Cybersecurity

5026 readers
3 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
1
 
 

We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: 2024-08-10 12:00 - 13:45
Where: W303 – Third Floor – LVCC West Hall

BusKill goes to DEF CON 32 (Engage)
BusKill is presenting at DEF CON 32

via @[email protected]

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

What is BusKill? (Explainer Video)
Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

DEF CON Documentary
Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: Sat Aug 10 12PM – 1:45PM
Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

  1. a usb-a extension cord,
  2. a usb hard drive capable of being attached to a carabiner,
  3. a carabiner,
  4. the plastic pieces in this file,
  5. a usb female port,
  6. a usb male,
  7. 4 magnets,
  8. 4 pogo pins,
  9. 4 pogo receptors,
  10. wire,
  11. 8 screws,
  12. and BusKill software.
Image of the Golden BusKill decoupler with the case off
Golden DIY BusKill Print

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

  • ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 | 236),
  • Hacker Kareoke (Friday and Sat 20:00-21:00 | 222),
  • Goth Night (Friday: 21:00 – 02:00 | 322-324),
  • QueerCon Mixer (Saturday: 16:00-18:00 | Chillout 2),
  • EFF Trivia (Saturday: 17:30-21:30 | 307-308), and
  • Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 | 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

Image shows a collection of 3D-printed bottle openers and whistles that say "BusKill"
Come to my presentation @ DEF CON for some free BusKill swag

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

2
3
4
5
6
7
8
 
 

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

9
10
11
 
 

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers have developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability.

12
 
 

Check Point Research (CPR) has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

13
1
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]
 
 

Google Pixel phones, especially with GrapheneOS, are worlds more secure than other technologies.

Every user account is decrypted with a key generated by the secure element, and the pin is just used to unlock that key.

But the secure element is rarely used in other applications.

Here is how to unlock your KeepassDX Storage with it:

  1. Create a password storage with a very secure and long password. Length is especially important, prefer to use tons of nonsense words, over hard to remember symbols
  2. In KeepassDX Settings, under "unlock settings" enable "use system unlock"
  3. Enter the password for the password storage.
  4. Instead of pressing Enter, press on the button in the bottom left to register the password in the Android Keystore.

From now on you can unlock your password storage using all the security that your device offers.

The only weakness is the password, so make it as long as possible.

To copy-paste passwords relatively securely, you can use Florisboard's internal clipboard. Enable "sync from system clipboard", and disable "sync to system clipboard".

If you copy things using the button on Florisboard, it will only be saved in Florisboards internal app storage, not your system clipboard, which is accessible to all input devices (keyboard apps) and foreground apps.

To delete things from the system clipboard (which only holds one entry) you can use apps like this one

I recommend Obtainium to get the latest versions of these apps.

Here is a list of available app configs

14
 
 

Based on past attacks, It wouldn’t be surprising to see active targeting this time too.

15
 
 

Morphisec, who discovered the flaw and published an advisory about it on July 9, has urged Microsoft to reclassify the vulnerability as "Critical" to reflect the higher estimated risk and ensure adequate mitigation efforts.

The security firm agreed with Microsoft that this RCE is more complex than CVE-2024-30103, making immediate exploitation less likely. However, combining it with another vulnerability could simplify attacks.

16
17
18
19
20
21
22
23
24
25
view more: next ›