Daily Archives: February 1, 2018

Can’t login to Skype? You’re not alone. Chat app’s been a bit crap for five days now

Posted on by

A bunch of Skype users are unhappy that they’re been unable to sign into the VoIP service for several days.The yakkity-yak app has fallen flat since January 24, leaving a number of punters with two-factor authentication enabled unable to get back into the software after signing out.”Skype users who are signed in are not affected,” Reg reader C. F. Heyns told us today. “Anyone signing out has almost no chance of getting back in.”

Source: Can’t login to Skype? You’re not alone. Chat app’s been a bit crap for five days now • The Register

Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks

Posted on by

ash machines in the US are being hacked to spew hundreds of dollar bills – a type of theft dubbed “jackpotting” because the ATMs look like slot machines paying out winnings.A gang of miscreants have managed to steal more than $1m from ATMs using this attack, according to a senior US Secret Service official speaking to Reuters on Monday.Typically, crooks inject malware into an ATM to make it rapidly dole out large sums of money that doesn’t belong to the thieves. Anyone aware of the work by security researcher Barnaby Jack – who almost 10 years ago revealed various ways to force cash machines to cough up cash on demand – will know of jackpotting.

[…]

Since 2013, if not earlier, Ploutus has been a favorite of Mexican banditos raiding cash machines, as previous Reg stories document. Viewed from this perspective, the main surprise today is that it’s taken so long for the scam to surface north of the border, moving from Mexico to the United States.

To get Ploutus into an ATM, the crooks have to gain physical access to the box’s internals to swap its computer hard drive for an infected one. Once the disk is in place and the ATM rebooted, the villains have full control over the device, allowing them to order it to dispense the contents of its cartridges of dollar bills.

Source: Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks • The Register

Maybe you should’ve stuck with NetWare: Hijackers can bypass Active Directory controls

Posted on by

“The idea of a rogue domain controller is not new and has been mentioned multiple times in previous security publications but required invasive techniques (like installing a virtual machine with Windows Server) and to log on a regular domain controller (DC) to promote the VM into a DC for the targeted domain.”That’s easily spotted, so Delsalle wrote that the attack described by Delpy and Le Toux has to “modify the targeted AD infrastructure database to authorise the rogue server to be part of the replication process.”

Source: Maybe you should’ve stuck with NetWare: Hijackers can bypass Active Directory controls • The Register

UK.gov mass data slurping ruled illegal – AGAIN

Posted on by

In a judgment handed down this morning, judges backed a challenge brought by deputy Labour leader Tom Watson in a long-running battle against state surveillance rules.These laws allow for ISPs and telcos to retain communications data for up to a year and for public authorities to get access to this information. But campaigners have argued it fails to properly restrict this retention and access.Today’s ruling refers to the Data Retention and Investigatory Powers Act, which expired at the end of 2016, but will have significant implications for its successor, the Investigatory Powers Act.The so-called Snoopers’ Charter was already under pressure following a landmark 2016 ruling from the Court of Justice of the European Union, and today’s judgment adds weight to this.In the document, the judges also note: “As [Ben] Jaffey QC, on behalf of the first respondent, pointed out in the course of his oral submissions, that the fact that DRIPA has been repealed does not make this a pointless exercise”.Their ruling was that DRIPA “was inconsistent with EU law” because it did not limit access to retained communications data solely to the purpose of fighting serious crime.It also broke the law because police forces and public authorities could themselves grant access to retained data – rather than access being subject to prior review by a court or an independent administrative authority.

Source: UK.gov mass data slurping ruled illegal – AGAIN • The Register

Especially the last bit: rather than access being subject to prior review by a court or an independent administrative authority.

Come on! How hard is it to ask a judge after proving some sort of probable cause? It’s investigation that gets the bad guys. Not being a police state.

AutoSploit searches shodan for weak machines and metasploit to hack them for you

Posted on by

https://github.com/NullArray/AutoSploitAs the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache, IIS, etc, upon which a list of candidates will be retrieved.

After this operation has been completed the ‘Exploit’ component of the program will go about the business of attempting to exploit these targets by running a series of Metasploit modules against them. Which Metasploit modules will be employed in this manner is determined by programatically comparing the name of the module to the initial search query. However, I have added functionality to run all available modules against the targets in a ‘Hail Mary’ type of attack as well.

The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured through the dialog that comes up before the ‘Exploit’ component is started.

https://github.com/NullArray/AutoSploit

Stupid Truck Driver Drove Right Over the Nazca Lines

Posted on by

Argentine newspaper Clarín reports that the driver said he didn’t know the area because he had never traveled there before and that he left the road because of a mechanical problem. The newspaper speculated that the driver actually drove off the Pan-American Highway to avoid paying a toll.

Flores Vigo left tire tracks in a football field-sized area of the geoglyphs, damaging three of them. Peruvian authorities released him, as they didn’t have evidence that he’d done it intentionally.
[…]
Artists from pre-Hispanic Peruvian societies between 500BC and 500AD created the massive drawings by removing the top layer of darker rock to reveal the lighter earth below, according to UNESCO. The dry desert environment has allowed the markings to remain for 2,000 years.

This isn’t the first time stupidity has led to someone damaging the lines. Greenpeace performed a stunt back in 2014 in which they laid large pieces of yellow cloth on the lines. I ignore Greenpeace canvassers on the street to this day, for this reason.

Source: Stupid Truck Driver Drove Right Over the Nazca Lines