Resources

  • House of Keys: 9 Months later… 40% Worse – blog.sec-consult.com
    In our initial study we analyzed SSH host key use as well. Unfortunately there is no recent scan data on SSH host keys available (however there is a ticket over at the awesome ZMap project).

Tools

  • FaceWhisperer – github.com
    FaceWhisperer is a hardware add-on for the ChipWhisperer side-channel analysis tool, for working with devices that primarily communicate over USB.
  • What is RFtap? – rftap.github.io
    RFtap is a simple protocol designed to provide Radio Frequency (RF) metadata about packets

Techniques

  • Snagging creds from locked machines – room362.com
    Basically the capturing is done with Laurent Gaffié’s Responder so you need to find a way to get Responder onto the device.
  • NexMon
    NexMon is a firmware patching framework for the BCM4339 WiFi firmware of Nexus 5 smartphones. It’s main intension was to enable monitor mode and frame injection, which is already working quite well.

Vulnerabilities

  • Google Hacker Finds Way To Exploit Yet Another ‘Stagefright’ Bug – motherboard.vice.com
    Last summer, a security researcher found that a series of bugs in a core part of the Android operating system could be abused to hack users with a simple multimedia message, potentially giving hackers full control of the phone before the target even saw the message notification.

Other News

  • Hacking Your Phone – www.cbsnews.com
    Sharyn Alfonsi reports on how cellphones and mobile phone networks are vulnerable to hacking
  • Announcing the First Federal Chief Information Security Officer – www.whitehouse.gov
    In February, President Obama announced a Cybersecurity National Action Plan (CNAP) that takes a series of short-term and long-term actions to improve our cybersecurity posture within the Federal Government and across the country.