logo
logo
logo
logo
William Labounty 2017-07-07
img

Samba is a pretty useful networking protocol, but earlier versions of it were known to be extremely vulnerable to certain attacks.

Remember WannaCry, the ransomware that broke pretty much everything in May?

And NotPetya, which reared its nasty head last week, causing particular devastation to machines in the Ukraine?

Both took advantage of flaws in SMBv1 to propagate and infect computers.

Anyway, Google just released a SAMBA client for Android, and it only supports SMBv1 shares.

Android Police’s Corbin Davenport tested the app with a Samba share running the more modern and secure SMBv2 protocol, and found that it wouldn’t even connect.

collect
0
Kristie Hernandez 2021-06-14
img
Periodic breaks and the fact that only a few people are allowed to enter the main set while others remain in make-up vans or outside studios to minimise interaction add to delays
collect
0
Bill Brown 2017-04-27
img

Down the rabbit hole we go!

First of all, through the vent holes on the top I could see that the PCB inside took up about 25 percent of the footprint of the device, the case was considerably larger than the PCB inside it, which seemed odd.

Turns out that MAC address was really familiar because the prefix is from the Raspberry Pi Foundation.

I simply popped out the Micro SD card and put it in my card reader and used Win32DiskImager to take a full clone of the card.

Here's the list of what I could find:

Raspbian GNU/Linux 7 (wheezy)—last updated 7th May 2015

collect
0
James Mccullough 2021-06-17
img
The RTT feature on your iPhone sends text messages immediately as you type them without requiring you to hit send.
collect
0
Adolfo Lorenzo 2017-07-03
img

According to this SEC-Consult advisory, which landed on Friday, the problems are in the OSCI-Transport Library version 1.2, for which a common implementation is in Java.

OSCI, the Online Services Computer Interface, is the foundation of Germany's e-government.

It's meant to provide secure, confidential, and legally-binding transmission over untrusted networks such as the Internet.

According to SEC Consult, the library's bugs allow attackers to decrypt messages, modify signed messages, and attack hosts implementing the protocol.

The first of the vulnerabilities is CVE-2017-10670: the attacker can read arbitrary files from the target system, or to conduct denial-of-service on it.

Second, assigned CVE-2017-10668: the library incorporates a number of deprecated encryption algorithms (Triple DES, AES 129, AES 192, and AES 256, all in CBC mode).

collect
0
James Finch 2016-07-12
img

Tor has been the go-to for anonymous communication online for years now — and that has made it one of the juiciest targets possible to the likes of the NSA and FBI.

A new anonymizing protocol from MIT may prove more resilient against such determined and deep-pocketed attackers.

A team of researchers led by MIT grad student Albert Kwon with help from EPFL aims to leapfrog Tor s anonymizing technique with a brand new platform called Riffle.

Tor aims to provide the lowest latency possible, which opens it up to certain attacks, wrote Kwon in an email to TechCrunch.

First, servers switch up the order in which received messages are passed on to the next node, preventing anyone scrutinizing incoming and outgoing traffic from tracking packets using metadata.

Then comes a two-part measure to prevent a malicious server from simply replacing real messages with dummies and tracking a single target one.

collect
0
seo expert2019 2021-10-30

Apparently they (whoever "they" are) are contacting 2008 "The Year of the Cellular Torrent", and if that's the event then chances are Apple will soon be operating that train (or ambushing it).

A "torrent", as it's used here, identifies a communications protocol that enables computer people to generally share files.

Or, set more familiarly, a torrent is an application that allows visitors to "do" P2P file-sharing.That said, not just does it look a P2P file-sharing client for the iPhone might be fast in route, but in fact it's currently here, however presently in a structure considerably unavailable to most users - but without doubt maybe not for long.Number, not all file-sharing is illegal.

In reality, the only file-sharing that's against the law may be the discussing of copyrighted documents (like RIAA's audio and Hollywood's films - but that's why we've iTunes, proper?).

For the discussing of most other kinds of documents - particular memoirs, journal articles, and travelogues, recipes, images, YouTube films, etcetera, etcetera - P2P file-sharing is perfectly appropriate, and after you know that, you are able to just expect that such ability for the iPhone is a minimum of imminent.Gizmodo was the first to ever report Torrent the creativity, proclaiming a hacker who goes by the name of Key has just made the first indigenous P2P client for the iPhone.

Although the plan - based on the common Mac P2P customer - Indication - is still in the command-line phases (in different phrases: without a simple user interface that the common techno-unsavvy consumer may operate), it is nonetheless a innovative stage on the road to peer-to-peer file-sharing between iPhones.The amount of material value sharing from iPhone to iPhone may also be stymied till a user-friendly GUI (graphical consumer interface) is integrated in to the design.

collect
0
BlockchainX 2021-08-17
img
Tether (USDT) is a cryptocurrency stable money . Tether is based on the United States dollar (USD), so the value of a Tether coin will also correspond to the exchange rate of one dollar. The amount of withdrawable coins is strictly limited by the amount of money deposited in the Tether account. Tether was issued via the Omni Layer protocol and is a unique currency in many ways. It was launched in 2015 to represent the digital crypto value of a traditional currency, namely the US dollar. The Tether has functions like other cryptocurrencies, it works in a decentralized network, it is also stored there and all data is processed there.
collect
0
Malcolm Vanderveen 2017-07-19

Love 'em or hate 'em, Segways are here to stay.

Computer engineers have found a security flaw in the Segway miniPRO that lets them take complete control of the futuristic unicycle using nothing more than a smartphone.

"The scooter has functionality which listens for a command to turn its motors off – but under normal conditions, there is a safety feature which prevents this from happening when a rider is standing on the hoverboard," says Thomas Kilbride, an embedded devices security consultant at IOActive.

Kilbride, who owns two Segways – one black, one white – managed to bypass the Segway's human-detecting safety features to apply a malicious firmware update.

"This allows the attacker to turn the motors off or remote control the device even if a rider is on the board and in-motion," Killbride explains.

In plain English, it means you can send someone into a faceplant.

collect
0
Thomas Owens 2017-08-04
img

Following some good first impressions from the launch of the Huawei Mate 9, it appears that phone maker Huawei's next big attempt at penetrating the US smartphone market may not be far behind, thanks to a new partnership with ATHuawei is reportedly teaming up with the major carrier to bring a new flagship phone to the US in 2018, according to a report from The Information.

Though one of the biggest smartphone makers worldwide, Huawei has yet to become a household name in the US like Samsung or Apple.

This is partly due to a lack of cellular carrier partners carrying the company's phones — something that could change with AT's help, seeing as it's the biggest telecoms conglomerate on planet Earth.

The phone is reportedly expected to be similar to the upcoming Huawei Mate 10, which is expected to debut later this year.

AT may wind up offering a variant of Huawei's next flagship phone modified to be compatible with its network and comply with the United State's communications protocol.

Should Huawei decide to launch a new flagship in the US next year, be prepared to shell out some cash.

collect
0
Richard Lee 2017-07-19
img

Security vulnerabilities in Segway hoverboard software could be exploited by hackers to remotely monitor the location of users, lock them out of their vehicles or bring the device to a halt, causing the rider to fall off, according to security researchers.

Using reverse engineering, researchers at IOActive found it was possible to intercept communications between the Ninebot by Segway miniPRO hands-free, two-wheel electric scooter and its companion mobile application to perform attacks.

If found that an attacker could connect to Ninebot using a modified version of Nordic UART, a propriety Bluetooth service and reverse engineer the scooter's communications protocol - the same system used for remote control and configuration settings - using a Bluetooth sniffer.

IOActive was able to reverse engineer the firmware update mechanism, discovering that Ninebot didn't do firmware integrity check before accepting a firmware update.

This could allow attackers to have their own firmware uploaded instead allowing them to modify the behaviiour of the device.

The attacker is able to change the PIN number, and upload a firmware update, locking the segway user out of the device.

collect
0
Bryan White 2017-09-13
img

Baffling spec sinks security for short-range comms protocol

Security experts have long complained that complexity is the enemy of security, but the designers of the Bluetooth specification have evidently failed to pay attention.

It's used in mobile phones, wireless speakers, smartwatches, printers, and a variety of appliances, among other things.

The spec's complexity, Armis contends, has prevented researchers from thoroughly investigating its various implementations for flaws, leaving it full of holes.

"The complications in the specifications translate into multiple pitfall junctions in the various implementations of the Bluetooth standard," the company says in a paper [PDF] describing a set of flaws referred to as BlueBorne.

Linux kernel RCE vulnerability – CVE-2017-1000251

collect
0
John Dumlao 2017-03-24
img

Leaked CIA documents expose Cisco security weak points

Cisco has conducted an internal investigation and found that the Cluster Management Protocol (CMP) code for Cisco IOS and IOS XE contained a vulnerability.

This issue poses the threat of remote execution issues for Cisco products.

The investigation was prompted when WikiLeaks came forward with a set of leaked CIA documents that included information on comprising smartphones and smart TVs.

These details alerted Cisco to weak areas in over 300 models of its switches.

Cisco’s security team issued an advisory warning to customers using the two versions of the software, stating that they could be vulnerable to attack according to the CIA documents released by WikiLeaks.

collect
0
John Henderson 2017-06-16
img

WikiLeaks have reportedly made yet another chilling discovery regarding the US intelligence community’s level of access into the nation's common household devices.

According to a leaked document from 2010, the Central Intelligence Agency (CIA) has allegedly been able to gain access to US citizens’ web browsing history as well as scan email addresses and phone numbers through insecurities in everyday office and in-home wireless routers via several previously-unknown tools.

The CIA reportedly deployed one such protocol known as CherryBlossom on various consumer-grade wireless routers by 2012 in the US.

The document details that routers were targeted due to being hubs for transmitting and receiving data while also being relatively lax in security.

The program would require the agency to develop firmware implants needed to employ its exploits.

Reportedly, the CIA issued such implants for about 25 different routers from 10 different manufacturers, like Asus, Linksys and Netgear among others, come mid-2012.

collect
0
Alex Blair 2016-11-24
img

Online grocer develops 4G protocol to talk with robots operating its newly automated warehouses

Online grocer Ocado has revealed more details about its development of a 4G protocol to communicate with thousands of robots powering its new automated warehouses.

The firm said its highly automated warehouses will be offered as part of a managed service called the Ocado Smart Platform, to allow international partners to build online retail businesses.

The development of the protocol to communicate with robots comes after Ocado earlier this year installed the world s most advanced and dense mobile network at its warehouse, helping to deliver two million items to customers each day.

But now according to Ocado, its protocol marks the first deployment anywhere in the world to use the unlicensed 4G spectrum for warehouse automation.

It claims the protocol guarantees a connection ten times per second to each of the 1,000 robots roaming around the warehouse – all working within a 150 meter radius .

collect
0
Earl Rizvi 2017-03-29
img

What could be better than having a cool glass of lemonade on a hot day?

How about having a cool glass of lemonade on a hot day — that’s served over the internet?

That’s exactly what scientists at the National University of Singapore have been working on, with an experiment designed to simulate the taste and appearance of lemonade in a regular glass of tap water using a system of electrodes and sensors.

“The system consists of three main components: the lemonade sensor, communication protocol, and a customized tumbler, acting as the lemonade simulator,” researcher Nimesha Ranasinghe told Digital Trends.

“Initially, the sensor captures the color and the pH value of the lemonade, and encodes this information based on an established communication protocol for wireless transmission.

On receiving the information from the sensor, the lemonade simulator overlays the color of the drink on plain water using an RGB Light Emitting Diode (LED).

collect
0
William Labounty 2017-07-07
img

Samba is a pretty useful networking protocol, but earlier versions of it were known to be extremely vulnerable to certain attacks.

Remember WannaCry, the ransomware that broke pretty much everything in May?

And NotPetya, which reared its nasty head last week, causing particular devastation to machines in the Ukraine?

Both took advantage of flaws in SMBv1 to propagate and infect computers.

Anyway, Google just released a SAMBA client for Android, and it only supports SMBv1 shares.

Android Police’s Corbin Davenport tested the app with a Samba share running the more modern and secure SMBv2 protocol, and found that it wouldn’t even connect.

Bill Brown 2017-04-27
img

Down the rabbit hole we go!

First of all, through the vent holes on the top I could see that the PCB inside took up about 25 percent of the footprint of the device, the case was considerably larger than the PCB inside it, which seemed odd.

Turns out that MAC address was really familiar because the prefix is from the Raspberry Pi Foundation.

I simply popped out the Micro SD card and put it in my card reader and used Win32DiskImager to take a full clone of the card.

Here's the list of what I could find:

Raspbian GNU/Linux 7 (wheezy)—last updated 7th May 2015

Adolfo Lorenzo 2017-07-03
img

According to this SEC-Consult advisory, which landed on Friday, the problems are in the OSCI-Transport Library version 1.2, for which a common implementation is in Java.

OSCI, the Online Services Computer Interface, is the foundation of Germany's e-government.

It's meant to provide secure, confidential, and legally-binding transmission over untrusted networks such as the Internet.

According to SEC Consult, the library's bugs allow attackers to decrypt messages, modify signed messages, and attack hosts implementing the protocol.

The first of the vulnerabilities is CVE-2017-10670: the attacker can read arbitrary files from the target system, or to conduct denial-of-service on it.

Second, assigned CVE-2017-10668: the library incorporates a number of deprecated encryption algorithms (Triple DES, AES 129, AES 192, and AES 256, all in CBC mode).

seo expert2019 2021-10-30

Apparently they (whoever "they" are) are contacting 2008 "The Year of the Cellular Torrent", and if that's the event then chances are Apple will soon be operating that train (or ambushing it).

A "torrent", as it's used here, identifies a communications protocol that enables computer people to generally share files.

Or, set more familiarly, a torrent is an application that allows visitors to "do" P2P file-sharing.That said, not just does it look a P2P file-sharing client for the iPhone might be fast in route, but in fact it's currently here, however presently in a structure considerably unavailable to most users - but without doubt maybe not for long.Number, not all file-sharing is illegal.

In reality, the only file-sharing that's against the law may be the discussing of copyrighted documents (like RIAA's audio and Hollywood's films - but that's why we've iTunes, proper?).

For the discussing of most other kinds of documents - particular memoirs, journal articles, and travelogues, recipes, images, YouTube films, etcetera, etcetera - P2P file-sharing is perfectly appropriate, and after you know that, you are able to just expect that such ability for the iPhone is a minimum of imminent.Gizmodo was the first to ever report Torrent the creativity, proclaiming a hacker who goes by the name of Key has just made the first indigenous P2P client for the iPhone.

Although the plan - based on the common Mac P2P customer - Indication - is still in the command-line phases (in different phrases: without a simple user interface that the common techno-unsavvy consumer may operate), it is nonetheless a innovative stage on the road to peer-to-peer file-sharing between iPhones.The amount of material value sharing from iPhone to iPhone may also be stymied till a user-friendly GUI (graphical consumer interface) is integrated in to the design.

Malcolm Vanderveen 2017-07-19

Love 'em or hate 'em, Segways are here to stay.

Computer engineers have found a security flaw in the Segway miniPRO that lets them take complete control of the futuristic unicycle using nothing more than a smartphone.

"The scooter has functionality which listens for a command to turn its motors off – but under normal conditions, there is a safety feature which prevents this from happening when a rider is standing on the hoverboard," says Thomas Kilbride, an embedded devices security consultant at IOActive.

Kilbride, who owns two Segways – one black, one white – managed to bypass the Segway's human-detecting safety features to apply a malicious firmware update.

"This allows the attacker to turn the motors off or remote control the device even if a rider is on the board and in-motion," Killbride explains.

In plain English, it means you can send someone into a faceplant.

Richard Lee 2017-07-19
img

Security vulnerabilities in Segway hoverboard software could be exploited by hackers to remotely monitor the location of users, lock them out of their vehicles or bring the device to a halt, causing the rider to fall off, according to security researchers.

Using reverse engineering, researchers at IOActive found it was possible to intercept communications between the Ninebot by Segway miniPRO hands-free, two-wheel electric scooter and its companion mobile application to perform attacks.

If found that an attacker could connect to Ninebot using a modified version of Nordic UART, a propriety Bluetooth service and reverse engineer the scooter's communications protocol - the same system used for remote control and configuration settings - using a Bluetooth sniffer.

IOActive was able to reverse engineer the firmware update mechanism, discovering that Ninebot didn't do firmware integrity check before accepting a firmware update.

This could allow attackers to have their own firmware uploaded instead allowing them to modify the behaviiour of the device.

The attacker is able to change the PIN number, and upload a firmware update, locking the segway user out of the device.

John Dumlao 2017-03-24
img

Leaked CIA documents expose Cisco security weak points

Cisco has conducted an internal investigation and found that the Cluster Management Protocol (CMP) code for Cisco IOS and IOS XE contained a vulnerability.

This issue poses the threat of remote execution issues for Cisco products.

The investigation was prompted when WikiLeaks came forward with a set of leaked CIA documents that included information on comprising smartphones and smart TVs.

These details alerted Cisco to weak areas in over 300 models of its switches.

Cisco’s security team issued an advisory warning to customers using the two versions of the software, stating that they could be vulnerable to attack according to the CIA documents released by WikiLeaks.

Alex Blair 2016-11-24
img

Online grocer develops 4G protocol to talk with robots operating its newly automated warehouses

Online grocer Ocado has revealed more details about its development of a 4G protocol to communicate with thousands of robots powering its new automated warehouses.

The firm said its highly automated warehouses will be offered as part of a managed service called the Ocado Smart Platform, to allow international partners to build online retail businesses.

The development of the protocol to communicate with robots comes after Ocado earlier this year installed the world s most advanced and dense mobile network at its warehouse, helping to deliver two million items to customers each day.

But now according to Ocado, its protocol marks the first deployment anywhere in the world to use the unlicensed 4G spectrum for warehouse automation.

It claims the protocol guarantees a connection ten times per second to each of the 1,000 robots roaming around the warehouse – all working within a 150 meter radius .

Kristie Hernandez 2021-06-14
img
Periodic breaks and the fact that only a few people are allowed to enter the main set while others remain in make-up vans or outside studios to minimise interaction add to delays
James Mccullough 2021-06-17
img
The RTT feature on your iPhone sends text messages immediately as you type them without requiring you to hit send.
James Finch 2016-07-12
img

Tor has been the go-to for anonymous communication online for years now — and that has made it one of the juiciest targets possible to the likes of the NSA and FBI.

A new anonymizing protocol from MIT may prove more resilient against such determined and deep-pocketed attackers.

A team of researchers led by MIT grad student Albert Kwon with help from EPFL aims to leapfrog Tor s anonymizing technique with a brand new platform called Riffle.

Tor aims to provide the lowest latency possible, which opens it up to certain attacks, wrote Kwon in an email to TechCrunch.

First, servers switch up the order in which received messages are passed on to the next node, preventing anyone scrutinizing incoming and outgoing traffic from tracking packets using metadata.

Then comes a two-part measure to prevent a malicious server from simply replacing real messages with dummies and tracking a single target one.

BlockchainX 2021-08-17
img
Tether (USDT) is a cryptocurrency stable money . Tether is based on the United States dollar (USD), so the value of a Tether coin will also correspond to the exchange rate of one dollar. The amount of withdrawable coins is strictly limited by the amount of money deposited in the Tether account. Tether was issued via the Omni Layer protocol and is a unique currency in many ways. It was launched in 2015 to represent the digital crypto value of a traditional currency, namely the US dollar. The Tether has functions like other cryptocurrencies, it works in a decentralized network, it is also stored there and all data is processed there.
Thomas Owens 2017-08-04
img

Following some good first impressions from the launch of the Huawei Mate 9, it appears that phone maker Huawei's next big attempt at penetrating the US smartphone market may not be far behind, thanks to a new partnership with ATHuawei is reportedly teaming up with the major carrier to bring a new flagship phone to the US in 2018, according to a report from The Information.

Though one of the biggest smartphone makers worldwide, Huawei has yet to become a household name in the US like Samsung or Apple.

This is partly due to a lack of cellular carrier partners carrying the company's phones — something that could change with AT's help, seeing as it's the biggest telecoms conglomerate on planet Earth.

The phone is reportedly expected to be similar to the upcoming Huawei Mate 10, which is expected to debut later this year.

AT may wind up offering a variant of Huawei's next flagship phone modified to be compatible with its network and comply with the United State's communications protocol.

Should Huawei decide to launch a new flagship in the US next year, be prepared to shell out some cash.

Bryan White 2017-09-13
img

Baffling spec sinks security for short-range comms protocol

Security experts have long complained that complexity is the enemy of security, but the designers of the Bluetooth specification have evidently failed to pay attention.

It's used in mobile phones, wireless speakers, smartwatches, printers, and a variety of appliances, among other things.

The spec's complexity, Armis contends, has prevented researchers from thoroughly investigating its various implementations for flaws, leaving it full of holes.

"The complications in the specifications translate into multiple pitfall junctions in the various implementations of the Bluetooth standard," the company says in a paper [PDF] describing a set of flaws referred to as BlueBorne.

Linux kernel RCE vulnerability – CVE-2017-1000251

John Henderson 2017-06-16
img

WikiLeaks have reportedly made yet another chilling discovery regarding the US intelligence community’s level of access into the nation's common household devices.

According to a leaked document from 2010, the Central Intelligence Agency (CIA) has allegedly been able to gain access to US citizens’ web browsing history as well as scan email addresses and phone numbers through insecurities in everyday office and in-home wireless routers via several previously-unknown tools.

The CIA reportedly deployed one such protocol known as CherryBlossom on various consumer-grade wireless routers by 2012 in the US.

The document details that routers were targeted due to being hubs for transmitting and receiving data while also being relatively lax in security.

The program would require the agency to develop firmware implants needed to employ its exploits.

Reportedly, the CIA issued such implants for about 25 different routers from 10 different manufacturers, like Asus, Linksys and Netgear among others, come mid-2012.

Earl Rizvi 2017-03-29
img

What could be better than having a cool glass of lemonade on a hot day?

How about having a cool glass of lemonade on a hot day — that’s served over the internet?

That’s exactly what scientists at the National University of Singapore have been working on, with an experiment designed to simulate the taste and appearance of lemonade in a regular glass of tap water using a system of electrodes and sensors.

“The system consists of three main components: the lemonade sensor, communication protocol, and a customized tumbler, acting as the lemonade simulator,” researcher Nimesha Ranasinghe told Digital Trends.

“Initially, the sensor captures the color and the pH value of the lemonade, and encodes this information based on an established communication protocol for wireless transmission.

On receiving the information from the sensor, the lemonade simulator overlays the color of the drink on plain water using an RGB Light Emitting Diode (LED).