Skip to main content

HITB2014AMS

Hacker uses open source to replicate NSA spy tools

posted onJune 10, 2014
by l33tdawg

Thanks to hacker Michael Ossmann, you can now build gadgets like the National Security Agency uses to intercept communications from the comfort of your own home.

Ossmamnn, a prolific engineer who specializes in wireless Internet security and is widely known for the open source HAckRF, Ubertooth and Dashio projects, was curious about the NSA’s ANT catalog leaked by fugitive Edward Snowden. He decided to do something about it.

Botnets coming soon to a smart home or automated building near you

posted onJune 5, 2014
by l33tdawg

At Hack in the Box (HITB) security conference in Amsterdam, Steffen Wendzel, head of Fraunhofer FKIE, presented "Alice's Adventures in Smart Building Land – Novel Adventures in a Cyber Physical Environment"(pdf). This wasn't "just" weaponizing your coffee pot. Brace yourself because Wendzel warned that a new class of botnet is coming. In fact, smart building botnets won’t be used for boring things like denial-of-service attacks or even refrigerators sending spam.

Global Mobile Roaming Hub Accessible From the Internet and Vulnerable, Researchers Find

posted onJune 4, 2014
by l33tdawg

The GPRS Roaming Exchange (GRX) network, which carries roaming traffic among hundreds of mobile operators worldwide, contains Internet-reachable hosts that run vulnerable and unnecessary services, recent security scans reveal.

The scans were performed over a period of several months by Stephen Kho and Rob Kuiters, a penetration tester and an incident response handler from KPN, the largest telecommunications provider in the Netherlands.

New attack methods can 'brick' systems, defeat Secure Boot, researchers say

posted onJune 3, 2014
by l33tdawg

The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher.

At the Hack in the Box 2014 security conference in Amsterdam, Corey Kallenberg, a security researcher from nonprofit research organization Mitre, also showed Thursday that it's possible to render some systems unusable by modifying a specific UEFI variable directly from the OS, an issue that could easily be exploited in cybersabotage attacks.

Vessel-tracking system vulnerable to denial-of-service, other attacks, researchers say

posted onJune 2, 2014
by l33tdawg

Inexpensive equipment can be used to disrupt vessel-tracking systems and important communications between ships and port authorities, according to two security researchers.

During the Hack in the Box conference in Amsterdam Thursday, Marco Balduzzi, a senior research scientist at Trend Micro, and independent security researcher Alessandro Pasta described three new attacks against the Automatic Identification System (AIS), which is used by over 400,000 ships worldwide.

Researcher to Show Off Cable TV Channel Hijack at #HITB2014AMS

posted onMay 26, 2014
by l33tdawg

The fifth annual HITB Security Conference in Amsterdam kicks off this week and prominent security researcher Rahul Sasi is scheduled to present a way to allow you to hijack a cable TV channel and broadcast your own content - just like in the movies! From his talk abstract:

The talk will have various small demos that will include,