Commodore PC Still Controls Heat and A/C At 19 Michigan Public Schools

Commodore PC Still Controls Heat and A/C At 19 Michigan Public Schoolsfrom the if-it-ain’t-broke dept.

jmulvey writes:

Think your SCADA systems are outdated? Environmental monitoring at 19 Grand Rapids Public Schools are still controlled by a Commodore Amiga. Programmed by a High School student in the 1980s, the system has been running 24/7 for decades. A replacement has been budgeted by the school system, estimated cost: Between $1.5 and 2 million. How much is your old Commodore Amiga worth?

Posted by Soulskill a day ago

15 Most Creative Forced Perspective Pictures 15 Most Ridiculous Signs You’ll Ever See 3.3K 39 Connect: Follow on Facebook Follow on Twitter 18 Clever Inventions That You Need In Your Life Advertisement 18 Clever Inventions That You Need In Your Life

How did people live before the Internet, or the car, or the various other things that we’ve grown so accustomed to using every day? Some inventions are so amazing that they make you really wonder how anyone could’ve gotten by without them.

Heated Butter Knife

Heated to the perfect spreading temperature in about thirty seconds by two AA batteries, this knife makes difficult spreading a thing of the past. Only the tip of the knife heats up, and a flashing LED alerts the user that the heating element is active.

Self-Cleaning Hairbrush

The self-cleaning hair brush has a simple design, a rubber pad sits in the “bed” of the brush under the bristles. When it is time to clean it out, just pull the pad up over the bristles, then dump the hair.

Solar Powered Tent

This 36 square foot tent features a 50Wh battery pack to power all of your electronics. The tent, battery pack, and solar panel will set you back about $1,000, so it is for the serious camping fanatic.

Euphori-Lock Ice Cream Lock

A two piece twist lock with a pre-assigned combination is now available for your pint of ice cream. Made by Ben & Jerry’s, this lock fits all pints, and has gotten pretty good reviews. Engraved with the quote, “I’m terribly sorry, but there is no ‘u’ in ‘my pint,'” it keeps the ice cream thieves at bay.

Wine Sippy Cup

The sippy cup of mom’s everywhere, this sippy is a double walled tumbler, with a wine glass inside, all covered by a spill proof lid. It can hold ten ounces of wine, and is 100% BPA free. Vino to go anyone?

Cover Blubber

CoverBlubbers, which are made of StickyRubber, are being sold as a safer alternative to traditional plastic wrap. CoverBlubber form fits to whatever shape it is placed on, and forms an airtight seal. It is available in four stretchy sizes, and colors.

The Lockitron

The new smartphone app enabled, front door locking system. It simply installs over your old lock, and then you use the app on your phone to lock or unlock it from anywhere. Since it is portable you can take it anywhere, and you can still use your old keys with it!

Mommy Hook

A huge clip with a foam grip, it can be used with strollers, carts, etc, to hold all of your bags. Just put your bags on it, then snap to your wheeled device, or simply hold it and save yourself from hurting your hands.

Deglon Meeting Knife Set

At $599 a set, these are knives for the serious culinary enthusiast. Four knives that fit inside of each other, and into their block, all made from ONE piece of stainless steel. The classiest of all cutting utensils.

Pancake Plett Pan

This pan has four, shallow wells to cook pancakes, eggs, etc, in uniform roundness. Made with 20,000 diamond crystals, it creates a non-stick surface that can’t be beat. The pressure-cast aluminum allows heat to distribute evenly, making your meal perfect every time.

Scrap Trap

Fitting under the cabinet, over the drawer or door, the Scrap Trap hooks in for easy scrap clean up in the kitchen. Use the included utensil to push scraps into the 2 quart bowl, detach, and dump. Truly easy kitchen cleanup.

Secret Compartment Water Bottle

A water bottle with a built in secret compartment designed to hold credit cards, cash, key, or whatever you can fit in there. Great for anytime you can’t carry around your wallet. With a large mouth for ice cubes, and dishwasher safe, it’s a convenient water bottle as well.

Glowing Toilet Bowl Strip

Why do you need a strip of glow in the dark tape to put around the rim of the toilet?Well, it’s useful to both genders, as men won’t make a mess on late night restroom trips, and women won’t fall when the seat is left up.

Rechargeable USB Batteries

Rechargeable batteries with USB ports to plug in your electronics. Super compact, they are easy to take anywhere. Easy, portable, charging.

Oven Rack Guard

These are silicon guards that fit to the edges of your oven racks. They are heat resistant, and used to minimize the risk of burns. The textured silicon makes for easy gripping as well.

Brush Flask

A flask hidden within the shape of a brush. It holds six ounces, and unscrews at the bottom of the handle. Nobody will ever guess it isn’t a brush!

Hands Free Book Holder

Expanding and contracting to hold your book or fit in your bag, this holder can go anywhere. Simply insert book and begin reading, you will only need to turn the pages. Great for multitasking!

Pen Scanner

A pen shaped scanner that scans printed text and sends it straight to your computer. Just run it over the text you need scanned and you are done. Note taking suddenly became a lot easier.

//

USBKill turns thumb drives into computer kill switches

original article 

A coder that goes by the online handle “Hephaestos” has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer in which it’s plugged in.


USBkill, as the programmer dubbed it, “waits for a change on your USB ports, then immediately kills your computer.”

The device would be useful “in case the police comes busting in, or steals your laptop from you when you are at a public library (as with Ross [Ulbricht]),” Hephaestos explained. 

Using a cord to attach the USB key to one’s wrist will assure that the USB is removed instantly with a quick tug upon the arrest of the user or the seizure of the computer. 

Of course, if the user doesn’t use full disk encryption in the first place, the device becomes useless.

Hephaestos says that USBkill is still in the early stages, but that it works, and works well.



http://platform.twitter.com/widgets/follow_button.95466a0b743d88fdf27be4b6df8e2945.en.html#_=1430956117971&dnt=false&id=twitter-widget-0&lang=en&screen_name=zeljkazorz&show_count=false&show_screen_name=true&size=l

Beware! Your Smart TV May Be Watching & Listening To Everything You Do & Say!

IMG_2595

YOUR SAMSUNG SMARTTV IS SPYING ON YOU

eWeek – Enterprise IT Technology News, Opnion and Reviews

Be careful, you may be watched!

With the advances in technologies, your own purchases may be used against you. Privacy advocates are up in arms!!

Hacking 4G USB modems and SIM Card via SMS

/home/wpcom/public_html/wp-content/blogs.dir/4bc/29857760/files/2014/12/img_2459.jpg

A group of experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected system.

A team of researchers at Positive Technologies conducted a study on how to compromise USB modems and attack SIM cards via SMS over 4G networks at the PacSec and Chaos Computer Club conferences in Tokyo and Hamburg.

The team consisting of Sergey Gordeychik, Alexander Zaitsev, Kirill Nesterov, Alexey Osipov, Timur Yunusov, Dmitry Sklyarov, Gleb Gritsai, Dmitry Kurbatov, Sergey Puzankov and Pavel Novikov.

The experts discovered that 4G USB modems are affected by vulnerabilities that could be exploited by threat actors to gain full control of the machines to which the devices are connected.

The researchers also demonstrated that exploiting the flaws they were able to access subscriber accounts on carrier portals, simply by sending a binary SMS, they are able to lock SIM cards and sniff and decrypt device traffic.

The researchers analyzed six USB modems running 30 separate firmware and discovered that just 10% of the software tested was resilient to the attacks.

“First, we identified the gear. The documentation and search engines helped us with that. In some cases Google was even more useful: it gave us the password for Telnet access. However, for external communications we need http, not Telnet. Just connect the modem to a computer and manage it as a separate network node with web applications. It gives you the opportunity to launch an attack via a browser (CSRF, XSS, RCE). This way you will force the modem to give out a lot of useful information about itself.” states the blog post published by the researchers.

/home/wpcom/public_html/wp-content/blogs.dir/4bc/29857760/files/2014/12/img_2460.jpg

The team used Google to find publicly available telnet access credentials via Google, but they needed http access in order to sniff communications.

The attack technique was very ingenious, once connected the 4g USB modems to their computers, the researchers were able to run several browser-based attacks, including cross-site request forgery, cross-site scripting and remote code execution attacks. The attacks allowed researchers to retrieve several information like the international mobile subscriber identities, the interface types, firmware versions, the universal integrated circuit cards, international mobile station equipment identities and software versions, device names, WI-Fi statuses and more.

/home/wpcom/public_html/wp-content/blogs.dir/4bc/29857760/files/2014/12/img_2461.png

In a more scaring attack scenario the researchers installed a bootkit on the targeted device, to do this they installed a USB keyboard driver, which causes the computer to identify the modem as an input device. At this point using a pseudo keyboard to issue the command the attacker were able to reboot the system from an external disk or the from the modem itself. Then they served and installed a bootkit that allows them to remotely control the device as showed in the following video PoC.

[an error occurred while processing this directive]

The experts highlighted the dangerous impact of the vulnerabilities in 4g USB modem on the industrial sector, for example, in all those processes that are using machine-to-machine (M2M) communications. SCADA and ATM are just a few samples of systems that use the technology.

M2M applications are very common in several critical infrastructure installations, including industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.

” It is not only the matter of security for trendy smartphones that we use to read news feed in social networks. Multiple critical infrastructures including industrial control systems (SCADA) also implement digital mobile communication based on the GSM standard. Another example from everyday life is having your money stolen from bank accounts. No one would like to become a victim of that. Yet you might have seen small antenna on ATMs. Yes, it is also GSM.” continues the post.

The researchers also run SIM attacks that was slightly less effective, they succeeded to exploit nearly the 20 percent of the 100 SIM cards they used. The success rate depends on the capability to brute-force the data encryption standard (DES) keys protecting the SIMs.

“To brute-force DES keys, we use a set of field-programmable gate arrays (FPGA), which became trendy for Bitcoin mining a couple of years ago and got cheaper after the hype was over,” states the post. “The speed of our 8 modules *ZTEX 1.15y board with the price tag of 2,000 Euro is 245.760 Mcrypt/sec. It is enough to obtain the key within 3 days.”

/home/wpcom/public_html/wp-content/blogs.dir/4bc/29857760/files/2014/12/img_2462.jpg

To run brute-force attack on partially known 3DES key they spent nearly 10 days, once the DES or 3DES is broken, the experts were able to issue commands to toolkit applications (TAR).

“Then we may easily issue commands to well-known TARs and manage them; e.g. Card Manager allows installing a Java application to the SIM.

Another curious TAR is a file system that stores TMSI (Temporary Mobile Subscriber Identity) and Kc (Ciphering Key). We may perform the following actions via a binary SMS:

decrypt subscriber traffic without using brute force attacks on DES,
spoof a subscriber’s identity (receive his/her calls and SMS),
track a subscriber’s whereabouts, cause DOS by entering 3 wrong PIN codes and 10 wrong PUK codes in a row if PIN code is enabled for file system protection.

ORIGINAL ARTICLE

Transforming USB sticks into undetectable malicious devices

Original Article

IMG_2322.JPG

Two researchers Brandon Wilson and Adam Caudill released their attack code to reprogram USB sticks and use them as an undetectable hacking instrument.
Recently, two independent researchers, Brandon Wilson and Adam Caudill, have released the code which can reprogram, benign USB devices turning them in malicious components.

The experts published the code on the Github raising the question related to the real level of security of USB devices, the BadUSB research was approached in detail during the Black Hat conference when security experts demonstrated the risks related to an undetectable menace carried via USB.

Security experts explained that USB devices can be used to compromise personal computers in a potential new type of attacks that could not be detected with all actual security protections.

Karsten Nohl, chief scientist with Berlin’s SR Labs, discovered that bad actors could exploit this new class of attacks loading malicious software low-cost computer chips that control the functions of USB devices.

The researchers from SR Labs, which presented the attack scheme during the Black Hat conference this summer, point a series of flaws in the software used to run a tiny electronic components, these components are usually designed without protections against tampering with their code.

Hackers can uncover such flaws and exploit them creating serious problems to the targeted architecture.

“You cannot tell where the virus came from. It is almost like a magic trick,” said Nohl.

Nohl explained that his team has written malicious code and deployed it into USBcontrol chips used in thumb drives and smartphones, at this point it is sufficient that victims connect the USB device to a computer to trigger the execution of malicious software.

Nohl and Lell’s BadUSB demonstrations during Black Hat illustrated how their code could overwrite USB firmware and turn a USB device into anything. A flash drive plugged into a PC, could for example, emulate a keyboard and issue commands that steal data from the machine, spoof a computer’s network interface and redirect traffic by altering DNS settings, or could load malware from a hidden partition on the drive.

Antivirus software are not able to detect malicious firmware that controls USB devices, the code inserted with this method can be used for many purposes, including spy on communications, data tampering and log keystrokes.

But while Karsten Nohl decided to not disclose the attack code, Brandon Wilson and Adam Caudill made public their source code to solicit the IT industry to adopt necessary measures for securing USB firmware from malicious manipulation.

“The security of these devices is completely compromised.” “The security of these devices is completely compromised,” Wilson said. “You can’t trust anything you plug into your computer any longer, not even something as simple as a flash drive.”
“We’re just taking advantage of the USB protocol,” Wilson said. “This drive is a reprogrammable computer that allows you to do all sorts of things. It allows you to be any device, and up until now, most developers had hard-coded them to behave in specific ways. The firmware on a flash drive makes it behave like a flash drive.”

After Black Hat, Wilson said he bought numerous drives and tested them and were able to take advantage of existing tools used to update firmware to get their code to overwrite the firmware on the Phison device. At Derby Con, they were able to demonstrate their attack with the device pretending to be a keyboard that typed out a predetermined script once it was plugged into the host computer. They also showed another demo where they had a hidden partition on a flash drive that was not detected by the host PC.

“It’s undetectable while it’s happening,” Wilson said. “The PC has no way of determining the difference. The way a PC determines the type of device all happens through the USB and code on the other device. Our ability to control that code means you cannot trust anything a USB device tells you.”

This kind of attack is very insidious, it is necessary that the device manufacturers will improve the level of security for their devices, avoiding for example the unauthorized firmware overwriting using digitally signed code for the USB device firmware.

“The fact that we were so easily able to change the firmware is an easy fix. The manufacturers could implement code-signing, but they don’t do that at all” Wilson said. “That needs to change. And even if they do add code-signing, you still have the other aspect which is that the computer cannot trust what you’re plugging into it. To truly fix the problem, it has to be fixed on the host.” “When you have a firmware image, you want to protect it in some way. You want a checksum, or something that the drive uses to validate that something is coming across correctly,” Wilson added. “There’s nothing like that. There needs to be something. Code signing is one approach to take for now. But to really shut it down long term, the host needs to be aware that when you plug in a device you don’t trust, it has to be given an option not to trust it. Because once you plug it in, it’s done.”

Resuming, threat actors could exploit USB as an attack vector simply by reprogramming USB peripherals, so it is crucial to implement protection from such malicious reprogramming.

IMG_2323.JPG

Once reprogrammed, any USB devices could be used for various malicious purposes, including:

emulates a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
spoofs a network card and change the computer’s DNS setting to redirect traffic.
A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.
Unfortunately, no effective defenses from USB attacks are possible in this moment, antivirus cannot access the firmware running on USB devices and behavioral detection very hard to implement.

Pierluigi Paganini

(Security Affairs – hacking, USB)