-
Notifications
You must be signed in to change notification settings - Fork 20
/
dd05.html
163 lines (104 loc) · 9.43 KB
/
dd05.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<!--
=============================
_ ______ ____ ______
/ | / / __ \/ __ \/ ____/
/ |/ / / / / / / / __/
/ /| / /_/ / /_/ / /___
/_/ |_/\____/_____/_____/
=============================
-->
<!DOCTYPE html>
<html>
<head>
<title>N O D E</title>
<meta name="google-site-verification" content="KAh0wcTC2Anz5ea6Kq26RuhsiUKx5FD3D4HZAJdfaf4" />
<link rel="shortcut icon" href="images/avatar.png">
<link rel="alternate" href="https://n-o-d-e.net/rss/rss.xml" type="application/rss+xml" title="N O D E"/>
<link href='https://fonts.googleapis.com/css?family=Share+Tech+Mono' rel='stylesheet' type='text/css'>
<link rel="stylesheet" type="text/css" href="css/style.css" media="screen">
</head>
<body>
<div id="page">
<div id="content">
<!--HEADER SECTION -->
<div id="header"><pre>
<a class="node" href="http://n-o-d-e.net">
×× ×× ××××× ×××××× ××××××
××× ×× ×× ×× ×× ×× ××
×× × ×× ×× ×× ×× ×× ×××××
×× ××× ×× ×× ×× ×× ××
×× ×× ××××× ×××××× ××××××</a>
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</pre>
</div>
<!--CONTENT -->
<div id="list">
<div class="title">
DEAD DROP 05 / BILLBOARD HACK, BLOCKCHAIN DNS, SOCIAL FINGERPRINTING<br>
--
</div>
<div id="post">
<p>Welcome to Dead Drop number 5, a look at what's happening in the worlds of computer security and digital freedom. All source links mentioned are below.</p>
<div class="videowrapper">
<iframe src="https://www.youtube.com/embed/nna_tGrtR6s?rel=0&showinfo=0" frameborder="0"></iframe>
</div>
<p class="description">
- <a href="https://www.youtube.com/watch?v=nna_tGrtR6s" target="_blank">Youtube link</a><br>
- <a href="https://archive.org/download/deaddrop05/dd05.mp4" target="_blank">Archive.org mirror</a><br>
- <a href="https://archive.org/download/deaddrop05/deaddrop05_archive.torrent" target="_blank">Torrent</a><br>
- <a href="https://keybase.pub/nodefiles/dd05.mp4" target="_blank">Keybase mirror</a>
</p>
<p class="subtitle">BREACHES</p>
<p>A data management company called Modern Business Solutions was allegedly hacked recently, with upwards of 58million user records being dumped on various file sharing sites. The breach was a result of a poorly secured Mongo database, and it revealed users full names, IP addresses, dates of birth, email addresses, occupation details and more.</p>
<p>http://modbsolutions.com<br>
https://www.riskbasedsecurity.com/2016/10/modern-business-solutions-stumbles-over-a-modern-business-problem-58m-records-dumped-from-an-unsecured-database/</p>
<p class="subtitle">HACKING</p>
<p>An IT analyst in Jakarta, Indonesia faces up to 12 years in jail for hacking a giant billboard next to a highway, and broadcasting Japanese porn to thousands of motorists stuck in traffic. </p>
<p>https://www.indy100.com/article/bored-man-hacks-into-giant-billboard-so-he-can-watch-porn-while-stuck-in-traffic-7348236</p>
<p class="subtitle">DNS HIJACKING</p>
<p>Blockchain.info, one of the biggest blockchain explorers and Bitcoin web wallets had its domain name hijacked this week, leaving 8 million wallet users unable to access their accounts. Thankfully this only caused disruption for a day or so, and luckily the DNS wasn't successfully pointed at a phishing site, which I'm guessing is what might have been the plan.</p>
<p>http://blockchain.info<br>
https://thehackernews.com/2016/10/blockchain-bitcoin-website.html</p>
<p class="subtitle">VULNERABILITIES</p>
<p>Apple recently added a preview feature to the latest iMessage update, which automatically loads links, allowing attackers to send phishing links in SMS messages, revealing data about the user that can be used in further attacks.</p>
<p>https://theantisocialengineer.com/imessage-preview-problems/<br>
https://www.youtube.com/watch?v=_jVmQYrTqqE</p>
<p>Researchers at McAfee have found a banking trojan on Android which hides on your phone, and pops up a phishing overlay for instance when you want to buy something on the Google Play store, but more than just stealing your credit card details, it also asks you to take a selfie to verify your identity, making it possible for attackers to find people on social networks, and steal their identities etc.</p>
<p>https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-asks-for-selfie-with-your-id/</p>
<p>In another recently discovered vulnerability, researchers found a zero-day in the OpenJPEG library, affecting JPEG 2000 image files. An attacker need only send a specially crafted JPEG 2000 file as an email attachment, a link, or embedded in a PDF, and it automatically runs the code within.</p>
<p>http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html<br>
https://thehackernews.com/2016/10/openjpeg-exploit-hack.html<br>
http://www.openjpeg.org/</p>
<p class="subtitle">PRIVACY</p>
<p>Robin Linus wrote a post about how a long known vulnerability in how some sites use cookies, allows other people to know which services you're currently logged into, which is obviously not good for privacy. The page that Robin created will show you which sites you're logged into, that is unless you have third party cookies disabled.</p>
<p>https://robinlinus.github.io/socialmedia-leak/</p>
<p class="subtitle">SOCIAL NETWORKING</p>
<p>A report by the ACLU showed that facebook, instagram, and twitter provided data to a surveillance company, which has been used by police to identify and arrest people at protests. The product is called Geofeedia, and it allows its customers to monitor social media posts made inside certain geographic areas, all in real time.</p>
<p>https://www.aclunc.org/blog/facebook-instagram-and-twitter-provided-data-access-surveillance-product-marketed-target<br>
http://www.theverge.com/2016/10/11/13243890/facebook-twitter-instagram-police-surveillance-geofeedia-api<br>
https://www.youtube.com/watch?v=pjZU8KRoezo</p>
<p class="subtitle">INTERNET OF FAILS</p>
<p>CDN Akamai released new research on how 2 million IoT devices, such as CCTV cameras, routers and network attached storage have old OpenSSH vulnerabilities, allowing attackers to spy on networks or launch DDoS attacks. Like the other IoT stuff I've talked about, this is due to default passwords, vendors using out of date firmware, and having SSH enabled by default.</p>
<p>https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf<br>
https://thehackernews.com/2016/10/sshowdown-iot-security.html</p>
<p class="subtitle">COMMUNICATION</p>
<p>And finally this week, Signal the encrypted messaging app, released a new update which enables timed disappearing messages. Times can range from 5 seconds up to a week. I'm not sure how secure the deletion process is, but the source code is available on Github.</p>
<p>https://whispersystems.org/blog/disappearing-messages/</p>
<p>--<br>
BY NODE</p>
</div>
</div>
<!--FOOTER SECTION -->
<div id="footer">
<pre>------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</pre>
<div class="filter">
<a href="http://n-o-d-e.net">HOME</a>
<span class="footdogs"> × </span>
<a href="http://N-O-D-E.net/shop/">SHOP</a>
<span class="footdogs"> × </span>
<a target="_blank" href="http://patreon.com/N_O_D_E_">PATREON</a>
<span class="footdogs"> × </span>
<a target="_blank" href="https://github.com/N-O-D-E/N-O-D-E.net">GITHUB</a>
</div>
</div>
</body>
</html>