Facebook changes photo filename pattern
Have you ever stumbled across a jpeg file named similar to this pattern: 522246_10150860163566961_2143826540_n.jpg? Chances are, the file was downloaded from Facebook. So lets say you have this file...
View ArticleWhatsApp is broken, really broken
WhatsApp, the extremely popular instant messaging service for smartphones that delivers more than ~1billion messages per day has some serious security problems. I will try to give a detailed analysis...
View ArticleLink dump #1
Blizzard hides a tiny watermark in World of Warcraft screenshots, containing users account information, server IP and a timestamp WhatsApp update: message encryption broken WhatsApp update 2: small...
View ArticleMcAfee Social Protection – broken by design
So i stumbled across this video today: First i thought this was some old April fools’ day video, but McAfee is really working on this and they have a public beta test. Their claim: When you upload your...
View ArticleWhatsApp security disaster: the aftermath
Knock-knock WhatsApp, is anybody home? Its been almost 2 weeks now since the password generation algorithm on Android was disclosed. No comment from WhatsApp. Spammers are already buying and selling...
View ArticleLink dump #2
Someone found out the source of the 12 million leaked Apple UDIDs (it was not a FBI laptop) WhatsApp update: Windows Phone password generation algorithm disclosed Coinbase, a startup company that...
View ArticleHacking Subway Systems
Some people wrote an Android app that can reset/reload transit tickets using NFC technology. Some of the victims are the SF Muni Ultralight cards and the NJ Path cards. I was in Paris recently and the...
View ArticleWhatsApp puts legal pressure on WhatsAPI developers?
Looks like WhatsApp contacted the developers of the WhatsAPI - they removed the code in their latest commit: Sources are unavailable while we have a conversation with WhatsApp’s legal team member. I...
View ArticleLink dump #3
Fraudsters trick bank machines, using some delay/sync issues in the system
View ArticleWhatsApp security fails again
heise security is reporting that they obtained a script that can generate the password for an WhatsApp account. They did not release the full algorithm, but it is using the IMEI number to generate it...
View ArticleLink dump #4
Why using a “hosted”, “managed” or “cloud” bitcoin wallet service is a bad idea Rest in peace MSN messenger, we will always remember the good ol’ days in 2004/05 when there was a new MSN messenger...
View ArticleCVE-2013-0422 – from russia with love
Aaaaand another Java 0-day remote exploit. On January 12th, the authors of the popular “Blackhole” and “Nuclear Pack” exploit kits announced that they would add a new, fresh Java 0-day remote exploit...
View ArticleLink dump #5
Millions of routers are using vulnerable UPnP libarys, allowing remote code execution – taking a quick look at this it looks like we have a new security nightmare
View ArticleGerman ISP giving customers crippled router hardware
Germany’s largest cable ISP Kabel Deutschland is sending their customers artificialy crippled router hardware with disabled wireless functionality. When ordering your internet access, Kabel Deutschland...
View ArticleThoughts on the NSA and GCHQ spying
This is my first post in quite a long time, i have been very busy working on different projects, but i will take a few minutes to type up my thoughts on some recent events. By now you probably already...
View ArticleAnalysis of an mbr*wserstats and counter.php infected webserver
A few days ago, i was called to investigate a security breach on a webserver. The company server was apparently serving drive-by-download exploits to visitors. So, i opened their website to see what...
View ArticlebadBIOS high-frequency malware communication test
There is a lot of talk going on about a new, very advanced malware called “badBIOS”, discovered by the well known security consultant Dragos Ruiu. The perhaps most interesting feature of this piece of...
View ArticleIPv6 and VPN on Ubuntu and its derivatives
Just a quick post that may save some people a lot of headache. A few days ago i was on a public unencrypted WiFi, sitting infront of a Ubuntu machine, so i started my VPN but noticed that something was...
View ArticleWhatsApp is broken, really broken
WhatsApp, the extremely popular instant messaging service for smartphones that delivers more than ~1billion messages per day has some serious security problems. I will try to give a detailed analysis...
View ArticleMcAfee Social Protection – broken by design
So i stumbled across this video today: First i thought this was some old April fools’ day video, but McAfee is really working on this and they have a public beta test. Their claim: When you upload your...
View Article
More Pages to Explore .....