HITB2015AMS

In the last few years, Pedram Hayati, founder of Australian IT company Security Dimension, has been developing a custom honeypot intelligence system called Smart Honeypot.

Honeypots - fake systems designed to look like the real thing - can be used for many different purposes. One of these is to determine what attackers are after, their capabilities and the tactics they use to achieve their goals, and this is why Hayati set up thirteen Smart Honeypots in different geographic regions of Amazon Web Services and Google Cloud (America, Europe, Asia and Oceania).

A Commerce Department standards body has released preliminary guidelines for masking the personal data of individuals captured by traffic sensors, speed cameras and other Internet-connected government systems.

Coincidentally, the publication came out the day a Spanish researcher demonstrated that any stalker can monitor the driving habits of customers patronizing dozens of European parking lots. An unnamed major provider of parking management systems allegedly has not been implementing typical security settings.

If you go down to the deep web today, you’ll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities.

Your NFC capable Android smartphone could be the newest weapon hackers use to steal money from the credit cards in your pocket, researchers find.  In a presentation at Hat In The Box Security Conference in Amsterdam, security researchers Ricardo J. Rodriguez and Jose Vila presented a demo of a real world attack, to which all NFC capable Android phones are vulnerable. This attack, delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from victims’ credit cards anytime the cards are near the victims' phone.

“Think beyond the edges, because the edges are where new things come,” urged Richard Theime in the opening keynote for Hat In The Box Haxpo in Amsterdam. The former priest gone author and futuristic technology guru is well known within the InfoSec community and considered a “father figure” of the hacking convention circuit, keynoting at events such as DefCon and BlackHat.

Enterprise resource planning systems are the unexplored continent of vulnerability research, in spite of the fact that these massive, critical business systems support the inner workings of many large corporations and IT organizations.

A recent run of bugs in SAP, and a presentation at this week’s Hack in the Box conference in Amsterdam, however, could turn the tide and open some eyes to ERP security issues.

Go online for five minutes. Visit a few webpages. How many pictures do you see?

With the media rich nature of the web, chances are your answer is in the hundreds. It is in this space the future of malicious cyber attacks could be embedded. In a presentation at Hack In The Box in Amsterdam, Net Square security researcher Saumil Shah demonstrated an updated method of his digital steganography project, Stegosploit, which involves embedding executable JavaScript code within an image to trigger a drive by download.

The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites.

The flaws could allow attackers to steal or manipulate text messages, contacts, Wi-Fi settings or the DNS (Domain Name System) configuration of affected modems, but also to execute arbitrary commands on their underlying operating systems. In some cases, the devices can be turned into malware delivery platforms, infecting any computers they're plugged into.

Security is an applied science. Security properties and secure design are only valid in the context of a particular application or environment. Similarly, hacking techniques and tools are only useful for exploiting specific types of vulnerabilities.

There’s been growing interest in car hacking in recent years, inspired by researchers showing off exploits in real vehicles, tinkering with Teslas, and uncovering glaring vulnerabilities in third party kit. But criminal hackers could vex drivers in other ways, such as compromising internet-connected, easily hackable parking management systems, according to Spanish researcher Jose Guasch.