Check out my new Surveillance Chair

Just when my house couldn’t get any cuter, it did this weekend.

Surveillance Chair – keeping my street safe & secure

Material was wood found around my property, below is the blueprint.

I made the sign.

Pretty soon all the neighbours were over helping.

And everyone is into it.

Last night I’m typing on my couch, door opens up, neighbour’s head pops in and yells, “Keri! I was just in the chair, everything is safe out there tonight, sleep well” door slams.

 

 

Watch Mr. Robot

Discovered it on Friday, then mainlined the 10-episode series over the weekend.

The premise:

A techno thriller that follows Elliot (Rami Malek, ‘The Pacific’), a young programmer, who works as a cyber-security engineer by day and as a vigilante hacker by night. Elliot finds himself at a crossroad when the mysterious leader of an underground hacker group (Christian Slater, ‘The Adderall Diaries’) recruits him to destroy the firm he is paid to protect. Compelled by his personal beliefs, Elliot struggles to resist the chance to take down the multinational CEOs he believes are running (and ruining) the world. – Showcase.ca

It’s the stuff I’ve been blogging for years – social engineering, phishing, ransomware, my Security section really.  And maybe I don’t seem so weird anymore… how I kept my last name offline for 5 years, the frequency and content I post, not having geolocation turned on…

When have you ever heard me talk about a TV show? Never. It’s that good.

Why? Clever twists, how it incorporates real-life websites, the accuracy of the tech (Kali went by?!) and the cliffhanger ending. Just the premise alone – one of the best depictions of how the world really works, 1% of 1%.

It’s from the USA Network, but we Canadians can watch it on Showcase.

 

 

Have a Job for Life – Go into Auto Security

It’s an emerging industry that’s growing ridiculously quickly, auto companies have endless money, and there’s many verticals being created to choose from.

New Job Possibilities

– fix CAN bus, that thing is a mess

– get good at D-Bus 

– work for the companies that build the infotainment units eg. Harmon Kardon

cellular companies, there’ll be a vertical dedicated to securing connected cars

– learn the QNX Operating System, 75% of cars use it

– figure out how to mass update older cars

– develop a penetration test for cars

***

And with this post, I’ve now summarized a talk, that summarized another talk about that talk HAHA

 

 

Update your Android Phone NOW

There is a massive Android bug called Stagefright.

It’s being called the biggest Android flaw ever, it affected about 950 million devices.

It even has its own logo.

Hundreds of millions of phones are affected.

Above is a list of vulnerable devices.

That’s Adrian Ludwig, lead engineer for Android security at Google, speaking about Stagefright at Black Hat 2015.

The bug was discovered by Joshua Drake from the Zimperium security firm. He tells FORBES magazine,

“All devices should be assumed to be vulnerable. Only Android phones below version 2.2 are not affected.”

The Attack

Uses MMS (texting.) It installs with no user interaction required, scary.

A MMS message is sent > it contains a media file > that the phone opens automatically > which releases and installs the bug > MMS is deleted > no trace of attack

Watch the attack.

What can Stagefright do?

Turn on both the camera and microphone, and secretly record video and listen to conversations.

A level deeper, and it’s view photos; read the device’s email, Facebook and WhatsApp messages; access contacts and data; or use the mobile as a jumping-off point into the victim’s cloud applications.

The Defence

Google shut down some functions, that’s why the messenger app stopped auto-loading and thumbnails reverted to static-only. Nexus devices are being updated automatically over the air.

What you can do:

1 – update your phone

2 – disable “auto-fetching in MMS” to stop the media from auto-downloading. How to here.

3 – never open a photo, video or click a link, from someone you don’t know

4 – download Zimperium’s Stagefright Detector App for Android Devices 

Further reading – Zimperium’s blog post

From Black Hat 2015

Blog tag = Black Hat