Wednesday, April 17, 2013

ROOT Team House Fundraiser Marathon




When:  April 18, 2013 Thursday night after State of the Game and runs for 24 hours. [State of the Game starts at 22:00 EST on April 18th]

Stream: http://twitch.tv/rootgaming

ROOT Gaminghttp://root-gaming.com

Update on SWATting of Brian Krebs

http://krebsonsecurity.com/2013/04/swatting-incidents-tied-to-id-theft-sites/

Brian provides more details on his specific case, but most interesting part to me, was the fact that TTY are not supposed to keep records.

I probably should have realized that before, I thought main point was it made it easier for attacker to spoof phone number/location for SWATting.


Thursday, April 11, 2013

Security & Hacking: Remote Airplane Hacking

http://www.itworld.com/security/352014/vulnerabilities-aircraft-systems-allow-remote-airplane-hijacking-researcher-says

The article is based on a presentation by "Hugo Teso, a security consultant at consultancy firm N.runs in Germany, who has also had a commercial pilot license for the past 12 years..."

Teso has discovered a serious issue, and the firm he works with "N.runs has been in contact with the European Aviation Safety Agency (EASA)."

Teso says EASA is aiding the effort to test this on real aircraft, instead of simulators and some real hardware.

The EASA should be applauded for this enlightened approach IMO, many companies or even industries, take a far less productive or even antagonistic approach to White Hat discovery of vulnerabilities.




Friday, April 5, 2013

Nerd News: Twitch being Hacked?

Updatehttp://blog.twitch.tv/2013/04/regarding-todays-assorted-incidents/

Twitch is saying admin account was compromised via social engineering, I suspect that means a Spear Phishing attack http://us.norton.com/spear-phishing-scam-not-sport/article



*****

http://www.gamebreaker.tv/pc-games/breaking-news-twitch-hacked-like-right-now/

Sounds like Day9, Athene, among others can't even log in according to link above.

Snippet from link above:

At this point most of these have been already fixed. Twitch.TV is reacting as fast as they can and are unbanning streamers. - 3:32 p.m. EST

If you know of any other hacks, let us know here or tweet at us @GAMEBREAKER.TV and/or use #gbtips.

Thursday, April 4, 2013

Holiday Show Match 2013: Quantic HwangSin (P) vs compLexity qxc (T)

Nanman and myself are excited to bring you our first Holiday Show Match (HSM) of 2013.

HwangSin (P) vs qxc (T) in a Bo7 Showmatch

This time we are doing the Easter HSM live, previously cast from replays.

For more about compLexity see http://www.complexitygaming.com/ or Quantic see http://www.quanticgaming.com/index.php


TL Threadhttp://www.teamliquid.net/forum/viewmessage.php?topic_id=405808 

When: Sat April 6 09:00 KST/Sat 02:00 CEST/ Sat 01:00 BST/ Sat 00:00 (midnight) UTC || Fri April 05 21:00 BRT/20:00 (8pm) EDT/19:00 (7pm) CDT/17:00 (5pm) PDT

Stream: Nanman will be Live casting each show match at http://www.twitch.tv/therealnanman

Prizes: Winner $50 loser takes home $25

Format: Loser picks next map from Map Pool. Maps may only be used once. This is a Best of 7 series!

Map Pool:
  • Akilon Wastes 
  • Bel'Shir Vestige 
  • Whirlwind 
  • Cloud Kingdom 
  • Daybreak 
  • Newkirk City 
  • Star Station 
  • Neo Planet S 
  • Icarus


For previous events click HSM (Holiday Showmatch)

CNET "Apple's iMessage encryption trips up feds' surveillance"

http://news.cnet.com/8301-13578_3-57577887-38/apples-imessage-encryption-trips-up-feds-surveillance/

They cite a blog post from last August by Matthew Green http://blog.cryptographyengineering.com/2012/08/dear-apple-please-set-imessage-free.html

I follow Green's blog and can recommend it to anyone that is seriously interested in cryptography and/or data privacy.

Blackberry's BBM (Blackberry Messenger) http://en.wikipedia.org/wiki/BlackBerry_Messenger has long been secure as well, though I believe in recent years government pressure has forced some changes in that.

For more on BBM see http://computer.howstuffworks.com/e-mail-messaging/blackberry-messenger.htm

For general info on Blackberry security see http://www.berryreview.com/2010/08/06/faq-what-communication-is-encrypted-on-your-blackberry/

Note there are differences between BES (Enterprise Blackberry) and BIS (Consumer Blackberry), but (AFAIK) in general that doesn't matter for BBM.

According to  http://bgr.com/2013/02/27/blackberry-messenger-security-vulnerability-346634/ it seems that BBM on BIS lacks higher level security options just like email:

"“Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” Public Safety Canada official stated in the memo. “Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.”"

and
"It should be noted that Public Safety Canada has failed to take into account the fact that organizations have the ability to change the encryption key to a unique one, ensuring that only BlackBerry devices using the same BES network can communicate with each other. There are also several ways to encode BBM messages such as S/MIME, which adds another layer of security."