Jump to content

bbinngo

Members
  • Content Count

    31
  • Joined

  • Last visited

Community Reputation

1 Neutral

2 Followers

About bbinngo

  • Rank
    Rank #2

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Billions of Bluetooth-enabled smartphones, tablets, laptops and IoT devices are at risk due to a new vulnerability discovered by a research team from Purdue University (USA). The issue, dubbed BLESA (Bluetooth Low Energy Spoofing Attack), affects devices using the Bluetooth Low Energy (BLE) protocol. Typically, most BLE security research focuses on the pairing process and ignores other protocol mechanisms. In their research, experts focused on the reconnection mechanism - an operation performed after BLE devices are authenticated during pairing. Reconnection occurs when devices leave and then return to Bluetooth range. In this case, cryptographic keys should be checked during the pairing process, however, in the official BLE specification there is no clear description of the reconnection mechanism, which leads to problems associated with the implementation of this operation by manufacturers. Specifically, the researchers say, reconnect authentication is optional, not required. In addition, it can be circumvented if the user's device does not "force" the IoT device to authenticate the transmitted data. These two problems open up the possibility for a BLESA attack, with which a nearby hacker can bypass reconnection verification and send false data to a BLE device, which will lead to incorrect operation of human operators and automated processes. Scientists analyzed several software stacks used to support BLE connections on various operating systems. As it turned out, BlueZ (IoT devices on Linux), Fluoride (Android) and the iOS BLE stack turned out to be vulnerable to the BLESA attack, the BLE stack on Windows is not affected by the problem. As noted, Apple has already patched this vulnerability (CVE-2020-9770), the BLE implementation in Android is still vulnerable. The BlueZ development team announced that it has deprecated a part of the code that is vulnerable to BLESA and is implementing the correct BLE reconnection procedure. This is the second Bluetooth vulnerability in the last month. In early September, the Bluetooth SIG and the CERT Coordination Center at Carnegie Mellon University issued warnings regarding a new BLURtooth vulnerability that could be used to overwrite Bluetooth authentication keys.
  2. Amid the coronavirus pandemic, more and more company employees are turning to work from home, which leads to increased security risks due to the use of smart home devices. For example, a recent study by Trend Micro found that 39% of employees use personal devices to access corporate data, most often through cloud services and applications. As part of the study, experts interviewed 13,000 telecommuting employees of companies in 27 countries. Personal smartphones, tablets and laptops are often less secure than corporate devices and are open to vulnerable IoT applications and gadgets on the home network. The survey showed that more than a third (36%) of respondents do not have basic password protection on their personal devices. It also turned out that 52% of respondents have IoT devices connected to their home network, while 10% of employees use little-known brands. Many of these devices are not very reliable in terms of security, since they often have unpatched firmware vulnerabilities or weak credentials, which increases the risk of intruders entering the home network, and from there through personal devices into corporate systems. Moreover, according to the survey results, 70% of employees connect corporate laptops to their home network. While such devices are better protected than personal gadgets, there is a risk to corporate data and systems if users are allowed to install unapproved applications to access home IoT devices, the researchers noted.
  3. The personal data of millions of people around the world ended up in the database. It was compiled by the Chinese company Zhenhua. This provoked a scandal. The data collected includes date of birth, addresses, marital status, photographs, a list of relatives, social media accounts, education, professional achievements and a list of crimes. The media notes that most of the information is collected from open sources, but there is also confidential data, such as bank records and job applications. Among the people on whom the Chinese company has collected data are high-level politicians, members of the royal family and army commanders. According to the Australian Financial Review, the database contains data from 35,000 Australians, including Prime Minister Scott Morrison. It is assumed that some of the information Zhenhua Data found on the darknet. A total of 24 million people were found in the leaked database. "The database was intended for influencers and institutions in various industries," Balding said, and specified who the users of the Chinese database are, "from politics to organized crime or technology to academia." The company itself says that its clients are research organizations and business groups.
  4. Prepaid visa and closme cards.do they work in Nigeria?
  5. has anyone or does anyone currently use a virtual private mailbox? the one i read up on collects a LOT of personal data. are there any mailbox services out there that are with the business? hopefully theyre not $75/mo
  6. I need POS skimmer that can collect track1, track2, track3 and PIN. I only need the pos to be a fake transaction and offline. If I need to change the Indonesian and Indian language and currency, please contact me if you have this POS skimmer
  7. YOUR TOP 3 PLATFORMS FOR DIRECT CURRENCY COVERSIONS VIA NON VBV VISA?
×
×
  • Create New...