Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution

Threatpost - 23 Květen, 2017 - 23:33
Attackers can remotely execute code on targeted systems via specially crafted subtitle files for videos.
Kategorie: Hacking & Security

Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy

Ars Technica - 23 Květen, 2017 - 23:10

Enlarge (credit: Chaos Computer Club)

Hackers have broken the iris-based authentication in Samsung's Galaxy S8 smartphone in an easy-to-execute attack that's at odds with the manufacturer's claim that the mechanism is "one of the safest ways to keep your phone locked."

The cost of the hack is less than the $725 price for an unlocked Galaxy S8 phone, hackers with the Chaos Computer Club in Germany said Tuesday. All that was required was a digital camera, a laser printer (ironically, models made by Samsung provided the best results), and a contact lens. The hack required taking a picture of the subject's face, printing it on paper, superimposing the contact lens, and holding the image in front of the locked Galaxy S8. The photo need not be a close up, although using night-shot mode or removing the infrared filter helps. The hackers provided a video demonstration of the bypass.

Starbug, the moniker used by one of the principal researchers behind the hack, told Ars he singled out the Samsung Galaxy S8 because it's among the first flagship phones to offer iris recognition as an alternative to passwords and PINs. He said he suspects future mobile devices that offer iris recognition may be equally easy to hack. Despite the ease, both Samsung and Princeton Identity, the manufacturer of the iris-recognition technology used in the Galaxy S8, say iris recognition provides "airtight security" that allows consumers to "finally trust that their phones are protected." Princeton Identity also said the Samsung partnership "brings us one step closer to making iris recognition the standard for user authentication."

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Google Elevates Security in Android O

Threatpost - 23 Květen, 2017 - 22:13
Android O, due in the third quarter, figures to elevate the security of the mobile OS with new features focused on improved third-party patching, a new permission model and hardening of existing features.
Kategorie: Hacking & Security

Beware! Subtitle Files Can Hack Your Computer While You're Enjoying Movies

The Hacker News - 23 Květen, 2017 - 21:54
Do you watch movies with subtitles? Just last night, I wanted to watch a French movie, so I searched for English subtitles and downloaded it to my computer. Though that film was excellent, this morning a new research from Checkpoint scared me. I was unaware that a little subtitle file could hand over full control of my computer to hackers, while I was enjoying the movie. Yes, you heard
Kategorie: Hacking & Security

Examining the FCC claim that DDoS attacks hit net neutrality comment system

Ars Technica - 23 Květen, 2017 - 21:00

Enlarge (credit: Getty Images | Valery Brozhinsky)

On May 8, when the Federal Communications Commission website failed and many people were prevented from submitting comments about net neutrality, the cause seemed obvious. Comedian John Oliver had just aired a segment blasting FCC Chairman Ajit Pai's plan to gut net neutrality rules, and it appeared that the site just couldn't handle the sudden influx of comments.

But when the FCC released a statement explaining the website's downtime, the commission didn't mention the Oliver show or people submitting comments opposing Pai's plan. Instead, the FCC attributed the downtime solely to "multiple distributed denial-of-service attacks (DDoS)." These were "deliberate attempts by external actors to bombard the FCC's comment system with a high amount of traffic to our commercial cloud host," performed by "actors" who "were not attempting to file comments themselves; rather, they made it difficult for legitimate commenters to access and file with the FCC."

The FCC has faced skepticism from net neutrality activists who doubt the website was hit with multiple DDoS attacks at the same time that many new commenters were trying to protest the plan to eliminate the current net neutrality rules. Besides the large influx of legitimate comments, what appeared to be spam bots flooded the FCC with identical comments attributed to people whose names were drawn from data breaches, which is another possible cause of downtime. There are now more than 2.5 million comments on Pai's plan. The FCC is taking comments until August 16 and will make a final decision some time after that.

Read 37 remaining paragraphs | Comments

Kategorie: Hacking & Security

Yahoo Retires ImageMagick After Bugs Leak Server Memory

Threatpost - 23 Květen, 2017 - 20:00
Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets.
Kategorie: Hacking & Security

Apple Receives First National Security Letter, Reports Spike in Requests for Data

Threatpost - 23 Květen, 2017 - 19:06
Apple revealed this week that it received at least one National Security Letter from the U.S. government for user data during the last six months of 2016
Kategorie: Hacking & Security

Cyber Crime Gang Arrested for Infecting Over 1 Million Phones with Banking Trojan

The Hacker News - 23 Květen, 2017 - 17:35
The Russian Interior Ministry announced on Monday the arrest of 20 individuals from a major cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one million Android smartphones with a mobile Trojan called "CronBot." Russian Interior Ministry representative Rina Wolf said the arrests were part of a joint effort with Russian IT security firm Group-IB that
Kategorie: Hacking & Security

Digital watermark leads police straight to Bollywood pirates

Sophos Naked Security - 23 Květen, 2017 - 16:49
Digital signing led police to the would-be extortionists - a welcome turnaround for the movie industry after a run of thefts

Man jailed for stealing images and details from more than 50 women

Sophos Naked Security - 23 Květen, 2017 - 14:40
When someone like this is caught and jailed it's a sobering reminder to check our own digital footprint - here are some tips to help you secure your information

Statisíce počítačů jsou stále zavirované. Napravit to má WannaKey

Novinky.cz - bezpečnost - 23 Květen, 2017 - 14:02
Šíření škodlivého kódu WannaCry se sice podařilo zastavit, tento nezvaný návštěvník však přesto zvládl za pouhých pár hodin nakazit na 300 000 počítačů v různých koutech světa. A drtivá z nich bohužel zůstává stále uzamčena. Bezpečnostní experti se to nyní budou snažit napravit pomocí nástroje zvaného WannaKey.
Kategorie: Hacking & Security

Super Mario CTF Walkthrough

InfoSec Institute Resources - 23 Květen, 2017 - 14:00

Super Mario is an intermediate level Boot2root CTF. We hosted the VM in the virtual box and ran Nmap scan on the target. We noticed Nginx server is running on port 8180 and we opened it from the browser. Fired directory buster for finding internal files. We got two directories from dirbuster, and we opened […]

The post Super Mario CTF Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Jailbreaking Your Smartphone

InfoSec Institute Resources - 23 Květen, 2017 - 14:00

Introduction and Overview of the Last Article Our last few articles (specifically, the last four) have critically examined the Security threats and vulnerabilities that are posed to Smartphone devices today. We are often led to believe that we will be safe using our Smartphone devices because the mindset of not only the individual but also […]

The post Jailbreaking Your Smartphone appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Sn1per - Penetration Testing Automation Scanner

LinuxSecurity.com - 23 Květen, 2017 - 12:45
LinuxSecurity.com: Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Kategorie: Hacking & Security

Hackers Unlock Samsung Galaxy S8 With Fake Iris

LinuxSecurity.com - 23 Květen, 2017 - 12:40
LinuxSecurity.com: Biometric locks for phones are just getting more and more elaborate. Not content with fingerprints, some devices now offer facial recognition tech for accessing a device, and in the Samsung Galaxy S8's case, an iris scanner too.
Kategorie: Hacking & Security

Warning after WannaCry sets off fake BT phishing attack

Sophos Naked Security - 23 Květen, 2017 - 12:30
It's a sad fact that we end up seeing warnings about warnings in the aftermath of a major cybersecurity event

Hackeři napadli vydavatele amerického deníku USA Today, ohrozili data 18 tisíc zaměstnanců

Novinky.cz - bezpečnost - 23 Květen, 2017 - 11:04
Jedno z největších amerických novinových vydavatelství Gannet Co, do jehož portfolia patří i deník USA Today, napadli hackeři a získali citlivá data o 18 tisících současných i dřívějších zaměstnancích. K průniku do vnitřní sítě vydavatelství došlo prostřednictvím phishingové zprávy, kterou pachatel zaslal na oddělení lidských zdrojů společnosti, uvedl server WeLiveSecurity.com.
Kategorie: Hacking & Security

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

The Hacker News - 23 Květen, 2017 - 10:11
After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This
Kategorie: Hacking & Security

There’s new evidence tying WCry ransomware worm to prolific hacking group

Ars Technica - 23 Květen, 2017 - 05:34

Enlarge (credit: Health Service Journal)

Researchers have found more digital fingerprints tying this month's WCry ransomware worm to the same prolific hacking group that attacked Sony Pictures in 2014 and the Bangladesh Central Bank last year.

Last week, a researcher at Google identified identical code found in a WCry sample from February and an early 2015 version of Contopee, a malicious backdoor used by the hacking team Lazarus Group. The group has been operating since at least 2011. Additional fingerprints linked Lazarus Group to hacks that wiped almost a terabyte's worth of data from Sony Pictures and siphoned a reported $81 million from the Bangladesh Central Bank last year. Researchers say Lazarus Group carries out hacks on behalf of North Korea.

On Monday, researchers from security firm Symantec presented additional evidence that further builds the case that WCry, which is also known as WannaCry, is closely linked to Lazarus Group. The evidence includes:

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security
Syndikovat obsah