Language Selection

English French German Italian Portuguese Spanish

Security: Domain Name System, Department of Homeland Security, and Underclocking the ESP8266 Leads to WIFI Weirdness

Filed under
Security
  • A DNS hijacking wave is targeting companies at an almost unprecedented scale

    The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company's computers on the Internet. By replacing the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting user’s login credentials. The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking.

  • Worries mount as cybersecurity agency struggles amid shutdown

    Former Department of Homeland Security (DHS) officials and lawmakers fear the shutdown, now in its 20th day, could have both short- and long-term effects, hurting the new Cybersecurity and Infrastructure Security Agency’s (CISA) efforts to get off the ground and potentially pushing existing talent out the door.

  • Underclocking the ESP8266 Leads to WIFI Weirdness

    Now it was time for another of those basic questions. What would happen if you did the same thing to a second ESP8266? Much to his surprise, [CNLohr] discovered that the two devices could still communicate successfully as long as their BBPLL clock speed was the same. From an outsider’s perspective it looked like gibberish, but to the two ESPs which had been slowed by the same amount, everything worked as expected even though the 802.11 standards say it shouldn’t.

    So what can you do with this? The most obvious application is a “stealth” WiFi connection between ESP8266s which wouldn’t show up to normal devices, a communications channel invisible to all but the most astute eavesdropper. [CNLohr] has made all the source code to pull this trick off public on GitHub, and it should be interesting to see what kind of applications (if any) hackers find for this standards-breaking behavior.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Tilda: A Great Dropdown Terminal Roy Schestowitz 18/08/2019 - 9:19am
Story I'm going to work full time on free software Roy Schestowitz 18/08/2019 - 9:17am
Story today's leftovers Roy Schestowitz 18/08/2019 - 7:53am
Story Events: LibreOffice Conference 2020, MariaDB's Thomas Boyd and Upcoming Linux Foundation’s Open Source Summit Roy Schestowitz 18/08/2019 - 7:52am
Story OSS Leftovers Roy Schestowitz 18/08/2019 - 7:48am
Story Apache: Self Assessment and Security Roy Schestowitz 18/08/2019 - 7:46am
Story Google and Android Code Roy Schestowitz 18/08/2019 - 7:45am
Story FOSS in Crypto: Bots, Audius, and "Crypto Code Commits Remain Near All-Time Highs" Roy Schestowitz 18/08/2019 - 7:43am
Story Sharing/Collaboration/Open Data/Open Access Roy Schestowitz 18/08/2019 - 7:40am
Story Security: Defcon, Carbon Black, Open-Source Cyber Fusion Centre, Open Source Security Podcast and Avaya Roy Schestowitz 18/08/2019 - 7:36am