Week 22 In Review – 2016

Events Related

Resources

Tools

Practical Malware Analysis Starter Kit – bluesoul.me
This package contains most of the software referenced in Practical Malware Analysis. Some of the links have broken over time, some companies have folded or been bought.

Techniques

Practical Reverse Engineering Part 3 – Following the Data – jcjc-dev.com
The best thing about hardware hacking is having full access to very bare metal, and all the electrical signals that make the system work. With ingenuity and access to the right equipment we should be able to obtain any data we want.

Vulnerabilities

Observations and thoughts on the LinkedIn data breach – www.troyhunt.com
The LinkedIn hack of 2012 which wethought had “only” exposed 6.5M password hashes (not even the associated email addresses so in practice, useless data), was now being sold on the dark web. It was allegedly 167 million accounts and for a mere 5 bitcoins (about US$2.2k) you could jump over to the Tor-based trading site, pay your Bitcoins and retrieve what is one of the largest data breaches ever to hit the airwaves.

Other News

Life is Better without Username Reuse (email aliases FTW!) – blog.jeremiahgrossman.com
Facebook, LinkedIn, Amazon, PayPal, Yahoo, Google. We keep accounts with many of these websites. They and many others use email addresses as the first half of the classic username and password combo. They do this because email addresses are unique and double as a reasonably secure communication channel with the user.

FBI raids dental software researcher who discovered private patient data on public server – www.dailydot.com
Once again, a security researcher has found himself facing possible prosecution under a federal statute known as the Computer Fraud and Abuse Act (CFAA). His crime, according to a dental-industry software company, was accessing what had been left publicly available on the open Internet.