How The Intercept Outed Reality Winner
Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named "Reality Winner" was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn't the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.
The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
In this post, I show how.
You can download the document from the original article here. You can then open it in a PDF viewer, such as the normal "Preview" app on macOS. Zoom into some whitespace on the document, and take a screenshot of this. On macOS, hit [Command-Shift-3] to take a screenshot of a window. There are yellow dots in this image, but you can barely see them, especially if your screen is dirty.
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named "Reality Winner" was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn't the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.
The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
In this post, I show how.
You can download the document from the original article here. You can then open it in a PDF viewer, such as the normal "Preview" app on macOS. Zoom into some whitespace on the document, and take a screenshot of this. On macOS, hit [Command-Shift-3] to take a screenshot of a window. There are yellow dots in this image, but you can barely see them, especially if your screen is dirty.
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
EXPOSING CORDLESS PHONE SECURITY WITH A HACKRF
Over on YouTube user Corrosive has been uploading some videos that explore cordless phone security with a HackRF. In his first video Corrosive shows how he’s able to use a HackRF to capture and then replay the pager tones (handset finding feature) for a very cheap VTech 5.8 Gigahertz cordless phone. He uses the Universal Radio Hacker software in Windows.
https://www.youtube.com/watch?v=7CoPUsSglT4
Over on YouTube user Corrosive has been uploading some videos that explore cordless phone security with a HackRF. In his first video Corrosive shows how he’s able to use a HackRF to capture and then replay the pager tones (handset finding feature) for a very cheap VTech 5.8 Gigahertz cordless phone. He uses the Universal Radio Hacker software in Windows.
https://www.youtube.com/watch?v=7CoPUsSglT4
YouTube
vTech 5.8GHz Phone Paged by HackRF
Using a hack RF I captured and then replay it the pager tones for a vTech 5.8 gigahertz cordless phone Install your SDR from drivers to basic operation tutor...
Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls
Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.
Because of the way the Intel AMT SOL technology works, SOL traffic bypasses the local computer's networking stack, so local firewalls or security products won't be able to detect or block the malware while it's exfiltrating data from infected hosts.
https://www.bleepingcomputer.com/news/security/malware-uses-obscure-intel-cpu-feature-to-steal-data-and-avoid-firewalls/
Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.
Because of the way the Intel AMT SOL technology works, SOL traffic bypasses the local computer's networking stack, so local firewalls or security products won't be able to detect or block the malware while it's exfiltrating data from infected hosts.
https://www.bleepingcomputer.com/news/security/malware-uses-obscure-intel-cpu-feature-to-steal-data-and-avoid-firewalls/
BleepingComputer
Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls
Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.
Details about PLATINUM's targets and attacks are available in a report Microsoft released yesterday.
http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf
http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf
Spoofing caller-ID is easy with VoLTE (Voice over LTE) tempering with SIP headers, no check whatsoever 😱 #SSTIC
Leaking CellID (geolocation) and IMEI of VoLTE subscribers with a single SIP INVITE request #Privacy
Node.fz: fuzzing the server-side event-driven architecture
Node.fz: Fuzzing the server-side event-driven architecture Davis et al., EuroSys’17
This paper provides a fascinating look at common causes of concurrency bugs in server-side event driven architecture (EDA) based applications. By far the most popular framework supporting this style is Node.js of course.
"The Node.js package ecosystem, npm, is the largest ever, with over 400,000 packages and over 1.75 billion package downloads per week. Node.js has been deployed in industry, including at eBay, PayPal, and LinkedIn, and is also being embraced on IoT platforms including Cylon.js and IBM’s Node-Red."
https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/
Node.fz: Fuzzing the server-side event-driven architecture Davis et al., EuroSys’17
This paper provides a fascinating look at common causes of concurrency bugs in server-side event driven architecture (EDA) based applications. By far the most popular framework supporting this style is Node.js of course.
"The Node.js package ecosystem, npm, is the largest ever, with over 400,000 packages and over 1.75 billion package downloads per week. Node.js has been deployed in industry, including at eBay, PayPal, and LinkedIn, and is also being embraced on IoT platforms including Cylon.js and IBM’s Node-Red."
https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/
En el curso en línea de #HackingWindows se hace uso de las herramientas liberadas de la NSA + empire + metasploit !! cursos@tpx.mx
+++ ++++ + + + ++ +++++ ++ ++ + + + + + +
+ Aquí ya somos más de 1006 ! ++
+ Gracias por seguirnos en telegram !! ++
+++ ++++ + + + ++ +++++ ++ ++ + ++++++ +
* * *
*|_*|_*|*_ c[ÏIIÏ]
.-' |* |* |*| '-.
|`-...................-'| c[ÏÏÏ]
| tpx Security |
\ _ .-. .-._.-. _ /
,-|'-' '-' '- ' '-'|-,
/` \._ _./ `\
'._ """""""""" _.'
—— ''--.......--''
Gracias -
^— - Es un pastel !!
|__ Creo...
+ Aquí ya somos más de 1006 ! ++
+ Gracias por seguirnos en telegram !! ++
+++ ++++ + + + ++ +++++ ++ ++ + ++++++ +
* * *
*|_*|_*|*_ c[ÏIIÏ]
.-' |* |* |*| '-.
|`-...................-'| c[ÏÏÏ]
| tpx Security |
\ _ .-. .-._.-. _ /
,-|'-' '-' '- ' '-'|-,
/` \._ _./ `\
'._ """""""""" _.'
—— ''--.......--''
Gracias -
^— - Es un pastel !!
|__ Creo...
Jean E. Sammet, the American computer scientist who developed the FORMAC programming language and was the first woman to serve as President of ACM, passed away May 21 at the age of 89.
http://www.i-programmer.info/news/82-heritage/10811-jean-sammet.html
http://www.i-programmer.info/news/82-heritage/10811-jean-sammet.html
Exploiting CVE-2017-0199 HTA & Scriptlet File Handler Vulnerability using @vFeed_IO with metasploit exploitdb SAINTscan. All in 1 !! B|
31 yrs ago, while there was no #internet, #ARPANet Addresses was published by 2600 MagazineV0103 #networking #DoD #defence There was no DNS too ;)
Microsoft actualiza Windows resolviendo las vulnerabilidades de la NSA
Varias versiones de Windows se han actualizado a través de Windows Update con la intención de evitar que vuelva a producirse algo como lo de WannaCry. Aquella infección venía de unas vulnerabilidades encontradas por la Agencia de Seguridad Nacional de los Estados Unidos, la NSA, que se filtraron y aprovecharon con un ransomware masivo. Ahora se han filtrado más vulnerabilidades siguiendo la misma línea, y Microsoft se ha dado prisa en lanzar los correspondientes parches de seguridad.
https://www.adslzone.net/2017/06/14/microsoft-actualiza-windows-resolviendo-las-vulnerabilidades-de-la-nsa/
Varias versiones de Windows se han actualizado a través de Windows Update con la intención de evitar que vuelva a producirse algo como lo de WannaCry. Aquella infección venía de unas vulnerabilidades encontradas por la Agencia de Seguridad Nacional de los Estados Unidos, la NSA, que se filtraron y aprovecharon con un ransomware masivo. Ahora se han filtrado más vulnerabilidades siguiendo la misma línea, y Microsoft se ha dado prisa en lanzar los correspondientes parches de seguridad.
https://www.adslzone.net/2017/06/14/microsoft-actualiza-windows-resolviendo-las-vulnerabilidades-de-la-nsa/
Top university under 'ransomware' cyber-attack
University College London, one of the world's leading universities, has been hit by a major cyber-attack.
The university describes it as a "ransomware" attack, such as last month's cyber-attack which threatened NHS computer systems.
The attack was continuing on Thursday, with access to online networks being restricted.
http://www.bbc.com/news/education-40288548
University College London, one of the world's leading universities, has been hit by a major cyber-attack.
The university describes it as a "ransomware" attack, such as last month's cyber-attack which threatened NHS computer systems.
The attack was continuing on Thursday, with access to online networks being restricted.
http://www.bbc.com/news/education-40288548