Difference between revisions of "Template:PSWPaul630"

From Paul's Security Weekly
Jump to: navigation, search
Line 10: Line 10:
 
#[https://mashable.com/article/amazon-alexa-echo-fleshlight/ Bloomberg accidentally created an Alexa Fleshlight and oh my gawd] - Okay, relax everyone, it's an ear. That's they, er, uh, wrong security hole?
 
#[https://mashable.com/article/amazon-alexa-echo-fleshlight/ Bloomberg accidentally created an Alexa Fleshlight and oh my gawd] - Okay, relax everyone, it's an ear. That's they, er, uh, wrong security hole?
 
#[https://www.inc.com/scott-mautz/4-steps-to-communicate-anything-clearly-according-to-a-scientist-who-teaches-quantum-physics-to-kids.html 4 Steps to Communicate Anything Clearly, According to a Scientist Who Teaches Quantum Physics to Kids] - I love 1, 2 and 4. #3 would not fly for most audiences we present to, but again depends on the audience.
 
#[https://www.inc.com/scott-mautz/4-steps-to-communicate-anything-clearly-according-to-a-scientist-who-teaches-quantum-physics-to-kids.html 4 Steps to Communicate Anything Clearly, According to a Scientist Who Teaches Quantum Physics to Kids] - I love 1, 2 and 4. #3 would not fly for most audiences we present to, but again depends on the audience.
#[https://isc.sans.edu/diary.html?storyid=25582 InfoSec Handlers Diary Blog]
+
#[https://isc.sans.edu/diary.html?storyid=25582 InfoSec Handlers Diary Blog - Integrating Pi-hole Logs in ELK with Logstash] - I mean, because, why not? This is really great.
 
#[https://securityaffairs.co/wordpress/94856/malware/pyxie-rat.html New PyXie Python RAT targets multiple industries]
 
#[https://securityaffairs.co/wordpress/94856/malware/pyxie-rat.html New PyXie Python RAT targets multiple industries]
 
#[https://null-byte.wonderhowto.com/how-to/use-hash-identifier-determine-hash-types-for-password-cracking-0200447/ Use Hash-Identifier to Determine Hash Types for Password Cracking]
 
#[https://null-byte.wonderhowto.com/how-to/use-hash-identifier-determine-hash-types-for-password-cracking-0200447/ Use Hash-Identifier to Determine Hash Types for Password Cracking]

Revision as of 21:54, 12 December 2019

  1. Your Smart Christmas Lights Are Safer Than They Were Last Year - There is hope for IoT security! (and I own these lights, and hopefully the new version...or maybe hopefully the old version so I can more easily hack my Christmas tree): The good news is that researchers at Pen Test compared tests they did on the Twinkly lights (from the manufacturer LEDWORKs) last year to the new version of the lights released for the 2019 holiday season and found most of the issues to be solved. LEDWORKS replaced the ESP8266 module with the slightly more secure ESP32, which researchers mentioned in their public research about the security of the lights last year was a better option than the one already in the product.
  2. Exploring Legacy Unix Security Issues | Liquidmatrix Security Digest
  3. Intels SGX coughs up crypto keys when scientists tweak CPU voltage - 'By subtly increasing or decreasing the current delivered to a CPU—operations known as "overvolting" and "undervolting"—a team of scientists has figured out how to induce SGX faults that leak cryptographic keys, break integrity assurances, and potentially induce memory errors that could be used in other types of attacks. The breakthrough leading to these attacks was the scientists' ability to use previous research into the undocumented model-specific register inside the x86 instruction set to abuse the dynamic voltage scaling interface that controls the amount of voltage used by a CPU. Also noteworthy is surgically controlling the voltage in a way that introduces specific types of attacks.
  4. Russian police raid NGINX Moscow office | ZDNet
  5. Reusing Cookies
  6. Consumers not willing to compromise when it comes to IoT security - Help Net Security - It's one thing to say in a survey that you care about the security of your IoT devices, but another when you are actually shopping and realize that a device with the same functionality can be purchased for 75% cheaper than the "secure" one.
  7. AirDoS: Hackers Can Block iPhones, iPads Via AirDrop Attack | SecurityWeek.Com - Annoying: Bagaria discovered that an attacker can use the AirDoS attack to “infinitely spam” all nearby iPhones and iPads with an AirDrop popup. The dialog box will keep appearing on the screen regardless of how many times the user presses the Accept or Decline buttons. The attack will continue even after the user locks and unlocks the device.
  8. Shenzhen's Homegrown Cyborg
  9. How Hackers Are Breaking Into Ring Cameras - Enable two-factor, this is just a password spraying/guessing attack. The tools being traded and sold also sound really lame (and probably have backdoors put in by the authors).
  10. Bloomberg accidentally created an Alexa Fleshlight and oh my gawd - Okay, relax everyone, it's an ear. That's they, er, uh, wrong security hole?
  11. 4 Steps to Communicate Anything Clearly, According to a Scientist Who Teaches Quantum Physics to Kids - I love 1, 2 and 4. #3 would not fly for most audiences we present to, but again depends on the audience.
  12. InfoSec Handlers Diary Blog - Integrating Pi-hole Logs in ELK with Logstash - I mean, because, why not? This is really great.
  13. New PyXie Python RAT targets multiple industries
  14. Use Hash-Identifier to Determine Hash Types for Password Cracking
  15. 20 VPS providers to shut down on Monday, giving customers two days to save their data | ZDNet
  16. Scientists Crack Longest, Most Complex Encryption Key Ever
  17. Feedly: organize, read and share what matters to you.