From Security Weekly Wiki
Jump to navigationJump to search
1 byte added ,  16:33, 26 June 2014
== Larry's Stories ==
#[ - WiFi Anyone?] - [Larry] - Why does this keep happening? World Cup “corporate WiFi’ PSK shown on whiteboard in press picture. Really, stop writing this stuff down in plain sight, and then packing pictures for the media. Loose lips sink ships. This is not the first time we’ve seen this happen…Wildfire support FTP servers, wifi networks for press at baseball games...
#[ Paypal Mobile 2FA bypass] - [Larry] - nice write up and research by @quine and compadres at Duo Security into the investigation of the Paypal Mobile app. If your Paypal account is set up for 2FA, you can’t use the mobile app as it is unsupported….unless you burp it and set the flag for 2FA to false, then it chugs along just fine, including the ability to re-use session tokens to authorize multiple transactions. PayPal has not completely fixed the issue, but they have made it non-trivial to exploit.
#[ recovering Recovering iDevice device PINs] - [Larry] - ...and not how you’d think. This one uses a video recording, and analysis of hand motions. Of course camera angle and quality increased the recovery rate, use of a low quality Google Glass camera and 3meter distance, the recovery rate was still as high as 83% for a 4 digit pin. A good camera? 100% success rate at up to 44 meters (yeah, nearly 150 feet).
#[ Heathrow Express WiFi TOS] - [Larry] - Love it. Includes notification that HEX and others can monitor traffic, and that the user is responsible for their own security (or lack thereof). I wonder how many people actually read these things...

Navigation menu