HackingTheUniverse

You are browsing the archives of InfoSec.

DARPA-Funded Hacker’s Tiny $50 Spy Computer Hides In Offices, Drops From Drones – [forbes.com] At the Shmoocon security conference Friday in Washington D.C., O’Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash [...]

MiniPwner is a battery powered TP-Link TL-WR703N router running OpenWrt. It has an ethernet port, integrated wifi and some tools installed. It is small and cheap. MiniPwner – [minipwner.com] What is the MiniPwner The MiniPwner is a penetration testing “drop box”. It is designed as a small, simple but powerful device that can be inconspicuously [...]

For a long time, p0f has filled a mostly empty space for passive reconnaissance tools. There is now an updated version (a release candidate) with some new features. p0f v3 (release candidate 0) – [coredump.cx] 1. What’s this? P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify [...]

ANTi is a smartphone, android based, penetration testing toolkit that can scan a network, find vulnerabilities, run exploits, produce reports and more. There is a free version with limited functions and several paid versions that scale up in functionality. The videos linked at the bottom of this article are interesting. ANTi – Android Network Toolkit [...]

Situational awareness is one of the most difficult things to get right in doing cloud security, and hand in hand with that goes inventory awareness. To understand why, take a look at the layers involved with cloud security: Facility physical environment – the building and physical environment in which the data center infrastructure resides Infrastructure [...]

From footballs to food to luxury goods, branding an item with ink that contains a specific DNA marker is becoming the latest technique to stop counterfeiters. Plant DNA Helps Catch Criminals and Thwart Counterfeiters – [popsci.com] Counterfeiters are skilled at making knockoffs of even the most high-end tech and luxury products. But one European luxury [...]

It is a mantra of quality improvement methodology that you can’t manage what you don’t measure. Security metrics are the measurements that allow management of information security. As function and requirements change from network and organization to others, so will the requirements and design of security metrics change. But there are some standard and central [...]

This article describes how criminals have begun to integrate bluetooth technology into card reader skimmers to make it more effective for them to collect stolen card information. Josh Wright is an expert on bluetooth and wireless security in general and is a Senior Instructor at the SANS Institute, where he authored (and often teaches) the [...]

Security controls are functions, counter-measures, processes, safeguards and other efforts to minimize any potential impact from security risks. Security controls come in many different forms and categories: Policy and procedures – define ways to do things, establish methodologies for processes Proactive/Preventive controls – attempt to prevent security events from occurring Monitoring/Detection controls – establish ways [...]

The most fundamental reason to interconnect systems is to share data, but that can be accomplished at a variety of levels. A system interconnection can be limited and simple, using email to transfer data between systems, or it could allow two databases to share data. It can be a connection that is only used when [...]