Hack Naked News 109 January 31 2017
Hack Naked News #109
Recorded January 31, 2017 at G-Unit Studios in Rhode Island!
ITPro.TV Annoucenment: "Upcoming courses include Cybersecurity Analyst+, CCNA Cyber Ops, ITIL Operational Support and Analysis, and Microsoft System Center. ITProTV is introducing a new membership level soon. All current Premium Members will be granted the highest membership level available, so sign up today! Visit itpro.tv/hacknaked and use code HN30."
- InfoSecWorld - Your 10% off discount code to promote to your members is OS17-SW. This will give them 10% off the main conference or the World Pass.
- 2017 SOURCE Boston Proposal - Code SECURITYWEEKLY for $100 off either a conference ticket or one of the trainings. The early bird prices are currently in effect, but they can get an additional discount by using your code.
- Charity Event Shaves that Save at the RSA Conference 6:00 pm - 8:00pm PT on Wednesday, Feb 15, 2017 At the RSA Conference Moscone Center South, Gateway Ballroom / Viewing Room To register / more details: https://www.stbaldricks.org/events/infosecshaves2017
- Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass - A security researcher at Trustwave discovered an authentication disclosure vulnerability in 20 different model Netgear routers. Simon Kenin analyzed some exploits released in 2014 and eventually figured out that with just one request to the web administration interface the routers would reveal the password. The flaw was part of the password recovery functionality in the associated firmware. CVE-2017-5521 Simon's post is a great read, detailing how one of the web application's server-side scripts ignored any passed parameters and simply returned the current admin password. After a long disclosure process Netgear has release firmware updates to correct this issue.
- Forgot your GitHub password? Facebook cooks up spec to reset logins via social network - Facebook has published an open specification for password recovery. Sources state that password recovery methods that use email and cell phone SMS messages to recover your password are insecure, because someone could already have access to your email or have stolen your phone. The solution? Provide Facebook with a token, so when you forget or lose your password to another service, you can log into Facebook and recover that service's account. I fail to see how your Facebook account is any more or less secure than your email or cell phone, but I digress. On the up side, Facebook has implemented two-factor authentication using the U2F open standard, which I've tested and really like. At least thats a step in the right direction. This program is currently being tested with GitHub.
- Ransomware Shut Down Most Washington Surveillance Cameras - Ransomware disabled 183 security cameras, and the presidential inauguration web site, earlier this month. Ransom was demanded, however officials chose to wipe all of the equipment and re-install all of the software rather than pay the ransom. No word on how these systems got infected, but lets hope they changed the default passwords.
- Want to bring down that pesky drone? Try the power of sound - Similar to how a wine glass will break when playing sounds at a certain frequency, the same can be done to take down a drone. Be sending sound waves inaudible to humans, researchers have figured out a way to disrupt drones. In a talk at Enigma 2017 Yongdae Kim, professor in the Korea Advanced Institute of Science and Technology’s Graduate School of Information Security, showed how active and passive sensors can be hacked by simple laser pointer or speakers set on just the right frequency. Thankfully this is fairly easy to block. as you can simply cover the transparent sections of the device in masking tape.