Can’t wait for the new Mac Pro? That’s why the Hackintosh community exists to make a PC run macOS like a native Mac.
Some of you have asked about my exact Hackintosh spec, so here it is. I …
Source: My Hackintosh Hardware Spec
Categories
NSA develops cyberweapons. Cyberweapons gets leaked. Everyone who’s unprotected gets compromised.
Thousands of Microsoft Windows machines worldwide are infected with an NSA-developed backdoor that hackers installed by reusing leaked executable code from an outdated hacking toolkit belonging to the spy agency, multiple security researchers tell CyberScoop. The mysterious Shadow Brokers group published a package of internal NSA documents last week, containing among other things the computer code for a series of exploits, implants and other hacking tools. In the days since the leak first became public, hackers have mulled over the trove and begun reverse-engineering and recycling some of the capabilities, CyberScoop previously reported. One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR — which is used to run malicious code on an already compromised box — has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers. John Matherly, […]
Agree to some extent. In some places getting a certificate is just a means to get through the door. But yes it has very little to do with actual skills.
Here’s an excerpt from a 2016 Ars Technica article: Recruiter Thomas Ptacek, whose Chicago-based agency Starfighter specializes in recruiting security folk, describes the CISSP as “a joke,” and claims that in his experience a job description requiring a CISSP was a warning flag to industry elite not to apply. “I don’t think there are that many high-level practitioners outside of management who put much stock in the CISSP,” he says. Dan Tentler, founder of the attack simulation consultancy Phobos Group, compares hiring infosec workers based on passing an exam to hiring other professionals on the same basis: “Would you feel comfortable letting a doctor be your primary care physician if all it took was to pass a written multiple choice exam?” He believes that “ISC2 is making money hand over fist,” and that the organization is “diluting the market with
Source: Information Security Certifications are Worthless and Causing More Harm than Good
Internet-connected cows. Lovely.
Reduce labor, make good decisions & relax while we watch over your cows!
Source: Cowlar
Ouch. Talk about poor customer service. A particularly irate customer who bought an IoT garage door-opener posts a nasty review and his device was denied server access, effectively making it useless or “bricking” it. Imagine posting a bad review about your Smart TV and it stops working. Hmmm.
Startup tells customer “Your unit will be denied server connection.”
Source: IoT garage door opener maker bricks customer’s product after bad review | Ars Technica
A new vulnerability discovered by Project Zero affects tons of smart phones (iPhone, Nexus, Samsung S*). The attack proceeds silently over WiFi – you wouldn’t see any indication you have been hacked. For iPhone users, iOS 10.3.1 fixes this. Android users? Good luck.
In this two-part blog series, we’ll explore the exposed attack surface introduced by Broadcom’s Wi-Fi SoC on mobile devices. … The first blog post will focus on exploring the Wi-Fi SoC itself; we’ll discover and exploit vulnerabilities which will allow us to remotely gain code execution on the chip. In the second blog post, we’ll further elevate our privileges from the SoC into the the operating system’s kernel. Chaining the two together, we’ll demonstrate full device takeover by Wi-Fi proximity alone, requiring no user interaction.
Source: Project Zero: Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
More IoT fun. Time to hack someone’s dishwasher. Yup, suddenly spying microwaves aren’t that crazy an idea.
Don’t say you weren’t warned: Miele went full Internet-of-Things with a dishwasher, gave it a web server and now finds itself on the wrong end of a bug report and it’s accused of ignoring.
Oh dear. Password manager with vulnerabilities. The team response is troubling to say the least. Lets hope they are really more competent than that.
In an eyebrow-raising declaration, according to Ormandy, LastPass had said they couldn’t get his code execution exploit to work, however the security researcher was calling the Windows Calculator executable in his code, while LastPass was examining the code on a Mac.
Google cyber-sleuth Tavis Ormandy has returned to examining LastPass, and a new lot of vulnerabilities have been discovered.
Source: LastPass hit by password stealing and code execution vulnerabilities | ZDNet
Get this: you are running Microsoft Edge in a VM and visiting a website. Your VM gets compromised and the malware jumps out of the VM to the host. The Qihoo security team has been coming up with a number of very impressive hacks.
Hack worked by stitching together three separate exploits.
Source: Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]
One of Amazon AWS service – specifically S3 – goes down (and recovers eventually) but many sites are affected. It’s not as bad as the Dyn DDoS attack but it’s a reminder how many companies now rely on Amazon to power their services.
Amazon’s S3 web-based storage service is experiencing widespread issues, leading to service that’s either partially or fully broken on websites, apps and..
Source: Amazon AWS S3 outage is breaking things for a lot of websites and apps
Edit (2017-03-03): Amazon released a summary of what happened. The tl;dr version is this: fat-fingered engineer.