Search Results for: c

52% of all Breaches are caused by Human Error

Over half… really!

Specifically, they’re usually caused by SE – the human side of security:

Social Engineering (SE) – to influence someone to do something that’s not in their best interest.

Bascially: you can have all the anti-virus software in the world, but one click on one bad link, and your computer or network is compromised.

Michele Fincher is an expert at getting you to click on that link.

Michele is the Chief Influencing Agent at Social Engineer, Inc., a premier consulting and training company which specializes in the art and science of social engineering (SE).

Don’t be fooled by her prettiness, Michele is a world-class social engineer and will breach your organization, probably while you hold the door for her.

We met at the SC Congress Security Conference, talked about Social Engineering and here comes a little series about hacking the human.

Series Topics:

1 – Don’t get Vished – here
2 – Onsite impersonation works amazing – here
3 – The multi-stage attack – here

Blog tag = social engineering

 

 

 

80% of Prox Card Readers are Now Vulnerable

A pair of security researchers introduced BLEKey at the 2015 Black Hat Security Conference.

It’s such a high percentage – 80% – because really, all proximity card readers are made by 1 of 2 companies. Actually, if you use one to get into work, I bet it’s a HID unit.

The BLEKey (Bluetooth low energy key) can be installed in 60 seconds by attaching it to the reader via 3 wires. Then, when paired with a mobile phone, this $10 device can open a proximity card protected door.

1 – Bluetooth

2 – processor

3 – where the 3 wires attach (2 data, 1 power)

4 – battery

Once in place, it can clone cards, remotely open the door, or disable the door entirely for 2 minutes after the attacker is through.

Business Owners:

At the conference, the pair threw 200 BLEKeys into the crowd, and made available both the code, and unit for sale; it’s now out there.

To protect your business, they suggest ensuring tamper detection is turned on, and make sure to monitor the logs for anomalies. Also monitor the camera by the door, to stop an attacker from installing one into your reader.

Pentesters:

Add this to your kit. It could make the physical portion of your pentest smoother, especially since sensitive areas are often protected by prox cards.

Or use it to mess with the company’s logs.

Get the code here – GitHub

Here’s the are the guys behind BLEKey and the best part is… they’re Canadian! They also received the most cheers of all the presentations I attended.

Left is Eric Evenchick, and right is Mark Baseggio.

From Black Hat 2015

Blog tag = Black Hat

 

 

Trying to Define What Makes a Luxury Vehicle

At what point does a regular vehicle become a luxury one?

It’s tough to pin down! In trying to find one defining element, instead I came up with a bunch of what it’s not –

  • it’s not price,
  • nor number of units sold,
  • it’s not the type of gas it uses,
  • it’s not the number of features it’s equipped with,
  • nor the type of materials it’s finished with.

Plus! People’s benchmark of luxury can vary greatly.. what’s really nice to one may not to another, like – they’re happy with jewelry from People’s, I prefer Piaget.

Read it online at Autonet.

Favourite line:

The only argument that seems to hold is in regards to the one thing that can’t be held or touched – perception. Perhaps that’s it, then – luxury is defined by whoever’s advertising dollars are better at convincing us that something is high-end.

***

Back to ‘Keri on Driving’ – Index