Security is een ambacht, hackers zijn vaak hun hele leven al bezig om systemen en applicaties te testen, maar evenals bij een goede ICT beheerder is een kenmerk van een hacker dat men liever routineuze taken zal automatiseren (scripten).
In de begindagen van het web hadden hackers veelal hun eigen collecties van scripts en werden deze scripts vaak via bulletin boards of forums onderling uitgewisseld.
Echter al snel bleek het veel efficienter om deze scripts te bundelen en daaruit ontstonden heuse hacking frameworks, een van de bekendste daarvan zijn Metasploit en OpenVAS.

De gereedschapskist van de hacker | Workshop Security en Privacy.

The software first brute forces an icloud username / password, then tricks icloud into thinking your device is the target device and finally performs a full restore to your device.
This software is supposed to be for law enforcement, but can be bought and downloaded by anyone. There are also illegal copies to be found.

The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud | Threat Level | WIRED.

In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an “all-clear” image to the operator even when contraband was detected

via Researchers find security flaws in backscatter X-ray scanners – ScienceBlog.com.

This was demonstrated on German TV in 2009, but better late than never guys!

The United Parcel Service announced Wednesday that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised. There are 4,470 franchised center locations throughout the U.S., according to UPS.

via UPS: We’ve Been Hacked – TIME.

So you don’t know when UPS found out about the hack, but if it’s been fighting the fight since January 20, it’s been a bit long in handing over customer data to the hackers.

Turns out that huge amounts of them are apt to input validation and SSL hacks.
This is caused by poor programming practices, which the government does better at avoiding than private companies.

Banking apps: Handy, can grab all your money… and RIDDLED with coding flaws • The Register.

The lights use a wireless radio at 900MHz or 5.8GHz to transmit data to each other. They are all on the same subnet. Entering the network doesn’t require a password and the data is unencrypted. The controller for a network has a debug port opened by default. It’s thus easy to get into the controller and send your own commands. Then you can change lights and control cameras!

Researchers find it’s terrifyingly easy to hack traffic lights | Ars Technica.

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

via Extracting audio from visual information | MIT News Office.

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic.

via Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products.