Millions of Volkswagen Cars are Vulnerable to a Hack, and apparently so is that air-gapped PC, plus several hotels in the US get their credit card data stolen. All that coming up now on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf https://threatpost.com/key-fob-hack-allows-attackers-to-unlock-millions-of-cars/119846/ https://www.cnet.com/roadshow/news/100-million-volkswagens-at-risk-with-new-wireless-key-hack/ https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ https://threatpost.com/westin-marriott-sheraton-hotels-hit-by-payment-card-malware/119879/ […]

Read more

Monitoring network traffic in OpenWRT and benchmarking throughput from the Linux command line, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Bandwidth benchmarking tools speedtest-cli https://github.com/sivel/speedtest-cli speedtest.sh http://dl.getipaddr.net/ netspeed.sh https://gist.github.com/rsvp/1272488 wget –output-document=/dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip Bandwidth monitoring tools bwm-ng – super small and simple live monitoring bmon […]

Read more

Description: Bluetooth smart locks can be hacked wirelessly, apple begins a bug bounty program finally, point of sale terminals are hacked once again, and Qualcomm had a few Android chipset security flaws. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.tomsguide.com/us/bluetooth-lock-hacks-defcon2016,news-23129.html […]

Read more

Setting up Let’s Encrypt Certificates, and understanding TLS / SSL. This time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://en.wikipedia.org/wiki/Transport_Layer_Security https://letsencrypt.org/how-it-works/ http://www.github.com/certbot http://certbot.eff.org Commands: pwd wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto /root/certbot-auto /root/certbot-auto –apache Test your site! For us, it’s: https://www.internetspiritguide.com /root/certbot-auto renew –dry-run crontab -e /root/certbot-auto […]

Read more

It is time to leave LastPass? Wireless keyboards can spy on you! A gov’t agency finally gets 2FA, and Android security notifications are now a thing.. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/ https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/119533/ http://www.pcworld.com/article/3101354/security/how-to-make-sure-youre-using-the-latest-version-of-lastpass-for-firefox.html https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ https://bugs.chromium.org/p/project-zero/issues/detail?id=884 https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/ http://www.keysniffer.net/affected-devices/ […]

Read more

Deploying an OpenVPN server in minutes with one simple script, plus clients configuring Android and automating connections on the WiFi Pineapple. New dates available for Pentest With Hak5! See info at http://pentestwithhak5.com/ ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://github.com/Nyr/openvpn-install wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh Setting […]

Read more

Snowden and Huang are trying to build a warning system for your phone’s radio, DMCA is under fire by the EFF, and the DNC was hacked… All that coming up now on Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/snowden-designs-device-warn-iphones-radio-snitches/ https://theintercept.com/2016/07/21/edward-snowdens-new-research-aims-to-keep-smartphones-from-betraying-their-owners/ https://www.pubpub.org/pub/direct-radio-introspection https://threatpost.com/eff-files-lawsuit-challenging-dmcas-restrictions-on-security-researchers/119410/ https://www.eff.org/document/1201-complaint http://arstechnica.com/security/2016/07/new-evidence-suggests-dnc-hackers-penetrated-deeper-than-previously-thought/ […]

Read more

Building the most awesome console and arcade emulator ever – all that and more, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Today’s topic: Run: ls -l /dev/sd* sudo dd if=Lakka-*.img of=/dev/sdX (where X is your USB flashdrive) Downloading Lakka: http://www.lakka.tv/get/ Joypad config: http://www.lakka.tv/doc/Input-settings/ Enabling […]

Read more

This week on Hak5 we’re building an Arcade Machine Emulator in Linux! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://www.hak5.org/episodes/hak5-episode-4-released https://www.hak5.org/episodes/episode-3×03-release SDL=Simple DirectMedia Layer. Graphics library for Linux: http://sdlmame.wallyweek.org/download/ AdvanceMenu: http://advancemame.sourceforge.net/ Attract-Mode: http://attractmode.org/about.html Puppy Arcade: http://scottjarvis.com/page105.htm AdvanceMAMECD: http://www.advancemame.it/cd-readme.html RetroARCH: http://www.libretro.com/index.php/retroarch-2/ We’ll be building a Lakka MAME! http://www.lakka.tv/get/

Read more

Facebook Messenger gets Encryption, kinda… Quantum Computing gets a real life competitor from Google, and Wendy’s got hacked! All that on this episode of Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/secret-conversations-end-end-encryption-facebook-messenger-arrived/ https://threatpost.com/facebook-messenger-end-to-encryption-not-on-by-default/119133/ https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper.pdf https://whispersystems.org/ https://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/ https://threatpost.com/google-testing-post-quantum-cryptography-in-chrome/119137/ https://www.wired.com/2016/07/google-tests-new-crypto-chrome-fend-off-quantum-attacks/ http://arstechnica.com/security/2016/07/https-crypto-is-on-the-brink-of-collapse-google-has-a-plan-to-fix-it/ https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html http://www.cnet.com/news/speed-desk-headlinewendys-opens-up-about-malware-says-hackers-accessed-payment-info/ http://krebsonsecurity.com/2016/07/1025-wendys-locations-hit-in-card-breach/ https://www.wendys.com/en-us/about-wendys/the-wendys-company-updates https://payment.wendys.com/paymentcardcheck.html Pokemon […]

Read more

Today we’re building an OpenVPN server from scratch in Linux! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Install and setup OpenVPN apt-get update; apt-get install openvpn easy-rsa gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf nano /etc/openvpn/server.conf replace dh1024.pem with dh2048.pem #uncomment push “redirect-gateway def1 bypass-dhcp” #uncomment push “dhcp-option DNS” and replace […]

Read more

HummingBad hits 85 MILLION Android devices, Comcast and Netflix bury the hatchet, one badass botnet built from security cameras… and the FBI Says Don’t Indict Hillary Clinton. Today, on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: FBI Finishes Clinton Investigation http://www.theverge.com/2016/7/5/12096364/hillary-clinton-email-probe-fbi-indict-private-server Comcast & Netflix Bury The […]

Read more

Part two of Building an OpenVPN access point, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Recap: We’ve been building an VPN WiFi hotspot using OpenWRT and OpenVPN. Last week we setup the OpenVPN Access Server and setup user accounts. Today we’re going to work […]

Read more

Download DRM movies for free! But that’s probably a bad idea, given the FBI can legally hack a pc. Plus, how to spot a credit card skimmer, and more! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://motherboard.vice.com/read/court-rules-the-fbi-does-not-need-a-warrant-to-hack-a-computer?utm_source=mbtwitter https://www.eff.org/deeplinks/2016/06/federal-court-fourth-amendment-does-not-protect-your-home-computer https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/ http://arstechnica.com/security/2016/06/chrome-drm-download-netflix-piracy/ http://arstechnica.com/tech-policy/2016/06/800-pound-comodo-tries-to-trademark-upstart-rivals-lets-encrypt-name/ https://letsencrypt.org/2016/06/23/defending-our-brand.html https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/shame-on-you-comodo-t115958.0.html http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/ http://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimmers/ Youtube […]

Read more

Today on HakTip we’re learning about the terminal environment and customizations ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Commands you’ll need to know: printenv printenv USER set alias Learn about the Alias command from this episode of HakTip! – https://youtu.be/4-IngQNj0rQ?list=PLW5y1tjAOzI2ZYTlMdGzCV8AJuoqW5lKB ls -a nano .bashrc umask 0002 export HISTCONTROL=ignoredups […]

Read more

Building an OpenVPN access point, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Today we are going to install OpenVPN Access Server, configure it, setup clients and test the connection. Next week we’re going to work on the access-point side of things in OpenWRT by […]

Read more

Net Neutrality Wins… Locals Fight The Mapping Power… Apple Might Be More Secure, and the ruskies are hacking again… All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: Net Neutrality Is Safe… http://gizmodo.com/the-fcc-just-won-a-huge-net-neutrality-victory-in-feder-1781954855 http://arstechnica.com/tech-policy/2016/06/net-neutrality-and-title-ii-win-in-court-as-isps-lose-case-against-fcc/ $50 Million Currency Hack! http://www.nytimes.com/2016/06/18/business/dealbook/hacker-may-have-removed-more-than-50-million-from-experimental-cybercurrency-project.html https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/ http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2hVtSgrKUl Waze […]

Read more

Did we like Pcapr, the online social networking site for packet captures? Watch this episode of HakTip to find out! http://www.pcapr.net/home ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

Backpacking as a hacker – our top travel tech tips for packing, this time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: What Darren Brought: Ricoh Theta S – http://amzn.to/25YvVVX Manfrotto Compact Xtreme 2-in-1 Monopod and Pole – http://amzn.to/25Yv73A Novoflex MICROPOD – http://amzn.to/1PuFIpS http://amzn.to/28FRxVZ http://amzn.to/1PuFBL9 Sony […]

Read more

Did Twitter get hacked? All signs point to… no. IT admins – be careful when you delete files… And the IRS Get Transcript service comes back online after over a year. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://techcrunch.com/2016/06/08/twitter-hack/ https://www.wired.com/2016/06/twitter-hack/ […]

Read more

Today on HakTip we’re checking out a tool specifically made for sharing and collaborating with pcap files online. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— http://hat.t2t2.eu to vote for Hak5! https://www.cloudshark.org/ CloudShark is best for collaboration and sharing of packet capture files from Wireshark. But is it a […]

Read more

This week we’re joined in studio by Kevin McKay of http://www.razorquad.com/ to talk competitive drone racing! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

Password Mega breaches didn’t include Dropbox, Mitsubishi Outander Wifi hacked, TeamViewer Adds Security Checks, and Zuck uses bad passwords… All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: Our sister show, Hak5, is up for an award!! Vote for Hak5 and the […]

Read more

OEM Computers pose some pretty serious security risks, more passwords have been pwned than ever before, have 100 grand to spend? There’s a zero-day for that, and more. ——————————- VOTE FOR HAK5 and FRIENDS at http://hat.t2t2.eu for the podcast awards!! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: […]

Read more

This week we’re joined in studio by Kevin McKay of http://www.razorquad.com/ to talk FPV or first person view drone flying. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

Metasploit Minute – the break down on breaking in. Join Mubix (aka Rob Fuller) every Monday here on Hak5. Thank you for supporting this ad free programming. Sponsored by Hak5 and the HakShop – http://hakshop.com :: Subscribe and learn more at http://metasploitminute.com :: Follow Rob Fuller at http://room362.com and http://twitter.com/mubix

Read more

Editing 360 degree video for YouTube isn’t too dissimilar from standard 2D video — it just needs a little 3D love. Darren reports. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

People are afraid of being hacked, Linksys won’t block OpenWRT, Flash And Zero Days… perfect together… Links: People Are Afraid of Being Hacked. https://www.ntia.doc.gov/blog/2016/lack-trust-internet-privacy-and-security-may-deter-economic-and-other-online-activities Some Linksys Routers Won’t Block Open Source Firmware! http://arstechnica.com/information-technology/2016/05/linksys-wrt-routers-wont-block-open-source-firmware-despite-fcc-rules/ Flash Death Watch Update https://nakedsecurity.sophos.com/2016/05/12/adobe-flash-zero-day-patch-is-out-for-the-third-month-in-a-row/ http://venturebeat.com/2016/05/15/google-targets-html5-default-for-chrome-instead-of-flash-in-q4-2016/ https://groups.google.com/a/chromium.org/forum/#!searchin/chromium-dev/HTML5$20by$20default/chromium-dev/0wWoRRhTA_E/__E3jf40OAAJ Missouri politicians fail to block municipal broadband http://arstechnica.com/information-technology/2016/05/politicians-fail-in-bid-to-squash-municipal-broadband-in-missouri/ SWIFT used for another bank heist http://www.bloomberg.com/news/articles/2016-05-13/swift-warns-of-new-hacker-attack-on-bank-after-bangladesh-heist […]

Read more