Yet another major fail from a hardware vendor. The tl;dr version is this: Asus laptop comes with a software called LiveUpdate that deliver updates from Asus. The problem is it does so insecurely and without proper validation. So that makes it possible for someone to perform MiTM and deliver fake updates.
Source: *indrora->mind — DeadUpdate; Or, How I learned to stop worrying and…
TeamViewer is a very popular tool for remote access due to its ease of use and firewall bypassing capability. It is widely used by IT support, sysadmins, appliance manufacturer, Pos system makers, individuals etc. If this hack is real it would have huge ramifications for users of this tool.
Remote-control tool wobbles offline, blames bad passwords for compromises
Source: TeamViewer denies hack after PCs hijacked, PayPal accounts drained
Update (2016-06-04): Also reported here.
Finally an affordable drone with decent specs and battery life? Will be waiting for review when it launches in July.
It’s a lot of drone for a (relatively) little price.
Source: Xiaomi’s Cheap New Drone Achieves Impulse-Buy Airspace | WIRED
ImageMagick and its fork – GraphicsMagick – are widely used libraries by tons of applications for “displaying, converting, and editing raster image and vector image files”.
All existing releases of GraphicsMagick and ImageMagick support a file
open syntax where if the first character of the file specification is
a ‘|’, then the remainder of the filename is passed to the shell for
execution using the POSIX popen(3C) function.
via CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename
A long-ish article on the history of Windows and a few behind the scenes look at the technology powering the various generations of Windows. The creation of OneCore explains why Microsoft is able to deploy Windows 10 to such a wide range of platforms, from Raspberry Pi, to XBox, to servers and even Hololens.
Microsoft promised developers that Windows would run anywhere. This summer, it finally will.
Source: OneCore to rule them all: How Windows Everywhere finally happened
A sensational title for sure. I, for one, am not convinced that progress in AI will lead to end of code. Techniques like ML will just become another tool, albeit a powerful one, in our toolbox. Formulating the right problem in the first place is something even most humans can’t do very well.
Welcome to the new world of artificial intelligence. Soon, we won’t program computers. We’ll train them. Like dolphins. Or dogs. Or humans.
Source: Soon We Won’t Program Computers. We’ll Train Them Like Dogs
Banking systems around the world under attack from Anonymous group.
By: Jay Syrmopoulos via thefreethoughtproject.com After announcing a global call to arms against the “corrupt global banking cartel,” the hacker collective known as Anonymous, in conjunction with numerous other hacktivist groups, have taken over 20 central banks offline, including striking at the heart of the Western imperialist empire; the U.S. Federal Reserve Bank of Boston, […]
Another example where software can kill. Thankfully tragedy was narrowly avoided as the device crashed before the procedure.
Medical procedure continued without harm to the patient
Source: Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan
This is an amazingly detailed account of the actions taken to take down HT. One of the key moments in the article was how he went after the people with keys to the kingdom – the sysadmins.
One of my favourite passtimes is stalk the sysadmins. By spying on Christian Pozzi (Hacking Team’s sysadmin), I gained access to the Nagios server, which gave me access to the ‘rete sviluppo’ (the development network with the RCS source code). With a simple combination of PowerSploit’s Get-Keystrokes and Get-TimedScreenshot [13], nishang’s Do-Exfiltration, and GPO, I could spy on any employee I wanted, or even the entire domain.
,-._,-._
_,-\ o O_/;
/ , ` `|
| \-.,___, / `
\ `-.__/ / ,.\
/ `-.__.-\` ./ \'
/ /| ___\ ,/ `\
( ( |.-"` '/\ \ `
\ \/ ,, | \ _
\| o/o / \.
\ , / /
( __`;-;'__`) \\
`//'` `||` `\
_// || __ _ _ _____ __
.-"-._,(__) .(__).-""-. | | | | |_ _| |
/ \ / \ | | |_| | | | |
\ / \ / | | _ | | | |
`'-------` `--------'` __| |_| |_| |_| |__
#antisec
Via Ghostbin
The Panama papers leak has been affecting a lot of high-profile individuals. How did it actually happen? Here’s one plausible theory.
The Mossack Fonseca (MF) data breach, aka Panama Papers, is the largest data breach to journalists in history and includes over 4.8 million emails. Yesterday we broke the story that MF was running WordPress with a vulnerable version of Revolution Slider and the WordPress server was on the same network as their email servers when […]
Source: Panama Papers: Email Hackable via WordPress, Docs Hackable via Drupal – Wordfence