Digital Attack Map.

With instructional sales video

http://www.theregister.co.uk/2013/09/16/tampered_pos_market_surfaces/

You do need shell access for a user that has sudo’d before, but still, easy way to get root.

http://arstechnica.com/security/2013/08/unpatched-mac-bug-gives-attackers-super-user-status-by-going-back-in-time/

In normal situations, when a call or SMS is sent over the network, a cellular tower “pages” nearby devices to find the one that should receive it. Normally, only the proper phone will answer—by, in effect, saying “It’s me,” as Seifert puts it. Then the actual call or SMS goes through.

The rewritten firmware can block calls because it can respond to paging faster than a victim’s phone can. When the network sends out a page, the modified phone says “It’s me” first, and the victim’s phone never receives it.

“If you respond faster to the network, the network tries to establish a service with you as an attacker,”

via Software Update to $20 Phones Could Topple 2G Cell Networks | MIT Technology Review.

The researchers managed to control an $80 million 210 foot yacht using a cheaply built spoofer. Aircraft were a definite possible target too.

EXCLUSIVE: GPS flaw could let terrorists hijack ships, planes | Fox News.

A US company called Emerging Objects researches different materials to use in 3D printers, apart from plastic. So far they can use paper, salt, cement polymer, nylon, wood and acrylics.

emerging objects » Materials.

Just like Red October this has been going on for a long time and the antivirus / malware community has been caught with their pants down. They did this by sunberting TeamViewer. They were detected because after 10 years of impunity, the team has been getting sloppy. http://www.theregister.co.uk/2013/03/21/teamspy_cyber_espionage/

The researchers use a timing attack to break SSL

Lucky Thirteen: Breaking the TLS and DTLS Record Protocols.

This is supposed to work in almost any application on OSX. Oops.

rdar://13128709: OSX apps (TextEdit) crashing in spell-checker (I think)..

During the past five years, a high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations, gathering data and intelligence from mobile devices, computer systems and network equipment.

Kaspersky Lab’s researchers have spent several months analyzing this malware, which targets specific organizations mostly in Eastern Europe, former USSR members and countries in Central Asia, but also in Western Europe and North America.

It doesn’t seem to be a governmental attack, allthough the base code seems to be written by Chinese people and plugins by Russians. Someone out there has an awesome intelligence gathering capability!

The "Red October" Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies – Securelist.

Especially for entering passwords using your mouse this is a problem. 2 advertisers are known to use the expoit.

Internet Explorer tracks cursor even when minimised • The Register.

And this is why it’s a bad idea to store all of this data for 5 years. Are you looking, holland?

Two arrested for hacking personal data of 8.7 million phone users | ZDNet.

A useful summary:

Cleanly Restarting Your System

Used in sequence, some of these actions can be used to cleanly end processes, flush data to disk, unmount all file systems, and restart your computer. To perform this process, press and hold the Alt + SysRq key combination and – while holding the Alt and SysRq keys down — type the following keys in order, pausing for several seconds in between each key:

reisub

The mnemonic “Raising Elephants Is So Utterly Boring” is often used to remember this sequence. Here’s what each key does:

r – Puts the keyboard into raw mode, taking control of it away from the X server.
e – Sends the terminate signal to all processes, asking them to end gracefully.
i – Sends the kill signal to all processes, forcing them to end immediately.
s – Flushes data from your cache to disk.
u – Remounts all file systems read-only.
b – Reboots your computer.

More Commands

Here are some other actions you can perform with the magic SysRq key. To perform an action, press and hold the Alt + SysRq keys while typing the letter:

n – Resets the nice level (priority) of all high and realtime priority processes.
f – Calls oom_kill, which will kill a memory-hogging process.
o – Shuts off the computer.

Use the Magic SysRq Key on Linux to Fix Frozen X Servers, Cleanly Reboot, and Run Other Low-Level Commands – How-To Geek.

Burgemeester hackt kritische site | Webwereld.

He used the data he gained to strong arm political opponents.

So if your elected mayor is capable of doing this, then what makes you think all the drones and other political forces sitting on top of huge centralised databases won’t be capable of this… to much larger effect?

Thanks to The Open Organisation of Lockpickers (TOOOL) and their ISO Standard Emergency Pick Card,

there’s no need to worry! This handy lock-picking tool set will fit in your wallet next to your other cards and can be quickly snapped apart when a situation arises. After the tools have been removed you can put the tension wrenches in your wallet and put the lock picks on your key chain, ready for your next emergency.

via TOOOL Emergency Lock-Pick Card.

Basically he has thousands of accounts which show amazon products, which link to his amazon account. People click on the links and end up buying the products!

Daily Dot | A Pinterest spammer tells all.

Basically it comes down to implementing full disk encryption, creating an encrypted volume inside this with an easy password and a hidden encrypted volume with a hard password which people won’t bother to find. Then installing a tracker to find your laptop back if it gets stolen.

Three steps to properly protect your personal data – CSO Online – Security and Risk.

The PANIC Button – thinkl33t.

Basically SCADA systems are so poorly secured you can find their logins on Google. In a protest that people are uncovering vulnerabilities but the suppliers aren’t fixing the problem but rather trying to silence the exploiters entirely, this twitter account is posting links to loads of SCADA systems. So if you want to play with some systems, now is your chance 🙂

Someone unnumbered ntisec on Twitter.

How to Crack a Wi-Fi Network’s WPA Password with Reaver.

The CCC has published all the talks from the 28th Annual Chaos Communications Congress.

Watch all of the freshly published talks from 28c3 – Hack a Day.