Excellent analysis of the attack against github reported earlier. Great firewall demystified just a little.
Errata Security: Pin-pointing China's attack against GitHub.
Category: security
Scary how easy it is to gain control over physical building systems.
Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube.
Very good analysis of the current DDoS attack that GitHub is facing, apparently over the hosting of github.com/greatfire and github.com/cn-nytimes, which is used to bypass censorship in China.
Good grief! Has no one learned from Sony’s rootkit incident yet? If you are a Lenovo owner, you may want to check if there’s a Superfish certificate in your certificate chain by running certmgr.msc. Other than injecting unwanted ads in your browser, in theory the adware could sniff on your banking transactions ‘cos it’s performing a MiTM on your HTTPS.
The greatest bank robbery of all times? Some says hundreds of millions have been stolen, some say up to 1 billion. Given the extent of attack, it could be hard to know the exact amount. But one thing is clear, we have come a long way since the playful days of prank worms and viruses. Cyber criminals are now extremely well-organized, funded and motivated by huge monetary rewards.
A stunning look at the extent some organizations would go to achieve its objectives. From a technical perspective, it’s brilliant. This will no doubt be used as a template for other state actors to follow, as some already did earlier.
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last | Ars Technica.
Categories
KeySweeper
This is an amazing hardware+software hack. Next time you’re using a wireless keyboard, think where all the signals might be going.
KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
This is another instance where damage is no longer limited to the digital world.
Cyberattack on German steel factory causes 'massive damage' | ITworld.
This is probably the most invasive hack of 2014. It has resulted in Sony canning the movie just before release. A big win for cyber-terrorists? Is this model of data terrorism going to be emulated for future hack attacks? Only time will tell.
Bruce Schneier: Sony Hackers 'Completely Owned This Company' | Motherboard.
Humorously written article of how to hijack Facebook+Tinder sessions if someone left their machine unlocked while away. Then again, if you had physical access there are other means of getting what you want.
Fun with your friend's Facebook and Tinder sessions | Robert Heaton.