T-Mobile.at does not take security very seriously

by Jonathan Nicholas on April 7th, 2018
in News, Background

Hilarious news about T-mobile reported in DerStandard.  A customer asked T-mobile support if they stored customers' passwords in clear text.  Answer came back: of course we do as our employees need access to them. Customer then asked the following.


Oh dear.  Not surprisingly this has spread, T-mobile in the USA has assured it's customers that it does encrypt their passwords.

Full story »

Hacking with Metasploit

by Jonathan Nicholas on January 27th, 2018
in Background

Always fun to play with Metasploit.  For those who don't know it was an open source project but is now run by the company Rapid7.  There are supported versions but there is a free version called Framework edition.  It doesn't have a graphical interface, but I am a real man and like using command line anway.

 The help page is great.  

In brief:

  • Set up metasploit on a Linux box (if you are a real hacker and use Kali linux it is of course included).  
  • Choose an "exploit" - I used one based on an old java version
  • Find a Windows box which has an old java
  • Point the browser in the Windows machine at the web site on your metasploit
  • The machine is hacked!   From the metasploit machine you can run scripts, copy files, take screenshots, even use the microphone and camera.

It works even if the Windows machine is patched (except for the one vulnerability you are working on) is firewalled, and has antivirus.  It is a great demo to show people just how vulnerable their PC is.

Full story »

Windows 10 is chatty

by Jonathan Nicholas on January 27th, 2018
in Background

Someone mentioned that Windows 10 is pretty chatty, so I thought I would take a look.  I don't have a Windows 10 machine so I borrowed my son's laptop and put Wireshark on it.  I captured traffic for just under 15 minutes with no applications running.

There were 700k packets exchanged with 67 different public IP addresses. A total of 650MB was downloaded.   I suppose nothing about Microsoft should surprise you, but I was a bit surprised!

Full story »

Fred Caplan - Dark Territory: the Secret History of Cyber War

by Jonathan Nicholas on January 22nd, 2018
in Background

I have recently read this.  Here are my thoughts on it.

Full story »

Apple Mac High Sierra

by Jonathan Nicholas on November 29th, 2017
in News, Background, Apple OSX

A flaw which was discovered yesterday (28th November) allows users to log into a device with the new O/S High Sierra.  Here is not a very useful link to the Apple page "For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...."  Brian Krebs has more information.  Seems that the default root password is blank, which is incredible!

Either by luck or good judgement, my MacBook (which is running the new O/S) seems to be OK.  

Full story »

1 2