Computer Security, Links and Resources (6)

Previous Post

WebAssembly: A New World Of Native Exploits On The Web
https://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web.pdf

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/

Linux kernel RDS flaw affects Red Hat, Ubuntu, Debian and SUSE
https://betanews.com/2019/05/20/linux-kernel-rds-flaw/

The Most Expensive Lesson Of My Life: Details of SIM port hack
https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

John McAfee ranks the biggest hacks ever
http://www.csoonline.com/article/3213568/hacking/john-mcafee-ranks-the-10-biggest-hacks-ever.html

Hackers Show Proofs of Concept to Beat Hardware-Based 2FA
https://motherboard.vice.com/amp/en_us/article/8xazek/hackers-show-proof-of-concepts-to-beat-hardware-based-2fa
DEF CON hackers show how YubiKeys and RSA tokens can be spoofed and circumvented (2017)

Nearly 3,000 Bitcoin Miners Exposed Online via Telnet Ports, Without Passwords
https://www.bleepingcomputer.com/news/security/nearly-3-000-bitcoin-miners-exposed-online-via-telnet-ports-without-passwords/

Guerrilla Threat Modelling (or ‘Threat Modeling’ if you’re American)
https://blogs.msdn.microsoft.com/ptorr/2005/02/22/guerrilla-threat-modelling-or-threat-modeling-if-youre-american/

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

 

Computer Security, Links and Resources (5)

Previous Post
Next Post

Adventures in Video Conferencing Part 4: What Didn’t Work Out with WhatsApp
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-4.html

Critical vulnerability in Grin 1.0.1 and older (fixed in 1.0.2)
https://www.grin-forum.org/t/critical-vulnerability-in-grin-1-0-1-and-older-fixed-in-1-0-2/4343

Unless you want your payment card data skimmed, avoid these commerce sites
https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-steals-payment-card-data/

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PC
https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/

Ten Malicious Libraries Found on PyPI – Python Package Index
https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/

A Method for Obtaining Digital Signatures and Public-Key Cryptosystems
https://people.csail.mit.edu/rivest/Rsapaper.pdf

mXtract – Memory Extractor & Analyzer
https://www.kitploit.com/2019/03/mxtract-memory-extractor-analyzer.html

Researchers trick Tesla Autopilot using stickers on the road
https://www.freightwaves.com/news/technology/researchers-trick-tesla-autopilot

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

 

Computer Security, Links and Resources (4)

Previous Post
Next Post

New and old posts.

Extracting TREZOR Secrets from SRAM
http://saleemrashid.com/2017/08/17/extracting-trezor-secrets-sram/

How Android Fought an Epic Botnet – and Won
https://www.wired.com/story/google-android-chamois-botnet

Performing Concolic Execution on Cryptographic Primitives
https://blog.trailofbits.com/2019/04/01/performing-concolic-execution-on-cryptographic-primitives/

Cryptography That Can’t Be Hacked
https://www.quantamagazine.org/how-the-evercrypt-library-creates-hacker-proof-cryptography-20190402/

Ghidra
https://ghidra-sre.org/
A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission

Hackers Can Take Control of Siri and Alexa By Whispering To Them in Frequencies Humans Can’t Hear
https://apple.slashdot.org/story/17/09/06/2026247/hackers-can-take-control-of-siri-and-alexa-by-whispering-to-them-in-frequencies-humans-cant-hear

The Equifax Breach Exposes America’s Identity Crisis
https://www.wired.com/story/the-equifax-breach-exposes-americas-identity-crisis

Universal Second Factor
https://en.wikipedia.org/wiki/Universal_2nd_Factor

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Computer Security, Links and Resources (3)

Previous Post
Next Post

My $169 development Chromebook
https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/
How Chrome OS, Termux, YubiKey & Duo Mobile make for great usable security

EverCrypt: A Verified Crypto Provider Engineered for Agile, Multi-Platform Performance
https://github.com/project-everest/hacl-star/blob/fstar-master/README.EverCrypt.md

The EverCrypt verified cryptographic provider
https://jonathan.protzenko.fr/2019/04/02/evercrypt-alpha1.html

What the Eff is 2FA?
https://medium.com/shapeshift-stories/what-the-eff-is-2fa-57e1798e88dd

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
https://snyk.io/blog/malicious-remote-code-execution-backdoor-discovered-in-the-popular-bootstrap-sass-ruby-gem/

Detect pressed keys via microphone audio capture in real-time
https://twitter.com/feross/status/1068038193868460032

It took DEF CON hackers minutes to pwn these US voting machines
https://www.theregister.co.uk/AMP/2017/07/29/us_voting_machines_hacking/

A short history of cyber espionage
https://medium.com/threat-intel/cyber-espionage-spying-409416c794ec

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Computer Security, Links and Resources (2)

Previous Post
Next Post

Privilege Escalation in Ubuntu Linux (dirty_sock exploit)
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html

Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/

Extracting a 19 Year Old Code Execution from WinRAR
https://research.checkpoint.com/extracting-code-execution-from-winrar/

Interlace: A Productivity Tool For Pentesters and Bug Hunters – Automate and Multithread Your
https://medium.com/@hakluke/interlace-a-productivity-tool-for-pentesters-and-bug-hunters-automate-and-multithread-your-d18c81371d3d

Quantum Cryptography Market 2019 Industry Size, Trends, Opportunity, Global Growth, Insights and Forecast Research Report 2023
https://risreport.com/01/15/06/quantum-cryptography-market-2019-industry-size-trends-opportunity-global-growth-insights-and-forecast-research-report-2023/

Hackers’ Own Tools Are Full of Vulnerabilities
https://motherboard.vice.com/en_us/article/59pvp8/hackers-own-tools-are-full-of-vulnerabilities

BlackHat 2017: Multi-Stage Attack Targeting Container Developers, Presented by Aqua
http://blog.aquasec.com/host-rebinding-and-shadow-containers-at-blackhat-2017

Tracking desktop ransomware payments
https://www.blackhat.com/docs/us-17/wednesday/us-17-Invernizzi-Tracking-Ransomware-End-To-End.pdf

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Computer Security, Links and Resources (1)

Next Post

Old and new resources, about computer security:

Experts Recover AES256 Encryption Key From a PC’s Electromagnetic Emissions
https://www.bleepingcomputer.com/news/security/experts-recover-aes256-encryption-key-from-a-pcs-electromagnetic-emissions/

Critical Vulnerability in JSON Web Encryption
https://auth0.com/blog/critical-vulnerability-in-json-web-encryption/

Differential Fault Attacks on Elliptic Curve Cryptosystems
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.107.3920&rep=rep1&type=pdf

Hackers’ Own Tools Are Full of Vulnerabilities
https://motherboard.vice.com/en_us/article/59pvp8/hackers-own-tools-are-full-of-vulnerabilities

Massive Database Leak Gives Us a Window into China’s Digital Surveillance State
https://www.eff.org/deeplinks/2019/03/massive-database-leak-gives-us-window-chinas-digital-surveillance-state

New TLS Padding Oracles
https://github.com/RUB-NDS/TLS-Padding-Oracles

@try_to_hack Makes History as First Bug Bounty Hacker to Earn Over $1 Million
https://www.hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million

How one teenager is making millions by hacking legally
https://www.bbc.com/news/av/technology-47407609/how-one-teenager-is-making-millions-by-hacking-legally

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez