Week 2 In Review – 2016

Events Related

• 32C3 Recap – Part1 – www.insinuator.net
  Every year a group of us are happy to use the holidays to travel to Hamburg to meet other people and learn something new at the 32C3.

Tools

• Kali NetHunter 3.0 Released – www.offensive-security.com
  NetHunter has been actively developed for over a year now, and  has undergone nothing short of a complete transformation since its last release. We’ve taken our time with v3.0, and the results are a complete overhaul of the NetHunter Android application, with a more polished interface and a fully functioning feature set.

Vulnerabilities

• Silent Circle Patches Modem Flaw That Exposes Blackphone to Attack – threatpost.com
  Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the device’s modem and perform any number of actions.

• R7-2015-23: Comcast XFINITY Home Security System Insecure Fail Open – community.rapid7.com
  By creating a failure condition in the 2.4 GHz radio frequency band, the Comcast XFINITY Home Security System fails open, with the base station failing to recognize or alert on a communications failure with the component sensors.

Other News

• Security Notification and Linode Manager Password Reset – blog.linode.com
  A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine.

• A Redaction Re-Visited: NSA Targeted “The Two Leading” Encryption Chips – theintercept.com
  On September 5, 2013, The Guardian, the New York Times and ProPublica jointly reported — based on documents provided by whistleblower Edward Snowden — that the National Security Agency had compromised some of the encryption that is most commonly used to secure internet transactions.

• Time Warner Cable to contact 320,000 customers about possible account compromise – www.csoonline.com
  The ISP first learned of the problem after the FBI contacted them about email addresses and passwords that might have been compromised.