You are viewing 'hack'

Hacks Targeting Voting Machines

Hack the vote blog series: part 3

Chris Camejo

November 08, 2016 - Posted by Chris Camejo to Security Insight

Voting Machine

We reiterate that there have been no known malicious attacks against voting machines actively being used in an election in the United States. This doesn’t mean that such attacks aren’t possible, but simply that it hasn’t happened yet (or if it has happened nobody has noticed). Still, we should take the attacks against political parties and the voter rolls as a warning that somebody is interested in affecting U.S. elections.

As long as electronic voting machines have been around there have been security researchers finding vulnerabilities in them including one disclosed yesterday, the day before the election. The primary concern is that with the move to electronic voting systems the votes and even the ballots themselves are just bits in a database that can be easily flipped. It has become much more feasible for a malicious actor to have a large impact than in the days of paper ballots. While these technical vulnerabilities are a threat and should be... read more >

Hacks Targeting Voter Rolls

Hack the vote blog series: part 2

Chris Camejo

October 25, 2016 - Posted by Chris Camejo to Security Insight

Voter Rolls Hacking

At first glance, the hacks targeting voter registration databases are a bit confusing: the voter rolls are considered a public record in many states, often obtainable by paying a fee of a few hundred dollars. Websites can and have legally republished this data. Records are also available to political campaigns, even in states where the records are not otherwise publicly available, and these lists can be bought online. It raises the question: why hack into a database that can be had just by politely asking for it?

So far the conversation around the voter database hacks has focused on the confidentiality of these records, as if the exposure of this data presents some sort of increased risk. Illinois, a... read more >

Hack the Vote

Chris Camejo

October 18, 2016 - Posted by Chris Camejo to Security Insight

Blog

The news has been rife with headlines about voting hacks, with the FBI revealing that state voter registration databases have been compromised and warning of ongoing attacks. Meanwhile, one of the major parties has already suffered two known breaches and WikiLeaks continues to post Clinton campaign emails on a regular basis. So far, signs are pointing to operators inside Russia as the culprits for all of the above.

Many of us in the information security... read more >

Hacked Hardware: The Manufacturing Supply Chain

Brandon Louder

September 01, 2016 - Posted by Brandon Louder to Security Insight

Blog

A while ago someone referred me to this post on reddit labeled, “The boss has malware, again….” It is an entertaining story from a help desk employee at a large corporation who discovered that an e-cigarette belonging to one of their executives had malware hardcoded into the charger. When the charger was plugged into a systems USB port, it would phone home to a server to download malware on the unsuspecting users system. Stories such as this are more common than you may think. In the past, many consumer devices have been discovered to contain embedded malware directly from the manufacturer. There have been many historical incidents of infected digital picture frames, MP3 players and other devices having been unwittingly sold and distributed by big box stores and small retailers alike. Most recently, a large quantity of... read more >

Hacking Gift Cards: Part 2

Ways to safeguard against gift card exploitable vulnerabilities

Will Caput

July 07, 2016 - Posted by Will Caput to Security Insight

In my previous blog, Hacking Gift Cards, I outlined how you can get free food by enumerating valid gift cards with Burp Intruder. This blog continues that narrative, but adds in other types of cards and attack vectors. In addition, I’ll illustrate some problems with gift card balance checking, and how gift cards can be easily enumerated without the card holder’s knowledge or permission. In some cases, the security surrounding a gift card is so bad you don’t even need to use Burp Intruder.

Prerequisites:

Burp Suite Professional
https://portswigger.net/burp/

In Hacking Gift Cards Part 1, I discussed six gift cards that had a discernible pattern. Identifying the pattern allowed us to find values on cards that were already sold and had value. In searching for more targets, I... read more >

1 | 2 | 3 | 4 | 5 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS