How Secure is Your Drone – An InteliSecure Skunk Works Post

The following blog post comes from InteliSecure’s research team. Skunk Works blog posts are more technical in nature, investigating security issues from an engineering standpoint. They range anywhere from providing information on faulty coding and fixes to testing consumer products. Drones have become ubiquitous over the past few years. Many organizations are now using them to help with things such as search and rescue, geographic mapping, storm tracking and more.…

Insourcing vs. Outsourcing Security Resources

Introduction I was recently having coffee with a person that could best be described as a mentor, consultant and investor in me. During breakfast, he asked me a simple question that has been burning in my brain ever since. He said “You spend a lot of time educating people on how to build effective programs, but have you ever considered explaining to them why they may want you to run…

Addressing the IT Skills Gap Part 1: Understanding the Current State

By Jeremy Wittkop, InteliSecure CTO People, process, and technology. Where do we turn when it is the people side of the equation we most need to address? An increasing number of organizations are asking this question as the shortage of cybersecurity talent continues to become more dire. There are more threats evolving every day and it seems there are legions of cyberattackers ranging from divisions of cyber militaries on the…

Security Tips for 2014

Based on the number of different types of attack over the previous year (2013).  Pentura thought they would release a small list of possible actions and supporting programs/tools that can be used to secure your assets in 2014. Back-up your data. (OSX – Time Machine, Windows – Acronis Backup Software, Linux – many solutions) Don’t use public WiFi AccessPoints without a VPN (e.g. Cloak, OpenVPN to a home server) Configure…

Bluetooth Sniffing – Why bother?

After the previous post Ubertooth – Open Source Bluetooth Sniffing, many have asked the question why? People can remember some of the original Bluetooth holes back between 2004-2008 but vulnerabilities are simply not common these days. Small list of vulnerabilities on Phones: Stealing Address Books from Nokia Phones. Remote Dialing 090* numbers. Blasting audio down headsets/car stereos. Depending on the Bluetooth implementation sometimes security and/or encryption is not applied.  As…

Ubertooth – Open-Source Bluetooth Sniffing

Background A few years ago, some security minded people and academics started looking into BlueTooth (BT) sniffing.  Commercial solutions were expensive, and the community really needed something cheap/affordable. The names: Dominic Spill & Andrea Bittau, I think were the pioneers that discovered that some cheap $30(USD) BT dongles could be re-flashed to a firmware that supported BT sniffing, and they created the Open-Source program csrsniff (http://darkircop.org/bt/bt.tgz), that allowed you to…

Creating Your Own Certificate Authority

Background Being a pentester I often have to tackle the issue of self-signed certificates on the internal network.  All our automated tools (Nessus, Nexpose, OpenVas) flag several SSL issues related to untrusted certificates, weak ciphers, weak hashing algorithms and self-signed certificates.  The usual advice is to disable weak ciphers, and to re-issue and re-sign the certificates.  The big question from customers is “But why should we purchase certificates for servers…

Access Control Part 3: Using the Big Guns!

Introduction Or rather miniature guns, that pack a powerful punch… Our previous posting on Access Control Part 2: Mifare Attacks, we demonstrated a weakness in some Mifare implementations. Our previous attack relied on the use of a single default key, and using the nested attack to eventually recover all keys for the card.  Additionally, we used a rather cheap and affordable ACR-122U reader that costs approximately $40(USD), and the attack process…

Access Control – Part 1: Magstripes Revisited

Background You would think in this day and age that everyone would be using RFID for access control on their buildings / environment. You’ll be surprised that magstripes are still quite commonly in use. But unlike hotels (at least the reputable chains I’ve stayed at, I’ve always held onto the keycard and then analysed the keycard back at the office) which appear to encrypt their data, the access control mechanism…

Oracle LFI Advisory (CVE-2013-1525)

Product Information Product: Oracle Retail Application : Retail Integration Bus Manager Affected Version: 13.0, 13.1, 13.2 CVE: CVE-2013-1525 Patch Information: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Discovered by: Andy Davies Reported by: Andy Davies Background Oracle provides retailers with a complete, open and integrated suite of business applications, server and storage solutions engineered to work together to optimise every aspect of their business. Top retailers worldwide use Oracle Retail solutions to drive performance, deliver critical insights and fuel growth…