Category Archives: security hacks

FIDO2: The Dream Of Password-Free Authentication On The WWW

Of all the things which are annoying about the modern World Wide Web, the need to create and remember countless passwords is on the top of most people’s lists. From dozens of passwords for everything from social media sites to shopping, company, and productivity-related platforms like Github, a large part …read more

Continue reading

Posted in authentication, biometrics, ctap, Featured, fido2, Interest, news, online security, Original Art, password-free, passwords, security hacks, two-factor authentication, U2F | Leave a comment

This Week in Security: Zeroconf Strikes Again, Lastpass Leaks your Last Password, And All Your Data is Belong to Us

VoIP cameras, DVRs, and other devices running the Web Services Dynamic Discovery (WSDD) protocol are being used in a new type of DDoS attack. This isn’t the first time a zeroconf service has been hijacked as part of a DDoS, as UPnP has also been abused in similar ways.

Feel …read more

Continue reading

Posted in ddos, elasticsearch, Hackaday Columns, lastpass, security hacks, This Week in Security | Leave a comment

This week in Security: Mass iPhone Compromise, More VPN Vulns, Telegram Leaking Data, and the Hack of @Jack

In a very mobile-centric installment, we’re starting with the story of a long-running iPhone exploitation campaign. It’s being reported that this campaign was being run by the Chinese government. Attack attribution is decidedly non-trivial, so let’s be cautious and say that these attacks were probably Chinese operations.

In any case, …read more

Continue reading

Posted in 0-day, computer hacks, Hackaday Columns, ios, security hacks, This Week in Security, twitter | Leave a comment

High Voltage Protects Low Denominations

How do you keep people out of your change jar? If you didn’t say with a 3D printed iris mechanism and high-voltage spark gap, then clearly you aren’t [Vije Miller]. Which is probably for the best, as we’re not sure we actually want to live in a world where there …read more

Continue reading

Posted in 3D printed enclosure, high voltage, iris, lifehacks, security hacks, spark gap | Leave a comment

ESP8266 and ESP32 WiFi Hacked!

[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push …read more

Continue reading

Posted in crash, ESP32, ESP8266, hack, security, security hacks, sky is falling, vulnerability, wifi, wireless hacks | Leave a comment

This Week in Security: VPN Gateways, Attacks in the Wild, VLC, and an IP Address Caper

We’ll start with more Black Hat/DEFCON news. [Meh Chang] and [Orange Tsai] from Devcore took a look at Fortinet and Pulse Secure devices, and found multiple vulnerabilities. (PDF Slides) They are publishing summaries for that research, and the summary of the Fortinet research is now available.

It’s… not great. There …read more

Continue reading

Posted in backdoor, Hackaday Columns, security hacks, software hacks, This Week in Security, vlc | Leave a comment

This Week in Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, and More

Bluetooth is a great protocol. You can listen to music, transfer files, get on the internet, and more. A side effect of those many uses is that the specification is complicated and intended to cover many use cases. A team of researchers took a look at the Bluetooth specification, and …read more

Continue reading

Posted in 0-day, bluetooth, computer hacks, Hackaday Columns, knob, security hacks, siri | Leave a comment

Cruising GitHub For Slack Webhook Tokens

GitHub is an incredibly powerful tool for sharing source code, and its value to the modern hacker can’t be overstated. But there’s at least one downside to effortlessly sharing your source: it’s now much easier for the whole world to find out when you screw up. Back in the day, …read more

Continue reading

Posted in credentials, github, security hacks, slack, Software Development, token, webhook | Leave a comment

This Week in Security: Black Hat, DEF CON, and Patch Tuesday

Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.

First some light-hearted shenanigans. Obviously inspired by Little Bobby Tables, Droogie applied for the vanity plate “NULL”. A year went by without any problems, but soon enough it …read more

Continue reading

Posted in blackhat, computer hacks, DEF CON, Hackaday Columns, news, security hacks, This Week in Security | Leave a comment

New Bluetooth 5 Channel Hopping Reverse Engineered for Jamming and Hijacking

Bluetooth Low Energy (BLE) 5 has been around since 2016 with the most recent version 5.2 published just this year. There’s not much hardware out there that’s using the new hotness. That didn’t stop [Damien Cauquil] from picking apart BLE 5’s new frequency hopping techniques and updating his BtleJack tool …read more

Continue reading

Posted in ble, bluetooth, bluetooth low energy, BtleJack, channel hopping, cons, CSA #2, DEF CON, defcon 27, security hacks, wireless hacks | Leave a comment