Lost+Found: A get-out-of-jail-free card, a free book & Facebook hacking
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar this week: a hacking legend's business card, Facebook signing up hackers, a free book on Xbox hacking, news from Black Hat Europe and an SMB sniffing Wireshark extension.
- Hacking legend Kevin Mitnick's business card could be described as a "get-out-of-jail-free" card – it contains a lock-picking set.
- In a feature on espionage attacks, we wrote, "Ultimately, however, it is almost unavoidable that such attacks will eventually be successful, and potential victims should prepare themselves". It seems that Facebook's security team had already come to the same conclusion. Even before the January hack, hackers were crawling all over the company's internal network, though prior to January this was part of simulated emergency drills.
- In memory of Aaron Swartz, Andrew "Bunnie" Huang has made his book Hacking the Xbox available online for free.
- A Wireshark extension extracts files from SMB traffic. It will be incorporated into Wireshark proper shortly.
- Nir Goldshlager never rests. He reports that he has found another vulnerability which can be exploited to access any Facebook account. He showed off the same trick in late February.
- In his Black Hat presentation US hacker Deral Heiland demonstrated a means of attacking access points such as the Cisco/Linksys WAP200 or wireless controllers such as the WLC620 from Aruba Networks using unusual WLAN IDs, i.e. SSIDs such as
<img src=wlan.php?stop>. The devices were vulnerable to (persistent) cross-site scripting (XSS) and cross-site request forgery (CSRF). The manufacturers of the devices have since released firmware updates which fix the bugs.
- Talking of Black Hat, the presentations from Black Hat Europe 2013 are now online.