How an 8 year old exploited #Zoom to get a time off from home schooling

source: https://twitter.com/mfpiccolo/status/1360685864100237318

After hours on the phone with Zoom tech support the techs are completely stumped. They say that the account was locked at some point but my sister knows there has been hundreds of login attempts from multiple locations so that makes sense.

...

The more times you do this, the longer the wait period for you to get back into Zoom. She also noticed that the error that is presented to a user when they are locked is “Incorrect password” and not “your account has been locked”. My niece found the #exploit and combined it with her cute 8 year old face, a face that never could tell a lie much less pull off an elaborate scheme to trick no less that 8 adults for 3 weeks straight.

#school #education #technology #internet #support #children #hacker #news #password #login #error

Major Bug Grants Root for All Major Linux Distributions

#linuxhacks #securityhacks #admin #exploit #linux #patch #pkexec #polkit #root #security #update #vulnerability #hackaday
posted by pod_feeder_v2

Major Bug Grants Root for All Major Linux Distributions

One of the major reasons behind choosing Linux as an operating system is that it's much more secure than Windows. There are plenty of reasons for this including appropriate user permissions, installing software from trusted sources and, of course, the fact that most software for Linux including the Linux kernel itself is open source which allows anyone to review the code for vulnerabilities. This doesn't mean that Linux is perfectly secure though, as researchers recently found a major bug found in most major Linux distributions that allows anyone to run code as the root user.

The exploit is a memory corruption vulnerability in Polkit, a framework that handles the privilege level of various system processes. It specifically impacts the program pkexec. With the proof-of-concept exploit (file download warning) in hand, all an attacker needs to do to escalate themselves to root is to compile the program on the computer and run it as the default user. An example is shown by [Jim MacDonald] on Twitter for those not willing to try this on their own machines.

As bad as this sounds, it seems as though all of the major distributions that this impacts have already released updates that patch the issue, including Debian, Ubuntu, Red Hat, Fedora, open SUSE, and Arch. There is also a temporary workaround that removes read/write permission from the pkexec program so it can't run at all. That being said, it might be best to check that your Linux systems are all up-to-date and that no strangers have been typing random commands into the terminal recently.

#linuxhacks #securityhacks #admin #exploit #linux #patch #pkexec #polkit #root #security #update #vulnerability

A deep dive into an #NSO zero-click #iMessage #exploit: Remote Code Execution

source: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

#JBIG2 doesn't have scripting capabilities, but when combined with a #vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary #memory. So why not just use that to build your own #computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as #Javascript, but it's fundamentally computationally equivalent.

#news #attack #hack #hacker #knowledge #iPhone #apple #software

New Windows zero-day with public exploit lets you become an admin https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

Nice
#windows #exploit #microsoft

Ethernet Cable Turned into Antenna to Exploit Air-Gapped Computers

#securityhacks #airgap #cat6 #ethernet #exfiltration #exploit #hackrf #rf #rtlsdr #hackaday
posted by pod_feeder_v2

Who of you is on the red team?

#question #software #security #hacker #team #color #bug #exploit #internet

ANECDOTE
les exploits des services postaux de Chateauneuf du Faou :
connaissant un peu les services des postes en général quand j'envoie un courrier à mes amis en Allemagne je fais avec un suivi ; je vais donc hier au guichet faire l'envoi en suivi ... avec écrit sur le devant de l'enveloppe l'adresse et Allemagne en plus gros et au dos une petite étiquette avec mes coordonnées ..
le guichetier met bien le timbre et l'étiquette suivi coté de l'adresse Allemagne
et bien les super champions de la POSTE ont trouvé le moyen de me mettre le courrier dans ma BAL aujourd'hui !!!
donc il y a eu d'abord une erreur au tri et ensuite par le facteur il faut le faire quand même non !!!
et La Poste se permet d'augmenter les prix sans cesse .. pour un service qui est de pire en pire
je vous joins 2 photos sur lesquelles j'ai flouté par discrétion les précisions des noms et adresses !!
est ce que selon vous on peut avoir un doute sur la destination du courrier ???
#drole #courrier #rire #exploit #anecdote

Razer Mouse Grants Windows Admin Privileges

#news #admin #exploit #mouse #powershell #razer #system #vulnerability #windows #windowsupdate #hackaday
posted by pod_feeder_v2

#Uncovering #Tetris – a Full #Surveillance Kit Running in your #Browser

Source: https://imp0rtp3.wordpress.com/2021/08/12/tetris/

Prevention

1) #Noscript is an excellent add-on which would have prevented a user visiting such waterholed site prevent infection. This method comes with its problems, as it can prevent legitimate sites from loading correctly.
3) Visiting less-known or less-trusted sites in #incognitoMode can mitigate the effect an infection has and the amount of data it can harvest, but would not prevent it.
2} Using #proxy, #VPN or #TOR can also make it harder for the threat actor to target or identify you, but would not prevent an #infection.

#web #www #exploit #news #privacy #crime #warning #danger #china #politics #spy #software

Secure data transfer #guide for #paranoid journalists and hacktivists ...

Prologue (Why we live in the dark #digital age!)

The #Pegasus #scandal showed that no one took #Snowden's revelations seriously. Meanwhile, it is not only the state actor #NSA that monitors everyone but a private company in #Israel the #NSO Group. Of course, always installing the latest updates on the device is of no use if the #intelligence agencies withhold the #security vulnerabilities from us, which does not increase security but endangers it.

The #problem is that today, even with a degree in #computer science, it is almost impossible to keep an overview of the entire security situation, as it has become far too complex. You would need a very simple tool, where the wrong usage is almost impossible. A #laptop or #smartphone is out of the question because even experts can only detect manipulated #firmware in complicated, time-consuming processes.

Solution

In order not to be monitored digitally, one works as analog as possible at the destination. Records are handwritten on paper, which is not left unattended anywhere. For the transmission of the records to the headquarter, they are photographed with a digital camera and stored on an SD card. This SD card is then inserted into a #RaspberryPi where the images are encrypted. The Raspberry Pi connects to the #darknet (VPN, i2p or TOR) via the smartphone's #wifi. From this file drop in the darknet, the headquarters can download the data. Afterwards, you should destroy all records and the SD card so that no contaminating data can be found during a police search.

The choice of darknet must be adapted to the destination country. Special bridges are needed to tunnel through the great firewall of China. Instead of using your own smartphone to connect to the #Internet, it's better to use a free WiFi connection if one is available. A micro SD card is easy to hide. It can be smuggled into a neighboring country by a trusted person and the transfer can take place there. This means that no suspicious electronic traces lead back to you.

---

#journalism #freedom #press #humanrights #surveillance #news #internet #activism #instructions #i2p #TOR #vpn #encryption #hacktivism #policestate #protest #economy #politics #exploit #cyberwarfare

Und täglich grüßt das Murmeltier

16 Jahre alte Sicherheitslücke in HP-Druckertreiber gefunden.
https://winfuture.de/news,124190.html
#hp #samsung #drucker #treiber #exploit #security

Cuba ~ End the Embargo

‘If #JoeBiden or frankly any US politician #cared about the #Cuban #people, they’d push for an end to the US’s #crippling #economic sanctions on Cuba.’

‘All people have the right to #protest and to live in a #democratic #society. I call on the Cuban government to #respect opposition rights and refrain from violence. It’s also long past time to end the #unilateral #US #embargo on #Cuba, which has only #hurt, not #helped, the Cuban #people.’ …. #BernieSanders

‘It’s important to remember that before the #Cuban #Revolution, Cuba was a #colonial #piggy-bank for #American #capitalists to #exploit. The revolution stopped the United States from treating Cuba like its little plaything, which the United States has never been able to accept.’

‘The US continually punishes #Haiti & Cuba because these are nations that successfully #revolted against #white #supremacist #empires in generations past.’

‘The #whole #world has spoken against the US embargo against Cuba. In the #UN #GeneralAssembly, 184 countries voted to #condemn the #blockade. Only two, the US and #Israel, voted not to. Cuba loses $9.1 billion a year due to the blockade.’

‘Not only is the US blockading Cuba, they are claiming #veto #power over any other country which wishes to send Cuba #food and #medicine.’

‘The choice is clear. Which side are we on? The US, which continues to #violate #international #law by decades of crippling #sanctions even in the face of a #pandemic, or Cuba, which has created five different vaccines and sent thousands of #doctors to #heal #people around the world?’

‘Nobody is charged a dime in Cuba for their #treatment. But in the US, people are denied treatment unless they have tens of thousands of dollars to pay for medical bills. Again, which side are you on?’

‘In addition, Cuba has: – #Guaranteed #salaries; – #Nationalized #BigPharma; – #Distribution of #food, #electricity, and piped #water.’

‘The US is trying to create a #self-fulfilling #prophecy with Cuba. Cripple it with #decades of sanctions, then try to initiate an #astroturf #regime #change operation. This is typical M.O. for the #PoliceState.

'Never forget the explicitly stated goal of the US government’s murderous, #illegal, 60-year blockade on Cuba: to " #weaken the economic #life of Cuba," and " #decrease #monetary and #real #wages, to bring about #hunger, #desperation and #overthrow of #government."

#EndTheEmbargo #HandsOffCuba #VivaCuba! #VivaLaRevolucion! #VivaElPuebloCubano!

https://twitter.com/BTnewsroom/status/1414955958414061574

This Is The BIGGEST #SCAM of The Century

https://www.youtube.com/watch?v=ixxDNpwwo78

#technology #security #privacy #mobile #smartphone #surveillance #internet #hack #exploit #software #trust #nsa #spy

Proof-of-concept exploits published for the Microsoft-NSA #crypto #bug

• https://github.com/ollypwn/cve-2020-0601
• https://github.com/kudelskisecurity/chainoffools

#CurveBall #CVE-2020-0601 #microsoft #nsa #https #security #code #exploit #patch #windows