Hacking wireless remotes using RF Replay Attacks using the YARD Stick One! In this episode we cover: How to gather intel on the device you want to hack How to sniff its wireless signals Determining modulation Decode OOK signals Transmitting a Replay Attack with RfCat and the YARD Stick One Step 1: Gathering Intel First […]

Read more

Chrome ditches mixes HTTPS warnings, Google Now and Siri get pwned from 16 feet away, NASA hacks from the 1970s and the EU declaring data transfer agreements with the US invalid. All that coming up on ThreatWire. Support us on Patreon: https://www.patreon.com/threatwire Links: http://www.zdnet.com/article/chrome-loosens-up-on-https-mixed-content-warning/ http://www.wired.com/2015/10/this-radio-trick-silently-hacks-siri-from-16-feet-away/ http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=15 Hacking when it Counts: Much Space Station Hacking Saved […]

Read more

Sony’s Embarrassed, Malware on the iOS App Store… and the ultimate airborne attack… on your network!. All that coming up now on ThreatWire. Support us on Patreon: https://www.patreon.com/ThreatWire Links: http://www.wired.com/2015/10/drones-robot-vacuums-can-spy-office-printer/ http://www.cnet.com/news/sony-hacks-invasion-of-privacy-still-grates-on-ceo/ YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs Youtube Thumbnail credit: CSIRO ScienceImage 10876 Camclone T21 Unmanned Autonomous […]

Read more

Getting Started with the YARD Stick One for Sub 1 GHz hacking! All that and more, this time on Hak5. Support Hak5, follow along and get a YARD Stick One from our very own HakShop at https://hakshop.myshopify.com/products/yard-stick-one The YARD in YARD Stick One stands for Yet Another Radio Dongle and it was created by Mike […]

Read more

This week on Hak5, we’re interviewing Troy Hunt of “Have I Been Pwned” https://haveibeenpwned.com/ https://twitter.com/troyhunt http://www.troyhunt.com/

Read more

As Hackers reaches its 20th anniversary, we’re celebrating the film that pays tribute to the hacker culture itself. You see, behind the cyberpunk neon pagers and rollerblades, insanely great 28.8 bps modems and the far out network visualizations is a treasure trove of hacker history and lore baked in by the real hackers and technical […]

Read more

Patreon’s Crowdfunding Platform is Hacked, Experian’s T-Mobile Server is Breached, Android Stagefright 2.0 is a thing, and a Linux Denial of Service Attack. All that coming up now on ThreatWire. https://www.patreon.com/posts/3457485 http://labs.detectify.com/post/130332638391/how-patreon-got-hacked-publicly-exposed-werkzeug http://arstechnica.com/security/2015/10/gigabytes-of-user-data-from-hack-of-patreon-donations-site-dumped-online/ http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-customers-data-experian/ http://www.t-mobile.com/landing/experian-data-breach.html http://www.prnewswire.com/news-releases/experian-notifies-consumers-in-the-us-who-may-have-been-affected-by-unauthorized-acquisition-of-a-clients-data-300152926.html http://arstechnica.com/security/2015/09/botnet-preying-on-linux-computers-delivers-potent-ddos-attacks/ https://www.stateoftheinternet.com/downloads/pdfs/2015-threat-advisory-xor-ddos-attacks-linux-botnet-malware-removal-ddos-mitigation-yara-snort.pdf http://arstechnica.com/security/2015/10/a-billion-android-phones-are-vulnerable-to-new-stagefright-bugs/ https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/ Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/2/2a/Landmark_House,_Experian,_Nottingham.jpg

Read more

D-Link Accidentally Publishes Private Keys, How to anonymize your Anonymous Surveys, a Million Dollar Bug Bounty, and Radio Hacks on a Balloon? What could go wrong? All that coming up now on Threat Wire. Support ThreatWire! https://www.patreon.com/threatwire http://www.securityweek.com/d-link-accidentally-publishes-private-keys-online http://arstechnica.com/security/2015/09/in-blunder-threatening-windows-users-d-link-publishes-code-signing-key/ http://www.wired.com/2015/09/new-crypto-tool-makes-anonymous-surveys-truly-anonymous/ http://www.scribd.com/doc/281587245/ANONIZE-A-Large-Scale-Anonymous-Survey-System https://threatpost.com/zerodium-hosts-million-dollar-ios-9-bug-bounty/114736/ https://www.zerodium.com/ios9.html http://www.wired.com/2015/09/balloon-spy-probe-deep-sweep/ https://criticalengineering.org/projects/deep-sweep/ http://zeigma.com/deepsweep/

Read more

ATMs are pwned with bluetooth. iOS is pwned with bluetooth and AirDrop. And Android is pwned with copy pasta. Support ThreatWire: https://www.patreon.com/ThreatWire?ty=h Bluetooth Skimmer: http://krebsonsecurity.com/2015/09/tracking-a-bluetooth-skimmer-gang-in-mexico/ http://krebsonsecurity.com/2015/09/tracking-bluetooth-skimmers-in-mexico-part-ii/ Android Lock Screen Vulnerabilities: http://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/ https://groups.google.com/forum/#!topic/android-security-updates/1M7qbSvACjo http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/ iOS AirDrop Vulnerabilities: http://arstechnica.com/security/2015/09/apple-mitigates-but-doesnt-fully-fix-critical-ios-airdrop-vulnerability/ http://www.wired.com/2015/09/hack-brief-upgrade-ios-9-now-avoid-bluetooth-iphone-attack/ Youtube Thumbnail credit: https://commons.wikimedia.org/wiki/File:49024-SOS-ATM.JPG

Read more

GPG Encryption for Windows, what happens if Keybase disappears, Free SSL certificates and how you could end up in prison for withholding your decryption keys. All that and more, this time on Hak5. — Jay – “great vid is there a windows equivalent?” Yes, you’ll need GPG4Win and Node.js for Windows http://gpg4win.org/download.html https://nodejs.org/en/#download When installing […]

Read more

What could be easier than file encryption with GPG? File encryption with keybase.io! Darren Kitchen and Shannon Morse demo the basics of the Keybase command-line app on this episode of Hak5.

Read more

Encrypted File Sharing? We speak with the Demonsaw founder. Plus, building a cubed acrylic drone battle arena. All that and more, this time on Hak5! Demonsaw – https://www.demonsaw.com/ Autodesk 123D Design – http://www.123dapp.com/design MatterControl – http://www.mattercontrol.com/

Read more

Microsoft dropped a dozen security updates, including fixes for flaws being exploited ‘in the wild,’ the Office of Personnel Management just dropped $133M on credit monitoring, Turla APT used satellite Internet links to cover their tracks, Blue Coat’s top 10 Top Level Domains for malicious domains, moar! Support us on Patreon! https://www.patreon.com/ThreatWire Links: MS Drops […]

Read more

Windows 7 & 8 are phoning home just like Windows 10 does, weaponized drones are now legal in the USA, and Agora, the site for selling narcotics, takes a vacation.   Links: http://arstechnica.com/information-technology/2015/08/microsoft-accused-of-adding-spy-features-to-windows-7-8/ https://thehackernews.com/2015/08/windows-spying-on-you.html https://support.microsoft.com/en-us/kb/3022345   http://readwrite.com/2015/08/26/drone-law-north-dakota-weaponizing http://www.thedailybeast.com/articles/2015/08/26/first-state-legalizes-armed-drones-for-cops-thanks-to-a-lobbyist.html   http://www.wired.com/2015/08/agora-dark-webs-biggest-drug-market-going-offline/   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/d/d0/Luftwaffe_99-01_RQ-4B_EuroHawk_ILA_2012_1.jpg

Read more

The White House is backing the new cybersecurity bill, the FTC can now sue companies for getting hacked, and robocalls are being blocked by a robokiller! All that coming up now on Threat Wire.   Links:   https://threatpost.com/white-house-support-for-cisa-worries-privacy-advocates/114383 http://thehill.com/policy/cybersecurity/250241-white-house-endorses-senate-cyber-bill   http://www.wired.com/2015/08/court-says-ftc-can-slap-companies-getting-hacked/ http://www2.ca3.uscourts.gov/opinarch/143514p.pdf   http://arstechnica.com/information-technology/2015/08/robokiller-wins-ftc-prize-by-annihilating-robo-calls/ https://www.kickstarter.com/projects/485600868/robokiller-app-stop-telemarketing-robocalls-foreve/description   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/e/e1/White_House_Washington.JPG

Read more

Suicides, extortion, and a $500,000 bounty for Impact Team… it’s gotten ugly at Ashley Madison.com. Amazon’s dropping Flash ads in September. China’s arrested 15,000 that “jeopardized Internet security” tho that does not mean what you think it means. Patch WordPress, there’s some nasty exploits. Some Android browsers have Zero Day flaws, and will Microsoft ever […]

Read more

Checking out Kali Linux 2.0 and cracking the Hack Across America challenge coin, this time on Hak5!   Download HD  |   Download MP4   — Kali Linux 2.0 —   BackTrack’s successor was Kali Linux (which we reviewed on episode 1408), an excellent tool for pentesters since forever. It’s been updated as of a few […]

Read more

BitTorrents are all the rage for DOS attacks, the IRS announces new breach numbers, and Microsoft is on a disabling rampage. All that coming up now on ThreatWire. Links: http://arstechnica.com/security/2015/08/how-bittorrent-could-let-lone-ddos-attackers-bring-down-big-sites/ https://www.usenix.org/system/files/conference/woot15/woot15-paper-adamsky.pdf   http://www.cnet.com/news/hackers-might-have-stolen-irs-data-on-more-than-300000-households/ http://arstechnica.com/security/2015/08/irs-estimate-of-tax-records-stolen-by-fraudsters-soars-to-over-300000/   http://www.alphr.com/microsoft/microsoft-windows-10/1001360/microsoft-can-disable-your-pirated-games-and-illegal-hardware https://www.microsoft.com/en-us/servicesagreement/   http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/   http://arstechnica.com/tech-policy/2015/08/company-pays-fcc-750000-for-blocking-wi-fi-hotspots-at-conventions/   http://www.wsj.com/article_email/target-reaches-settlement-with-visa-over-2013-data-breach-1439912013-lMyQjAxMTI1MDE1ODkxMjgzWj   Youtube Thumbnail credit: https://www.flickr.com/photos/68751915@N05/6757821397

Read more

This week Darren has a conversation with Chad Rikansrud about Mainframe vulnerabilities and Shannon gets to details on an amazing talk about using the USB Rubber Ducky while bypassing Enterprise Security. Download HD  |   Download MP4 Links: Mainframe Security – bigendiansmalls.com

Read more

The US Secretary of State is worried about China and Russia hacking his email. OwnStar is expanding to add BMW, Mercedes, and Chrysler virtual keys on iOS, Oracle’s Chief Security Office -and EULA- gets mocked for telling security researchers, “Don’t, Just Don’t,” and the NSA loves AT&T for the “ability to spy on vast quantities […]

Read more

A car hack is silenced in the US, Windows Mount Manager has a vulnerability (it’s been patched), and Square credit card readers are exploitable. All that coming up now on ThreatWire. Links: https://threatpost.com/microsoft-patches-usb-related-flaw-used-in-targeted-attacks/114240 http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/ https://threatpost.com/researchers-unveil-square-reader-mobile-pos-hacks/114187 http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/ http://www.cs.ru.nl/~rverdult/Dismantling_Megamos_Crypto_Wirelessly_Lockpicking_a_Vehicle_Immobilizer_Hash.pdf Youtube Thumbnail credit: https://www.flickr.com/photos/nedko/111901487

Read more

Automotive hacking is in its infancy, and already you can see a clear path to failure… just look at how Tesla responsds to hackers compared to Chrysler. Ars Technica calls it: Android updates are a complete failure when it comes to patching security flaws. Ubiquiti Networks makes awesome networking gear… and got taken for $46 […]

Read more

We’re celebrating our 10 year anniversary episode with some of our favorite bloopers! Get your beverages ready.   Download HD  |   Download MP4

Read more

Don’t click on links in email. Ever. Especially if they claim to be Windows 10 upgrade links, ‘cause CTB Locker Ransomware hurts. Does the latest TOR attack spell DOOM for privacy, or is it overrated and fairly easy to spoof? The U.S. Court of Appeals for the Seventh Circuit reversed a lower court decision tossing […]

Read more

A Bind Exploit Causes DOS Attacks, an Android Mediaserver Attack Crashes Phones, and TrackingPoint Sniper Rifles have a Wireless Hack. All that coming up now on ThreatWire. http://arstechnica.com/security/2015/07/major-flaw-could-let-lone-wolf-hacker-bring-down-huge-swath-of-internet/ https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/ http://arstechnica.com/security/2015/07/new-vulnerability-can-put-android-phones-into-permanent-vegetative-state/ http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/ http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/ Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/c/c4/Precision_Guided_Firearm_Heads_Up_Display.jpg

Read more

The mother of all Android vulnerabilities, a safe running Windows XP is unsafe, and ZOMG Drones! All that coming up now on ThreatWire.   Android Text Message Hack: Stagefright   http://www.androidcentral.com/stagefright-exploit-what-you-need-know https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html https://github.com/WhisperSystems/TextSecure/issues/3817   Brink Smart Safe Hacking https://www.youtube.com/watch?v=mzD58OavYVY http://www.bishopfox.com/blog/2015/07/on-the-brink-of-a-robbery/ http://www.bishopfox.com/news/2015/06/def-con-23-hacking-smart-safes-on-the-brink-of-a-robbery/ http://webcache.googleusercontent.com/search?q=cache:Nf-lEGqozmEJ:www.bishopfox.com/news/2015/06/def-con-23-hacking-smart-safes-on-the-brink-of-a-robbery/+&cd=1&hl=en&ct=clnk&gl=us https://www.youtube.com/watch?v=Kq9LwFNM55k   ZOMG Drones http://hackaday.com/2015/07/22/no-mounting-a-gun-to-a-quadcopter-probably-isnt-illegal/ http://www.wsj.com/articles/next-step-for-drones-defending-against-them-1437645600?mod=WSJ_TechWSJD_moreTopStories http://www.computerworld.com/article/2951878/telematics/firewalls-cant-protect-todays-connected-cars.html   Thumbnail credit: Michael Mandiberg: https://www.flickr.com/photos/theredproject/10662464343/in/photostream/

Read more