Police use of Amazon’s face-recognition service draws privacy warnings

  May 23, 2018  |     |    Leave a comment

Amazon is actively courting law-enforcement agencies to use a cloud-based facial-recognition service that can identify people in real time, the American Civil Liberties Union reported Tuesday, citing the documents obtained from two US departments. The service, which Amazon markets under the name Rekognition, can recognize as many as 100 people in a single image and… Read More

Comcast bug made it shockingly easy to steal customers’ Wi-Fi passwords

  May 22, 2018  |     |    Leave a comment

A security hole in a Comcast service-activation website allowed anyone to obtain a customer’s Wi-Fi network name and password by entering the customer’s account number and a partial street address, ZDNet reported yesterday. The problem would have let attackers ‘rename Wi-Fi network names and passwords, temporarily locking users out’ of their home networks, ZDNet wrote.… Read More

The Verge Hack, Explained

  May 22, 2018  |     |    Leave a comment

Cryptocurrency enthusiasts are keen on telling ordinary civilians how safe and secure the Blockchain protocols powering their favorite coins are. Indeed, major cryptocurrencies like Bitcoin and Ethereum have maintained their security quite well—better, arguably, than any other digital asset/payment system in history—which is pretty remarkable, considering that they are unbacked digital money free from any… Read More

SleuthQL: A SQL Injection Discovery Tool

  May 22, 2018  |     |    Leave a comment

SleuthQL aims to augment an assessor’s ability to discover SQL injection points by automating some of the request analysis required during a web application assessment. SleuthQL is a Python 3 script to search Burp Suite’s request history for parameters and values that match syntax matching that of database languages, such as SQL. It judges a… Read More

Google and Microsoft Reveal New Spectre Attack

  May 22, 2018  |     |    Leave a comment

Both Google and Microsoft researchers discovered the bug independently. The bugs work similarly to the Meltdown and Spectre bugs, a reason why they were classified as ‘variant 3a’ and ‘variant 4’ instead of separate vulnerabilities altogether. Variant 3a is a variation of the Meltdown flaw, while Variant 4 is a new Spectre-like attack. The most… Read More

Teen phone monitoring app leaked thousands of user passwords

  May 22, 2018  |     |    Leave a comment

The mobile app, TeenSafe, bills itself as a ‘secure’ monitoring app for iOS and Android, which lets parents view their child’s text messages and location, monitor who they’re calling and when, access their web browsing history, and find out which apps they have installed. Although teen monitoring apps are controversial and privacy-invasive, the company says… Read More

The Evolving Debate Over EIP-999: Can (or Should) Trapped Ether Be Freed?

  May 21, 2018  |     |    Leave a comment

In November 2017, a pseudonymous actor exploited a vulnerability in Parity’s multi-signature Ethereum wallet library that rendered half a million ether inaccessible to their owners. Ironically, the culprit, Devops199, was trying to patch another vulnerability that allowed hackers to steal $32 million from Parity’s multi-signature wallet accounts back in July of 2017. While tinkering with… Read More

Malware and Where to Find Them

  May 21, 2018  |     |    Leave a comment

We, as malware analysts, are always in need of new samples to analyze in order to learn, train or develop new techniques and defenses. One of the most common questions I get is “Where to find malware to analyze?” so I’m sharing here my private collection of repositories, databases and lists which I use onadaily… Read More