Week 21 In Review – 2015

Resources

  • Inside Yubikey Neo – hexview.com
    Yubikey Neo is a $50 authentication token (with bells and whistles) from Yubico. Yubico advertizes it as “practically indestructible”. The product security section also claims that the device comes in a “tamper-proof casing” that is “practically impossible to tamper”.
  • Cipherli.st – cipherli.st
    Strong Ciphers for Apache, nginx and Lighttpd. These examples are meant for sysadmins who have done this before (and sysadmins are forced to support Windows XP with IE < 9, therefore des3cbc), as an easily copy-pastable example, not for newbies who have no idea what all this means.
  • Changes to Export Control Arrangement Apply to Computer Exploits and More – cyberlaw.stanford.edu
    The recent changes include adding two new classes of export-regulated software to the dual use provision regulations:Intrusion software and IP network surveillance systems.

Tools

  • ThunderGate – thundergate.io
    ThunderGate is a collection of tools for the manipulation of Tigon3 Gigabit Ethernet controllers, with special emphasis on the Broadcom NetLink 57762, such as is found in Apple Thunderbolt Gigabit Ethernet adapters.
  • PlugBot-Plug – github.com
    The “bot” component of the PlugBot project. PlugBot project is a security research project by RedTeam Security, led by Jeremiah Talamantes.
  • LaZagne – github.com
    Credentials recovery project. The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.

Vulnerabilities

Other News

  • St. Louis Federal Reserve Suffers DNS Breach – krebsonsecurity.com
    The St. Louis Federal Reserve sent a message to those it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution.
  • Security Researchers Wary of Proposed Wassenaar Rules – threatpost.com
    Professional security researchers concerned about proposed changes to the Computer Fraud and Abuse Act (CFAA) that include stiff penalties for what today is considered legitimate offensive research, are worried about another impending punch to the gut.

    • The international rules that have the security world on alert – ww.theverge.com
      For years, activists and governments alike have been lobbying for more controls on spyware and the research that fuels it. At the same time, security researchers have warned that export controls on vulnerability research would mean regulating the flow of information.

Leave A Comment