CATFISHING

--Originally published at Tc2017-security

Catfishing is when in social media they steal an identity and fake they are someone else. A lot of people have been victims of this people. Some of them have been lucky and found out, before getting hurt, but there are others not so lucky that have fallen in the lies of this people. There are cases where the victim falls in love with ths people and has given them money, or even worse been kidnap. We have to take precaucions and don’t accept or be fooled by any user you don’t know. If you don’t know the user don’t give any of your personal information. In your profil make sure everything is private or that the information you are displaying is alright for you.

Here is an example:

Y4PT

--Originally published at Tc2017-security

La imagen puede contener: 2 personas, personas sonriendo, interior

Two weeks ago I came back from a hackaton in Dubai due a competition we won last october(the prize was participate into the Dubai’s Mobility Hackaton by Youth For Public Transport). We flew 24 hours from Guadalajara to the event, then we were developing our product(business model, prototype, slides, pitch) and we presented the project to some Dubai’s authorities such as the Dubai Prince, CEO of Careem, CEO of RTA, head of Y4PT among others. Our project was a virtual assistante to move through the city in a clean, fast and sustuinable way, with this we won the 3rd place. It was such an amazing experience to meet people from around the globe and share ideas and see different ways of thinking about the global problems we are living in. After this we presented the project in an expo, in the Dubai World Tarde Centre for a couple of days. It was great to have won a price, but it is more important to me the experience, the possibility to aquire a new global vision and have fun with this amazing experience. We are looking forward to win the next edition of this event next year in Sweden!

La imagen puede contener: 2 personas, personas sonriendo

Packet Squirrel

--Originally published at Lord Security

On these days I could get my hands on a really cool device from hak5, the Packet Squirrel, which can be used for an Ethernet man-in-the-middle attack, being able to use it as a sniffer or to get remote access to a network.

This tiny device has a button to turn it in, an Ethernet in port, an Ethernet out port, a microusb por for power, a usb port for storage and a switch to select which of the payloads to run.

The default payloads the packet squirrel has are:

TCP Dump: . It allows the user to display TCP/IP and other packets being transmitted or received over a network
DNS Spoof: Alters the DNS directions from the victim to show a different page
OpenVPN: Provide remote acces to the network or client tuneling

To use de TCP dump you just need to select the first payload, moving the swithc until the left and connect it to the device you want to see the traffic. Then the led will start to flash yellow indicating it is saving the traffic in the usb flash until you push the button to indicate you are done. Finally plug the usb to you PC to see a pcap file, which you can inspect the traffic with a protocol analyzer, like Wireshark.

In the case of the DNS spoof you need to enter the arming mode of the packet squirrel (rightmost side), and configure the spoofhost file with the domain and the ip you want to set.

With the OpenVPN you can provide remote access to the network, the target device will have access to the network in the Ethernet out port without interruption, the OpenVPN will be established enabling remote acces to the pcket squirrel

Also it can be used to tunnel the traffic

Continue reading →

Master Key for hotels

--Originally published at Lord Security

There are may things someone takes i count to select a hotel to stay, the luxury, wifi connection, pool, air conditioner and many others. but something really important is that your stuff remains safe, knowing that no one can enter without your permission, including the cleaning staff.

That is why a new exploit discovered by F-Secure researchers is important, a vulnerability in a popular and widely used electronic lock system (Assa Abloy) that can be exploited to unlock every locked room in a facility

For this hack, the attacker needs access to any target hotel key, even though it isn’t from a room or it has expired. Then he would need a portable programmer with a custome code they created, it is hold near the lock to open and in a minute it will be unlocked.

The researchers, for obvious reasons didn’t released the code for the master key and, in fact, showed the findings to the affected company. With Assa, the worked for over a year to recently release an update that fixes the problem

References:

https://thehackernews.com/2018/04/hacking-hotel-master-key.html

Researchers Find Way to Create Master Keys to Hotels

Fake News

--Originally published at TC2027SWSecurity

We could define fake news as falsely descriptive information that seeks to manipulate the audience regardless of its purpose.

Although using fake news to manipulate the public is a thousand year old practice, this new iteration we call fake news is much more powerful because of its speed, power and low production cost. The fake news is a kind of cancer of the web that is born as a result of the business models of Google and Facebook, in conjunction with the decline of traditional media.

Resultado de imagen para Fake news

To face it, then, what we need are better professional means that inspire confidence and seriousness, that win over the audience with courageous and objective coverage, taking advantage of both technology and historical journalistic techniques. If we can not value journalistic work seriously, making both readers and platforms pay for good content, then we will end up hurting ourselves, living in a less informed society and therefore less free.

Source: fakenews source

Gilberto Rogel García A01630171 #tc2027

Spyware

--Originally published at TC2027SWSecurity

Spyware is a sofware that gets information from a computer and then transfers that information to an extern entity without the knowledge or consent of that computer’s owner.

A typical spyware is autoinstalled in the afected system in a way that it executes itself everytime the system is running, and works all the time, controlling the use of Internet and showing related ads.

However, unlike other viruses, it does not try to replicate to other computers, so it works like a parasite.

The consecuences of an infection of spyware generaly include a considerable loss in the system’s performance, and stability issues. It also causes problems when trying to connect to the Internet.

Spy Sweeper is an anti spyware program which is considered one of the best programs for the elimination of spyware but its purchase provides a one year license, it also has a free trial version.

Gilberto Rogel García A01630171 #TC2027

WiFi Pineapple

--Originally published at TC2027SWSecurity

WiFi Pineapple is a device that allow sto make DNS Spoofing attacks, check on web searches, make man-in-the-middle attacks in Wi-Fi networks, allowing to spy all the trafic. Basically WiFi Pineapple is what is known as a Honeypot Hot-spot which atracts devices that are looking to connect to WiFi. When devices are on they look for a WiFi connection from a list of known WiFi networks that the device has memorized. This device disguises as being one of the WiFi networks that the user’s device is looking for.

With the WiFi Pineapple you can:

Resultado de imagen para pineapple router

Scan: Command the WiFi landscape and direct attacks from a live recon dashboard, passively monitoring all devices in the vicinity.

Target: Limit the audit to specified clients and access points within the scope of engagement and ensure zero collateral damage.

Intercept: Acquire clients with a comprehensive suite of WiFi man-in-the-middle tools specializing in targeted asset collection.

Report: Record and analyze logs, generate emailed reports at set intervals, and identify vulnerable devices in your organization.

If a hacker unleashes the Wi-Fi Pineapple in a public place, even after taking steps to secure yourself, you could still be vulnerable.

Sources:

https://www.wifi-online.es/blog_wifi-online/que-es-pineapple-wifi-la-pina-wifi-2/

https://www.wifipineapple.com/

https://www.makeuseof.com/tag/wifi-pineapple-protect/

Gilberto Rogel García A01630171 #TC2027

Honeypot

--Originally published at Lord Security

A way to be prevented in case someones is trying to access your server is to put a fake system, a trap to detect when an attacker is trying to access without the administrator’s permission. It is a great way to protect a system because it turns the tables tpo the hackers, not letting them access,helping the admin to know when he is being attacked, learn from it and improve the security.

In general there are two main types of honeypots:

Production Honeypot: Used by companies and corporations for the purpose of researching the motives of hackers as well as diverting and mitigating the risk of attacks on the overall network.

Research Honeypot: Used by nonprofit organizations and educational institutions for the sole purpose of researching the motives and tactics of the hacker community for targeting different networks.

When configuring your honepot you should have logs for all devices in the honeypot sent to a centralized logging server, and all the security stuff must be noticed when someone is doing an attack, that way the staff will be ready to monitor al keep track of what the hacker is doing and make sure the real environment is not compromised.

It is also important that your honeypot system is attractive to a potential attacker. This can be done by keeping it not so secure to encourage the attacker to go for the honeypot:

It should have ports that respond to port scans, have user accounts and various system files.
Passwords to fake accounts should be weak,
certain vulnerable ports should be left open.

Advantages

Collects real attacks data.
Reduced false positives.
Does not require high-performance resource.
Hacker activity is captured, even if its encrypted.
Simple to understand, deploy and maintain.

References:

http://www.thewindowsclub.com/what-are-honeypots

https://www.techopedia.com/definition/10278/honeypot

https://www.networkworld.com/article/3234692/lan-wan/increase-your-network-security-deploy-a-honeypot.html

Skygofree

--Originally published at Lord Security

Most of mobiles Malware do relatively simple stuff, stealing data, mining cryptocurrency or encrypting files, but some months ago a very sophisticated one was discorevered, Skygofree.

Some of the functions that make Skygofree terrifying are:

It can turn on the microphone for audio recording when the device is in a determined location
It can connect to networks controlled by the hackers, even with Wi-Fi disabled on the device, giving access to all the user’s traffic (passwords, credit cards, sites visited).
The stealing of WhatsApp messages via Accessibility Services
Secretly turning on the front-facing camera and take photos or videos

The main way on infection is through fake Mobile operators pages, where the user downloads an “update” and get infected. Once on the Phone, it shows a progress bar while waiting for instructions on what to do from the attackers.

The virus also has a way to protect itself, it can show a fake notification to prevent killing the background services it use.

Skygofree uses exploits to get the root privileges by looking for the device in a database of mobiles, to adjust itself on what it is attacking and exploiting its vulnerabilities.

So far Skygofree has only been seing on some parts of Italy, however, due to all the damage it can cause it is better to be prevented by only downloading apps from official sources and disabling installation of third-party apps.

References:

https://www.kaspersky.com/blog/skygofree-smart-trojan/20717/

https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/

Let others mine for you

--Originally published at Lord Security

Why bothering in using your own resources, GPU, CPU, etc. on mining cryptocoins when you can trick others to make it for you? That’s what the people who use Coinhive think.

According to Krebs, “Coinhive is a cryptocurrency mining service that relies on a small chunk of computer code designed to be installed on Web sites. The code uses some or all of the computing power of any browser that visits the site in question, enlisting the machine in a bid to mine bits of the Monero cryptocurrency.”

That means that when someone visits site with Coinhive on it part of the resources from the device the user is using to browse the page will be used to mine for the person who put the code there.

Even though Bitcoin is the most famous cryptocurrency, Coinhive uses Monero for a good reason, it has a better privacy than Bitcoin. It is virtually untraceable, without a way others besides the parts of the transaction can track it. Their transactions automatically have privacy features applied. You never have to request and then verify whether other people have enabled a privacy mechanism when sending you funds.

The most common use of Coinhive is adding directly on the page, without the administrators permission many times, a part of code in the <head> </head> tags. With that and adding your public key for all the the Moneros you earn you are ready to let others do the mining

For more information on setting Coinhive and all of its uses you can check the documentation at https://coinhive.com/documentation/miner

References:

https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/

https://moneyonlinenow.top/coinhive-espanol-que-es-como-funciona/

https://coinhive.com/documentation/miner

https://www.monero.how/why-monero-vs-bitcoin