Thursday, July 27, 2017

The 'Cloak & Dagger' Attack That Bedeviled Android For Months

Not all Android attacks come from firmware mistakes.

from
https://www.wired.com/story/cloak-and-dagger-android-malware

How the Broadpwn Wi-Fi Vulnerability Impacted a Billion iPhones and Android Phones

A Broadcom flaw that undermined scores of Android and iOS devices hints the future of smartphone hacking lies in third-party components.

from
https://www.wired.com/story/broadpwn-wi-fi-vulnerability-ios-android

One Billion Daily WhatsApp Users Prove Privacy Isn't Dead

WhatsApp's rise and Twitter's decline converge to send a message about the way we communicate now.

from
https://www.wired.com/story/whatsapp-billion-daily-users-privacy-twitter

The _Reply All_ Podcast Tackles Phone Scammers–By Meeting Them in Person

Reply All trades memes for scams in its latest endeavor.

from
https://www.wired.com/story/reply-all-phone-scammers

The Trump-Russia Scandal's Many Swirling Unknowns

What we know so far about the Trump-Russia scandal only suggests more questions—questions Special Counsel Robert Mueller is digging into.

from
https://www.wired.com/story/the-known-unknowns-swirling-around-the-trump-russia-scandal

Wednesday, July 26, 2017

Hacker Warns Radioactivity Sensors Can Be Spoofed Or Disabled

A security researcher exposes software flaws that could prevent detection of radioactive leaks or aid in smuggling radioactive material.

from
https://www.wired.com/story/radioactivity-sensor-hacks

Lipizzan Malware Could Take Over Android Devices Until Google Shut It Down

A new, targeted malware called Lipizzan could completely take over an Android device until Android Security shut it down

from
https://www.wired.com/story/lipizzan-android-malware-nation-state

A New Toolkit Hopes to Fix the SS7 Flaws That Plague Cell networks

Carriers have ignored flaws in SS7 that allow hackers easy access to telecoms. A new set of open-source tools hopes to jumpstart a fix.

from
https://www.wired.com/story/ss7-flaw-open-source-toolkit

Rep. Blake Farenthold's Early '90s Internet Message Board Posts Show a Whole New Side

The dueling Congressman had some strong opinions about telecom and nudity.

from
https://www.wired.com/story/blake-farenthold-message-board-posts

Anti-Drone Tools Tested: From Shotguns To Superdrones

From anti-drone shotgun shells to a drone-snagging megadrone, security researchers put the drone defense arsenal to the test.

from
https://www.wired.com/story/watch-anti-drone-weapons-test

Asomándonos a la Revolución Cubana de Internet Hecha por los Propios C

En Cuba, donde los datos gotean vía una red sobrecargada controlada por el gobierno—en su caso—la gente ha puesto en escena la revolución del auto autor.

from
https://www.wired.com/2017/07/internet-revolucion-cuba

Inside Cuba's D.I.Y. Internet Revolution

In Havana, where data trickles in via overloaded, government-controlled networks—if at all—the people have taken matters into their own hands.

from
https://www.wired.com/2017/07/inside-cubas-diy-internet-revolution

Thursday, July 20, 2017

Portable power for APoS

Newer APs often come with some pretty hefty power requirements. Standards such as the 15.4W 802.3af specification are increasingly insufficient on APs that are more power hungry. Enter the 802.3at standard that can support all the way up to 30.0W! While runtime operation of these (over PoE switches) is a topic all of itself, the Wi-Fi professional has always had issues with doing AP on a Stick designs (site surveys, empirical measurements) – especially when your AP power requirements exceed some of the more tried and true solutions. I’ve hashed out several different solutions over the past year, and thought it was time to write them all down.

The staple of AP powering has been for a very long time the Ventev / TerraWave – MIMO Site Survey Battery Pack. On its own, it only supports the older 802.3af specification. This all in one solution is portable, but since it’s based on old lead-acid technologies, it tends to fall on the heavier side of the solutions. Venerable, heavy, doesn’t support newer APs, but everyone has them.

Old, heavy, not a lot of juice.

The Terrawave Site Survey Battery Pack!

Enter the Tycon Systems DC To DC Converter And POE Inserter. This bad boy becomes an integral part of most of the rest of our solutions – and it’s very important to understand that it comes in a variety of input voltages. You must mate it to the power solution you’re using.

Where have you been all my life?

The Tycon POE injector.

Using the Ventev MIMO Site Survey Battery pack, you can see from it’s data sheet that it supports an external 56V output. If you use the included 56V cable, cut the ends off and mate that with the Tycon that has 802.3at power output, you can retrofit existing site survey battery packs to support newer high power APs! Sadly, physics wins out at some point. Since you’re drawing more power, invariably your battery will not last as long. If you have an older unit, you may be having problems holding a charge or any other number of other issues, but if you’re in a bind, it’s a potential solution.

If you think this Tycon solution looks familiar, Scott Stapleton wrote about a similar solution in his blog. Using the injector that he stated (TP-DCDC-1248GD-HP, note the 10 to 15VDC input change), along with commonly available batteries such as the RAV power units, you can extend the run time of your APoS efforts by interchanging either larger capacity batteries or additional units. In my tests, I used two of the RAVPower 2300mAh batteries along with the Jacobs interconnect to complete the solution.

Shhh - don't tell him!

Image shamelessly stolen from Scott Stapleton.

Thanks to Keith Parsons for this next solution, which is a variation on Scott’s using a battery from Hardened Power Systems. The ReVolt G2 is a large capacity battery that uses 12V powerpole connectors that is *very* light (27 ounces) due to the LiFePO4 battery technology. This, mated with correct Tycon solution using the 12V powerpole connectors gives you a far more portable solution (one high capacity battery, one injector) that can last all day long!

High Capacity Battery, lightweight.

While these all address in varying ways different requirements, they’re all considered a touch on the bulky side and carrying around multiple pieces has always been a challenge for a road warrior that doesn’t want to lose or break bits and pieces. Enter the Ventev VenVolt solution that they were showing off at Cisco Live US 2017. While this isn’t shipping yet, they had a prototype to show off that looked awesome! Lightweight, all in one solution, all day battery on modern technology. Stated dimensions for the unit are 9 3/8″ x 4 3/4″ x 3″ according to Mike Parry. I for one can’t wait for a fully integrated solution to finish baking and come to market!




from
https://sc-wifi.com/2017/07/20/portable-power-for-apos/

Alphabay and Hansa Takedowns Ensnare Thousands of Dark Web Users

Cops sent unsuspecting users scrambling from one dark web site's takedown to another site---that they controlled.

from
https://www.wired.com/story/alphabay-hansa-takedown-dark-web-trap

Musings on Multigigabit and APeX

Cisco Live is always a whirlwind of information and the 2017 US event was no exception! Between the Catalyst 9k launch, the focus on Software Defined Access, and Intuitive Networking, it’s easy to miss some of the nuance that was to be uncovered on the show floor. In the Enterprise Networking booth there was a hidden nugget that was focused on developers called APeX (short for Access Point Extensions). One part of this APeX program is the Extender Module Hardware Development Kit – EM-HDK for short (or just HDK for even shorter!) that plugs directly into the often-overlooked module port on the AP3800. The board itself is a neat springboard for developing on – it allows you to attach a Raspberry Pi, Arduino, XBee or other Small Board Computer directly to the AP. Of course, you wouldn’t deploy a production solution like this, but you would take the solution you’re working on, and compress it to a design that’s purpose built for the modular slot that’s part of the AP3800.

Or HDK for short.

The APeX EM-HDK

The thing that struck me though is that while the HDK is neat – and if you have any SBC experience at all, a very interesting platform, the hidden secret of the HDK is that it also sports two Gigabit Ethernet connections supporting PoE out. It is worth noting that if your host AP had a single 1 Gigabit link, and you put two additional 1 Gigabit links on the back side of it, you can safely assume you have an automatic bottleneck. This is the genesis of my epiphany – those that were shortsighted enough to make claims that 802.11ac wave 2 doesn’t justify uplink speeds beyond 1 Gigabit, clearly did not take into account that 2x 802.11ac wave 2 radios moves you a lot closer to that 1 Gigabit bottleneck, and when you want to pass an additional 2x 1 Gigabit Ethernet interfaces on the same link as your 2x 802.11ac wave 2 radios, your use case for Multigigabit becomes pretty clear.

HDK with Raspberry Pi attached to an AP3802i.

Remember folks, your wired infrastructure is expected to last much longer than your typical switches will. As you start seeing very obvious use cases for breaking the 1 Gigabit uplink requirement, make sure you’re considering the cost savings of investing in multi gig technology today – especially if you can get it for a nominal uptick in price.

Multigigabit!

Multigigabit interfaces, left. 10G, right.

Go here for more information on Cisco’s mgig (or NBASE-T) and here for information on the APeX program over at Devnet.




from
https://sc-wifi.com/2017/07/20/musings-on-multigigabit-and-apex/

Saturday, July 8, 2017

Kaspersky Gives the Government Its Code

Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention.

from
https://www.wired.com/story/security-news-kaspersky

Friday, July 7, 2017

The Petya Plague Exposes the Threat of Evil Software Updates

Security firm Kaspersky says the ransomware was the third attack in the last year that hijacked innocent updates to spread malware.

from
https://www.wired.com/story/petya-plague-automatic-software-updates

Hackers Targeted a US Nuclear Plant (But Don't Panic Yet)

Hackers have reportedly targeted US energy utilities, and may be laying the groundwork for blackouts. But they may yet be a long way from that goal.

from
https://www.wired.com/story/hack-brief-us-nuclear-power-breach