.

Firmware is code stored on a special flash-able chip on the drive. The built in code tells the drive how to work, how to read and write data. It is flashable (it can be reprogrammed) so the manufacturer can release updates to the firmware. Most people never re-flash or update their hard drive firmware. Continue reading »

written by d45id \\ tags: , , , , ,

Aug 13 05

sourcecodeThe security consultant company from Vienna SEC Consult reported about a vulnerability in WPS implementation of routers manufactured by Arcadyan/Astoria Networks and are rebranded for Vodafone Germany (EasyBox 802 and EasyBox 803).
The problem of their implementation is that the algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. So an attacker within the range of this access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it…
Continue reading »

written by d45id \\ tags: , , , , ,