Archive | August, 2010

Microsoft Fixes SSL Spoofing Renegotiation Bug

Don't let your data go over to the Dark Side!


Well this flaw was first publicized in November last year, it was successfully used against Twitter in the same month.

IETF completed the SSL vulnerability fix in January this year and now in August – 10 months after the original release of the flaw – Microsoft has stepped up and fixed it.

The fix is labeled as MS10-049 and categorised as a Critical security vulnerability. Interestingly it also notes that it fixes both a publicly exposed vulnerability and a privately reported bug both in the Secure Channel (SChannel) security package in Windows.

Microsoft has updated a broad swath of products to fix a potentially serious spoofing vulnerability in the secure sockets layer (SSL) protocol that secures email, web transactions and other sensitive internet traffic.

The software company on Tuesday released MS10-049 to kill the bug in Windows Server 2008, Windows 7 and 12 other versions of Windows that are still under support. The patch updates a part of the operating system known as SChannel, or Secure Channel, which is responsible for implementing SSL, which is also referred to as TLS, or transport layer security.

The weakness first became public in November, when word leaked out that a vulnerability in the underlying protocol used by hundreds of companies allowed attackers to inject text into encrypted traffic passing between two endpoints. Researchers had been meeting in secret to develop an industry-wide fix before attackers could figure out a way to exploit it.

Microsoft’s update follows the revision in January of RFC 5246, the request-for-comments document that previously mapped out the technical specifications for the protocol. The new controlling blueprint for SSL/TLS communications is RFC 5746. Since then, other packages, including OpenSSL, RedHat Linux and Oracle’s Java, have also been patched.

The vulnerability is pretty widespread as it covers both Windows 7 – their latest OS and 12 other versions of Windows which Microsoft still supports. It’s marked as critical on 5 versions of Windows, which means it allows remote code execution and the rest it’s marked as important as it allows spoofing.

I’m guessing most large corporates running Windows systems will be pushing out this patch ASAP, especially those that rely on SSL for daily business – those in eCommerce would be the likeliest to find this kind of attack a real risk.

“Ten months after public disclosure the majority of the industry has a fix,” said Marsh Ray, a software developer at two-factor authentication service PhoneFactor and one of the researchers who first sounded the alarm. “I think it’s about as good a time as any to declare victory on that project.”

Microsoft rated the severity of the vulnerability as “important,” the second-highest classification on its four-tier scale. The bulletin correctly said the SSL vulnerability could be exploited only in concert with another attack – such as ARP spoofing or DNS cache poisoning – that allowed someone to perform a man-in-the-middle attack.

“It is important to note that this is still potentially a significant issue for certain deployments, and the update should be installed,” Maarten Van Horenbeeck, a program manager in the Microsoft Security Response Center, wrote here. “In particular, the vulnerability may affect other non-HTTP protocols that are less well understood.”

The vulnerability in the older protocol stems from the ability for either party in an SSL transaction to renegotiate the session, usually so one of them can refresh its cryptographic keys or change other parameters. That could allow man-in-the-middle attackers to surreptitiously introduce text at the beginning of an SSL session.

The latest Patch Tuesday from Microsoft has been a bit of a record breaker with 14 security patches for at least 34 separate vulnerabilities.

This closely follows more disclosed bugs in Adobe PDF related products following their latest patches for other critical rated vulnerabilities.

Source: The Register


Posted in: Exploits/Vulnerabilities, Network Hacking, Windows Hacking

Tags: , , , , , , , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,044 views
- AJAX: Is your application secure enough? - 119,981 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


OpenFISMA – FISMA Compliance & Risk Management Application

Cybertroopers storming your ship?


The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

OpenFISMA is built on a modern, standardized platform called Zend Framework, which is an open source, object-oriented web application framework with a flexible architecture.

The OpenFISMA project is unique in several ways.

  • Open source – OpenFISMA is the largest open source project for the U.S. federal government. See the open source section for an explanation of the advantages of open source.
  • Highly customizable – OpenFISMA is highly customizable through our web-based administration interface. The branding can be changed. The workflow can be changed. The roles and privileges can be changed. New reports can be added to the system without writing a single line of code.
  • Easy to deploy – OpenFISMA comes with built-in security controls that allow you to easily C&A your OpenFISMA implementation with ease. OpenFISMA also provides configurable security policies so that your implementation will fall in-line with your agency’s specific security policies as well.

Features

  • Track security weaknesses to closure

    OpenFISMA provides a proven business process for tracking the remediation of security weaknesses. This business process enforces quality controls and segregation of duty, pulling together individuals from different areas of the organization to plan, execute, and review all remediation actions.

  • Role-based access control

    Access control is based on roles; each role has fine-grained access to certain privileges on each information system that is being tracked. The roles are completely customizable.

  • Active Directory/OpenLDAP Authentication

    Authentication in OpenFISMA can be handled by any LDAP-compatible service, such as Microsoft Active Directory (AD) or OpenLDAP, in order to provide single sign-on convenience for your agency’s users.

  • Scan Injection

    If you run automated scans as part of your C&A process or as part of a continuous monitoring program, you can upload your scan results in XML format directly into OpenFISMA. OpenFISMA uses the information in scans to create new findings, assess risk exposure, and even update your asset inventory.

    The scan injection provides some smarts, too. OpenFISMA matches new scan results against past scan results. Based on a simple set of rules, it decides whether to supress duplicate findings or to flag multiple, similar findings for human review. This reduces the overhead of redundant findings and can also help your organization identify systemic weaknesses that could be addressed more efficiently at the enterprise level.

  • E-mail Notifications

    OpenFISMA sends notifications directly to users’ inboxes when action is needed from them. This automated notification system relieves security managers of the burden of manually monitoring the workflow. The notification system also reduces turn-around time by alerting users quickly when their action is needed.

  • Rich Text Editing

    Data about findings is entered using a rich text editor that allows for formatting (bold, italics, underline, and outline formats) as well as spell checking.

  • Plug-in Reports

    Reporting is one of the most critical requirements for any process management tool. OpenFISMA provides the ability to “plug in” a report without writing any code. These reports are created by writing SQL and updating a configuration file. OpenFISMA then creates the interface and data export features on-the-fly. The plug-in architecture drastically reduces the cost and time involved in creating custom reports.

  • NIST SP 800-53 Rev. 2

    OpenFISMA contains many of the NIST SP 800-53 security controls required for a FIPS-199 “high” impact information system. This helps you get your OpenFISMA instance authorized to operate quickly. The built-in controls include system use notification, rules of behavior, electronic privacy policy (p3p), and many, many more.

    OpenFISMA also contains a catalog of all NIST SP 800-53 Rev. 2 controls built-in. Findings in OpenFISMA can be matched against these security controls to provide supplemental information for remediation and planning. The catalog includes descriptions of the controls, scoping, and supplemental guidance.

You can download OpenFISMA here:

OpenFISMA (registration required)

Or read more here.


Posted in: Countermeasures, Legal Issues, Security Software

Tags: , , , , , , , , , , , , , , ,

Posted in: Countermeasures, Legal Issues, Security Software | Add a Comment
Recent in Countermeasures:
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx
- Defence In Depth For Web Applications

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,981 views
- Password Hasher Firefox Extension - 117,687 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,695 views

Get 50% off your second year with our 2-year deal!


Adobe Scrambling To Fix Another Serious PDF Flaw

Cybertroopers storming your ship?


It was only the start of July when we talked about Adobe Patching PDF Vulnerabilities Being Exploited In The Wild and once again they are suffering a serious vulnerability which allows code execution from a malicious PDF document.

This time the vulnerability came out during Black Hat and it seems to be serious as Adobe are rushing out a patch for the issue.

This issue effects Adobe Reader client for Windows, Mac and UNIX based systems. This follows shortly after Microsoft pushed out an emergency patch for the .LNK exploit.

Adobe is rushing to develop a patch for a vulnerability in Acrobat Reader revealed at the Black Hat security conference. The update–expected the week of August 16–will be the third time this year that Adobe has been forced to fix flaws outside of its regularly scheduled quarterly update pattern.

Adobe published a security bulletin announcing the upcoming update for Adobe Reader 9.3.3 for Windows, Mac OS X, and UNIX, and Adobe Acrobat for Windows and Mac, as well as Reader and Acrobat version 8.2.3 for the same platforms to resolve a number of security issues. Adobe noted “that these updates represent an out-of-band release. Adobe is currently scheduled to release the next quarterly security update for Adobe Reader and Acrobat on October 12, 2010.”

Microsoft also released an out-of-band patch for the Windows shortcut vulnerability–only a week ahead of the planned Patch Tuesday updates. The rapid turnaround by Adobe from vulnerability discovery to patch is commendable, but the rise in zero-day exploits forcing both Adobe and Microsoft to frequently provide updates outside of the normal patch release cycle threatens to negate the benefits of having a regularly scheduled patch release system.

The issue being addressed by Adobe is a vulnerability in Adobe Reader which was unveiled at Black Hat by security researcher Charlie Miller. Miller has made a name for himself by repeatedly winning the Pwn2Own contest at the CanSec West security conference.

Charlie Miller has rocked it out before at Pwn2Own (more than once) and it was him who unveiled this vulnerability at Black Hat in recent weeks. Adobe have been criticized in the past for not being pro-active enough in their security efforts and coming out with classics like “Wait until year end for security patches”. This is also mentioned in another Network World article published at the same time here.

At least they are jumping to attention this time and doing something about it. And don’t be fooled, this is a serious exploit that can lead to arbitrary code execution when a vulnerable user views a maliciously crafted PDF file containing this exploit.

A Secunia advisory related to the Adobe flaw explains “The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the “maxCompositePoints” field value in the “maxp” (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font.”

Summed up in plain English that IT admins and users who are not developers can understand, Secunia adds “Successful exploitation may allow execution of arbitrary code.” Bottom line: an attacker could exploit the Adobe Reader flaw to take control of a vulnerable system and install or execute other malicious software.

Interestingly, it is a flaw in the way fonts are rendered in PDF documents that allows the JailbreakMe Web site to circumvent iPhone defenses and alter the core functionality of the smartphone OS. However, according to Miller the flaws are unrelated to one another. Thankfully, Apple is hard at work updating iOS to address that issue.

As mentioned in the last paragraph the web based jailbreak for Apples latest iOS is also using a PDF flaw as the base exploit to run the jailbreak.

It seems like PDF is breaking in all kinds of different ways, perhaps time to look for a format? Or at least use other PDF readers as we’ve suggested before with Foxit! Although it has a share of vulnerabilities too they are far fewer and less serious than those in Adobe software. Another option suggestion is Nuance PDF Reader.

Source: Network World


Posted in: Exploits/Vulnerabilities, General Hacking

Tags: , , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,044 views
- AJAX: Is your application secure enough? - 119,981 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing

Cybertroopers storming your ship?


Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.

There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this is simple and dumb as sending random bytes, or much smarter by knowing good values and combining them in interesting ways.

Mutation on the other hand starts out with a known good “template” which is then modified. However, nothing that is not present in the “template” or “seed” will be produced. For example, if a file format specified 18 types of chunks or optional data segments and the “template”/”seed” only used four (4) of them, a mutational based fuzzer would never generate the other chunks not present only modify the chunks it is presented with.

Peach requires the creation of PeachPit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (Publisher), logging interface, etc.

Peach Pit files are XML files that contain all of the information needed for Peach to perform a fuzzing run. When you fuzz something with Peach you are creating a Peach Pit file.

Peach has been under active development for five years and is in its second major version.

You can read the Peach Quickstart here to get going.

Requirements

  • For Windows install Debugging Tools for Windows (download)
  • For Linux Install Python 2.5 (2.6 is OK)

You can download Peach here:

Windows – x86 Installer, x64 Installer
Linux – Peach-2.3.6-src.zip

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming

Tags: , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,044 views
- AJAX: Is your application secure enough? - 119,981 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


UAE (Dubai) & Saudi Arabia To Ban BlackBerry Services With India To Follow

Cybertroopers storming your ship?


Well there’s been a lot of news these past few days so it was pretty tough to choose what to cover today, anyway I chose this story as it interests me and could be a real problem for RIM the makers of the popular (and fastest growing) BlackBerry smart-phone device.

The latest news is due to the fact that many of the BlackBerry services such as BBM (BlackBerry Messenger) run on a proprietary network BIS (BlackBerry Internet Services) they fall foul of wiretapping laws which require that governments have access to all communications if so required.

We did cover a story a while back about UAE Telco Etisalat Installing Spyware On Users Blackberries, perhaps that was their first step to mitigate against the communications via BlackBerry devices that rendered them untraceable.

The United Arab Emirates outlined plans Sunday to block BlackBerry e-mail, messaging and Web browsing services in a crackdown that could jeopardize efforts to establish the country as an international business hub.

The government cited a potential security threat because encrypted data sent on the devices is moved abroad, where it cannot be monitored for illegal activity. But the decision — quickly followed by a similar move in Saudi Arabia — raises questions about whether the conservative Gulf nations are trying to further control content they deem politically or morally objectionable.

BlackBerry phones have a strong following in the region, not only among foreign professionals in commercial centers such as Dubai and Abu Dhabi, but also among youth who see their relatively secure communication channels as a way to avoid unwanted government attention.

“The authorities have used a variety of arguments, like it can be used by terrorists” to justify the crackdown, said Christopher Davidson, a professor at the University of Durham in Britain, who has written extensively about the region. “Yes that’s true, but it can also be used by civil society campaigners and activists.”

The United States said they are ‘disappointed‘ with this decision, but with them rejecting Huawei’s take-over bids for US companies citing ‘national security threats’ I don’t think they have much to be disappointed about.

I think from a government perspective it’s a fair request, but then for all the countries where privacy advocacy is rife – putting a government approved backdoor in the BlackBerry OS might be a VERY bad idea. Then you have the whole headache of multiple OS versions for different countries with different levels of wiretapping ability.

The UAE’s decision will prevent hundreds of thousands of BlackBerry users from accessing e-mail and the Web on their handsets starting in October. It’s unclear whether the ban will extend to foreign visitors with roaming services, including the roughly 100,000 passengers who pass through the region’s busiest airport in Dubai each day.

The ban risks further damaging the UAE’s reputation as a relatively easy place to do business.

Dubai, one of seven hereditary sheikdoms in the federation, in particular has sought to turn itself into a global finance, trade and tourism hub. But its reputation has been tarnished by a credit crisis that has left the emirate more than $100 billion in debt.

Residents say the BlackBerry crackdown will only do more harm, making foreign businesses think twice before setting up shop in the country.

“They’ll think now they’ve banned the BlackBerry, maybe next time it’ll be the Internet,” said Shakir Mahmood, a Dubai-based debt collector and BlackBerry user originally from Iraq.

This isn’t the first time BlackBerry and Emirati officials have had run-ins over security and the popular handsets, a fixture in professionals’ pockets and purses the world over.

Last year, BlackBerry maker Research in Motion Ltd. criticized a directive by the UAE state-owned mobile operator Etisalat telling the company’s BlackBerry users to install software described as an “upgrade” required for “service enhancements.”

The latest addition to this is India joining the party, again citing regulatory concerns regarding the proprietary BlackBerry services.

They all have to consider how this will effect International business relations as most of the business World is already utilising BIS or BES (BlackBerry Enterprise Services) although perhaps these restrictions will only apply to BIS and not private enterprise connections – although that hasn’t been made clear yet.

Anyway I have a feeling we’ll be seeing more coverage on this and possibly more countries joining the cause like the recent Google Wi-fi scanning fiasco.

Source: Yahoo! News


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,681 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,582 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,592 views

Get 50% off your second year with our 2-year deal!


Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution

Don't let your data go over to the Dark Side!


WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and used a non-Ubuntu-traditional Window Manager, with no DM. To start X11 (Fluxbox) simply type “startx” at the command line as root.

The tools selected are those that the developer feels are used most often in pen-tests. A sample of those included are:

  • BRuWRT-FORSSE v2.0
  • Easy-SSHd
  • Web-Hacking-Portal v2.0
  • Perlwd
  • Netgh0st v3.0
  • YouTube-Thief!
  • Netgh0st v2.2
  • DomainScan
  • ADtrace
  • Admin-Tool
  • Tartarus v0.1

A full list of applications is here:

WeakNet Linux Applications List

You can also get the guide here:

Official WeakNet Linux WEAKERTHAN System Administration Guide [PDF]

Hardware Requirements

This distro boots to a command line by default, so they are quite minimal. For Fluxbox, the recommended specs are:

  • 256 MiB of system memory (RAM)
  • 2 GB of disk space
  • Graphics card and monitor capable of 800×600 resolution

You can download Weaknet Linux here:

WEAKERTHAN4.1k.ISO

Or read more here.


Posted in: Database Hacking, Forensics, Hacking Tools, Linux Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Database Hacking, Forensics, Hacking Tools, Linux Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 75,958 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,293 views
- SQLBrute – SQL Injection Brute Force Tool - 40,528 views

Get 50% off your second year with our 2-year deal!


GSM Hacking Coming To The Masses Script Kiddy Style

Cybertroopers storming your ship?


Well it looks like what happened to WEP all those years ago is going to happen to GSM now. The methods have been known, the theory is established but the breaking point is when freely available tools are published that makes it possible for anyone to perform the attacks even without really understanding what is going on.

The recent news about WPA2 being cracked generated a lot of discussion, mostly highly technical – which means that you don’t have to worry too much about WPA2 being insecure as the attack isn’t really viable and relies on the ‘attacker’ already being authenticated with the network. There are easily ways to do the same thing with good old ARP spoofing.

Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world’s most widely deployed mobile technology.

“The whole topic of GSM hacking now enters the script-kiddie stage, similar to Wi-Fi hacking a couple years ago, where people started cracking the neighbor’s Wi-Fi,” said Karsten Nohl, a cryptographer with the Security Research Labs in Berlin who helped spearhead the project. “Just as with Wi-Fi, where they changed the encryption to WPA, hopefully that will happen with GSM, too.”

The suite of applications now includes Kraken, software being released at the Black Hat security conference on Thursday that can deduce the secret key encrypting SMS messages and voice conversations in as little as 30 seconds. It was developed by Frank A. Stevenson, the same Norwegian programmer who almost a decade ago developed software that cracked the CSS encryption scheme protecting DVDs.

It seems that with this suite of tools and the right hardware kit it’ll be a LOT easier to snoop on GSM transmissions. This includes cracking the secret key for SMS messages as well as being able to listen to voice streams.

The rainbow tables required for the crack are rather large at 1.7TB but it allows the attack to be pulled off in a mere 30 seconds. And thankfully they are being offered freely rather than on a paid for basis. They are planning to push out a torrent for the files, which as long as people keep seeding it, will work well.

It has been designed to work seamlessly with 1.7TB worth of rainbow tables that are used to crack A5/1, a decades-old encryption algorithm used to protect cell phone communications using GSM, which is used by about 80 percent of the world’s mobile operators. A small confederation of researchers announced last year they were setting out to create the voluminous index, which exploits known weaknesses in the encryption formula.

Distributing the rainbow tables has proved to be a challenge to the project participants. Stevenson said people in Oslo, where he’s located, are welcome to exchange a blank hard disk for one that contains the data. Eventually, the group expects to make the tables available as a BitTorrent.

The GSM Alliance, which represents almost 800 operators in 219 countries, pooh poohed the universal snooping plan by characterizing the attack as theoretical and saying encryption wasn’t the only protection preventing eavesdropping on real-time communications.

That’s where another tool, called AirProbe, comes in. An updated version of the program, also to be distributed Thursday, works with USRP radios to record digital signals as they pass from an operator’s base station to a GSM handset. Combined with refinements in the open-source GNU radio, it works by pulling down voluminous amounts of data in real time as it travels to the targeted cell phone and storing only those packets that are needed to snoop on a call.

In all honestly I’m not really familiar with GSM protocols, encryption or their weaknesses as it’s not an area I’ve ever ventured into, so if any of you have any input on the above claims I’d be interested to hear it. Has this attack been possible for a while? Is it really a risk, or just another mostly theoretical attack depending on many factors to pull it off?

Either way it’s a pretty interesting story and I’ll be seeing where it goes.

Source: The Register


Posted in: Hardware Hacking, Privacy, Wireless Hacking

Tags: , , , , , , , , , , , , , , , ,

Posted in: Hardware Hacking, Privacy, Wireless Hacking | Add a Comment
Recent in Hardware Hacking:
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- The Jeep HACK – What You Need To Know
- Rowhammer – DDR3 Exploit – What You Need To Know

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 78,653 views
- Military Communications Hacking – Script Kiddy Style - 49,758 views
- Hackers Crack London Tube Oyster Card - 44,567 views

Get 50% off your second year with our 2-year deal!