Daily Shaarli

All links of one day in a single page.

January 29, 2017

Hotel ransomed by hackers as guests locked in rooms - The Local

One of Europe's top hotels has admitted they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests in or out of their rooms until the money was paid.

Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities In Just 6 Months

Security researchers Roberto Suggi Liverani and Steven Seeley reported the first bug to Trend on July 29 2016 and have continued to find a mix of vulnerabilities, from the mundane to the shocking. In total they've uncovered 223 weaknesses across 11 TrendMicro products. A whopping 194 can be exploited remotely, and all are triggered without user interaction, making them significantly more serious.

Hackers hit D.C. police closed-circuit camera network, city officials disclose - The Washington Post

Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office.

978 - Kaspersky: SSL interception differentiates certificates with a 32bit hash - project-zero - Monorail

In order to inspect encrypted data streams using SSL/TLS, Kasperky installs a WFP driver to intercept all outgoing HTTPS connections. They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on-the-fly. This is why if you examine a certificate when using Kaspersky Antivirus, the issuer appears to be "Kaspersky Anti-Virus Personal Root".

Kaspersky's certificate interception has previously resulted in serious vulnerabilities, but quick review finds many simple problems still exist. for example, the way leaf certificates are cached uses an extremely naive fingerprinting technique.