Google Launches Android Hacking Contest
Here you go hackers, if you want to make up to $200 k, here is the way.
The project Zero Prize is a way for participants to find a full exploit that will allow them to achieve remote code execution on up-to-date Nexus 6P and Nexus 5X devises, by knowing only their email address and phone number, with a few conditions.
The first prize is a juice $200,000 and $100,000 for the second place, how about that?
Natalie Silvanovich is Google’s Project Zero team lead and explained that their “main motivation is to gain information about how these bugs and exploits work”
This article also talks in detail on how to play and other rewards offered by the giant search engine.
http://www.securityweek.com/google-launches-android-hacking-contest
911 could face its own emergency: Hackers
The latest research released this week by Ben Gurion University in Israel reveals the findings of 911 systems been potentially in danger that could overwhelm a complete state’s 911 system with endless calls, by using a network of hacked smartphone, and shutting out a great portion of legitimate callers, also known as a denial of service attack (DOS attack).
According to this article, researchers replicated North Carolina’s model based on its 911 network, with the knowledge that all emergency response systems are run at the local or state level, and the assessment determined that if hackers compromised 6000 smartphones with malicious software, they could make calls to 911 and block out half of all legitimate callers using cell phones in North Carolina.
Those results were shared to the US Department of Homeland Security says the Washington Post, and remarks of this type of danger have been made in the past of denial of service attacks on emergency response infrastructure.
The solution proposed was to change phone infrastructure completely, and stop using old fashion analog phone switches to route emergency calls, and instead use provide internet-like network called managed IP Networks, however there was no mentioned of how much money this would undertake in this article.
9http://www.cnet.com/news/911-could-face-its-own-emergency-hackers/
911 could face its own emergency: Hackers
911 could face its own emergency: Hackers
The latest research released this week by Ben Gurion University in Israel reveals the findings of 911 systems been potentially in danger that could overwhelm a complete state’s 911 system with endless calls, by using a network of hacked smartphone, and shutting out a great portion of legitimate callers, also known as a denial of service attack (DOS attack).
According to this article, researchers replicated North Carolina’s model based on its 911 network, with the knowledge that all emergency response systems are run at the local or state level, and the assessment determined that if hackers compromised 6000 smartphones with malicious software, they could make calls to 911 and block out half of all legitimate callers using cell phones in North Carolina.
Those results were shared to the US Department of Homeland Security says the Washington Post, and remarks of this type of danger have been made in the past of denial of service attacks on emergency response infrastructure.
The solution proposed was to change phone infrastructure completely, and stop using old fashion analog phone switches to route emergency calls, and instead use provide internet-like network called managed IP Networks, however there was no mentioned of how much money this would undertake in this article.
http://www.cnet.com/news/911-could-face-its-own-emergency-hackers/
Hacker Wisdom: Top Three Takeaways from Black Hat 2016
I was curious on what this year’s Black Hat conferences were all about, other than a bunch of people getting together in numerous seminars and presentations for about a week, so here are “The Top Three Takeaways from Black Hat 2016” by Allison Francis from The Var Guy.com.
- Would you pick up a random USB drive and plug it into your personal computer?
Google researcher Elie Bursztein explains the enduring theory among cybersecurity experts that people will pick up and use random USB thumb drives that they find, and potentially take the risk of infecting their systems, which is not a rare case among unaware computer users all over.
Bursztein and his team had distributed 297 USB drives as “bait” at various strategic-ish locations, such as parking lots, building hallways, classrooms and outdoor areas around the University of Illinois campus.
He added that each drive houses tracking software that would “call home” if plugged in. those drives also included several different messages like “final exam results,” or “confidential,” among others.
The results were issued by eWeek (article), revealing a stoning 46 percent of the distributed drives “phoned home”, so Bursztein suggested that awareness and security training is highly important, and warned organizations and individuals to be mindful of what they plug into their machines. “You don’t pick up food from the floor and eat it because you may get poisoned”, so don’t pick up random USB drives either,” Bursztein said.
- The mounting threat of attacks in the VoIP and UC space
Fatih Ozavci, a managing consultant with Context Information Security, presented the lack of understanding and awareness of modern voice over internet protocol (VoIP) and unified communications (UC) security. This gap leaves providers and organizations extremely vulnerable to attacks, due to the ever-increasing and rapidly-growing number of threats.
During the conference Ozavci mentioned the various awareness that services providers and business are leaving themselves at risk to threat actors repurposing and exposing infrastructure for attacks such as botnets, malware distribution, vishing, denial of service attacks and toll fraud.
Also Ozavci touched on the weaknesses in messaging platforms and IC products suites since those vulnerabilities make it easy for hackers to sneak past security measures and spread malicious content. Once those vulnerabilities are exploited, attackers could gain unauthorized access to client systems or communications services such as conference and collaboration, voicemail, SIP trunks and instant messaging.
Last, Ozavci presented awareness and how he planned to get the word out and revealed his newly developed open sources tools Viproxy and Viproy which can be used for VoIP penetration testing.
- Information sharing and public work
Dan Kaminsky, the co-founder and chief technologist of the cybersecurity firm White Op highlighted the importance of making the internet a safe place for everyone by calling for more information sharing as a way to improve security and deal with and combat cyberthreats faster and more efficiently.