tag:blogger.com,1999:blog-293718782024-03-14T02:40:46.842+08:00Hacking The Security MythsA blog by Kunal SehgalKunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.comBlogger708125tag:blogger.com,1999:blog-29371878.post-49475848002789009482020-10-21T22:44:00.005+08:002020-10-21T22:44:44.387+08:00DarkSide Ransomware Group Donates $10,000 to Charities<p>This is out of the ordinary, it is common for cyber-criminals to try stolen credit-cards on charity websites. But what could be the motive behind sending bitcons to charities!?</p><p><b><a href="https://www.infosecurity-magazine.com/news/darkside-ransomware-donates-10k/">Link</a></b></p>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-36967673960001390752020-10-15T15:48:00.003+08:002020-10-15T15:52:28.332+08:00Restarting my blog<p>Over the last few years, I realized that most of my blog's followers were looking at my content via my LinkedIn profile. Hence, I stopped using the Blogger platform and moved all my content over to LinkedIn. This is the reason there are no posts from me after July 2017. So, after a long hiatus, I put the life back in my Blogger platform. </p><p>From today, I wish to change this. I will try and post all my content on both these platforms: LinkedIn and Blogger. This will help keep my content at one central place (here) and the mirror on Linkedin (or even Twitter) will help my readers still be able to find my content.</p><p>My LinkedIn profile is <a href="https://www.linkedin.com/in/kunseh/">here</a>.</p>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-53990578297912595632017-07-22T22:11:00.003+08:002017-07-22T22:11:45.857+08:00Police Takeover of Darknet MarketsSeems like the underground markets are in serious trouble.<br />
<blockquote class="tr_bq">
a Canadian citizen living in Thailand was arrested in that country and is believed to have committed suicide while in custody after international authorities — including police here — worked to close the AlphaBay criminal marketplace on the Dark Web</blockquote>
AlphaBay's <a href="http://www.itworldcanada.com/article/canadian-allegedly-head-of-alphabay-dark-web-criminal-market-dead-after-arrest/395013">takeover</a><br />
<br />
The users of AlphaBay flocked started migrating over to the Hansa Market, which was already under the <a href="https://krebsonsecurity.com/2017/07/after-alphabays-demise-customers-flocked-to-dark-market-run-by-dutch-police/">control </a>of the Dutch police!<br />
<br />
An <a href="https://krebsonsecurity.com/2017/07/exclusive-dutch-cops-on-alphabay-refugees/">interesting </a>police intereview<br />
<br />
There are rumors <a href="http://thehackernews.com/2017/07/dream-market-darkweb.html">that Dream Market </a>may also already be under the police control.KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-40381813490466053712017-06-14T21:54:00.000+08:002017-06-14T21:54:05.156+08:00FBI arrests NSA Data Leaker<blockquote class="tr_bq">
... unfortunately, it seems like Winner was not aware of the fact "that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed ...</blockquote>
<a href="http://thehackernews.com/2017/06/nsa-russian-hacking-leak.html">Story</a>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-28817784059061751852017-05-18T21:30:00.001+08:002017-06-01T11:28:34.747+08:00ShadowBrokers launches a new 'service'Data leaks as a <a href="https://www.infosecurity-magazine.com/news/shadow-brokers-warn-of-june-data/">service</a>, from ShadowBrokers <br />
<br />
Who <a href="https://www.schneier.com/blog/archives/2017/05/who_are_the_sha.html">are they</a>?KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-77846597050412075382017-05-15T23:02:00.001+08:002017-05-25T13:29:29.975+08:00WannaCry Ransomware<br />
<ul>
<li>A good <a href="https://www.redsocks.eu/news/ransomware-wannacry/">article </a>detailing what this is about.</li>
<li>The "hero" who <a href="https://www.thesun.co.uk/news/3552119/blogger-accidental-hero-cyber-attack-nhs/">reserved</a> the domain name to halt the spread.</li>
<li>Variations start <a href="https://www.infosecurity-magazine.com/news/wannacry-roars-back-after-kill/">emerging</a>, and more expected soon.</li>
<li>Suspected <a href="http://www.cio.com/article/3196970/security/the-wannacry-ransomware-might-have-a-link-to-north-korea.html">links </a>to North Korea</li>
<li>A beginners <a href="http://thehackernews.com/2017/05/how-to-wannacry-ransomware.html">guide </a>to what this is all about</li>
<li>Profits Finally <a href="https://www.infosecurity-magazine.com/news/wannacry-profits-finally-hit-100k/">Hit </a>$100,000</li>
<li><a href="https://www.darkreading.com/threat-intelligence/researcher-creates-tool-to-unlock-wannacry-infected-windows-xp-files/d/d-id/1328916">Can </a>be decrypted -- well sort of - in some conditions</li>
</ul>
KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-82760384524153875052017-04-10T21:51:00.003+08:002017-04-10T21:51:49.882+08:00The importance of trust and integrity in a VPN providerTroy hunt's <a href="https://www.troyhunt.com/the-importance-of-trust-and-integrity-in-a-vpn-provider-and-how-mysafevpn-blew-it/">post</a>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-11053709971092879742017-04-08T16:36:00.001+08:002017-04-08T16:36:13.671+08:00Unprotect MS Word files, check ransomware codeAn interesting <a href="http://sketchymoose.blogspot.sg/2017/04/dealing-with-macros-step-one-password.html">tool </a>to have (especially for ransomware): How to unprotect vb-code from MS Word.<br />
<br />KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-9037205419515353732017-02-23T21:59:00.002+08:002017-02-23T21:59:29.580+08:00SHA1 Broken (shattered)!SHA1 cryptography hash has finally been broken. In all fairness it was declared obsolete a while back. But it is still very interesting to see a theoretical attack <a href="https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html">live in action</a>. KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-20937259962264899812016-11-30T22:18:00.000+08:002016-11-30T22:18:01.210+08:00Free Rides at San Francisco Metro<b>27-Nov-2016:</b><br />
A hacker <a href="http://thehackernews.com/2016/11/transit-system-hacked.html">deployed </a>ransomware making the metro system un-usable, and asked for $73000..!<br />
<br />
<b>30-Nov-2016:</b><br />
The hacker <a href="https://krebsonsecurity.com/2016/11/san-francisco-rail-system-hacker-hacked/">gets hacked</a>. Reminder to change those password recovery questions.KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-78348193317650284452016-11-14T22:08:00.001+08:002016-11-14T22:08:16.837+08:00Tesco Bank HackAbout 9000 customers lost over £2.5 million. The Bank was then forced to <a href="http://metro.co.uk/2016/11/09/9000-tesco-bank-customers-lost-2-5million-in-massive-cyber-attack-6244968/">refund </a>the money. This is after they <a href="http://thehackernews.com/2016/11/tesco-bank-hack.html">froze </a>internet banking for over 20K customers.KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-74432565855033761502016-10-20T23:30:00.000+08:002016-10-20T23:30:05.139+08:003.2 million debit cards compromised in IndiaHackers allegedly used malware to compromise the Hitachi Payment Services platform — which is used to power country's ATM, point-of-sale (PoS) machines and other financial transactions — and stole details of 3.2 Million debit cards!<br />
<a href="http://economictimes.indiatimes.com/industry/banking/finance/banking/3-2-million-debit-cards-compromised-sbi-hdfc-bank-icici-yes-bank-and-axis-worst-hit/articleshow/54945561.cms">Amazing</a>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-48244887564390339702016-10-12T19:24:00.000+08:002017-10-04T09:49:20.648+08:00Distressed Yahoo!Yahoo is a facing a lot of heat at the moment, with some recent events.<br />
<br />
<b>First</b>, 500 million user accounts was <a href="http://lifehacker.com/500-million-yahoo-accounts-hacked-change-your-password-1786958537">stolen </a>in 2014, and got dumped online recently. <b>Then</b>, there is news that Yahoo complied with a <a href="http://www.infosecurity-magazine.com/news/yahoo-secretly-searched-emails-for/">secret government order</a> to search the incoming emails of all of its users. This secret initiative was not even known to its internal security team.<br />
<br />
<div>
Verizon, who has been in talks to acquire Yahoo is<a href="http://www.investors.com/news/technology/verizon-said-to-want-1-billion-yahoo-price-cut-will-yahoo-investors-care/"> now seeking a</a> $1 Billion price cut. Hence, the timing of these revelations couldn't have come at a worse time for Yahoo. </div>
<div>
<br /></div>
<div>
To make matters worse, to avoid users leaving its platform, Yahoo has <a href="https://techcrunch.com/2016/10/10/yahoo-makes-it-difficult-to-leave-its-service-by-disabling-email-forwarding/">disabled email-forwarding</a>. This is totally in bad faith, which will only frustrate it's users.<br />
<br />
<b>Update 15-Dec-2016:</b><br />
Yahoo <a href="http://lifehacker.com/yahoo-discloses-another-billion-user-breach-1790117547">says</a> an additional 1 Billion users were impacted. This is insane!<br />
More <a href="https://krebsonsecurity.com/2016/12/my-yahoo-account-was-hacked-now-what/">details </a>from Krebs.<br />
<br />
<b>Update 14-Jun-2017:</b><br />
The Verizon deal <a href="http://money.cnn.com/2017/06/13/technology/business/yahoo-verizon-deal-closes/index.html">finally </a>goes thru, and Yahoo's CEO resigns.<br />
<br />
<b>Update 04-Oct-2017:</b><br />
Every single Yahoo account was hacked - 3 billion in all - <a href="http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html">link</a></div>
<div>
<br /></div>
KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-32387754797655564272016-09-10T13:02:00.000+08:002016-09-13T22:25:00.332+08:00Israeli Online Attack ServiceA super investigation (and DOXing) done by Brian Krebs. A look at how a DDoS for hire service operates and launders money! <a href="http://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/">Link</a><br />
<br />
<b>Update 13-Sep-2106:</b><br />
<a href="http://www.networkworld.com/article/3118303/security/krebs-site-under-attack-after-alleged-owners-of-ddos-for-hire-service-were-arrested.html">Krebs gets</a> DDoS-ed for this article, by the same botnet companyKunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-49528285799377024582016-09-08T21:15:00.003+08:002016-09-08T21:15:31.013+08:00Steal passwords from locked-screen computers'Stupid simple' attack <a href="http://www.networkworld.com/article/3117059/security/stupid-simple-attack-can-steal-credentials-from-locked-windows-and-mac-computers.html">can steal </a>credentials from locked Windows and Mac computers - no 0-day used!<br />
<br />KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-61462863324946807152016-08-21T10:35:00.001+08:002016-08-21T10:35:46.077+08:00China Launches 'Hack-Proof' Satellite<blockquote class="tr_bq">
QUESS will send messages to ground stations using entangled photons, Xinhua reported. Such a system is theoretically impossible to hack. In addition, any attempts to eavesdrop would be picked up via an induced change in the photons' state.</blockquote>
<br />
Story <a href="http://www.space.com/33760-china-launches-quantum-communications-satellite.html">here</a>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-80142900964881288552016-08-13T21:42:00.001+08:002016-08-13T21:43:44.203+08:00Car Thieves Can Unlock 100 Million Volkswagens With A Simple Wireless HackNext time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen. What's more worrisome?
KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-88869316987326381872016-08-13T21:32:00.001+08:002016-08-13T21:36:52.905+08:00Windows Secure Boot: Insecure by design and mostly likely can't be fixedEncryption backdoors don’t work; the latest proof of that was discovered by security researchers Slipstream and MY123. This time, the security flub-up involves “golden keys” which can unlock Windows devices allegedly protected by Secure Boot.
KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-29300497063198863072016-08-09T20:32:00.000+08:002016-08-09T20:32:13.347+08:00Fake LinkedIn ProfilesI am not sure why but I receive way too many connection requests from fake profiles. Take for instance the following request, seemingly coming from a "Gabriella Kimber" in Germany, who in fact owns a premium account with LinkedIn, and has 414 connections (at the time of writing this post).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr4KI5eg0AL_SNYDp0e5uCem7VUcr8syRYtvIId9-GSPnN8yLoGbVxi9wqBvsqMoZBeVntBgDRdDKoR72MoERzlx4Ao4gjzfUSdjsCMkPlzKNoHO6UAR15Ldzlntkt9KOCuskITg/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr4KI5eg0AL_SNYDp0e5uCem7VUcr8syRYtvIId9-GSPnN8yLoGbVxi9wqBvsqMoZBeVntBgDRdDKoR72MoERzlx4Ao4gjzfUSdjsCMkPlzKNoHO6UAR15Ldzlntkt9KOCuskITg/s320/Capture.PNG" width="320" /></a></div>
<br />
<br />
A simple Google photo search reveals, this photo has been taken as is from the G+ profile (<a href="https://plus.google.com/117301087659087128510/about">link</a>) of Lika Roman, who is actually Miss Ukraine 2007 (<a href="https://en.wikipedia.org/wiki/Lika_Roman">wikipedia</a>).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXopQzWU6uV4u6oS2DypXfGXfVgu5P-B-rlfpHF_quGurlEIsdGviGrHyZV0b9tYPSzcZtM6UOvVtzitGQuBGCbCuyqdiNTswFOEv5cCJXZb2zLaJl5jt_ErYjDtAj_VnaMr4QdQ/s1600/Captur2e.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="264" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXopQzWU6uV4u6oS2DypXfGXfVgu5P-B-rlfpHF_quGurlEIsdGviGrHyZV0b9tYPSzcZtM6UOvVtzitGQuBGCbCuyqdiNTswFOEv5cCJXZb2zLaJl5jt_ErYjDtAj_VnaMr4QdQ/s320/Captur2e.PNG" width="320" /></a></div>
<br />
<br />
I am sure a pretty woman's photograph is put up to attract attention, but still what's their end goal here? What do they aim to gain from such fake accounts?KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-24301710606093789752016-08-08T15:46:00.004+08:002016-08-08T15:46:55.845+08:00KickassTorrents Busted<blockquote class="tr_bq">
KAT counts more than 50 million unique monthly visitors and is estimated to be the 68th most frequently visited website on the internet</blockquote>
<a href="https://www.engadget.com/2016/07/21/kickasstorrents-apple-facebook-homeland-security/">Story</a>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-82513450537216251912016-08-02T22:20:00.002+08:002016-08-02T22:20:36.177+08:00200M yahoo accounts for sale for $1800<blockquote class="tr_bq">
The hacker, who goes by the pseudonym "Peace" or "peace_of_mind," has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824).</blockquote>
<a href="http://thehackernews.com/2016/08/hack-yahoo-account.html">Story</a>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-87853073273724079042016-07-28T22:26:00.001+08:002016-07-29T20:26:02.796+08:00No More RansomEuropol in collaboration with others have introduced a simple portal to provide all know antidotes to the common cryptoware out there: https://www.nomoreransom.org/<br />
<br />
<b>Update 29-Jul-2016:</b><br />
<blockquote class="tr_bq">
Victims of the Chimera ransomware were thrown a lifeline this week after a rival malware author appeared to leak the decryption keys online.</blockquote>
Kudos to <a href="http://www.infosecurity-magazine.com/news/ransomware-author-leaks-rivals/">competing hackers </a>as well?!KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-19629416622516884762016-07-22T21:00:00.003+08:002016-07-22T21:00:42.796+08:00UK: CyberCrime overtakes Physical Crime <blockquote class="tr_bq">
The ONS estimated that there were 2.46 million cyber incidents and 2.11 million victims of cyber crime in the U.K. in 2015,” the report’s authors wrote. </blockquote>
<br />
Personally I do not think cyber-crime is materially worse in UK. I think they are tracking and recording it better, and most important the awareness has improved in the country. However, still an eye opener !<br />
<br />
<a href="http://krebsonsecurity.com/2016/07/cybercrime-overtakes-traditional-crime-in-uk/">Link 1</a> & <a href="http://www.infosecurity-magazine.com/news/uk-records-six-million-cyber/">Link 2</a>KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-47418423115394958272016-07-08T01:02:00.003+08:002016-07-22T20:42:28.431+08:00Forgetting to renew domain namesTP-Link, who manufactures routers, has forgotten to renew it's 2 domains names, which is widely used. This has now been jacked by someone, who is selling it for $ 2.5 M.<br />
<blockquote class="tr_bq">
These domain names appear to be quite busy; estimates based on Alexa's ranking suggest that tplinklogin-dot-net sees about 4.4 million visits per month, with another 800,000 for tplinkextender-dot-net.<br />
Seems like TP-Link is not at all interested in buying back those domains ... updating its manuals to remove the domain name references altogether.</blockquote>
This is an <a href="http://arstechnica.com/security/2016/07/tp-link-forgets-to-register-domain-name-leaves-config-pages-open-to-hijack/">ideal </a><a href="https://thehackernews.com/2016/07/tp-link-router-setting.html">way </a>for someone to create spoof website, with a target audience of millions !KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0tag:blogger.com,1999:blog-29371878.post-41474256840598339142016-07-02T15:50:00.002+08:002017-06-28T12:05:20.346+08:00Ethereum DAO HackThe hack makes me think about the reliability of crypto-currency. If we go with the assumption that there is no bug-free software, it is always only a matter of time (hence patching is of utmost importance), then how do we have our faith in bitcoins or any other altcoins?<br />
<br />
<blockquote class="tr_bq">
How can they recover the stolen money? They can't -- at least not without destroying the entire principle of cryptocurrencies</blockquote>
<br />
Am very curious to see what this community decides to do now. <a href="http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html">Hack details</a>.<br />
<br />
A <a href="https://www.bloomberg.com/features/2017-the-ether-thief/">synopsis </a>of the hack and the Robin Hood hack.KunSehhttp://www.blogger.com/profile/05463544609640756703noreply@blogger.com0