Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 184
» Latest member: GitaWay088
» Forum threads: 40
» Forum posts: 43

Full Statistics

Online Users
There are currently 31 online users.
» 0 Member(s) | 31 Guest(s)

Latest Threads
Гостиничное п...
Forum: Discussing
Last Post: Alicewonna
01-16-2018, 11:03 AM
» Replies: 0
» Views: 421
Thanksgiving owing to you...
Forum: Discussing
Last Post: BennivDaway
01-08-2018, 10:39 PM
» Replies: 0
» Views: 232
ugg bottes hautes -La der...
Forum: Discussing
Last Post: Michaelhadia
01-07-2018, 03:43 PM
» Replies: 0
» Views: 243
ugg cory -Outlet Vente en...
Forum: Discussing
Last Post: Michaelhadia
01-07-2018, 10:20 AM
» Replies: 0
» Views: 227
SECURITY NEWS THIS WEEK: ...
Forum: Security News
Last Post: nasir
12-17-2017, 05:23 AM
» Replies: 0
» Views: 990
SearchSecurity website
Forum: Free Website Advertisement
Last Post: ad
12-14-2017, 10:15 AM
» Replies: 0
» Views: 1,194
virgin UAE
Forum: Free Website Advertisement
Last Post: ad
12-14-2017, 10:13 AM
» Replies: 0
» Views: 235
Nasir youtube Channel
Forum: Free Website Advertisement
Last Post: ad
12-14-2017, 10:11 AM
» Replies: 0
» Views: 86
Free Security Training we...
Forum: Free Website Advertisement
Last Post: ad
12-12-2017, 04:34 AM
» Replies: 0
» Views: 86
Hackers Academy
Forum: Free Website Advertisement
Last Post: ad
12-12-2017, 03:51 AM
» Replies: 0
» Views: 67

 
Exclamation hashcat can Cracks 55 Character Passwords
Posted by: ad - 11-29-2017, 04:25 AM - Forum: Security News - No Replies

The latest version of hashcat, oclHashcat-plus v0.15, was released over the weekend. It is, says lead developer Jens Steube under the handle Atom, “the result of over 6 months of work, having modified 618,473 total lines of source code.”

Hashcat is a freely available password cracker. It is clearly a dual-purpose weapon: it can be used by security auditors to stress-test company passwords, and it can be used by criminals to crack lists of stolen passwords. One of its biggest weaknesses had been an inability to handle passwords in excess of 15 characters: until now – the new version can handle passwords and phrases typically up to 55 characters in length. 

“This was by far one of the most requested features”, notes Steube. “We resisted adding this ‘feature’, as it would force us to remove several optimizations, resulting in a decrease in performance for the fast hashes.” So the new version also comes with a downside – a performance hit that “typically averages around 15%.”

In reality, this probably won’t worry its users too much. It is an off-line cracker, which means it cracks lists of passwords. For security administrators and auditors, these lists will be taken from the company servers. For criminals – whether they are the original hackers or just script kiddies downloading online hacking dumps – they come from stolen passwords.
Robin Wood, a whitehat freelance auditor and researcher, explained how he uses hashcat for good purposes. “One of my main uses for it is to show clients if their password complexity policies are working”, he told Infosecurity. “If I get a set of hashes from a windows domain I'll crack as many as I can and then analyze the results looking for patterns, lengths, recurring words etc.” Wood is the developer of Pipal, which is used by many security researchers to analyze passwords.

A blackhat will use hashcat in a similar manner. He will either have stolen the passwords or have got them from the original hacker. He will use hashcat in a similar fashion against the list of passwords, but will then use the cracked passwords to access the users’ accounts – or sell the cracked passwords to other criminals to use as they will.

What the new version of hashcat demonstrates is that size is no longer as important as it used to be – it’s what the user does with the characters that matters. Length is still important; but rather than just a combination of words or phrases, it should be a mix of characters, numbers and punctuation symbols. Ars Technica illustrates the problem: Yiannis Chrysanthou cracked ‘Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1’, an occult phrase from an HP Lovecraft story. “But because the phrase was contained in this Wikipedia article, it wound up in a word list that allowed Chrysanthou to crack the phrase in a matter of minutes”, warns Ars.

Users should consider the use of a password manager, such as Keepass, to generate strong passwords that won’t be found in dictionaries. And of course, they should use a unique password for each different online account – that way even if it is stolen by a hacker and cracked by hashcat, it will at least be only one account that is compromised.

Print this item

  فريق الشارقة للترايثلون
Posted by: ad - 11-22-2017, 04:47 PM - Forum: Discussing - No Replies

فريق الشارقة للترايثلون  اول فريق من هذا النوع على مستوى الامارة

الترايثلون هي عباره عن سباق تتابع من سباحة,دراجات و الجري و تختلف المسافات مشابهة تماما لسباقات الرجل الحديدي

لزيارة موقع الفريق 
http://shjtri.com/

Print this item

  Sharjah triathlon Team
Posted by: ad - 11-22-2017, 04:43 PM - Forum: Discussing - No Replies

Sharjah triathlon Team is the first triathlon team in sharjah

triathlon is race mix between swimming, cycling and running. Same as Iron man but the distance is different

URL of the offical website of the team http://shjtri.com/ 

Print this item

  Hacker Demonstrates How Easy In-flight Entertainment System Can Be Hacked
Posted by: admin - 12-24-2016, 08:11 AM - Forum: Security News - No Replies

 Tuesday, December 20, 2016  Mohit Kumar
 

 


[Image: hacking-in-flight-system.png]
Next time when you hear an announcement in the flight, “Ladies and gentlemen, this is your captain speaking…," the chances are that the announcement is coming from a hacker controlling your flight.

Dangerous vulnerabilities in an in-flight entertainment system used by the leading airlines, including Emirates, United, American Airlines, Virgin, and Qatar, could let hackers hijack several flight systems and even take control of the plane.


According to security researchers from IOActive, the security vulnerabilities resides in the Panasonic Avionics In-Flight Entertainment (IFE) system used in planes run by 13 major airlines, providing a gateway for hackers which is absolutely terrifying.





The security holes could be exploited by hackers that could allow them to spoof flight information like map routes, speed statistics, and altitude values, and steal credit card information.

IOActive's Ruben Santamarta managed to "hijack" in-flight displays to change information like altitude and location, control the cabin lighting, as well as hack into the announcements system.


Quote:"Chained together this could be an unsettling experience for passengers," said Santamarta. "I don't believe these systems can resist solid attacks from skilled malicious actors. This only depends on the attacker's determination and intentions, from a technical perspective it's totally feasible."
Besides these critical issues, the researcher said in some instances; hackers could access credit card details of passengers stored in the automatic payment system and use their frequent flyer membership details to capture personal data.

The vulnerabilities affect 13 different airlines that use Panasonic Avionics system, which include American Airlines, United, Virgin, Emirates, Etihad, Qatar, FinnAir, KLM, Iberia, Scandinavian, Air France, Singapore, and Aerolineas Argentinas.

The vulnerabilities were reported to Panasonic in March last year, and the researcher waited more than a year and a half to go public, so the company had "enough time to produce and deploy patches, at least for the most prominent vulnerabilities."

Emirates is working with Panasonic to resolve these issues and regularly update its systems. "The safety of our passengers and crew on board is a priority and will not be compromised," Emirates said, reported the Telegraph.

Santamarta is the same researcher who warned of security issues in systems used by different aircraft in the past.

Back in 2014, he discovered that it was possible to reverse engineer a bug, which let him connect to the Wi-Fi signal or the in-flight entertainment system to connect to airplanes’ equipment, including the navigation system.

For in-depth technical details about the new vulnerabilities discovered by Santamarta, you can head on to IOActive's official blog post published today.



http://thehackernews.com/2016/12/hacking...ystem.html

Print this item

  iOS يعاني من مخاطر أمنية مثل أندرويد
Posted by: admin - 11-30-2016, 11:19 AM - Forum: Security News - No Replies

مايكروسوفت: iOS يعاني من مخاطر أمنية مثل أندرويد
‎بواسطة تامر عمران
- 17 أكتوبر 2016


[img=0x0]http://www.tech-wd.com/wd/wp-content/uploads/2016/06/apple-wwdc-iOS-10-1024x580.jpg[/img]

ربما إذا سُئِل بعضكم عن نظام التشغيل الأكثر أمانًا في السوق؛ لأجاب على الفور بأنه iOS. حتى من لم يستخدم نظام أبل المحمول؛ لكون البعض على قناعة تامة بأنه طالما توجد تطبيقات يتم اختراقها بكمية هائلة كتلك الموجودة على أندرويد، بالتالي فإن المنصة نفسها تعاني من العديد من الثغرات. إلا أن براد أندرسون – نائب رئيس قطاع الاتصالات المحمولة في مايكروسوفت – يرى الأمور خلاف ذلك تمامًا، وأن iOS هو الآخر يعاني بنفس القدر وربما أكثر مما يعاني منه نظام أندرويد.

في منشورٍ جديد على مدونة مايكروسوفت، حذّر أندرسون الجميع من هذا الأمر بأن يتركوا حججهم بشأن الثغرات الأمنية للأنظمة المحمولة، خاصة مع وجود ثغرات أمنية تم اكتشافها حديثًا على نظام أبل المحمول.

وبالنسبة له، يرى أن ثغرة بيجاسوس وترايدنت Pegasus & Trident الجديدة هي خير مثال على أنه لا تتفوق أنظمة التشغيل المحمولة على بعضها البعض عندما يتعلق الأمر بالأمن، وiOS هو الآخر ضعيف حاله كحال أندرويد دون تمييز. وبالتالي يجب على المستخدمين علاج هذا الأمر لديهم وأن يأخذوه على محمل الجد، دون تحزّب، أو تعصُّب؛ لأن جميع الأجهزة المحمولة تتعرض للهجمات الإلكترونية بغض النظر عن نوع النظام.

وقال أندرسون “لا أتهم iOS، ولا أندرويد، ولا أي نظام آخر، لكننا نواجه معضلة في هذا الصدد الأمني… المشكلة هي أن هناك تهديدات من بعض الهجمات الناجحة بغضّ النظر عن الجهود التي تبذلها الشركات في تطوير تلك المنصات”.

خلاصة القول، الرسالة التي يرغب أندرسون في ذكرها هي أنه لا يوجد نظام تشغيل أمثل في هذا العالم؛ فالجميع عُرضة للاختراق، وبالتالي فإن النظام المفترض أن يكون مثاليًا هو الذي يبني آليات للدفاع عن خصوصية مستخدميه أكثر كفاءة وفعالية عن بقية الأنظمة الأخرى، وهذا النظام حتى الآن غير موجود.

المصدر: Microsoft Enterprise Mobility and Security Blog


http://www.tech-wd.com/wd/2016/10/17/%D9...84-%D8%A3/

Print this item

  Cisco Talos Extends Vulnerability Disclosure Timeline
Posted by: admin - 11-30-2016, 11:14 AM - Forum: Security News - No Replies

[Image: picture-106.gif]
By Eduard Kovacs on November 29, 2016

Cisco has decided to modify its vulnerability disclosure policy and give software vendors more time to patch the flaws discovered by the Talos security intelligence and research group before disclosing their details.


Based on vendor feedback and the average time it takes companies to patch vulnerabilities, Cisco has extended its deadline from 60 days to 90 days.

On the day a vulnerability is discovered, Cisco attempts to contact the vendor and releases protections for customers using its security products. If the vendor doesn’t respond, a second contact attempt is made after seven days. The vendor notification date is published on Cisco’s vulnerability tracking site after 15 days.

If the affected vendor still doesn’t respond after 45 days, the Computer Emergency Response Team Coordination Center (CERT/CC) at Carnegie Mellon University is notified. Finally, both CERT/CC and Cisco publish vulnerability reports after 90 days.

“Whenever appropriate Cisco Talos will review timeline objectives with the vendor in order to sufficiently provide time for patching to take place. This will be reviewed on a case by case basis to ensure that there is a progression in patching. Extenuating circumstances, such as threats of any nature, may result in adjustments to disclosures and timelines either forward or backward,” Cisco said.

Cisco’s data shows that the average time-to-patch (TTP) has been 78 days. It’s worth noting that it takes commercial software companies more time to release fixes (80 days) than it does open source software developers (42 days). Cisco said one open source vendor set a new record by issuing a patch on the same day it learned about the flaw.

In the case of commercial software companies, there are firms that manage to patch within the given timeframe and ones that fail to do so. The average TTP for quick-turnaround companies is 38 days and for “lagging” companies it’s 113 days.

Google also gives vendors 90 days to patch vulnerabilities, but the deadline is reduced to only 7 days if the security hole is actively exploited, as was the case recently when attackers exploited a Windows zero-day in targeted attacks.

Yahoo’s disclosure deadline is also 90 days. Trend Micro’s Zero Day Initiative (ZDI) is more generous and gives vendors 120 days to release patches before disclosing vulnerabilities.

http://www.securityweek.com/cisco-talos-extends-vulnerability-disclosure-timeline

Print this item

  Computer Virus Information
Posted by: admin - 11-23-2016, 04:31 PM - Forum: Lectures - No Replies

What is a computer virus?

Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from functioning normally and often requires something powerful to get rid of it. A computer virus is very similar. Designed to relentlessly replicate, computer viruses infect your programs and files, alter the way your computer operates or stop it from working altogether. It’s estimated that the Conficker virus infected more than 10 million computers in 2009. Tens of thousands of computer viruses now operate over the Internet, and new computer viruses are discovered every day.
How does a computer virus find me?
Even if you’re careful you can pick up computer viruses through normal Web activities like:


  • Sharing music, files or photos with other users

  • Visiting an infected Web site

  • Opening spam email or an email attachment

  • Downloading free games, toolbars, media players and other system utilities

  • Installing mainstream software applications without fully reading license agreements
[size=undefined]
What does a computer virus do?
Some computer viruses are programmed to harm your computer by damaging programs, deleting files, or reformatting the hard drive. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful computer viruses can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.
What are the symptoms of a computer virus?[/size]

Your computer may be infected if you recognize any of these malware symptoms:

  • Slow computer performance

  • Erratic computer behavior

  • Unexplained data loss

  • Frequent computer crashes
[size=undefined]
Computer Virus Help: Arming yourself with the best computer virus protection?[/size]

When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Take these steps to safeguard your PC with the best computer virus protection:
Make sure that you have the best security software products installed on your computer:

  • Use antivirus protection and a firewall

  • Get antispyware software

  • Always keep your antivirus protection and antispyware software up-to-date

  • Update your operating system regularly

  • Increase your browser security settings

  • Avoid questionable Web sites

  • Only download software from sites you trust. Carefully evaluate free software and file-sharing applications before downloading them.
[size=undefined]
 
Practice safe email protocol:[/size]

  • Don't open messages from unknown senders

  • Immediately delete messages you suspect to be spam
[size=undefined]
An unprotected computer is like an open door for computer viruses. Firewalls monitor Internet traffic in and out of your computer and hide your PC from online scammers looking for easy targets. Products like Webroot Internet Security Essentials and Webroot AntiVirus with Spy Sweeper provide complete protection from the two most dangerous threats on the Internet – spyware and computer viruses. They thwart threats before they can enter your PC, stand guard at every possible entrance of your computer and fend off any computer virus that tries to enter, even the most damaging and devious strains.
While free antivirus downloads are available, they just can't offer the computer virus help you need keep up with the continuous onslaught of new strains. Previously undetected forms of can often do the most damage, so it’s critical to have up-to-the-minute, guaranteed antivirus protection.
[/size]


https://www.webroot.com/us/en/home/resou...er-viruses

Print this item

  Hackers breach election systems in Illinois, Arizona
Posted by: admin - 11-23-2016, 04:27 PM - Forum: Security News - No Replies

Officials: Hackers breach election systems in Illinois, Arizona

[/url][Image: 160607112012-wes-bruer-photo-small-11.jpg]    [Image: 150630141215-evan-perez-photo-small-11.jpg]
By Wesley Bruer and Evan Perez, CNN

Updated 1808 GMT (0208 HKT) August 30, 2016 







Washington (CNN)Hackers have breached databases for election systems in Illinois and Arizona, according to state election and law enforcement officials.


In Illinois, hackers accessed a database for the Illinois Board of Elections, compromising up to 200,000 personal voter records according to Ken Menzel, General Counsel for the board.





The FBI is investigating the hack, which initially occurred in late June and was discovered in July. It was first reported by Yahoo. Officials with the Board of Elections are "highly confident they (the hackers) weren't able to change anything, although the investigation is still going on" according to Menzel.



Investigators believe the hackers are likely based overseas, according to a law enforcement official.



The Illinois database included voters' names, addresses, sex and birthdays in addition to other information. Some of the records include either last four digits of a voter's social security number or drivers' license numbers. The database is comprised of records for 15 million individuals and is 10 years old. Not all outdated information has been purged, according to Menzel, so some of those records likely include information for deceased voters or those who have subsequently moved.


Republicans narrow voter registration gap in Florida, North Carolina, Pennsylvania

According to Matthew Roberts, director of communications for the Arizona secretary of state, in late May, Arizona officials took the statewide voting registration system offline after the FBI alerted the Arizona Department of Administration that there was a credible cyber threat to the voter registration system.
Although The Washington Post reported that Roberts attributed the database breach directly to a Russian hacker, when pressed by CNN, he said that the Arizona secretary of state's office learned of Russian involvement from internal IT and cyber security staff. "We indirectly heard that the credential and username posted online was from a known Russian hacker," Roberts said.


When they took the system offline to review any vulnerabilities, they discovered that a county election official's username and password had been posted online publicly. It's believed that a worker may have inadvertently downloaded a virus which exposed the username and password. In this instance, the username and password information posted would only give individuals access to a localized, county version of the voting registration system, and not the entire state-wide system.


Roberts says there is no evidence that any data within the system was compromised and there was no evidence of malware present in the database.


Court declines to hear appeal on Wisconsin voter ID law before election


The breaches are causing concern among election officials because of the voter personal information that could have been stolen, not because of any fear that an election could be stolen, law enforcement officials say.
States have a variety of systems -- some better than others -- but the voting machines and tabulating systems are generally not connected to the Internet, which would be the vulnerability hackers would use to compromise the electoral system.


The Department of Homeland Security is unaware of any specific credible threat to the electoral systems, according to a law enforcement official.


Election databases are attractive targets to hackers because they contain personal information that can be cobbled together with other data to help criminals steal money.


DHS has offered to help states increase security of their systems, but states have rebuffed federal help and largely believe their systems are secure. [url=https://www.dhs.gov/news/2016/08/15/readout-secretary-johnsons-call-state-election-officials-cybersecurity]DHS Secretary Jeh Johnson held a conference call recently to discuss whether DHS should declare electoral systems as critical infrastructure, which triggers more involvement from the federal government. States have resisted those moves.


Road to 270: CNN's latest electoral college map
Asked about the intrusions while speaking at the Symantec Government Symposium in Washington, FBI Director James Comey said Tuesday he didn't want to comment on a specific case but said the bureau is always looking at ways to counteract cyberattacks.


"We take very seriously any effort by any actor -- including nation states, especially nation states that move beyond the collection of information about our country and offers the prospect of an effort to influence the conduct of affairs in our country -- whether it is an election or something else," Comey said.


Illinois officials say it's been a challenge to identify everyone whose records were compromised as they have to sort through the 109 jurisdictions that may have been affected. According to Menzel, they are working with the FBI and other law enforcement agencies to figure out who was responsible.


Menzel says the board is not concerned about the integrity of the voting system and does not expect the breach to impact the upcoming general election.


Illinois voting machines are not connected to the internet in any way, according to Menzel. Most voters in Illinois use an optical scan ballot but some jurisdictions do have touch screen machines to comply with Americans with Disabilities Act regulations. In some large counties, such as Cook County, at the end of the voting day, early unofficial voting results are reported back and sent via cell phone signal but they have encryption protection. Arizona largely uses paper ballots and also has touch screen machines.



http://edition.cnn.com/2016/08/29/politics/hackers-breach-illinois-arizona-election-systems/

Print this item

  Facebook's Mark Zuckerberg hacked again
Posted by: admin - 11-17-2016, 08:08 PM - Forum: Security News - Replies (3)

Hacking group OurMine claims credit for defacing the Facebook CEO's Pinterest account. It also hacked Zuckerberg back in June.




[/url]
Facebook's Mark Zuckerberg hacked again 
0





UP NEXTQualcomm can charge your phone faster than you can read this story
[url=https://www.cnet.com/news/facebook-mark-zuckerberg-hacked-ourmine-pinterest/#page-qualcomm-quick-charge-4-hours-of-battery-life-in-just-minutes]
[Image: zuckerberg-by-getty.jpg]
Facebook CEO Mark Zuckerberg. His Pinterest account was defaced.
Photo by David Ramos/Getty Images
A hacking group has claimed credit for targeting Facebook Chief Executive Mark Zuckerberg's online accounts -- for the second time this year.
On Tuesday, a hacking group known as OurMine emailed me to say they had targeted Zuckerberg's Pinterest account, which was defaced with a new tagline and the group's web address.


Zuckerberg's Pinterest bio temporarily said, "Don't worry, we are just testing your security."
By the time we published, the defacement had been removed.


The group would not say, when asked, how it carried out the hack but did say it wasn't through leaked databases.
When pressed, OurMine said it has an "exploit on Pinterest" but gave no details. The last time the group said it had exploited a platform, the claim involved a fake screenshot.


OurMine is best known for targeting high-profile users, such as company bosses and tech executives, and defacing their web accounts with the group's name and a contact address.


OurMine's hope is that the victims reach out for security advice, which the group's website claims to provide.


The hackers also emailed me Zuckerberg's username (which is publicly known) and his password for his Twitter account, which we are not publishing for obvious reasons. The group said the Facebook chief had enabled two-factor authentication after the first instance of the group taking over accounts belonging to Zuckerberg. OurMine also provided details about the phone number associated with the account. The group hijacked Zuckerberg's Pinterest and Twitter accounts in June.


Of course, we can't verify that the details are correct without violating hacking laws. (You can read more about how we verify data breaches and hacks here.)


Zuckerberg isn't alone in being targeted by OurMine. In recent months, its hackers have also claimed Google CEO Sundar Pichai and Uber founder Travis Kalanick.


Zuckerberg did not immediately respond to a request for comment.
This story originally posted as "Hacker group targets Mark Zuckerberg's online accounts -- again" on ZDNet.



https://www.cnet.com/news/facebook-mark-...pinterest/

Print this item

  $5 PoisonTap Device Cracks Open Locked Computers
Posted by: admin - 11-17-2016, 08:05 PM - Forum: Security News - No Replies

A $5 tool called PoisonTap can allow malicious actors to easily hack into a locked computer.
Discovered by well-known independent white-hat hacker and developer, Samy Kamkar, PoisonTap siphons cookies, exposes internal routers and installs web backdoors on locked computers.
A physical device, PoisonTap simply needs to be plugged into a locked or password-protected computer to work its black magic. It emulates an Ethernet device over USB, and hijacks all internet traffic from the machine (despite being a low priority/unknown network interface).
In all, it allows the attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain. It exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding, and installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning. On the cookie front, it stores HTTP cookies and sessions from the web browser for the Alexa top million websites.
“PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable and microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle,” Kamkar explained in an analysis. “PoisonTap produces a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors.
A video demonstration of just how easy it is to use can be found here.
While the initial compromise of the device requires physical access, consequent access to the machine can be pulled off remotely. The backdoors and remote access persist even after device is removed and attacker “sashays away,” Kamkar noted.
The discovery represents a new threat vector. “There have been attacks that look similar to the PoisonTap; however, this one is exploiting a completely different system weakness,” said Craig Smith, research director of transportation security at Rapid7, via email. “A key difference with PoisonTap is that it emulates a network device and attacks all outbound communications from the target system. This attack works on both Windows and Mac operating systems, and can hijack a large number of connections, even if the machine is locked. If a user gets up to use the restroom—or even if it's a kiosk that has disabled the keyboard, but the interface is a web backend—this device will still work.”
He added, “The brilliance of the attack is actually in its simplicity: the most complex code in PoisonTap is the beautiful HTML5 canvas animation by Ara. On a $5 Raspberry Pi, Samy pulled together several clever attacks that add up to something really masterful.”



http://www.infosecurity-magazine.com/new...acks-open/

Print this item


3d Printing Files