To continue my MITM attacks theme - someone has just release a nice USB key that ransacks your PC - Ars Technica has a good write up.
This kind of thing is very dangerous as it’s really easy to get people to put USB keys into computers! I’m currently writing a longer article on the (many) ways to MITM TLS to help explain how easy it is!
Read more →
I’m often heard worrying about the state of HTTPS and the ease to get users to do things that make it basically not function - but I’ll admit evidence of real world attacks is thin on the ground. There is a systematic reason for the lack of information - if a hacker uses a Man-In-The-Middle (MITM) technique to hack HTTPS there is very little evidence left and all thart will happen is the stolen data will turn up in a list at some point in the future.
Read more →
Why in 2016 are people still shipping software and devices with default passwords? The recent IOT/Botnet that broke large chunks of the internet was entirely avoidable if the devices had been shipped without default passwords.
This is perfectly within the capability of a device manufactuer - even British Telecom (who have many many issues) have been shipping their devices with randomized passwords printed on a sticker on the device for years.
Read more →