DEAD DROP 10 / GOOLIGAN, BITLOCKER VULN, CRYPTO 101, CREDIT CARD HACK, PROJECT X
--

Welcome to Dead Drop number 10, a look at what's happening in the worlds of computer security and internet freedom. All source links mentioned are below.

- Youtube link
- Archive.org mirror
- Torrent
- Keybase mirror

BREACHES

More than 1 million Google accounts have been breached by a new malware campaign dubbed Gooligan. This malware effects Android users, and can gain access to Google Play, Gmail, Google Photos, Google Docs, Google Drive, and more.

http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

RANSOMWARE

Anti-Virus app creators, Avast, have created a handy bunch of tools for those having ransomware troubles. These specially-made apps can decrypt a bunch of different ransomware so you needn't pay the ransoms.

https://www.avast.com/ransomware-decryption-tools

VULNERABILITIES

A security researcher has found a simple way to bypass Windows Bitlocker encryption. All an attacker needs to do is hold down Shift+F10 during one of Windows 10's famous update screens, and they get access to a command line interface with system privileges.

https://thehackernews.com/2016/11/windows-bitlocker-bypass.html

Another bug has been found in iOS 10, which allows attackers to bypass lockscreens. The researchers found that when you specify a new wifi network from the lockscreen, the inputs have no character limit, so you can cause a buffer overflow error, which then shows the homescreen.

www.securityweek.com/bug-allows-activation-lock-bypass-iphone-ipad
https://www.youtube.com/watch?v=yygvBJBFy4s

INTERNET OF FAILS

The Marai botnet is continuing to grow, with 900,000 extra routers from customers of Deutsche Telekom being infected. This is directly related to a critical vulnerability in millions of routers, which takes advantage of a feature ISPs use to manage the devices remotely.

https://www.telekom.com/en/media/media-information/archive/13-answers-to-attack-on-routers-445148
https://thehackernews.com/2016/11/mirai-router-offline.html

And in response to all these Internet of Things happenings, the Raspberry Pi foundation has released some security updates to combat this. The new OS images now have SSH disabled by default, and a new warning will show if you're using the default password and username.

https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel

HACKING

Researchers at Newcastle University have come up with a way to guess usable credit cards numbers. They've found that you can distribute guess attempts for card numbers, expiration dates, and the 3 digit security codes over 100's or thousands of different ecommerce sites.

This works exclusively on the VISA network, since the authentication process is not centralized, which allows attackers to guess enough times until they get valid numbers.

https://techxplore.com/news/2016-12-seconds-hack-credit-card.html

SURVEILLANCE

Citizenfour director Laura Poitras has created a new mini documentary, Project X, about a secret NSA outpost in the middle of Manhattan. Pretty interesting video, narrated by Mr Robot's Rami Malek.

https://vimeo.com/193562415

Designer Scott Urban has created Reflectacles, reflective glasses that are meant to help wearers evade surveillance, and face recognition.

There's currently a kickstarter campaign running for these, though they're not cheap at close to $100. Might be an interesting DIY project.

https://www.kickstarter.com/projects/reflectacles/reflectacles-reflective-eyewear-and-sunglasses
https://vimeo.com/193126026

CRYPTOGRAPHY

And finally, Laurens Van Houtven aka LVH recently released Crypto 101, a free introductory course on cryptography. It covers topics from ciphers, to hash functions, public key encryption, signature algorithms and more.

It's currently available as a 250 page PDF, but Ebook versions will be coming soon.

Alright, that's it for this week, if you've got any feedback, leave it below. Thanks for watching.

https://www.crypto101.io

--
BY NODE