Here Come the Script Kiddies | TechSNAP 354

techsnap-0354-v

AutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon & other places vulnerable to this automated attack. We’ll tell you all about it & what these 400 lines of Python known as AutoSploit really do.

Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof & how to detect and prevent excessive port scan attacks.

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

Audio Adversarial Examples

We have constructed targeted audio adversarial examples on speech-to-text transcription neural networks: given an arbitrary waveform, we can make a small perturbation that when added to the original waveform causes it to transcribe as any phrase we choose.

Keylogger Found in Many WordPress Sites

But, in a twist, this particular attack isn’t just interested in mining Monero. While the website’s front-end is digging for cryptocurrencies, the back-end is secretly hosting a keylogger designed to steal unsuspecting users’ login credentials.

Pre-Reqs to using WordPress
  • Need root privs, or sudo.
  • Install the LAMP stack, or something that equiv.
  • Secure your site with SSL: WordPress serves dynamic content and handles user authentication and authorization. TLS/SSL is the technology that allows you to encrypt the traffic from your site so that your connection is secure
  • Create a MySQL Database

QubesOS is Re-Architecting

This leads us to a conclusion that, at least for some applications, we would like to be able to achieve better isolation than currently available hypervisors and commodity hardware can provide.

Making Network Authentication Simple

We are a non-profit student organization providing Internet access to ~2000 people living on campus. We manage all the active network equipment, and users simply have access to RJ45 wall sockets and shared Wi-Fi access points. Last year, as we were leaving our historic campus and moving into a freshly built one at Paris-Saclay, we set out to build a more modern and robust network infrastructure for our users.


“Autosploit” tool sparks fears

400 lines of Python code + Shodan + Metasploit equals a whole heap of hand-wringing.

AutoSploit, a new tool released by a “cyber security enthusiast” has done more than spark controversy, however, by combining two well-known tools into an automatic hunting and hacking machine—in much the same way people already could with an hour or two of copy-pasting scripts together.

Feedback

Question? Comments? Contact us here!