Bits and pieces from the world of cyber.
Just had a new Internet router installed for a fibre connection. Of course I take a look at the security issues, activate remote administration is off by default, which seems a good thing.
Is anything open? I do a remote scan and am happy to find tha no ports seem to be open and it does not even repopond to ping. Good, so many devices are open to the internet and are continuously attacked by people trying to get in (see previous blog).
Hilarious news about T-mobile reported in DerStandard. A customer asked T-mobile support if they stored customers' passwords in clear text. Answer came back: of course we do as our employees need access to them. Customer then asked the following.
Oh dear. Not surprisingly this has spread, T-mobile in the USA has assured it's customers that it does encrypt
Always fun to play with Metasploit. For those who don''t know it was an open source project but is now run by the company Rapid7. There are supported versions but there is a free version called Framework edition. It doesn''t have a graphical interface, but I am a real man and like using command line anway.
The help page is great.
- Set up metasploit on a Linux box (if you are a real hacker and use Kali linux it is of course included).
- Choose an "exploit" - I used one based on an old java version
- Find a Windows box which has an old java
- Point the browser in the Windows machine at the web site on your metasploit
- The machine is hacked! From the metasploit machine you can run scripts, copy files, take screenshots, even use the microphone and camera.
It works even if the Windows machine is patched (except for the one vulnerability you are working on) is firewalled, and has antivirus. It is a great demo to show people just how vulnerable their PC is.
Someone mentioned that Windows 10 is pretty chatty, so I thought I would take a look. I don't have a Windows 10 machine so I borrowed my son's laptop and put Wireshark on it. I captured traffic for just under 15 minutes with no applications running.
There were 700k packets exchanged with 67 different public IP addresses. A total of 650MB was downloaded. I suppose nothing about Microsoft should surprise you, but I was a bit surprised!