DOS challenges with ITsecurity.co.uk

We were faced on ITSecurity.co.uk with a problem which was at first out of our control: “somebody” is creating, probably without knowing, a denial of service on this website. The consequence was that it was “consuming” the accesses to the database behind this WordPress site. The ISP hosting the website limits the accesses to 50K a day. More accesses require a high plan, three times more expensive. The “somebody” is an IP from Canada which, considering the fact that it is retrying every second, it is most probably a script out of control. First thing, I contacted the owner of the IP address at…

Read More


Chinese Researchers Remotely Hack Tesla Model S (Update)

Security researchers from China-based tech company Tencent have identified a series of vulnerabilities that can be exploited to remotely hack an unmodified Tesla Model S while it’s parked or on the move. The researchers managed to perform various actions. While the vehicle was parked, the experts demonstrated that they could: control the sunroof, the turn signals, the position of the seats, all the displays, the door locking system. While the car was on the move, the white hat hackers showed that they could activate the windshield wipers, fold the side view mirrors, and open the trunk. They also demonstrated that…


Yahoo was hacked in 2014 and lost the credentials of over 500Mil accounts

Oh boy…. they were hacked two years ago and they say it was a “state sponsored attack”. What the hack is that ?! How do you differentiate a hack done by an employee from a state sponsored attack? Let’s take it step by step: Yahoo has started to write to all affected customers this email: https://s.yimg.com/sf/support/en-us-security-notice-content.pdf Below is the text of the email notice sent by Yahoo to potentially affected users. Please note that the email from Yahoo about this issue does not ask you to click on any links or contain attachments and does not request your personal information. If an…


Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere

I gave a nice interview to MICHAEL O’DWYER for IPSwitch and he wrote the following article: Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere “Ads consume bandwidth, especially those delivered as Flash or code. If you’re on a mobile device, with a small screen, the ads will also cover a good portion of the screen, thus making it difficult or even impossible to see the desired content you want to see,” says Sorin Mustaca, CSSLP, Security+, Project+, an independent IT security consultant. “[Over] the last 3 years, we hear[d] more and more about malvertising — the delivery of malicious software…

2016-08-31 08.18.01

Dropbox was breached in 2012, the data is now online – a quote in SecurityWeek

68 Million Exposed in Old Dropbox Hack By Ionut Arghire on August 31, 2016 In an email response to a SecurityWeek inquiry, IT security expert Sorin Mustaca said that the surprising fact is that the 2012 hack of Dropbox didn’t emerge earlier, along with the other mega-breaches. He also notes that the use of the SHA1 hashing algorithm with salting improves the security of these passwords. “Fortunately, Dropbox was using the SHA 1 hashing algorithm (today this is not considered “strong” anymore) and it was using salting even in 2012 – an operation that many other services don’t do even…


How to easily secure your smartphone

Most people these days have a smartphone. These phones are actually no longer just mobile phones, in reality they are powerful mobile computers with several GB RAM, multicore CPUs and many GB storage. Despite these characteristics which bring them closer to computers than to phones, most of their users don’t consider security and privacy in the way they should do with their personal mobile computers. Actually, users are split in two categories: those who care about security and privacy and those who don’t. The advices below are meant to address both categories and they are sorted according to the difficulty…


Awesome Malware Analysis – Resources

Source and credit: https://github.com/rshipp/awesome-malware-analysis   I save it here for easier reference. Do note that this list grows a lot !   A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php. Awesome Malware Analysis Malware Collection Anonymizers Honeypots Malware Corpora Open Source Threat Intelligence Tools Other Resources Detection and Classification Online Scanners and Sandboxes Domain Analysis Browser Malware Documents and Shellcode File Carving Deobfuscation Debugging and Reverse Engineering Network Memory Forensics Windows Artifacts Storage and Workflow Miscellaneous Resources Books Twitter Other Related Awesome Lists Contributing Thanks Malware Collection Anonymizers Web traffic anonymizers for analysts….


Car hacking again… now at high speed!

Not even a week has passed since I was writing about “Not yet worried about vehicle hacking? You should be!” and we see in the news that at Blackhat that exactly this is happening. At BlackHat USA this week, the security researchers Charlie Miller and Chris Valasek are scheduled to present their latest findings in the world of car hacking. Again ! Miller and Valasek have already made names for themselves last year with the dramatic hacking of Jeep Cherokee, a interfering with its entertainment system, engine and brakes, while it was being driven down a busy highway at 70mph. Fiat Chrysler announced…


Not yet worried about vehicle hacking? You should be!

  As a matter of fact, it is not only vehicles that can be hacked, actually any IoT device can be hacked. AV-Test.org published this paper about vulnerabilities in the fitness wristbands and Apple Watch, which shows how they tested and how secure the devices are. However, a hack of these IoT devices is not as dangerous as hacking a vehicle. I am not saying that they don’t matter, on the contrary. This is why I am mostly interested in vehicles: hacking can be dangerous and it is, with manufacturer’s permission at least, to improve their security.   According to the RSA…

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.