Category Archives: security hacks

This Week in Security: Leaking Partial Bits, Apple News, and Overzealous Contact Tracing

Researchers at the NCCGroup have been working on a 5-part explanation of a Windows kernel vulnerability, targeting the Kernel Transaction Manager (KTM). The vulnerability, CVE-2018-8611, is a local privilege escalation bug. There doesn’t seem to be a way to exploit this remotely, but it is an interesting bug, and NCCGroup’s …read more

Continue reading

Posted in Hackaday Columns, ios, LadderLeak, news, security hacks, This Week in Security | Leave a comment

Home Assistant get Fingerprint Scanning

Biometrics — like using your fingerprint as a password — is certainly convenient and are pretty commonplace on phones and laptops these days. While their overall security could be a problem, they certainly fit the bill to keep casual intruders out of your system. [Lewis Barclay] had some sensors gathering …read more

Continue reading

Posted in fingerprint, fingerprint scanner, fingerprint sensor, home automation, home hacks, home-assistant, security hacks | Leave a comment

Hiding Malware, With Windows XP

In the nearly four decades since the first PC viruses spread in the wild, malware writers have evolved some exceptionally clever ways to hide their creations from system administrators and from anti-virus writers. The researchers at Sophos have found one that conceals itself as probably the ultimate Trojan horse: it …read more

Continue reading

Posted in malware, security, security hacks, Sophos, virtualbox, windows xp | Leave a comment

This Week in Security: DNS DDOS, Revenge of the 15 Year Old Bug, and More

Another DDOS amplification technique has just recently been disclosed, NXNSAttack (technical paper here) that could be used against DNS servers.

We’ve covered amplification attacks before. The short explanation is that some UDP services, like DNS, can be abused to get more mileage out of a DDoS attack. The attacking machined …read more

Continue reading

Posted in ddos, Hackaday Columns, news, security hacks, This Week in Security | Leave a comment

This Week in Security: Thunderspy, Facebook Breaking Everything, and More

Thunderspy was announced this week, developed by [Björn Ruytenberg]. A series of attacks on the Thunderbolt 3 protocol, Thunderspy is the next vulnerability in the style of Inception, PCILeech, and Thunderclap.

Inception and PCILeech were attacks on the naive Direct Memory Access (DMA) built into Firewire, Thunderbolt 1, and PCIe. …read more

Continue reading

Posted in Hackaday Columns, news, Pi-hole, security hacks, This Week in Security, Thunderspy | Leave a comment

This Week in Security: Psychic Paper, Spilled Salt, and Malicious Captchas

Apple recently patched a security problem, and fixed the Psychic Paper 0-day. This was a frankly slightly embarrasing flaw that [Siguza] discovered in how iOS processed XML data in an application’s code signature that allowed him access to any entitlement on the iOS system, including running outside a sandbox.

Entitlements …read more

Continue reading

Posted in android, Favicon, Hackaday Columns, news, security hacks, This Week in Security | Leave a comment

GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers …read more

Continue reading

Posted in exfiltration, exploit, gpu, harmonics, news, power management, radeon, RF, sdr, security hacks, shader, side-channel attacks, uhf | Leave a comment

$100k to Crack a Bitcoin Wallet

When Bitcoin peaked a few years ago, with single coins reaching around $18,000 USD, heartbreaking stories began circulating about people who had tens or hundreds of coins they mined in the early days when coins were worth just a few dollars or cents. Since then, they owners of these coins …read more

Continue reading

Posted in bitcoin, crack, cryptography, password, private key, recovery, security hacks | Leave a comment

Decentralized Privacy-Preserving Proximity Tracing

As we continue through the pandemic, whether we are on lockdown or still at work, there is a chance for all of us that we could still pick up the virus from a stray contact. Mapping these infections and tracing those in proximity to patients can present a major problem …read more

Continue reading

Posted in Covid-19, personal privacy, privacy, security hacks | Leave a comment

Launch Console Delivers Enjoyment To Software Deployment

Sometimes it feels as though all the good physical interactions with machines have disappeared. Given our current germ warfare situation, that is probably a good thing. But if fewer than ten people ever will be touching something, it’s probably okay to have a little fun and make your own interfaces …read more

Continue reading

Posted in 16 segment display, 2FA, code launcher, guarded toggle switch, Raspberry Pi, security hacks, Yubikey | Leave a comment