TrustedSec Security Podcast Episode 17 for August 6, 2015. This podcast is hosted by Rick Hayes, Scott White and Alex Hamerstone.
Visit the show notes page to download the Podcast or check us out on iTunes!
Download Page https://www.trustedsec.com/podcasts/trustedsec-security-podcast-episode-17.mp3
XML Page https://www.trustedsec.com/podcasts/trustedsecsecuritypodcast.xml
Announcements:
Chaos Communication Camp
When: August 13- 17
Where: Ziegeleipark Mildenberg, Zehdenick, Germany,
https://events.ccc.de/camp/2015/wiki/Main_Page
Bsides Augusta
When: Sept 12, 2015
Where: Augusta, GA
http://www.securitybsides.com/w/page/92419092/BSidesAugusta%202015
Derbycon Training
When: September 23-24, 2015
Where: Louisville, KY
https://www.derbycon.com/training-courses
Derbycon 5.0 “Unity”
When: September 25-27, 2015
Where: Louisville, KY
http://www.derbycon.com
Grrcon *
When: Oct 9-10, 2015
Where: Grand Rapids, MI
http://grrcon.com
HouSecCon
When: October 15, 2015
Where: Houston, TX
http://houstonseccon.com/v6
Skydogcon
When: Oct 16-18, 2015
Where: Nashville, TN
http://www.skydogcon.com
SecureWV
When: Nov 6-9, 2015
Where: Charleston, WV
http://securewv.com
BSides Delaware
When: Nov 13-14, 2015
Where: New Castle, DE
http://www.bsidesdelaware.com
Stories:
Source: http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone
Researchers have hacked an air-gapped computer using a mobile phone, posing a serious threat to critical infrastructure. The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data. Lane Thames, Software Development Engineer and Security Researcher at Tripwire, discusses what this means for the future of critical infrastructure.
Source: http://blog.trendmicro.com/trendlabs-security-intelligence/the-gaspot-experiment-hackers-target-gas-tanks
A BlackHat presentation about a custom honeypot called GasPot was disclosed as well as information related to how several attackers are abusing the system and which targets they prefer. The GasPots in the United States, for example, were very popular for attackers. This result was in line with our expectations set at the beginning of the research. Some evidence suggests links to either the Iranian Dark Coders (IDC) Team, as well as the Syrian Electronic Army.
Source: http://www.wired.com/2015/08/ges-new-cloud-may-tempting-hacker-bait-ever/
General Electric becomes the latest company to challenge Amazon for a piece of the huge and growing cloud computing market by introducing its first hosted cloud service—a service designed specifically for building applications for the Internet of Things. Unlike Amazon’s AWS service, which is open to everyone from large companies to individual users, GE is specifically targeting the industrial market—think connected jet engines, medical equipment, and mail-sorting machines.
Source: http://www.itnews.com.au/News/407532,icann-website-passwords-captured-by-hacker.aspx
The organization in charge of coordinating and maintaining the databases of unique namespace identifiers on the internet is asking uses of its website to reset their login passwords after an apparent hack.
The Internet Corporation for Assigned Names and Numbers (ICANN) today revealed it believed the data breach took place last week. It said an unknown attacker had gained access to usernames, email addresses and passwords for the icann.org public website. The passwords are hashed, ICANN said, and not easy to reverse. Nevertheless, the internet governance organization is asking all users of the website to reset their passwords as a precaution.
Source: http://www.itsecurityguru.org/2015/08/06/researcher-warns-of-vulnerability-in-popcorn-time/
Popcorn Time, a popular application used for downloading and streaming pirate movies, could be vulnerable to a hack that could allow criminals to execute code remotely on a target machine.
A blog post by Greek security researcher Antonios Chariton demonstrated how a hacker “can get complete control of a computer assuming they have a Man In The Middle position in the network.”
The hack is based on the way Popcorn Time circumvents blocks placed by ISPs on pirated content. The application connects to CloudFlare instead. This means if the ISP wanted or needed to block Popcorn Time, it would have to ban CloudFlare. However, as millions of websites rely on CloudFlare’s cloud-based caching technology, this is not something that ISPs would easily embark on.
Source: http://thehackernews.com/2015/08/android-endless-reboot-bug.html
Trend Micro security researchers uncovered a Android crashing vulnerability in the widely used mobile operating system, impacting the majority of Android devices in use.
The report follows another significant Stagefright vulnerability that was revealed by separate researchers, who warned that nearly 950 Million Android phones can be hijacked by sending a simple text message or via malicious Android app or specially crafted web pages.
The post TrustedSec Security Podcast Episode 17 – Airgap Attack, GasPot, GE, ICANN, Popcorn, Endless Love appeared first on TrustedSec - Information Security.