Search This Blog

Showing posts with label Ethical Hacking. Show all posts

Amazon, Sony, Xiaomi, Samsung Devices Hacked at Pwn2Own Hacking Contest at Tokyo


In a hacking contest held at Tokyo, a duo of white-hat hackers known as Fluoroacetate breached pass devices of some of the most popular tech companies namely Amazon, Samsung, Sony, Xiaomi and others. On the first day itself, the team won prize money of $145,000 (around 1.02 crore) and 15 Master of Pwn points which secured them a dominant lead ahead of others in the competition. The contestants receive a bounty for each successful breach and points that add on to the total ranking. However, the overall winner obtains the grand title 'Master of Pwn'.

The leading team, Fluoroacetate which comprises Hacker Amat Cama and Richard Zhu, amassed a lot of success early on as they managed to bypass five devices. Making history, the duo cracked down Sony X800G, first-ever Television exploited in the contesting history of Pwn2Own. Moving onto their next targets, Amazon Echo Show and Samsung Q60 television, the hackers employed an integer overflow in JavaScript to compromise both the devices. While hacking Xiaomi Mi 9, the duo used a JavaScript exploit to extract a picture from the smartphone. Next up on their list was Samsung Galaxy S10, which the remarkable duo slashed down by pushing a file on the phone via a stock overflow. The last contributor for the team's winning streak was Netgear Nighthawk Smart Wi-Fi Router R6700 (LAN interface).

Points and bounty distribution 

Team Fluoroacetate piled up a total bounty of $145,000 and 15 Master of Pwn points at the end of the first day at Pwn2Own, in the following order.

Sony X800G smart TV: $15,000 and 2 Master of Pwn points.
Amazon Echo Show 5: $60,000 and 6 Master of Pwn points.
Samsung Q60 smart TV: $15,000 and 2 Master of Pwn points.
Xiaomi Mi9 smartphone: $20,000 and 2 Master of Pwn points.
Samsung Galaxy S10: $30,000 and 3 Master of Pwn points.

Pwn2Own is the top computer hacking contest that was first conducted in 2007 with the purpose of demonstrating the security flaws present in widely used software and devices. The hackers gather at the contest to demonstrate vulnerabilities for a pre-set list of software and devices, to earn points on successful discoveries the hackers must ensure that all the exploits put forth at the contest are new. After the contest, the event organizers take charge of all the bugs and vulnerabilities discovered throughout the competition and subsequently hand them over to the respective companies.

After the final day of the tournament, Fluoroacetate, accumulating total prize money of $195,000, 18.5 Master of Pwn points along with a shining trophy and other goodies, has emerged victorious and as the rightful owner of the title 'Master of Pwn'. Notably, the team's most striking accomplishment has to be the bypassing of Samsung Galaxy S10 that won the duo a whopping sum of $50,000 and 5 valuable Master of Pwn points.

Cyber Society of India wants to Ban Ethical Hacking course in India- Compares hackers to rapists


I was totally shocked when i heard the words came out from the President of Cyber Society of India(cysi.in) on local channel "Puthiya Thalaimurai'. The local channel covered a story about Ethical Hacking.

He told in the Puthiya Thalaimurai's interview that "Ethical hacking" is like ethical rape.  He asked "how one can claim it is legal by adding 'Ethical' word in front of Hacking".

He also added that "We are not doing rape in order to prevent rapes. Then, why we should do ethical hacking to prevent hacking?". 
  
It is ridiculous to compare ethical hackers with rapists. 

Here is Puthiya Thalaimurai's video covering Ethical Hacking (Tamil):


"I will say ban Internet, no Internet no Hacking we all will be safe. Even Pollution is increasing so shall we stop breathing????? " One hacker commented . " What I understand from my side is you should increase Cyber Forensics Courses so that we get good investigators."

"If you have good Cyber Forensics Investigators the crime rate will go down, and only those people will get enrolled to even Ethical Hacking Course who have good ethics as they know that if thet go wrong they will be arrested."

Yes, i agree with what hacker said.  An Ethical Hacking course with a cyber laws always produce a good ethical hackers.  We can't just simply ban ethical hacking course as India need more Ethical Hackers/PenTesters.  We just need to teach them cyber laws as well.

 "This is one of the most ridiculous discussions I have ever seen. Now guys will come and say don’t teach programming they will write virus" One cyber security expert comment.

"There is a great demand for “ethical” hackers all over the world and they are required to make cyber world secure. As its said in movie Spiderman “with great powers come great responsibilities” and should make kids understand the responsibilities associated with this great art."

Break The Security - Hands on Ethical Hacking and Cyber Security Training for Corporate


Cyber Security & Privacy Foundation is proud to announce the Corporate training in Chennai. The attendees will be trained by four security researchers on various cyber security topics.

The training starts with introduction to information security field and various classes of hackers. It will be hands on training, we will demonstrate the usage of various security tools and will help the attendees to use it.

The course covers various tookits including TamperData, Hackbar, Maltego, FOCA , Live HTTP Headers plugin and more.

We also give training on advanced tools for vulnerability assessment and penetration testing which includes Metasploit, Nmap, Nessus, sqlmap, and more.

Attendees are requested to bring their own laptops installed with isolated network like VMware/Virtual box to gain hands on exposure.

Venue:

Computer Society Of India Head Quarters,
Educational Directorate- Taramani,
Chennai
Chennai, Tamil Nadu

Price:

The Corporate Training tickets would cost Rs. 2000/- per person.

Lunch and Tea/Snacks will be provided at the venue.

Registration Link:

http://www.meraevents.com/event/break-the-security-training–ethical-hacking-hands-on-for-corporate

For more details , visit : http://cwhh.cysecurity.org/?page_id=81

The Global CyberLympics Ethical Hacking Challenge

The Global CyberLympics (www.cyberlympics.org) - the world’s first international team ethical hacking championships - will be held from September across six continents.

It is endorsed by the U.N.’s cybersecurity executing arm – IMPACT - and the EC-Council is sponsoring over $400,000 worth of prizes.

Regional championships will be held in various locations across different continents, and co-hosted with reputable IT/information security conferences and tradeshows, as follows:

  • North America (Eastern) | Hacker Halted USA – Miami, USA
  • North America (Western) | TakeDownCon – Las Vegas, USA
  • South America | H2HC – Sao Paolo, Brazil
  • Europe | Hacktivity – Budapest, Hungary
  • Middle East & India | GITEX – Dubai, UAE
  • Asia Pacific | Hacker Halted APAC – Kuala Lumpur, Malaysia
  • Africa | TakeDownCon – Johannesburg, South Africa

The CyberLympics world finals is tentatively scheduled for the first quarter of 2012, with its venue still being decided.

To compete at the games, simply form a team of between 4-6 players, ensure that all the players attempt and pass the proficiency test to earn a players code. These codes can then be used to register a team to compete against others in the region.

Registration team is waived for a limited time period. To find out how to participate in this groundbreaking event, please visit -> http://www.cyberlympics.org/TheGames/HowtoEnter.aspx

[source]

Apple Mac Book vulnerable to hack using Battery

Ethical Hacker Charlie Miller has find a way to hack the MacBook using the battery.

"Laptop battery contains its own monitoring circuit which reports the status of the battery to the OS. It also ensure that the battery does not overcharge even when the laptop is turned off." Digitizor report reads.


He identified the battery chips are shipped with default password.  It means the hacker who finds the default password and learns to control the firmware is able to control them to do anything he wants.

 "You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." Digitizor quoted as Miller saying.