HackingTheUniverse

You are browsing the archives of InfoSec.

For several years, reports of ATM skimmer devices have been increasing. These devices are usually designed to fit over the card receptacle on an ATM machine or gas pump or other form of debit/credit card reader. They intercept the card data and may also collect the pin number entered and save the data [...]

A trojan horse backdoor called “Zeus” is being used by a botnet named “Kneber” by researchers. This botnet has been operational for over a year and has compromised many organizations and collected a vast amount of data that was intended to be confidential.
Hackers Mount New Strike - [wsj.com]

Hackers in Europe and China successfully broke [...]

A report prepared by Northrop Grumman on Chinese capability to wage information warfare offers some valuable insights into the nature of professional and national security cyber-attack teams.
REPORT ON CHINESE CYBER WARFARE & ESPIONAGE - [uscc.gov]
“Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation”
Prepared for The US-China [...]

Nmap, the free, open source utility that has become a basic tool for many network security professionals, has released a new version.
Nmap 5.20 Released - [nmap.org]
Happy new year, everyone. I’m happy to announce Nmap 5.20–our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements, including:
o 30+ new Nmap [...]

FIPS 140-2 is the current (soon to be revised to FIPS 140-3) NIST encryption standard for government agencies protecting sensitive but unclassified information.
NIST operates a Cryptographic Module Validation Program (CMVP) that offers testing of encryption (cryptographic modules) in products to ensure they are compliant with the FIPS standard. This testing involves not only which [...]

The Metasploit Framework is a framework that enables penetration testing by combining modular packages of exploit code, payloads and tools such as Meterpreter that allow the tester to maintain access, collect information on the target system and execute pivot attacks against other systems. This script helps the tester by maintaining backdoor access.
Meterpreter Persistence - [...]

This matrix is a map that correlates attackers methodology with NIST 800-53 security controls: ATTACK METHODOLOGY/CONTROL

Recon

General/Google

RA-3 RISK ASSESSMENT - you can only reduce exposure and can never “stop” general reconnaissance, but you damn well better know what you’re defending before the attacker starts to find out

Network scanning

CM-7 LEAST FUNCTIONALITY - show the attacker the [...]

Insurgents have learned how to intercept video relays from drones in Iraq and Afghanistan and the vulnerability has existed for some time. Hacking warfare robots will become more of an issue as they become more commonplace. Think about how network hacking techniques can be applied to war scenarios and vice-versa: botnets - [...]

Symantecs MessageLabs Intelligence 2009 Annual Security Report offers some very interesting information about the past year and assumptions about the near future of malware and other security threats. Here are a few teasers that should encourage you to read the entire report:
3.2.4. Command and Control: Mysterious Messages and Covert Channels
In the 12-months since the [...]

This intriguing article offers up some quick and short thoughts on visual hacking.

Hacking With Pictures - [quietbabylon.com]
1 - TV hypnotherapy
2 - Images become executable
3 - Retinal scanners
4 - Pokemon seizures
5- Flashbang grenades
6 - 2D bar codes
7 - 2nd Life presentation
8 - Sixth Sense hacking
9 - Forged authentication
10 - Digital sleight of hand
SEE ALSO:
Sixth Sense