Cognitive and Scientific Brainology

Security - consulting,assessment,research,solutions,penetration tests.
Face - detect,track,recognize,extract features,learn emotions,character animation.

Category: Security

Harvesting and Collecting Voice Conference Bridges, Passwords, Pins, Access, Codes

06/27/12 | by zveriu | Categories: Software, Hack, Security, Conference

Harvesting and Collecting Voice Conference Bridges, Passwords, Pins, Access, Codes

Sadly, BlackHat 2012 US and DefCon20 refused this short/fast/lightning talk.

Here are the slides for “Harvesting and Collecting Voice Conference Bridges, Passwords, Pins, Access, Codes”.

Here is the CFP submission:

Code:

----------------------------------
Detailed Outline
----------------------------------
 
In this talk, I will try to present:
- what are voice bridges (though, I bet everyone used voice conferencing at least once in their lifetime)
- various pieces and techniques of the voice bridges harvesting and processing puzzle
- what are the possible tools and how to make use of various tools at hand
- various ideas on how to (partially) automate all of this for a fast, semi-automated and distributed intelligence gathering
 
I will try to summarize with a few hints which can perhaps make life more secure
 
----------------------------------
Abstract
----------------------------------
 
Voice conferencing is a core platform making enterprises more efficient and driving them forward.
Voice conferencing is usually outsource to 3rd party providers and can be implemented/managed in-house.
 
No matter how it's being implemented, the security of the data exchanged over the conference lines represents a concern for the enterprises. This is why security PINs are being used.
 
However, the importance of these security details (like conference ID and conference PIN) is not very well understood and this is one can find these kind of details floating around - on the web, in details of shared/open calendars of Exchange/AD, etc.

Enjoy!

Securely yours,
Andrei

Leave a comment •

Security Bulletins - Xerox XRX12-003

03/08/12 | by zveriu | Categories: Software, Security, ACSA

Security Bulletins - Xerox XRX12-003

Xerox started to roll out fixes for some of my security advisories (ACSA).

So, here we go:
XRX12-003 v1.1

Leave a comment •

[ACSA-2012-04] HP JetDirect Download Manager for Windows suspicious "backdoor" functionality

01/14/12 | by zveriu | Categories: Software, Hack, Security, ACSA

[ACSA-2012-04] HP JetDirect Download Manager for Windows suspicious “backdoor” functionality

Jumping ahead, Secunia confirmed that from their point of view the “HP JetDirect Download Manager” is not backdoored/infected. Nevertheless, I’m posting the details for the interested ones.

My suspicions lied within this functionality:

Code:

"Model found in backdoor file!"
"FirmwareFileManager::ReadFirmwareBackDoorFile"
"FirmwareFileManager::ReadBackDoorfile"

Leave a comment •

28C3 (Chaos Computer Club Kongress 2011) presentations

01/09/12 | by zveriu | Categories: Security, Conference, CCC

28C3 (Chaos Computer Club Kongress 2011) presentations

Video - Hacking MFPs - PostScript:um, you’ve been hacked

Download slides:

Leave a comment •

...on Google Hall of Fame...

01/09/12 | by zveriu | Categories: Hack, Security

Have open my New Year with myself closing Google Hall of Fame October-December 2011 (I guess it was the last entry of 2011, since I submitted during last days of December)

More details about why I ended up there will follow, hopefully at one of the next conference talks.

Stay tuned. Stay secure.

9 comments •

:: Next Page >>

HIRE! - My Resume

Contact

Upcoming talks

PHDays
Hack In Paris
BlackHat USA