Information Security

Most munificient Apple killed itself with kindness. Oh. Really?

The Register - Thu, 01/17/2019 - 05:08
Why the battery story doesn't add up

Analysis Apple’s iPhone slump may be down to the company’s generosity and kindness - according to Apple-friendly blogger Jon Gruber.…

How to disguise malicious code in a Windows application?

Your hacking tutorial - Thu, 01/17/2019 - 04:56

Hello. I need to disguise the malicious code in a small self-made application for windows which I will do based on HiAsm. I would like that when the program is started on the victim's computer, a backdoor is started which could remain in the system after the windows restart. I tried to use the creation of a stager in the Empire in order to gain access to the victim's computer through windows \ launcher_bat and windows \ macro and these attempts were crowned with success. But since the victim may not have MS Word installed, and launcher_bat is rather suspicious, even if it is launched in hidden mode. For this, I came up with a small application that will be available on my site. After the victim downloads this application, it installs, does not understand how to use it, and forgets. But I need a malicious code to run. Can you tell me with what tool I can perform a similar operation? Maybe there are stager in Empire for this atack?

submitted by /u/HotFrog-NO-EAT-DOG
[link] [comments]
Categories: Information Security

Android Intent WiFi SSID with Tasker

Tasker: Total Automation for Android - Thu, 01/17/2019 - 04:40

Hi All,

Is there a possibility in Tasker to get the connected WiFi SSID with an Android Intent, I’ve tried:

  1. this Intent won’t fire when my WiFi connects to a network only when my WiFi turns on.

  2. this Intent returns %networkinfo which among others contains the friendly name of the SSID specified as ‘extra’. How can I parse the variable to get the information I need or does Tasker return a variable which contains the friendly name like %bssid which contains the networks MAC-id. I’ve already tried %extra, %extra_info, %extrainfo but they don’t work.

Or are there better Intents to work with?

I know there are default options in Tasker to do this but I want to use an Intent.

Grtz Mark

submitted by /u/markladage
[link] [comments]

Having AI assistants ruling our future lives? That's so sad. Alexa play Despacito

The Register - Thu, 01/17/2019 - 04:15
It's Amazon how quickly these monopolies begin

Column At the annual spectacular of crap that we optimistically term the Consumer Electronics Show, I found myself locked into a room with Alexa.…

PostmarketOS Turns 600 Days Old

Hack a Day - Thu, 01/17/2019 - 04:00

PostmarketOS began work on a real Linux distribution for Android phones just over 600 days ago. They recently blogged about the state of the project and ensured us that the project is definitely not dead.

PostmarketOS’ overarching goal remains a 10 year life-cycle for smartphones. We previously covered the project on Hackaday to give an introduction. Today, we’ll concern ourselves with the progress the PostmarketOS team has made.

The team admits that they’re stuck in the proof-of-concept phase, and need to break out of it. This has required foundational changes to the operating system to enable development across a wide variety of devices and processor architectures. There’s now a binary package repository powered by which will allow users to install packages for their specific device.

Other updates include fixing support for the Nexus 5 and Raspberry Pi Zero, creating support for open source hardware devices including the Pine A64-LTS and Purism Librem 5. PostmarketOS now boots on a total of 112 different devices.

We’re excited to see the PostmarketOS project making progress. With the widespread move to mobile devices, users lose control over their computing devices. PostmarketOS gives us the ability to run code that we can read and modify on these devices. It’s no small feat though. Supporting the wide variety of custom hardware in mobile devices requires a lot of effort.

While it may be a while before PostmarketOS is your daily driver, the project is well suited to building task-specific devices that require connectivity, a touch screen, and a battery. We bet a lot of Hackaday readers have a junk drawer phone that could become a project with the help of PostmarketOS.

South Korea says mystery hackers cracked advanced weapons servers

The Register - Thu, 01/17/2019 - 03:01
No idea who could have been behind this one...

The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers .…

Compromised ad company serves Magecart skimming code to hundreds of websites

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 02:00

Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to compromise Adverline, a French online advertising company with a European-focused clientele, and inject payment card skimming code into one of its JavaScript libraries for retargeting advertising. The targets “Web-based supply chain attacks compromise vendors that supply code often used to add or improve site functionality. This code integrates with … More →

The post Compromised ad company serves Magecart skimming code to hundreds of websites appeared first on Help Net Security.

2019 cybersecurity workforce: Recruiting vs. re-skilling

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 01:45

The cybersecurity talent gap is not just an IT industry crisis. It’s one with global ramifications. As the inevitable march towards digitalizing the world continues, it brings with it a steady stream of new opportunities for bad actors to take advantage of systems and exploit vulnerabilities both new and old. Cybercrime is becoming increasingly lucrative as the barrier to entry is lowered daily, with sophisticated and easy-to-use tools available for purchase on the dark web. … More →

The post 2019 cybersecurity workforce: Recruiting vs. re-skilling appeared first on Help Net Security.

Cyber risk management and return on deception investment

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 01:30

This article is fifth in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of how deception fits into information risk management strategies and how organizations can answer C-level ROI questions for justifying deception. Cyber risk management and deception Perhaps the most foundational objective for any enterprise cyber security team is the proper management of risk. Too often, teams get … More →

The post Cyber risk management and return on deception investment appeared first on Help Net Security.

How IT organizations are transforming to meet the demands of the digital economy

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 01:15

The 2019 State of Application Services report from F5 Networks showed that organizations regard application services as vital for cloud adoption and, ultimately, for success in today’s app-driven digital economy. Emerging application services like ingress control and IoT gateways are on the rise, and together with established services such as firewalls and global server load balancing, are enabling companies to adapt to the requirements of today’s multi-cloud world. “Applications are now the most valuable asset … More →

The post How IT organizations are transforming to meet the demands of the digital economy appeared first on Help Net Security.

Encryption is key to protecting information as it travels outside the network

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 01:00

A new Vera report reveals stark numbers behind the mounting toll of data breaches triggered by cybercrime and accidents. One of the most recognized and mandated security controls, installed encryption tools protect just four percent of breached files. Meanwhile, compliance-focused mindsets and perimeter-driven encryption deployments keep organizations’ encryption investments fundamentally misaligned with how employees and business partners use crown jewel data. Vera surveyed cybersecurity and IT decision-makers at North American organizations across healthcare, finance, government … More →

The post Encryption is key to protecting information as it travels outside the network appeared first on Help Net Security.

Breakfast Bot Does Eggs To Perfection

Hack a Day - Thu, 01/17/2019 - 01:00

Breakfast is a meal fraught with paradoxes. It’s important to start the day with a hearty meal full of energy and nutrition, but it’s also difficult to cook when you’re still bleary-eyed and half asleep. As with many problems in life, automation is the answer. [James Bruton] has the rig that will boil your egg and get your day off to a good start.

The basic apparatus uses a thermostatically controlled hotplate to heat a pot of water. [James] then employs an encoder-controlled linear actuator from a previous project to raise and lower a mesh colander into the pot, carrying the egg. An Arduino is used to measure the water temperature, only beginning the cooking process once the temperature is over 90 degrees Celsius. At this point, a 6-minute timer starts, with the egg being removed from the water and dumped out by a servo-controlled twist mechanism.

Future work will include servo control of the hotplate’s knob and building a chute to catch the egg to further reduce the need for human intervention. While there’s some danger in having an automated hotplate on in the house, this could be synchronized with an RTC to ensure your boiled egg is ready on time, every day.

Breakfast machines are a grand tradition around these parts, and we’ve seen a few in our time. Video after the break.

[Thanks to Baldpower for the tip!]


New Nokia still has a lot of things to learn: Confessions from a current Nokia 7 Plus user (previously owned a low end Samsung Galaxy)

Android - Wed, 01/16/2019 - 23:25

New Nokia is overrated in this sub tbh.

So right now, I have a Nokia 7 Plus running Pie. Before this, I had a low end Samsung Galaxy. It was slow, but I will attribute that mostly on its low end processor. I literally encountered ZERO software bugs on it though. The software felt reliable and polished. Even the little things - font, placement of some ux, battery animation when charging from 0%... They were designed really well. It felt like Samsung really gave their effort when it comes to software. The software design also felt consistent. My Galaxy actually got a Nougat update, and yes it arrived really late... But when I got it, I can definitely say that it was polished. There were no bugs AT ALL. Too bad it was just quite slow for my taste.

Now, with my 7 Plus, I can say that Nokia is really serious with delivering FAST software updates. My phone got Pie shortly after Google announced it. I had all the new features of Stock Android. The problem though is the bugs. Everyday I am discovering new ones. They're tolerable though, but I can't help but to feel disappointed every time I see them since I came from a reliable low end Samsung phone.

Phone freezing randomly every week

Phone freezing when I clear some cache or data on some apps

Screen flickers sometimes when the keyboard pops up

The circle thing on the home button is NOT centered (don't know how to explain this sorry haha)

Date NOT showing on the notification panel when you use the light theme (this got fixed after a few months though)

Software buttons at the bottom still has a WHITE BACKGROUND even though the night mode is already on (really annoying tbh)

The software also felt inconsistent... The font used in the header of some apps are not consistent, some apps use the Roboto, some do not. The battery animation when you charge the phone from 0% looks cheap too. The Symbian battery design way back the old Nokia actually looked better. This new one felt like a design from Windows 98.

It felt like Nokia was not that meticulous in its software... What matters to them is that they are able to deliver fast updates. There's nothing wrong with that though, but I really hope they would provide updates with lesser bugs and more consistent design next time.

Oh, before I would end this... My 7 Plus actually has the infamous Novatek panel. There are two kinds of 7 Pluses - those with Goodix and those with Novatek. The early ones got Goodix and they have no issues. The newer batches have Novatek, which have some issues... The Novatek panels have a weird tint on the screen, and they also have the 16% screen brightness issue. You can drag the brightness slider to 0%, but the screen actually stops reducing its brightness at 16%. This means that you need to download a screen dimming app on Play Store because your eyes would really hurt at night with those extra brightness hahaha.

New Nokia still feels like a young company, and I understand that since they sold their mobile division to Microsoft and they just started from the ground up. There's a reason why Samsung is number one - they really are reliable when it comes to software and hardware...

tldr: new nokia still has a lot of things to learn, particularly in delivering software updates with lesser bugs and more consistent software design. nokia also needs to have better QC on its products. there's a reason why samsung is number one... they are really a reliable smartphone manufacturer.

submitted by /u/thekandidee
[link] [comments]