The future is...hackable

Seeing the recent Telstra video about how amazingly internet-connected the world will be reminded me of a recent blog post by Pure Hacking CTO Ty Miller called "Hacking in the year 2030".

While the Telstra video is all 'minority report-esque', it doesn't seem too far fetched - although I can imagine the fun to be had messing up with a friend's shopping list by hacking their garbage can.

Ty's vision of the future may come off as a little grim, but I can't say I disagree with it. In the last decade we haven't managed to eliminate SQL Injection as a vulnerability, but it could be argued that we've made the impact of SQLi exploitation worse by making so much more information available through the ever-increasing plethora of vulnerable websites. As we rely more and more on the internet and our connected devices multiply exponentially (with the associated exponential growth in the number of connections those devices make with each other; and everything around them) the number of ways to subvert and compromise those systems will similarly grow, as will the impact of malicious actions.

Deleting the 1995 version of Sandra Bullock in "The Net" may have seemed ridiculously far-fetched at the time, but the social networking revolution has more and more people interacting with people they've never met than ever before - going as far as 'dating' and 'mourning the death' of a girlfriend who never existed.

Deleting Sandra in 2013 or 2030 may be easier than ever! (Expect a Hollywood remake!)

As a side note this article is a fun look at how you can blame Minority Report for far more than just being a bad film.

Biggest DDoS ever?


This was sent to me by a friend is an interesting read about a recent massive DDoS (distributed denial-of-service) attack that was aimed at Spamhaus.
The attack was a type of DNS-recursion amplification attack [pdf] that uses bogus queries to DNS servers to massively amplify the amount of bandwidth consumed by the attackers to over 300Gbps at times.
Cloudflare have another great explanation of this type of attack here.

The website at http://openresolverproject.org/ can be used to help you identify if you have DNS servers configured to allow recursion, and provides some configuration suggestions (such as rate limiting)
.

Oh Cisco... You make me sad

http://arstechnica.com/security/2013/03/cisco-switches-to-weaker-hashing-scheme-passwords-cracked-wide-open/

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme