Nov 14 11

SpaceInvadersCisco Catalyst switching devices did not properly parse the „request system shell“ challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege (see also CVE-2014-7990). Harrison Shlong use this to add the new Space Invaders feature to Catalyst switches

written by d45id \\ tags: , , , , ,

Aug 14 19

emBlack magicians from Tel Aviv University published a pre-release of their actual study under the title „Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs“.
Their work will be presented next month in CHES 2014.

Find out more

paper (extended version)

written by d45id \\ tags: , , , ,

Feb 14 25

Ebola_virus_emForscher der School of Electrical Engineering, Electronics and Computer Science (Liverpool) entwickelten in ihrem Labor einen Computerwurm mit dem Namen Chameleon, welcher sich selbstständig über WLAN verbreitet und Router bzw. Accesspoints als Wirtssysteme befällt.
In ihrem Labor simulierten die Wissenschaftler teile der WLAN-Netze der Städte London und Belfast und ließen Chameleon auf diese los, mit einem interessanten Ergebniss …

Weitere Informationen:

written by d45id \\ tags: , , , ,

Jan 14 03

Stealing Money from ATMs with Malware

This talk will discuss a case in which criminals compromised and robbed an ATM by infecting it with specially crafted malware. The successful compromise of an ATM can easily result in the loss of several hundred thousand dollars.

Continue reading »

written by d45id \\ tags: , , , ,

Aug 13 06

cachestructOn the European security conference OHM 2013 a security researcher has demonstrated an attack that would allow a hacker to access and modify the Flash Firmware on a hard drive and program it to protect his access.

Firmware is code stored on a special flash-able chip on the drive. The built in code tells the drive how to work, how to read and write data. It is flashable (it can be reprogrammed) so the manufacturer can release updates to the firmware. Most people never re-flash or update their hard drive firmware. Continue reading »

written by d45id \\ tags: , , , , ,

Aug 13 05

sourcecodeThe security consultant company from Vienna SEC Consult reported about a vulnerability in WPS implementation of routers manufactured by Arcadyan/Astoria Networks and are rebranded for Vodafone Germany (EasyBox 802 and EasyBox 803).
The problem of their implementation is that the algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. So an attacker within the range of this access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it…
Continue reading »

written by d45id \\ tags: , , , , ,

Jul 13 02

DD-WRT_logoToday I tried to upgrade my little WiFi-router (FON2100) to the actual DD-WRT version (v24 preSP2- Build 2128) but it crashed :'(

So I have to make a firmware-recovery. If you interested how it works you can read my short description. Continue reading »

written by d45id \\ tags: , , , , ,

Nov 12 28

Since the 30th of October Samsung and Dell (only printers manufactured by Samsung) ships out their printers with an embedded root-account. They are contained with an hardcoded SNMP full read-write community string that remains active even when SNMP is disabled int the printer management utility.

The community string is „s!a@m#n$p%c„.

Here you can find out more about the backdoor and a demo exploit.

written by d45id \\ tags: , , , , ,