DEF CON SOHOpelessly Broken Router Hacking Contest

Posted on by

Young said the routers largely lacked any form of authentication happening on the server, instead the routers were doing password authentication on the browser. Compromising password hashes weren’t much a barrier for the contestants, and for hackers in the wild as well.

Source: DEF CON SOHOpelessly Broken Router Hacking Contest | Threatpost | The first stop for security news

Young said he would download the firmware from the respective vendor, extract it using tools such as Firmware Mod Kit to explore its design and eventually learn which files house administrative passwords and how the web server logic works with the router. Some models such as Netgear, TrendNet and others will return the password when submitted with the proper request.

This is why admin access to a SOHO router should only be accessible from the LAN side and not the WAN side.   Making admin changes should happen rarely.  One of the biggest things a malicious actor can do is point DNS requests to their malicious server allowing them to divert all LAN traffic to wherever they want.  Devices typically get a DNS address when they obtain an IP address from the router via DHCP.

Kicking the SOHO router seems to be a hot topic today.  From:  The Moose is loose: Linux-based worm turns routers into social network bots | Ars Technica

The malware, dubbed “Linux/Moose” by Olivier Bilodeau and Thomas Dupuy of the security firm ESET Canada Research, exploits routers open to connections from the Internet via Telnet by performing brute-force login attempts using default or common administrative credentials. Once connected, the worm installs itself on the targeted device.

Tracking Protection for Firefox at Web 2.0 Security and Privacy 2015

Posted on by

You can read the paper here.

This paper is the last artifact of my work at Mozilla, since I left employment there at the beginning of April. I believe that Mozilla can make progress in privacy, but leadership needs to recognize that current advertising practices that enable “free” content are in direct conflict with security, privacy, stability, and performance concerns — and that Firefox is first and foremost a user-agent, not an industry-agent.

Source: Monica at Mozilla: Tracking Protection for Firefox at Web 2.0 Security and Privacy 2015

Mars Rover’s ChemCam Instrument gets sharper vision

Posted on by

Likewise, the laser analyses were done at nine different focus settings to obtain one good set of data. In the meantime, the team went back to the drawing board. They figured out that if they discarded a lot of the old code on board their distant subject, they could make room for software that could command the instrument to take the nine images on its own and analyze them on-board to find the best focus.

Source: Mars Rover’s ChemCam Instrument gets sharper vision

The program to run the whole instrument is only 40 kilobytes. The first tests on Mars were completed earlier this week.

ExifTool by Phil Harvey

Posted on by

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

Source: ExifTool by Phil Harvey

Expanding Magnets Have Potential to Energize the World

Posted on by

Because these new magnets also have energy efficient characteristics, they can be used to create a new generation of sensors and actuators with vanishingly small heat signatures, said the researchers. These magnets could also find applications in efficient energy harvesting devices; compact micro-actuators for aerospace, automobile, biomedical, space and robotics applications; and ultra-low thermal signature actuators for sonars and defense applications.

Since these new magnets are composed of alloys that are free of rare-earth elements, they could replace existing rare-earth based magnetostriction alloys, which are expensive and feature inferior mechanical properties, said researchers.

Source: Expanding Magnets Have Potential to Energize the World | UMD Right Now :: University of Maryland

Logjam: How Diffie-Hellman Fails in Practice

Posted on by

We have published a technical report, Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, which has specifics on these attacks, details on how we broke the most common 512-bit Diffie-Hellman group, and measurements of who is affected. We have also published several proof of concept demos and a Guide to Deploying Diffie-Hellman for TLS.

Source: Logjam: How Diffie-Hellman Fails in Practice

What should I do?

If you run a server…

If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. We have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.

How microwaves could help you surf the Internet at the speed of light

Posted on by

The drawback with microwave is low bandwidth. To get around that, their solution would rely on the microwave network between cities for web and data traffic for which minimal latency is important. Other things for which latency isn’t as critical, like video consumption (which is currently 78% of web traffic), could continue to use existing infrastructure, so congestion wouldn’t be an issue. Traditional fiber would be used to bring data to users up to 100km away from the microwave endpoints; even at that distance, the latency introduced by fiber would be minimal.

Source: How microwaves could help you surf the Internet at the speed of light | ITworld

IBM Shows First Full Error Detection for Quantum Computers

Posted on by

Quantum computers must overcome the challenge of detecting and correcting quantum errors before they can fulfill their promise of sifting through millions of possible solutions much faster than classical computers.

Source: IBM Shows First Full Error Detection for Quantum Computers – IEEE Spectrum

Detecting quantum errors is anything but straightforward. Classical computers can detect and correct their bit-flip errors by simply copying the same bit many times and taking the correct value from the majority of error-free bits. By comparison, the fragility of quantum states in qubits means that trying to directly copy them can have the counterproductive effect of changing the quantum state.

New Device Could Greatly Improve Speech and Image Recognition

Posted on by

Holography is a technique based on the wave nature of light which allows the use of wave interference between the object beam and the coherent background. It is commonly associated with images being made from light, such as on driver’s licenses or paper currency. However, this is only a narrow field of holography.

Holography has been also recognized as a future data storing technology with unprecedented data storage capacity and ability to write and read a large number of data in a highly parallel manner.

Source: UCR Today: New Device Could Greatly Improve Speech and Image Recognition

Poker pros win against AI, but experts peg match as statistical draw

Posted on by

“Beating humans isn’t really our goal; it’s just a milestone along the way,” Sandholm said. “What we want to do is create an artificial intelligence that can help humans negotiate or make decisions in situations where they can’t know all of the facts.”

Source: Poker pros win against AI, but experts peg match as statistical draw – Techie News

“The advances made in Claudico over Tartanian7 in just eight months were huge,” Les said, a rate of improvement that suggests the AI might need only another year before it clearly plays better than the pros.