Author: Blog

Independent Repair Shops Keep America Running During a Pandemic

Cities and states around the country are ordering shelter in place notices. Non-essential businesses are shutting their doors in order to limit physical contact and flatten the curve of the coronavirus.. Hospitals, doctor’s offices, restaurants, and grocery stores remain open. In many places, so do independent repair stores. As America’s office workers have started working from home en mass, independent repair stores have become more important than ever.

Protecting Active Directory logins for remote working

The boom in working from home has become a bonanza for cyber attackers. Each time an employee connects to the corporate network from their home they create an access point that can often be exploited. With Windows Active Directory (AD) still being the core identity and access platform for businesses around the world, the single best thing you can do to improve security is to protect the remote use of these Active Directory credentials.

Crashing explorer.exe with(out) a click, (Mon, Mar 30th)

In a couple of my recent diaries, we discussed two small unpatched vulnerabilities/weaknesses in Windows. One, which allowed us to brute-force contents of folders without any permissions[1], and another, which enabled us to change names of files and folders without actually renaming them[2]. Today, we’ll add another vulnerability/weakness to the collection – this one will allow us to cause a temporary DoS condition for the Explorer process (i.e. we will crash it) and/or for other processes. It is interesting since all that is required for it to work is that a user opens a link or visits a folder with a specially crafted file.

Was Magellan’s Voyage Riskier Than Sending Humans to Mars?

A Portuguese historian argues that Magellan’s famous trip around the world in 1522 was much harder than sending humans to Mars: Tens of guys died making this crossing; of 250 crew, only 18 returned, Henrique Leitao, a historian at the University of Lisbon, told me… [O]nce NASA or other space agencies or private entities actually launch humans on a six month trajectory to the Red planet, they will likely have mitigated the lion’s share of risks to the crew. In contrast, Magellan’s crew realized that at least a third of them would likely never survive their journey, says Leitao…

Is there a comparison between the Age of Discovery and drivers for the exploration and commercialization of space? One could argue that minerals on asteroids could be seen as the present-day equivalent of the Age of Discovery’s highly-prized Asian spices. And that actually getting these 16th century spices back to Europe was arguably just as arduous and seemingly difficult as any initiative to return exotic materials from a near-Earth asteroid… Risk is inherent in any off-world human voyage. But when it comes to safety, today’s technology and current knowledge of in situ conditions on Mars itself will arguably give future explorers an inherent edge over Magellan’s generation.

Whatever Happened to Ashley Madison? Affairs in the Time of Coronavirus

An anonymous reader quotes VentureBeat: Ashley Madison’s tagline has taken on a new ring amid the COVID-19 pandemic — “Life’s short. Have an affair.” And the “married dating” site, used to conduct clandestine affairs, has found itself in the midst of a boom. Despite the fact that it’s harder than ever to physically meet up with a fellow cheater, Ashley Madison is seeing a surge in users. Some are just looking to chat with someone other than a spouse, some are seeking emotional validation or the fantasy of pursuing a secret sex life…

The company became a household name in July 2015, when hackers stole data on 32 million cheating spouses. The leak of sensitive data led to spouses discovering that their significant others were cheating. Divorces, breakups, and suicides ensued. The hackers also exposed that Ashley Madison used bots posing as attractive young women to lure men into engaging more with the site. The company says it has since beefed up its security and rid itself of the bots. And now it’s more than double the size it was at the time of the hack, with over 65 million members last year. During 2019, the company added 15,500 new members a day. More recently, in the midst of the COVID-19 pandemic, it has been adding 17,000 new members a day.

Credential Dumping: Wireless

Today we will be taking a look at how we can dump Wireless Credentials. We will cover Credential Dumping, Red Teaming, Different ways we can get those pesky wireless credentials.

Command & Control: PoshC2

PoshC2 is an open-source remote administration and post-exploitation framework that is publicly available on GitHub. The server-side components of the tool are primarily written in Python, while the implants are written in PowerShell. Although PoshC2 primarily focuses on Windows implantation, it does contain a basic Python dropper for Linux/macOS.

Cringely Predicts 2020 Will See ‘the Death of IT’

Long-time technology pundit Robert Cringely writes: IT — Information Technology — grew out of something we called MIS — Management Information Systems — but both meant a kid in a white shirt who brought you a new keyboard when yours broke. Well, the kid is now gone, sent home with everyone else, and that kid isn’t coming back… ever. IT is near death, fading by the day. But don’t blame COVID-19 because the death of IT was inevitable. This novel coronavirus just made it happen a little quicker…

Amazon has been replacing all of our keyboards for some time now, along with our mice and our failed cables, and even entire PCs. IT has been changing steadily from kids taking elevators up from the sub-basement to Amazon Prime trucks rolling-up to your mailbox. At the same time, our network providers have been working to limit their truck rolls entirely. Stop by the Comcast storefront to get your cable modem, because nobody is going to come to install it if you aren’t the first person living there to have cable…