Github
Here's the link you all really want...
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Posts by GarethWright.com
16 publicly visible posts • joined 21 Aug 2014
WhatsApp security snafu allows sneaky 'message manipulation'
Not so private eye: Got an Axis network cam? You'll need to patch it, unless you like hackers
Tuesday 19th June 2018 13:14 GMT
Re: Attack Vector
I won't say where (though it's trivial to establish with a little Google foo), but a large number of Axis cams were installed in a new build and linked to the B.M.S.
The cameras were all added to CCTV module which was compiled with hard coded credentials...which of course were default. To make matters worse the the BMS company (Massive "professional" outfit) installed the cameras and BMS on the same VLAN as the standard traffic. Anyone on the WiFi or plugging into an ethernet port (oh btw they fitted active ones in the loos) can simply load up the Axis camera management tools and discover and access every camera on the network without needing any CVEs at all.
So yeah....plenty of places with Attack Vectors, some places are worse and have them on the internet
https://www.shodan.io/search?query=AXIS
Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke
Tuesday 19th June 2018 08:33 GMT
Happens more than you'd think
A number of years ago I contacted Apple and Facebook regarding a security flaw whereby tokens and passwords were accessible in plists.
I didn't hear back from Apple and Facebook said it wasn't a flaw so I reported it to El Reg who published the article.
A few weeks later and a vast number of Apps on the app store has been updated to mitigate the flaw, iOS had been updated to prevent file level access and someone else wrote up the same exploit citing my work and got a bug bounty from Facebook.
I guess Facebook were just pissed off they had egg on face.
Drone-maker DJI's Go app contains naughty Javascript hot-patching framework
Tuesday 15th August 2017 13:59 GMT
Security Concerns - Not rocket science.....
The military security concerns revolve around the black box SD card glued into the drones.
It stores flight logs, co-ordinates, images used for precision takeoff and landing as well as logs re: rf interference etc.
Should a drone crash or be shot down, an enemy can recover and gather valuable intel.
First-day-on-the-job dev: I accidentally nuked production database, was instantly fired
Pluto's emitting X-rays, and NASA doesn't quite know how
Apple must help Feds unlock San Bernardino killer's iPhone – judge
Drones are dropping drugs into prisons and the US govt just doesn't know what to do
TalkTalk attack: Lad, 15, cuffed by UK cyber-cops
How long does it take an NHS doctor to turn on a computer?
Monday 12th October 2015 08:18 GMT
Re: And your point is?
You forget that at this point they've been running from one side of the hospital to another for 14 hours straight with no break, nothing to drink or something to eat. Shouted at, argued with, comforted a family who child has just died. Spent an hour waiting for results from one system or another to print because printers are the spawn of Satan himself. Heel pricks, jabs, bags, drips, broken limbs and then there's the larger louts and pissed up arseholes, the attempted suicides and the successful the parents who bring their kids into A&E rather then buy some feckin calpol.
I've worked in IT all my life. I've also been a carer, and I'm married to a Dr I barely ever get to see because she's constantly working 13-15 hours a day, before driving home crashing for a few hours then going back to work. Granted, she wouldn't have made the mistake of not turning a computer on, but I, sitting at home with my laptop wouldn't have blamed her if she did.
Does common sense suffer with sleep deprivation? YES! Does that make them any less professional, no.
Yet our government is trying to remove the maximum working hours and drop their pay by upto 30% and most of the British public doesn't have a clue about it.
French hacker besmuts road sign right under Les Plods' noses
Can't get a woop, woop! Twitter gives politicians nice Gaffe-Delete button
+5 ROOTKIT OF VENGEANCE defeats forces of gaming good
Hilton, Marriott and co want permission to JAM guests' personal Wi-Fi
Wednesday 24th December 2014 09:42 GMT
Two can play at that game.
DNS tunnel out on the hotel Wifi so you don't have to pay the extortionate charges, De-auth any macs that aren't my spoofed one and set up my own Wifi network with the hotels SSID and provide the free WiFi the hotel should be providing in the first place to anyone in range.
They're playing a dangerous game which is sure to escalate quickly and frankly my Wi-Fu is better than theirs.
Need a green traffic light all the way home? Easy with insecure street signals, say researchers
Thursday 21st August 2014 12:55 GMT
Re: All Sorts of Problems
Some very prevalent brands of temporary traffic lights in the UK use the same basic OOK now that those particular sets of lights in Sheffield used in the 1980s.
As such they don't care if it's AM/FM etc so long as the carrier wave is at about the right frequency. I wouldn't be surprised if it was just the presence of a cw that triggered the lights as you'd have to be pretty fluky to nail the OOK sequence.
Biting the hand that feeds IT
