Thanks to hacker Michael Ossmann, you can now build gadgets like the National Security Agency uses to intercept communications from the comfort of your own home.
Ossmamnn, a prolific engineer who specializes in wireless Internet security and is widely known for the open source HAckRF, Ubertooth and Dashio projects, was curious about the NSA’s ANT catalog leaked by fugitive Edward Snowden. He decided to do something about it.
At the Hack in the Box security conference in Amsterdam, ERNW security researchers Enno Rey, Felix Wilhelm, and Matthias Luft presented Compromise-as-a-Service: Our PleAZURE (pdf).
At Hack in the Box (HITB) security conference in Amsterdam, Steffen Wendzel, head of Fraunhofer FKIE, presented "Alice's Adventures in Smart Building Land – Novel Adventures in a Cyber Physical Environment"(pdf). This wasn't "just" weaponizing your coffee pot. Brace yourself because Wendzel warned that a new class of botnet is coming. In fact, smart building botnets won’t be used for boring things like denial-of-service attacks or even refrigerators sending spam.
The GPRS Roaming Exchange (GRX) network, which carries roaming traffic among hundreds of mobile operators worldwide, contains Internet-reachable hosts that run vulnerable and unnecessary services, recent security scans reveal.
The scans were performed over a period of several months by Stephen Kho and Rob Kuiters, a penetration tester and an incident response handler from KPN, the largest telecommunications provider in the Netherlands.
The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher.
At the Hack in the Box 2014 security conference in Amsterdam, Corey Kallenberg, a security researcher from nonprofit research organization Mitre, also showed Thursday that it's possible to render some systems unusable by modifying a specific UEFI variable directly from the OS, an issue that could easily be exploited in cybersabotage attacks.
Inexpensive equipment can be used to disrupt vessel-tracking systems and important communications between ships and port authorities, according to two security researchers.
During the Hack in the Box conference in Amsterdam Thursday, Marco Balduzzi, a senior research scientist at Trend Micro, and independent security researcher Alessandro Pasta described three new attacks against the Automatic Identification System (AIS), which is used by over 400,000 ships worldwide.
The fifth annual HITB Security Conference in Amsterdam kicks off this week and prominent security researcher Rahul Sasi is scheduled to present a way to allow you to hijack a cable TV channel and broadcast your own content - just like in the movies! From his talk abstract:
The talk will have various small demos that will include,
L33tdawg: Anthony/s presentation abstract is here.
Claims to generate boarding passes with Apple Passbook.A security boffin claims to have developed a method to score free flights across Europe by generating fake boarding passes designed for Apple's Passbook app.
For the third year in a row Sogeti organizes the social engineering challenge during Hack In The Box Amsterdam.
In 2012 and 2013 they asked contestants to show weaknesses in the top 100 Dutch organizations. This year, the challenge has a twist!
L33tdawg: We've got a fully packed line up with some really awesome content and if you haven't already registered, now might be a good time to do so as late registration rates start in April. You can register online here.
