Week 1 In Review – 2015

Resources

  • Index of /projects/media.ccc.de/congress/2014/h264-hd/ – mirror.us.oneandone.net
    Index of 31c3 congress videos are available here. You can watch and download the videos from here.

    • 31C3: a new dawn – media.ccc.de
      You can browse and watch all the videos of 31c3 congress from here.
  • World’s Biggest Data Breaches – informationisbeautiful.net
    interactive ‘Balloon Race’ code of World’s Biggest Data Breaches powered by VIZSweet. Selected losses greater than 30,000 records!
  • MyToolZ – aluigi.altervista.org
    A tools archive containing open source programs created by Luigi Auriemma for fun or requirement. All his tools (except rare cases) work from the console (aka command-line tools).
  • Thunderstrike — Trammell Hudson’s Projects – trmm.net
    Thunderstrike is the name for the Apple EFI firmware security vulnerability that allows a malicious Thunderbolt device to flash untrusted code to the boot ROM. In this presentation Trammell Hudson demonstrates the installation of persistent firmware modifications into the EFI boot ROM of Apple’s popular MacBooks.

Vulnerabilities

  • 4G Security: Hacking USB Modem and SIM Card via SMS – blog.ptsecurity.com
    Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as well as to access a subscriber account on a mobile operator portal. The team presented their reports on the topic at the PacSec 2014 (Tokyo) and the 31C3 (Hamburg). In this article, they will give you the digest of this research.
  • Analyzing The WordPress SoakSoak Favicon Backdoor – blog.sucuri.net
    This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. The author Denis Sinegubko also provide webmasters a complete mitigation plan.
  • Think that software library is safe to use? Not so fast! – itworld.com
    The major patching efforts triggered by the Heartbleed, Shellshock and POODLE flaws this year serve as examples of the effect of critical vulnerabilities in third-party code. Similar flaws have been found in libraries such as OpenSSL, LibTIFF, libpng, OpenJPEG, FFmpeg, Libav and countless others, and these have made their way into thousands of products over the years.

Other News

  • Inside the NSA’s War on Internet Security – spiegel.de
    US and British intelligence agencies undertake every effort imaginable to crack all types of encrypted Internet communication. The cloud, it seems, is full of holes. The good news: New Snowden documents show that some forms of encryption still cause problems for the NSA.

    • That Spiegel NSA story is activist nonsense – blog.erratasec.com
      Yet again activists demonstrate they are less honest than the NSA. Der Spiegel has released more documents about the NSA this week. in this Der Spiegel article, where the TUNDRA item is distorted into order to convince the reader that the NSA is doing something evil.

One Comment

  1. Week 1 In Review – 2015 | infopunk.org January 5, 2015 at 5:00 pm

    […] post Week 1 In Review – 2015 appeared first on Infosec […]

Leave A Comment