Plant Breeders Release First 'Open Source Seeds' →

Defcon 20 - Dan Tentler - Drinking from the caffeine firehose

In which Viss shows the audience some Shodan fuckery.

Shodan is a potentially horrifying website for the layman and technical mind alike. It:

  • pinpoints shoddy industrial controls
  • greatly lowers the technical bar needed to canvas the Internet
  • serves as a reminder to many to know what’s on your network
  • has been called “the Google for hackers”
Popular Search Queries:
Report: NSA Used Heartbleed to Spy on People for Years →

(Source: c4ss)

How we got read access on Google's production servers →

It’s like it’s 1914 and we just invented the car, and now these people are saying, ‘Holy shit, let’s build a space shuttle!’

Anonymous “high-up at a Bitcoin company” on the explosion of cryptocurrency and decentralization tech

See also: Bitcloud

laliberty:

The Complete Interactive Guide To How The NSA Spies On Everything You Do

With all the hoopla about missing airplanes, renewed wars of the cold variety, and rigged markets, it is easy to forget that America is now officially a totalitarian state of the Orwellian kind, where the population has - involuntarily - ceded all of its privacy in exchange for… something. Because it certainly isn’t security. So we are happy to provide a reminder of just this, especially since as BusinessWeek notes, it gets harder to keep track of all the bizarre ways the National Security Agency has cooked up to spy on people and governments. This may help.
Data in Motion
NSA’s spies divide targets into two broad categories: data in motion and data at rest. Information moving to and from mobile phones, computers, data centers, and satellites is often easier to grab, and the agency sucks up vast amounts worldwide. Yet common data such as e-mail is often protected with encryption once it leaves a device, making it harder—but not impossible—to crack.
Data at Rest
Retrieving information from hard drives, overseas data centers, or cell phones is more difficult, but it’s often more valuable because stored data is less likely to be encrypted, and spies can zero in on exactly what they want. NSA lawyers can compel U.S. companies to hand over some of it; agency hackers target the most coveted and fortified secrets inside computers of foreign governments.
Where the Data Goes
Much of the data the NSA compiles from all these efforts will be stored in its million-square-foot data center near Bluffdale, Utah. It can hold an estimated 12 exabytes of data. An exabyte is the equivalent of 1 billion gigabytes.
And some of the specific methods the NSA uses to spy on US citizens and the occasional offshore “terrorist”:
Call Recorder - The agency can intercept and store for up to a month 100 percent of a foreign country’s telephone calls, which can be sorted and played back.
Clone Phones - Foreign targets’ cell phones can be surreptitiously swapped for an identical model with built-in listening and data collection devices.
Fake Shops - Diplomats at the 2009 G-20 summit in London were tricked, with the NSA’s help, into using an Internet cafe that had been rigged to send data to British intelligence.
Travel Trackers - The NSA has several ways to follow the movements of intelligence targets as they get off planes, drive across borders, or move around a city, including an implant that directs a cell phone SIM card to send geolocation data via text message.
Special Delivery - Spies intercept computers that foreign targets buy online, fit them with devices that send data to the NSA, and box them back up for normal delivery.
X-Ray Vision - Radar waves beamed into a room can detect what is being typed on a keyboard or displayed on a computer screen.
Credit Cards - The agency tapped into the network of Visa and major banking systems to collect troves of transaction data.
Satellites - The NSA infiltrated German satellite communications used in remote locations such as drilling platforms—and by the country’s diplomats.
Gamer Spies - Agency employees join World of Warcraft and Second Life communities, hunting for criminal networks and recruiting informants. They’ve also infiltrated Microsoft’s Xbox Live network.
Cell Towers - Base stations mimicking cell towers siphon location data from targets’ phones. Agents can also intercept mobile calls with a shoe-box-size receiver.
Submarines - The agency can collect worldwide Internet traffic with a modified nuclear submarine that taps undersea fiber-optic cables—allowing spies to vacuum data from millions of users.
Secret Selfies - Malware planted in an iPhone can secretly activate its camera and microphone, turning it into a listening device. Malware for Windows mobile phones enables complete remote control of the handset.
Fake Rocks - Transmitters hidden inside rocks and other objects can receive information from NSA taps implanted in nearby computers even if they’re “air gapped” machines or networks that aren’t hooked up to the Internet—among the hardest of all digital targets.
The Stasi is spinning in its grave… with jealousy. The full interactive presentation can be found [here].

laliberty:

The Complete Interactive Guide To How The NSA Spies On Everything You Do

With all the hoopla about missing airplanes, renewed wars of the cold variety, and rigged markets, it is easy to forget that America is now officially a totalitarian state of the Orwellian kind, where the population has - involuntarily - ceded all of its privacy in exchange for… something. Because it certainly isn’t security. So we are happy to provide a reminder of just this, especially since as BusinessWeek notes, it gets harder to keep track of all the bizarre ways the National Security Agency has cooked up to spy on people and governments. This may help.

Data in Motion

NSA’s spies divide targets into two broad categories: data in motion and data at rest. Information moving to and from mobile phones, computers, data centers, and satellites is often easier to grab, and the agency sucks up vast amounts worldwide. Yet common data such as e-mail is often protected with encryption once it leaves a device, making it harder—but not impossible—to crack.

Data at Rest

Retrieving information from hard drives, overseas data centers, or cell phones is more difficult, but it’s often more valuable because stored data is less likely to be encrypted, and spies can zero in on exactly what they want. NSA lawyers can compel U.S. companies to hand over some of it; agency hackers target the most coveted and fortified secrets inside computers of foreign governments.

Where the Data Goes

Much of the data the NSA compiles from all these efforts will be stored in its million-square-foot data center near Bluffdale, Utah. It can hold an estimated 12 exabytes of data. An exabyte is the equivalent of 1 billion gigabytes.

And some of the specific methods the NSA uses to spy on US citizens and the occasional offshore “terrorist”:

  • Call Recorder - The agency can intercept and store for up to a month 100 percent of a foreign country’s telephone calls, which can be sorted and played back.
  • Clone Phones - Foreign targets’ cell phones can be surreptitiously swapped for an identical model with built-in listening and data collection devices.
  • Fake Shops - Diplomats at the 2009 G-20 summit in London were tricked, with the NSA’s help, into using an Internet cafe that had been rigged to send data to British intelligence.
  • Travel Trackers - The NSA has several ways to follow the movements of intelligence targets as they get off planes, drive across borders, or move around a city, including an implant that directs a cell phone SIM card to send geolocation data via text message.
  • Special Delivery - Spies intercept computers that foreign targets buy online, fit them with devices that send data to the NSA, and box them back up for normal delivery.
  • X-Ray Vision - Radar waves beamed into a room can detect what is being typed on a keyboard or displayed on a computer screen.
  • Credit Cards - The agency tapped into the network of Visa and major banking systems to collect troves of transaction data.
  • Satellites - The NSA infiltrated German satellite communications used in remote locations such as drilling platforms—and by the country’s diplomats.
  • Gamer Spies - Agency employees join World of Warcraft and Second Life communities, hunting for criminal networks and recruiting informants. They’ve also infiltrated Microsoft’s Xbox Live network.
  • Cell Towers - Base stations mimicking cell towers siphon location data from targets’ phones. Agents can also intercept mobile calls with a shoe-box-size receiver.
  • Submarines - The agency can collect worldwide Internet traffic with a modified nuclear submarine that taps undersea fiber-optic cables—allowing spies to vacuum data from millions of users.
  • Secret Selfies - Malware planted in an iPhone can secretly activate its camera and microphone, turning it into a listening device. Malware for Windows mobile phones enables complete remote control of the handset.
  • Fake Rocks - Transmitters hidden inside rocks and other objects can receive information from NSA taps implanted in nearby computers even if they’re “air gapped” machines or networks that aren’t hooked up to the Internet—among the hardest of all digital targets.

The Stasi is spinning in its grave… with jealousy. The full interactive presentation can be found [here].

We live in days of limited creativity. Moreover, as contradictory as it may seem, it looks particularly rare for creativity to arise from groups or teams. Communities, rather than individuals, should be more intellectually empowered to create, but lately we have been watching the force of the solo, the age of the ego. That, of course, when we do see anything that catches our attention for originality, which is an ever scarcer pleasure. […]

In this never-ending crowd of interesting, outstanding personas, we want to shine somehow, to prove ourselves different and original. In the end, it turns into a pointless battle, against God-knows-who, for apparent singularity. Instead of reaching for the fellow man, we want to set ourselves apart, and thus, [be] remarkable.

strauss@REMOVEME.phrack.org, "The Fall of Hacker Groups"
How I Hacked Your Router →

I started with basic recon.  I like to use Maltego, along with sites like checkusernames.com, knowem.com, pipl search, and other tools to enumerate online presence.  There’s also the classics like Google+, Facebook and Linkedin.  It helps to have a fake profile on Facebook for this kind of work.  A good bait profile should be tuned to your target.  It will help when extracting additional information via social engineering.

In terms of online presence, password reset questions are good low hanging fruit.  I’ve seen webmail accounts asking for information that you can pull right out of the target’s Facebook profile.  I’m sure most people don’t even make the connection; they may have written their reset questions 5 years ago.  None of this stuff was going to work in this case though.  My target was an infosec nerd, and he was expecting me.

Time to take the fight to him…
Hamilton was the Founding Father of unlimited government, and he was the Founding Father of crony capitalism in America. That’s exactly the system we all suffer under today. It’s the cause of the Great Recession of 2008. It’s the cause of runaway Fed arrogance, printing money wildly to create never-ending boom and bust cycles. It’s the cause of why we have a dictatorial president who thinks he can write any law he wants and send drones to murder American citizens anywhere on the planet with a whim, without interference from Congress or anyone else. That’s the Hamiltonian curse. Of course, Hamilton’s defenders would say if he were alive today he wouldn’t go that far, but that’s really a naive view. Hamilton understood how politics works and he understood how power works. He had to have known himself that if you had an unlimited government, restrained only by the ‘good will’ of politicians—what a ludicrous joke that is!—that it would become tyrannical.
Tom DiLorenzo, author of Hamilton’s Curse, talking to Tom Woods