WackSec Radio Episode 10

Show Notes

7-21-2017

 

Announcements

WackSec is soon being streamed to youtube, where podcasts will be available to watch when the show is over.

 

CTF was a huge success! TheLoneWolf or Towel kicked everybodys ass.

Stories

 

Key:

  • Important! Relevant and newsworthy
  • Interesting however; not much new
  • Just tech news. Not completely infosec

 

Time 21:00:00 DST

IP Cams Vulnerable To Remote Attack…. DUH!

https://latesthackingnews.com/2017/08/02/popular-ip-cameras-vulnerable-to-remote-attacks/

Amazon Echo Vulnerable

https://latesthackingnews.com/2017/08/02/amazon-echo-vulnerable/

 

Series of Monumental OpSec Mistakes Led to AlphaBay’s Demise

 

https://www.bleepingcomputer.com/news/security/series-of-monumental-opsec-mistakes-led-to-alphabays-demise/

 

This is important talking about.

    1. While Europol + Dutch PD were taking down Hansa, a rival darknet market. They compromised Hansa, and used it as a honeypot to capture AlphaBay FBI Took Down AlphaBay
    2. Investigators began sting operations on small time drug dealers in the beginning. This got them nowhere. Ordering drugs, meeting up, or waiting for delivery, and then arresting. They only caught small timers. They wanted to go after AlphaBay.
    3. AlphaBay’s operators decided to add a forum back in December 2014
    4. Users who registered on AlphaBay’s forum got a greeting message from the site’s admin.
    5. The email header contained “[email protected]”, the Admin’s main personal email.
    6. From there they doxed him completely and utterly. SPOF.
    7. Thai police raided Cazes’ home on July 5th 17
    8. He was using his laptop, which was unencrypted, logged-in under the “Admin” account on AlphaBay and the admin account for AlphaBay’s data center provider.
    9. $35.5 million was the total of funds he had made
    10. No killswitch or camera’s or encryption for the world’s online drug market admin…
    11. He had every reason to be paranoid. Not paranoid enough.

 

  • Committed suicide July 12, Towel around his neck.

 

 

Time 21:20:00 DST

45,000 Facebook Users Leave One-Star Ratings After Hacker’s Unjust Arrest

https://www.bleepingcomputer.com/news/security/45-000-facebook-users-leave-one-star-ratings-after-hackers-unjust-arrest/

  1. Teenager, 18, finds that he can pop open developer console, inspect element, modify the page’s source code to alter a ticket’s price, so literally click, change the price, and then click buy.
  2. There was no client side or server side validation
  3. He then reported it to them.
  4. They called the police, and had him arrested! WTF
  5. Over 45k of people respond by spamming the facebook page with 1 star reviews.
  6. It seems their http://www.bkk.hu/ website has been DDoS’d or shutdown

 

Time 21:30:00 DST

Hacker “BestBuy” Admits to Hijacking Deutsche Telekom Routers With Mirai Malware

https://www.bleepingcomputer.com/news/security/hacker-bestbuy-admits-to-hijacking-deutsche-telekom-routers-with-mirai-malware/

 

  1. Hacker says a Liberian ISP hired his services
  2. They doxed him
  3. Time to rant about how Mirai was a waste. DDoS bro, seriously?

 

Time 21:40:00 DST

Adobe to Kill Flash Media Player in 2020

https://www.bleepingcomputer.com/news/software/adobe-to-kill-flash-media-player-in-2020/

 

Time 21:45:00 DST

Banking Trojan Uses Mouse Movements to Distinguish Users From Virtual Machines

https://www.bleepingcomputer.com/news/security/banking-trojan-uses-mouse-movements-to-distinguish-users-from-virtual-machines/

 

Time 21:55:00 DST

Closing Comments/Shouts

Conferences? Derby? DEF CON?

 

Get some swag for the cons?

swag.0x00sec.org

 

0x00sec Buttons (these are super popular right now) They’re a cheap way to support the community and show off your inclusion in the internet’s coolest security network!

https://shop.spreadshirt.com/0x00sec/circle+white+logo+small+buttons-A593da1e1f6c60d14d8354ef3?productType=127&appearance=1

 

T-Shirts

https://shop.spreadshirt.com/0x00sec/0x00sec+rectangle+white+logo+men-s+premium+t-shirt-A593d9f84f6c60d14d83544c7?productType=812&appearance=2

 

Hoodies

https://shop.spreadshirt.com/0x00sec/0x00sec+rectangle+white+logo+mens+heavyweight+premium+hoodie-A593d9f84f6c60d14d83544c7?productType=989&appearance=2