-
Notifications
You must be signed in to change notification settings - Fork 20
/
dd04.html
174 lines (110 loc) · 9.89 KB
/
dd04.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
<!--
=============================
_ ______ ____ ______
/ | / / __ \/ __ \/ ____/
/ |/ / / / / / / / __/
/ /| / /_/ / /_/ / /___
/_/ |_/\____/_____/_____/
=============================
-->
<!DOCTYPE html>
<html>
<head>
<title>N O D E</title>
<meta name="google-site-verification" content="KAh0wcTC2Anz5ea6Kq26RuhsiUKx5FD3D4HZAJdfaf4" />
<link rel="shortcut icon" href="images/avatar.png">
<link rel="alternate" href="https://n-o-d-e.net/rss/rss.xml" type="application/rss+xml" title="N O D E"/>
<link href='https://fonts.googleapis.com/css?family=Share+Tech+Mono' rel='stylesheet' type='text/css'>
<link rel="stylesheet" type="text/css" href="css/style.css" media="screen">
</head>
<body>
<div id="page">
<div id="content">
<!--HEADER SECTION -->
<div id="header"><pre>
<a class="node" href="http://n-o-d-e.net">
×× ×× ××××× ×××××× ××××××
××× ×× ×× ×× ×× ×× ××
×× × ×× ×× ×× ×× ×× ×××××
×× ××× ×× ×× ×× ×× ××
×× ×× ××××× ×××××× ××××××</a>
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</pre>
</div>
<!--CONTENT -->
<div id="list">
<div class="title">
DEAD DROP 04 / DLINK HOLES, SPOTIFY MALWARE, HACKER DOCUMENTARIES, IOT DDOS<br>
--
</div>
<div id="post">
<p>Welcome to Dead Drop number 4, a look at what's happening in the worlds of computer security and digital freedom. All source links mentioned are below.</p>
<div class="videowrapper">
<iframe src="https://www.youtube.com/embed/jivoDsvitzE?rel=0&showinfo=0" frameborder="0"></iframe>
</div>
<p class="description">
- <a href="https://www.youtube.com/watch?v=jivoDsvitzE" target="_blank">Youtube link</a><br>
- <a href="https://archive.org/download/deaddrop04/dd04.mp4" target="_blank">Archive.org mirror</a><br>
- <a href="https://archive.org/download/deaddrop04/deaddrop04_archive.torrent" target="_blank">Torrent</a><br>
- <a href="https://keybase.pub/nodefiles/dd04.mp4" target="_blank">Keybase mirror</a>
</p>
<p class="subtitle">BREACHES</p>
<p>i-Dressup, a social network for teenage girls has allegedly leaked as many as 5.5 million plaintext passwords, apparently due to an SQL-injection attack. As of a few days ago, Ars Technica reported that the site hasn't been fixed.</p>
<p>http://www.i-dressup.com/<br>
http://arstechnica.com/security/2016/09/social-hangout-site-for-teens-leaks-millions-of-plaintext-passwords/</p>
<p>SCAN Health Plan has also been notifying users of a breach which exposed almost 90,000 customers personal and health details to attackers, in an event which happened in June, earlier this year.</p>
<p>http://www.scmagazine.com/87k-affected-in-scan-health-plan-breach/article/519407/</p>
<p class="subtitle">VULNERABILITIES</p>
<p>Security researcher Pierre Kim has found and documented a bunch of vulnerabilities in the Dlink DWR-932B router. These include telnet and SSH being enable as standard, admin password being admin, and root password being 1234. There's also a hardcoded WPS pin for the wifi security, along with lots more holes. </p>
<p>https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html<br>
https://threatpost.com/backdoored-d-link-router-should-be-trashed-researcher-says/120979/<br>
https://thehackernews.com/2016/09/hacking-d-link-wireless-router.html</p>
<p>This week Spotify users found out that some of the ads on the free version of the player was delivering malware to their systems, making their browsers open up infected sites.</p>
<p>http://www.darkreading.com/attacks-breaches/malicious-ad-served-gratis-with-spotify-free/d/d-id/1327126</p>
<p>Security company RiskIQ also released a new report about the rise in eCommerce sites being compromised by web-based keyloggers, allowing attackers to steal credit card numbers and other identity info in real time.</p>
<p>https://safe.riskiq.com/rs/455-NHF-420/images/Compromised_eCommerce_Sites_Lead_to_Web-Based_Keyloggers.pdf<br>
https://threatpost.com/web-based-keylogger-used-to-steal-credit-card-data-from-popular-sites/121141/</p>
<p class="subtitle">BROWSERS</p>
<p>I made a video about this the other day, but if you haven't checked it out, a Github user by the name of Eloston has created Ungoogled Chromium, which takes the Chromium browser, and removes all traces of Google from it for privacy and security.</p>
<p>https://github.com/Eloston/ungoogled-chromium<br>
https://www.youtube.com/watch?v=7FTEn-ivwu4</p>
<p class="subtitle">HACKING</p>
<p>Hak5 took a trip to DerbyCon, and in the latest episode they talk about unusual Internet connected devices that can be attacked and controlled remotely, including sex toys. </p>
<p>https://www.youtube.com/watch?v=uHiRWJn6sWw</p>
<p>I also came across this gigantic list of hacker documentaries and videos from conferences recently and had to share. There seem to be literally hundreds of videos to download, so check it out.</p>
<p>https://vids.localmsp.org/</p>
<p class="subtitle">INTERNET OF FAILS</p>
<p>I mentioned recently about how IoT devices are increasingly being used for DDoS attacks, well recently an unprecedented attack involving 1.5 million hijacked IP cameras was used to bombard the popular KrebsOnSecurity site for more than 2 days.</p>
<p>http://www.networkworld.com/article/3123672/security/largest-ddos-attack-ever-delivered-by-botnet-of-hijacked-iot-devices.html<br>
https://motherboard.vice.com/read/15-million-connected-cameras-ddos-botnet-brian-krebs</p>
<p>Off the back of that, researchers have found at least 500,000 devices that are vulnerable to this kind of botnet takeover, due to a combination of reasons, like having default passwords, and ssh/telnet being enabled as standard.</p>
<p>https://www.flashpoint-intel.com/when-vulnerabilities-travel-downstream/<br>
http://www.securityweek.com/over-500000-iot-devices-vulnerable-mirai-botnet</p>
<p class="subtitle">SURVEILLANCE</p>
<p>Privacy International posted an interesting overview of the different ways the US and UK governments perform bulk data collection, from tapping undersea cables, to how they store, share, and analyse the data.</p>
<p>https://medium.com/privacy-international/how-bulk-interception-works-d645440ff6bd</p>
<p>Speaking of surveillance, some former Yahoo employees have said that last year, the company built a system to automatically monitor all of its users email accounts for the US government, affecting the privacy of hundreds of millions of people.</p>
<p>I think the only good thing about these kind of revelations is that it might spur the creation of better zero knowledge and P2P alternatives.</p>
<p>http://news.trust.org/item/20161004170601-99f8c<br>
https://theintercept.com/2016/10/07/ex-yahoo-employee-government-spy-program-could-have-given-a-hacker-access-to-all-email/</p>
<p class="subtitle">CENSORSHIP</p>
<p>And finally, the EFF wrote an interesting article about how pharmaceutical companies are bypassing laws to indirectly censor rivals on the internet. They create organizations made up of large providers such as Google, Facebook, Mastercard etc, and basically make it impossible to run these sites, even if owners of the sites are fully compliant with the law.</p>
<p>https://www.eff.org/deeplinks/2016/09/how-big-pharmas-shadow-regulation-censors-internet</p>
<p>--<br>
BY NODE</p>
</div>
</div>
<!--FOOTER SECTION -->
<div id="footer">
<pre>------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</pre>
<div class="filter">
<a href="http://n-o-d-e.net">HOME</a>
<span class="footdogs"> × </span>
<a href="http://N-O-D-E.net/shop/">SHOP</a>
<span class="footdogs"> × </span>
<a target="_blank" href="http://patreon.com/N_O_D_E_">PATREON</a>
<span class="footdogs"> × </span>
<a target="_blank" href="https://github.com/N-O-D-E/N-O-D-E.net">GITHUB</a>
</div>
</div>
</body>
</html>