На информационном ресурсе применяются рекомендательные технологии (информационные технологии предоставления информации на основе сбора, систематизации и анализа сведений, относящихся к предпочтениям пользователей сети "Интернет", находящихся на территории Российской Федерации)

Feedbox

12 подписчиков

WOPR: Security Loses Some of its Obscurity

Author: Tom Nardi / Source: Hackaday

As we’ve seen time and time again, the word “hacker” takes on a different meaning depending on who you’re talking to. If you ask the type of person who reads this fine digital publication, they’ll probably tell you that a hacker is somebody who likes to learn how things work and who has a penchant for finding creative solutions to problems.

But if you ask the average passerby on the street to describe a hacker, they might imagine somebody wearing a balaclava and pounding away at their laptop in a dimly lit abandoned warehouse. Thanks, Hollywood.

The “Hollywood Hacker” Playset

Naturally, we don’t prescribe to the idea of hackers being digital villains hell-bent on stealing your identity, but we’ll admit that there’s something of rift between what we call hacking versus what happens in the information security realm. If you see mention of Red Teams and Blue Teams on Hackaday, it’s more likely to be in reference to somebody emulating Pokemon on the ESP32 than anything to do with penetration testing. We’re not entirely sure where this fragmentation of the hacking community came from, but it’s definitely pervasive.

In an attempt bridge the gap, the recent WOPR Summit brought together talks and presentations from all sections of the larger hacking world. The goal of the event was to show that the different facets of the community have far more in common than they might realize, and featured a number of talks that truly blurred the lines. The oscilloscope toting crew learned a bit about the covert applications of their gadgets, and the high-level security minded individuals got a good look at how the silicon sausage gets made.

Two of these talks which should particularly resonate with the Hackaday crowd were Charles Sgrillo’s An Introduction to IoT Penetration Testing and Ham Hacks: Breaking into Software Defined Radio by Kelly Albrink. These two presentations dealt with the security implications of many of the technologies we see here at Hackaday on what seems like a daily basis: Bluetooth Low Energy (BLE), Software Defined Radio (SDR), home automation, embedded Linux firmware, etc. Unfortunately, the talks were not recorded for the inaugural WOPR Summit, but both presenters were kind of enough to provide their slides for reference.

Internet of Broken Things

As you might have guessed from the name, An Introduction to IoT Penetration Testing, had a fairly serious slant towards the practical exploitation of various Internet “things”. In this presentation, Charles described the operation of a number of extremely interesting software packages which have never before made an appearance here on Hackaday. That such incredible tools have managed to fly under our radar for so long is frankly evidence enough that we should be making a better effort to collaborate with our more security-minded peers.

For working with Bluetooth Low Energy, Charles suggests btlejack, a project which uses up to three BBC Micro:Bits flashed with a custom firmware to sniff, capture, hijack, and even jam communications. Running the tool with three devices connected to a USB hub allows it to cover more channels and increases the likelihood of it capturing what you’re looking for. If you’re not in a country that was literally handing out Micro:Bits, you can also use btlejack with Adafruit’s Bluefruit LE sniffer or…

Click here to read more

The post WOPR: Security Loses Some of its Obscurity appeared first on FeedBox.

Ссылка на первоисточник

Картина дня

наверх