Sunday, April 29, 2018

Saturday, April 28, 2018

DDoS For Hire, a CIA Card Game, and More Security News This Week

A major DDoS for hire site gets taken down, the CIA has a card game that you can play soon too, and more security news this week.

from
https://www.wired.com/story/biggest-ddos-for-hire-site-goes-down

Wednesday, April 25, 2018

Turning an Amazon Echo Into a Spy Device Only Took Some Clever Coding

Researchers didn't have to hack Amazon's Alexa voice assistant to use it for eavesdropping. They just took advantage of the system in place.

from
https://www.wired.com/story/amazon-echo-alexa-skill-spying

A One-Minute Attack Let Hackers Spoof Hotel Master Keys

Researchers found—and helped fix—a flaw in Vingcard RFID locks that would let hackers break into any room in hotels around the world.

from
https://www.wired.com/story/one-minute-attack-let-hackers-spoof-hotel-master-keys

Can This System of Unlocking Phones Crack the Crypto War?

Ray Ozzie thinks his Clear method for unlocking encrypted devices can attain the impossible: It satisfies both law enforcement and privacy purists.

from
https://www.wired.com/story/crypto-war-clear-encryption

Friday, April 20, 2018

DNC Lawsuit Against Russia Reveals New Details About 2016 Hack

In suing Russia, the Trump campaign, and others over the hack of its systems in 2016, the Democratic National Committee has also filled in important timeline details.

from
https://www.wired.com/story/dnc-lawsuit-reveals-key-details-2016-hack

Why Police Should Monitor Social Media to Prevent Crime

Opinion: Citizens may object to their social media posts being mined by law enforcement, but the practice can keep the public safe.

from
https://www.wired.com/story/why-police-should-monitor-social-media-to-prevent-crime

The 'Do Not Disturb' App Protects Your Mac From 'Evil Maid' Attacks

Detecting an insidious physical attack on your MacBook may often be as simple as alerting you when its lid opens.

from
https://www.wired.com/story/do-not-disturb-app-macbook-evil-maid-attacks

Thursday, April 19, 2018

How DNA Transfer Nearly Convicted an Innocent Man of Murder

We leave traces of our genetic material everywhere, even on things we’ve never touched. That got Lukis Anderson charged with a brutal crime he didn’t commit.

from
https://www.wired.com/story/dna-transfer-framed-murder

Tuesday, April 17, 2018

Monday, April 16, 2018

The White House Warns on Russian Router Hacking, But Muddles the Message

By scolding Russia for what looks like typical espionage, the US and UK are blurring red lines in cybersecurity.

from
https://www.wired.com/story/white-house-warns-russian-router-hacking-muddles-message

The White House Loses Rob Joyce and Tom Bossert, Its Cybersecurity Brain Trust

White House cybersecurity coordinator Rob Joyce will follow homeland security advisor Tom Bossert out the door, leaving the Trump administration adrift on cybersecurity policy.

from
https://www.wired.com/story/rob-joyce-tom-bossert-white-house-cybersecurity-policy

An Elaborate Hack Shows How Much Damage IoT Bugs Can Do

Rube-Goldbergesque IoT hacks are surprisingly simple to pull off—and can do a ton of damage.

from
https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do

How Russian Facebook Ads Divided and Targeted US Voters Before the 2016 Election

New research shows just how prevalent political advertising was from suspicious groups in 2016—including Russian trolls.

from
https://www.wired.com/story/russian-facebook-ads-targeted-us-voters-before-2016-election

Saturday, April 14, 2018

Wednesday, April 11, 2018

The 'Despacito' YouTube Hack Was Probably Pretty Simple to Pull Off

The removal of YouTube's most popular video this week was likely the result of a low-cost phishing scam rather than sophisticated hacking.

from
https://www.wired.com/story/despacito-hack-vevo-youtube

Tuesday, April 10, 2018

Cambridge Analytica Could Also Access Private Facebook Messages

A Facebook permission allowed an app to read messages between 1,500 Facebook users and their friends until October 2015—data that Cambridge Analytica could have accessed.

from
https://www.wired.com/story/cambridge-analytica-private-facebook-messages

This Radio Hacker Could Hijack Emergency Sirens to Play Any Sound

Balint Seeber found that cities around the US are leaving their emergency siren radio communication systems unencrypted, and vulnerable to spoofing.

from
https://www.wired.com/story/this-radio-hacker-could-hijack-emergency-sirens-to-play-any-sound

Mozilla's Internet Health Report Diagnoses Life Online

The foundation released a broad, sweeping report Tuesday about the state of our lives online.

from
https://www.wired.com/story/mozilla-internet-health-report

Monday, April 9, 2018

Saturday, April 7, 2018

Meraki gets smart

I’m a fan of antennas. They’re pretty awesome components of Wi-Fi networks and I think they’re one of the most under-appreciated and oft-overlooked components, so when someone introduces a new antenna related technology, I tend to sit up and take notice!

 Recently, Meraki released their new external antenna model APs, the MR42E and MR53E. In the past, if you needed antenna flexibility in a Meraki solution, you had to use their outdoor rated AP. This introduction, in addition to rounding out their AP portfolio, snuck a new innovation into the market that Meraki has dubbed ‘Smart Antennas’. With the promise of auto-identifying an antenna to the AP, I couldn’t not know more about it! One of the more notable aspects of using external antennas is the potential risk to exceed regulatory compliance. While not terribly complex, the risks for getting it wrong could see the Feds breathing down your back – and nobody wants that! In addition to self-identification for compliance reasons, the new models of APs include more connectors than one might otherwise expect – 5 connectors for the MR42E, and 6 for the MR53E! This breaks down to 3 Wi-Fi antennas, 1 security/scan antenna, and 1 BLE/IoT antennas for the MR42E, and the same compliment on the MR53E with one more Wi-Fi antenna to support that 4th spatial stream. Without delving into each individual component, I really wanted to get a feel for if this thing did what it promised it would do, so I hooked them all up to their respective ports:

That’s a lot of cables!

Fired up the AP, claimed the hardware in my dashboard account and went poking on the antenna settings! Sure enough, where you would normally define an antenna, the exact model number of the antenna array I had was shown!

The cloud got it right!

Hoping it wasn’t fluke of some sort, I powered off the AP, disconnected them all, and tried again. Sure enough, this time, the dashboard presented me with the expected drop down list of available antennas.

The cloud still wants to help out.

I was impressed, it was magic, it worked automatically and wonderfully – and I had to know how. One screwdriver later (the tool, not the drink), I had done the unthinkable, and performed the ill-advised dissection of the shiny new antenna looking for something out of place:

No stranger to the inside of an antenna, the culprit jumped out at me pretty readily:

What appears to be a Maxim Integrated DS2431 1-wire EEPROM was sitting inline just before an antenna element. I traced it back to the connector and found it belonged to the externally-labeled IoT connector:

So, I dutifully connected just the IoT port to the AP, fired it up and viola! The dashboard indicated that the antenna was identified properly despite the fact that only 1 of the 6 connections was attached. This seems to reinforce that Meraki has indeed found a pretty intuitive way to integrate a digital component onto an analog line (as opposed to Cisco that has actual digital connectors in the DART) for a one-time polling of the antenna ID. This was further reinforced by booting the AP without the IoT port connected (so it did not identify the antenna correctly) and then re-attaching it without powering down the AP. After a day of uptime, the AP never properly re-identified it’s antenna. This means that, if you’re using the Meraki smart antenna solution:

  1. Make sure that the antenna cables are attached to the proper port using the silkscreen indicator on the RP-TNC connectors
  2. Make sure that if you change any antenna ports (especially the IoT port), you should reboot the AP so it can properly identify itself to the AP, and subsequently the cloud

It remains to be seen what kind of ecosystem Meraki intends to develop with 3rd party antenna developers, but rest assured, if you want to use a 3rd party antenna today on these new Meraki APs, you certainly can – you just need to log into the dashboard and make sure you pick the equivalent Meraki antenna that closest matches the gain of your 3rd party antenna.



from
https://sc-wifi.com/2018/04/06/meraki-gets-smart/

Friday, April 6, 2018

Thursday, April 5, 2018

Wednesday, April 4, 2018

Tuesday, April 3, 2018

Monday, April 2, 2018