Downclimb: Summit Route's Weekly Infosec News Recap
2015.01.30 – 2015.02.06: https://SummitRoute.com
"Attribution is a blame game. It’s not about who did it, but who is best to blame. Ambulance chasing lawyers sue whoever has the most money, not who is most responsible. I point this out because while the U.S. "attributes" the Sony hack to North Korea, this doesn't mean North Korea did the attack." Robert Graham
Security vulnerabilities in BMW's ConnectedDrive
This is real car hacking. The author reversed the controller, extracted the cars keys in order to decrypt messages and then built a base station to unlock via SMS.
- Anthem hacked: One of the nation's largest health insurers has been breached, with as many as 80 million customer's social security numbers and other PII compromised.
- Ross Ulbricht Convicted of Running Silk Road: Ross Ulbricht (Dread Pirate Roberts) has been convicted for running the illegal marketplace. The sentence has not been passed, but one of the counts carries a mandatory 20 years in prison minimum.
- Obama seeks $14 billion to boost U.S. cybersecurity defenses
Publications and Conference materials
- Power of Community: Occurred in November, in Seoul, Korea. One of my favorite presentations from this conference is "Windows 10 Control Flow Guard Internals" that was leaked and then removed a while back.
- Shellcheck: Analyzes shell scripts and detects possible problems along with identifying solutions.
- SecurityHeaders.io: If you provide a domain name to this site, it will check that it's HTTP headers identify the correct security settings.
- explainshell.com: Shows what each part of a linux command means, including the different arguments.
- .bashrc PS1 generator: Drag and drop the components you want to see on your command prompt
- Windows 7 and 8 can be upgraded to Windows 10 Tech Preview for free
- Pawn Storm Update: iOS Espionage App Found: TrendMicro reports on some iOS malware. The infection method is unknown though.