DEAD DROP 14 / 3D PRINTED KEYS, IOS EMOJI BUG, LAVABIT 2.0
--

Welcome to Dead Drop number 14, your look at what's happening in the worlds of computer security, privacy, and internet freedom. All source links are below.

- Youtube link
- Archive.org mirror
- Torrent
- Keybase mirror

3D PRINTING

Youtube user Proto G showed how easy it is to make keys using some free software, and a 3D printer. Something to keep in mind if for whatever reason your keys are included in a photo or video.

https://www.youtube.com/watch?v=51n-421rAL0
http://www.instructables.com/id/How-to-Make-a-Metal-Key-With-a-3D-Printer/

VULNERABILITIES

A new annoying bug has been found in iOS, which crashes iPhones and iPads whenever a message with a certain combination of emojis is received. Until a patch is released, the only thing users can do is to manually block numbers which are sending the texts. More details are on the EverythingApplePro youtube video.

https://thehackernews.com/2017/01/crash-iphone-emoji.html
https://www.youtube.com/watch?v=G0iPhSuiMpk

A pseudonymous Last Pass user has written about how the password manager isn't encrypting everything before it's sent to their servers.

They found that the sites saved in your vault are sent in hex format, meaning last pass, and potentially others could track which sites you have credentials for, and also when you use them.

https://medium.com/@concerned_lastpass_user/psa-lastpass-does-not-encrypt-everything-in-your-vault-8722d69b2032
https://www.youtube.com/watch?v=oVkgqOoiMvg

Tijme Gommers also found some vulnerabilities in the McDonald's website, which allows attackers to use cross-site scripting and some javascript bugs to reveal user passwords.

https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users
https://www.mcdonalds.com

INTERNET OF FAILS

Another day, another IoT fail, this time with the Samsung SmartCam Security Cameras. Hackers have found that a PHP script used for updating the cameras firmware is susceptible to a remote code execution vulnerability which allows attackers to take full control of them, and view private video feeds.

https://thehackernews.com/2017/01/samsung-smartcam-camera.html
https://www.youtube.com/watch?v=ML_Z4l0s24g

VIDEOS

Some new videos this week. First is a short documentary following the story of Ladar Levison, the creator of Lavabit - the encrypted webmail service once used by Edward Snowden.

Just as an aside, Lavabit re-emerged this week with plans for an even more secure email system, so check out the site for more info.

https://lavabit.com/
https://www.youtube.com/watch?v=NM8fAnEqs1Q

Hak5 also released a new 1 hour special from Shmoocon 2017 in Washington DC. Darren and Shannon talk to various attendees about sniffing IR signals, software defined radio, and more.

https://www.youtube.com/watch?v=yMf1DKsJKns

Argentine security conference ekoparty also uploaded a bunch of new videos from various speakers. The talks cover a range of topics, with videos being in either english or spanish.

https://www.youtube.com/playlist?list=PLaIv9WEAzYZM7l9SEY8cKtSLWwV8e50aL

INTERNET HEALTH

And finally, Mozilla released the first Internet Health Report, which goes over various metrics like use of DRM, decentralization, privacy, security and access to the web, to see what the state of things is on the Internet in 2017.

https://internethealthreport.org/v01/

Alright, that's it for this week, as always, thanks for watching, and check back for new videos soon.

VISIT THE NODE SHOP

https://N-O-D-E.net/shop

--
BY NODE