The fun with hacking UPnP enabled devices has just began. We’ve started our exploration in the fields of UPnP earlier this year with some smoking posts which covered some basic attacks and the advance flash attacks. Today I stumbled across Google Media Server, a desktop gadget which allows you to share all your laptop/desktop media content with all other devices you may have locally such as your phone, xbox, TV, and I suspect, your fridge. And all that via UPnP. That, I like very much. [...]
My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and we should start thinking at it this way, from a security perspective.
Part of my job at GNUCITIZEN is to spot trends. [...]
CONFidence was great! We would like to thank to Andrzej, Anna and everybody else in the CONFidence team for making this event one of the greatest experiences of a lifetime. Thanks again. We are looking forward for the next event. :)
There were many interesting presentations. We’ve tried to attend all of them although it was really hard to do so when the weather in Krakow was so nice (very different from the weather conditions in cloudy/rainy London). [...]
These are the stuff every guy, who has pocked the browser or the client-side lately, would like to hear about. Behold the File I/O the W3C spec for local file access.
Here is a description of what it does. The interesting part from the text bellow is outlined in bold:
I wonder which folder the typical user will select. Hmmm, the Desktop, My Documents? And where all these interesting files are? Mac OS X user, you’ve got a problem. Don’t mount the desktop. [...]
It’s been a long day. I am happy to inform you that the House of Hackers community has reached remarkable 80 members since its opening 10 hours ago. It even got some exposure on Dark Reading (
Hackers in the House), thanks to Kelly Higgins.
The reason I am bringing all this to your attention is because of HD Moore’s comment regarding the House of Hackers initiative:
I think that this comes down again to the public perception of the image of hackers. [...]
House of Hackers is an exclusive, hacker community network. The House of Hackers community is established to support the hacker culture, mindset, way of life, ideologies, political views, vision, etc.
Members of the community are able to exchange ideas with each other, communicate, form groups, elite circles and tiger/red teams, conglomerate around projects and participate in the independent, hacker recruitment market. [...]
I am stuck at the Dubai International Airport and I have nothing else interesting to do. So, I though I might share a simple technique which will go into the Agile Hacking project. Here I will show you how to create a reverse command shell without using 3rd-party tools such as the all mighty netcat. Please read on!
When the pentester compromises a machine they often need to provide themselves with a user friendly access to the system. This is where command shells come into place. [...]
Here is the story. The other day I was messing with some crypto. After going through some pretty interesting stuff, I’ve suddenly realized something which is very, very obvious when you think about it. Indeed, obvious and simple things are harder to grasp. It is a paradox, I know.
It is again another case of using security technologies for criminal purposes. Let’s take HTTPs as an example. [...]
In the tiger team operations we have been involved with, I often end up hacking through the least interesting systems. If you ask AP, a password-cracking ninja and master of hacking through simplicity, the less interesting the system is, the higher the chances to be insecure. A successful exploitation of these systems often leads to successful exploitation of the network and other adjacent systems. [...]
I couple of posts back I’ve started a conversation on what OpenID is and why it could turn a bit insecure. You can read more about this over here, here and here. Today, I would like to draw your attention on why I believe that OpenID based authentication is a lot more more secure then the dispersed, decentralized, authentication model we use today.
This post is inspired by a recent discussion on Full-Disclosure which I vividly took part in, supporting OpenID. [...]