Probably not surprising, but check out this video from Chaos Communication Congress and the presentation “To Protect and Infect” by Jacob Applebaum to learn more about the speculations of NSAs hardware implants in USB cables, exploits, malware etc. for surveillance, namely: Somberknave, Totechaser, Iratemonk, Monkeycalendar (with references to Karsten Nohls work), Bulldozer, Iron Chef, Cottonmouth, Howlermonkey, CTX4000 (ragemaster RF-flooding) and more.
More about the actual documents presented you find here at Leaksource.
Bluebox Security has released an App to check if your Android device is still vulnerable to the “master key” exploit. There is a patch out from Google, but not all handset providers have implemented it in their distros yet…
Check out this article if you want to know more about this expoit.
Recent Java vulnerabilities have made Security experts advice people to fully disable Java scripts, or use two browsers such as;
– one for less critical tasks with Java, and
– one for critical tasks (e.g., online banking) where Java is enabled only when needed
As you can see from the pictures, Anti is intuitive and simple to play with, and can as easily be used by security professionals as newbies. The screenshots was taking while using the open wireless network on flight from Oslo to Trondheim (flying Norwegian).
The app was used only to illustrate an example, where the sniffing was aimed at a friends smartphone (with his consent).
The sniffing screenshot is a good example of how easily adversaries can capture unencrypted traffic in open wireless networks.