7MS #160: Infosec News and Links Roundup
2 min read Podcast

7MS #160: Infosec News and Links Roundup

Training

General News

  • If you downloaded Linux Mint on Feb. 20th, hopefully you know this already by now, but your download may have been backdoored. Read ZDNet's interview with the hacker behind the hack. It's really interesting stuff. The hacker compromised the site, uploaded modified versions of Mint which contained Tsunami malware, and then changed the checksums on the download page, because "Who the f**k checks those anyway?" Good point. Those checksums should probably be hosted on an independent 3rd party site!

  • Locky can lock up all your files with a simple Word Macro. Ouch.

  • www.grc.com is back online (at the time of this writing, anyway). In episode #548, and talks about what he learned about DDOS-mitigation services and why he's not interested in pursuing them at this time.

  • Do you use a wireless mouse? It might be subject to a MouseJack attack. Read more about the attack and see if you are using an affected device.

Tools/Scripts

  • Oldergeeks.com has a Windows 10 tool that gives easy access to tweaking all the privacy settings Microsoft has buried behind a jillion menus and submenus and reg tweaks.

  • The EFF has a neat tool that rates different messaging services and the various levels of security they do (or don't) provide, such as:

    • Encryption in transit
    • Is the code subject to independent review?
    • Encrypted so provider can't read it?
  • Sn1per is a neat automated recon/pentesting tool. I've been testing it out on my RPi and like how you can just point it at a target and it will do an "all in one" scan/attack scheme including:

    • Basic recon like DNS, ping, whois
    • Nmap scan
    • Nikto
    • Brute-force of services/passwords

Misc/Humor

  • 7MS.us has had some facelift updates!

    • BPATTY is the documentation project I talked about back in #141. It's my quick and easy "Control F and search for something" document that will be a living/breathing account of my pentest experience as I learn about new scripts, links, resources, etc.

    • The podcast page has been updated to include a mini episode guide highlighting some of our most popular episodes, such as the CEH/OSCP/OSWP training series and career discussions.

    • Thanks for your support. I supported Jay Mohr by clicking his banner and bought a Mad Mag subscription to help send his kid to college.