Jump to content

TomDangeroux

Members
  • Content Count

    35
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by TomDangeroux

  1. Some quality trolling here. I thought I had accidentally stumbled upon Katy Hopkins' Twitter feed. Classy guys, very classy.
  2. If you like Chrome but don’t want the baggage of Google’s snooping, you can always install Chromium instead. Chromium is the open source browser on which Chrome is based. I personally prefer Firefox with NoScript installed for everyday browsing, Safari for banking, yes that’s banking and Chromium for any sites that insist on still using Flash Player for video, as I uninstalled Flash Player system wide some time ago.
  3. And you could Tweet your hacking progress on the official Mutley's Hanger Twitter feed. On second thoughts, just read a book.
  4. Thanks for the link Nigel. A fun set of videos.
  5. I'm sure everything will be fine Joe. Just make sure the pilots turn it off and on again before takeoff. Neighbours of ours, a young couple with a new baby were unfortunately on Dan Air 1008. They only lived about five houses along from us. Very sad.
  6. Yes Martin, nice PDF, it’s all there. What a mighty fine mess they’ve got themselves into. Reading through the document, the authors can envisage attacks coming from all directions, it would be funny if it wasn’t so serious. You could apply a good chunk of the information given in the PDF to any organisation with an internet presence, like your bank for instance, and we all know what a sterling job they do. All the work that’s gone into airline safety over the decades and then they go and migrate all the dangers associated with the internet and willingly open themselves up to it. They can
  7. Yes, it would seem a prudent rule for very good reasons. But as I said in the opening post, they bought it from outside of the US, Africa if I remember correctly.
  8. Hi Chris, If your referring to the first part of my post, this is the very same attack I described in the opening post in this thread. This is the confusion. The posts earlier all refer to Chris Robert’s research using this direct access attack to the aircrafts avionics bay, never from the passenger cabin. He may have made progress lately, if his famous Tweet is to be believed, but as I haven’t seen his presentation at the RSA conference last week yet, I don’t know. They procured the laptop from the second hand open market for around $1000. From people who deal with second hand parts and
  9. I haven't reached that conclusion, I haven’t reached any conclusion. Only one attack vector has been discussed in any detail and it's been misinterpreted. The Dos attack pertaining to the autopilot command switch has caused confusion, that's my fault for describing it that way. The hackers likened it to a Dos as they were "denying a service to the pilots", but they were using it as an analogy because the attack on the autopilot was exploited by leveraging the avionics bay attack vector. The attack using the maintenance laptop. This would be loaded with a specially crafted software 'crate' tha
  10. The point your making is very relevant MartinW. Let’s not get bogged down with minutia allardjd. This thread should not be about correcting every single little mistake, it’s the general picture that should be relevant. 50, 100, 1000 ft, it’s not all that important surely. The premise is correct. We are indeed on the same frequency Chris. I’m like you but minus 20 years Just to clarify, I don’t work for Sony
  11. No worries Chris. Seriously, it’s only a silly thread Please don’t infer that I grasp what these guys are capable of, I just find this type of subject matter fascinating, and when it applies to aviation it checks all my boxes. I don’t know if these guys can do what they claim. I just hope they are in dialog with people in authority. They will determine what measures must be taken. I understand if you’re cynical as to their motives. I don’t know either way. But I do find the FBI’s response to all this rather suggestive. But don’t quote me on that
  12. Oh boy "They said that when the pilots realised something may be wrong and the a/c was carrying out unexpected commands, the pilots could switch the autopilot off. The hackers could turn it back on again. They realised if they sent the ‘on’ command at a sufficient rate, the pilot would no longer be able to turn it off." They described the principle as a denial of service attack. I doubt very much it bears any resemblance to the standard Dos attacks that bring down web sites. I'm sure they were using an analogy. We don’t know what that form of attack took. It may bear no resemblance to t
  13. @PC8MyBrain. They used clever social engineering skill and very possibly ‘ghetto tool’ techniques too. I fail to understand the need for the Lol or the statement that i’m being forced fed information. As for the DDos scenario. You appear to be talking from a position of a Wi-Fi attack. They never mentioned Wi-Fi and neither did I, that came from press reports. He claims he can gain direct access to the flight systems and programmed his ‘crate’ software package to repeatedly call for the auto pilot to be engaged locking the pilots out of the loop. They denied the service of the auto pil
  14. I kind of did that, didn’t I I’m glad that I have more than convinced you that there is an immediate and plausible threat. I’m sure they hoped the airline industry would have the same view and do something about it, not tell them to go away. I understand the confusion, but this was the very point the hackers were attempting to emphasise. Yes, they have considerable knowledge and experience. They possess skills that to us seem fantastical. But they are not unique in this regard. Many ‘black hatters’ also possess such skills, be them private individuals, organised crime, terrorist groups
  15. Thanks for your post Dai, very interesting information. PC8MyBrain. The very point Chris and his team are making is that they didn't have any special privileges to information. They only had access to the same information any other hacker would have. The way they procured the hardware was not through an agency giving them access, but by social engineering skills and vendors who were only too willing to sell them pieces of kit. You are right in saying that protecting data is a real problem and he and his team are highlighting this issue.
  16. I may have inadvertently given the impression that the hackers were some spotty 'script kiddies' messing around in their bedroom or someone like David in War Games When they are in fact highly respected Cybersecurity and Threat Intelligence analysts who hack for a living, testing government and corporate IT infrastructure for weaknesses. A few days ago the FBI’s InfraGard web site issued new advise to airline staff. --Report any suspicious activity involving travellers connecting unknown cables or wires to the IFE system or unusual parts of the airplane seat. --Report any evidence of susp
  17. Thank you guys for your kind replies. Just to clarify a few points. @MartinW. When asked if what they have done is hard, they answered yes, extremely difficult. But they pointed out that just a couple of guys working in their spare time could now hack the a/c. The hard work is done, and until measures are put in place to lock down the system the attack works. This won’t be anything little Johnny can manage with his iPad in the cabin, it takes considerable knowledge and expertise, but the ground attack vector has been demonstrated. If these guys can do it, many others could too, especial
  18. Hello fellow forum members. You don’t know me very well but I have hung around here for quite some time. Now we’ve read some posts recently regarding computer boffins claiming they have hacked into aircraft. Now some of you, like me, first thought that this was a ridiculous claim. Hacking into a plane? You would have to be in the air for hours typing away at your laptop to achieve anything. Sure, it’s an interesting idea but really, it ain’t gonna happen. If you’re interested in how this came about, feel free to read on. OK, your still with me, cool. All we have is one hacker and his
  19. This didn’t take long and thank you jaydor for hi-lighting just how low some media outlets can stoop. A security analyst makes an important point about the integrity of aircraft systems and then a 'hack', probably in the shower this morning, comes up with this terrible excuse for journalism. It’s not based on any facts or evidence, it’s pure ‘click bait.’ And then his editor posts it on the internet! Don’t encourage this type of trashy journalism. Don’t click the link. This will deny them their ad revenue. All they care about is the clicks and making money. I have done the dirty on you
  20. Your right allardjd. Nothing is foolproof. Air gap the systems and the aircraft is still susceptible to a bad actor installing a nasty directly into the avionics bay, but the air gap makes the hack so much harder to exploit. The article you describe was a proof of concept attack by the Fraunhofer Institute, the guys who came up with the mp3 codec. They were able to get an already compromised laptop to accept commands via ultrasound at distance of 65 feet in the lab. It was very low bandwidth at 20 bits/second. One set of white hatters crafted a special audio CD that when played on a cars
  21. Hello J G. To find out what process is eating your bandwidth run this software on the suspect machines and recreate the conditions that trigger the problem. https://technet.microsoft.com/en-us/sysinternals/bb897437 It’s a utility from Microsofts technet and runs as a stand alone. Once you have extracted the file, run the .exe named TCPView. Re-order the listings for ‘sent packets’ to see what process is causing the trouble. Good luck.
  22. Yes MartinW, the numbers are staggering. The ill-fated healthcare.org site Obama set up had 500 million lines of code, and we know what happened to that soon after launch I wouldn’t say all coding is primitive. It’s amazing what some programmers can do with machine code for example, massive apps that are less than a Mb in size. I suspect some coders are getting lazy. As computers get more powerful coders have more resources to work with. Keeping code lean and mean is no longer a priority. The overriding priority is that it works, they then can go back and fix any problems later. Some
  23. Hello Needles. So you have something on your system spiking your CPU to 100%. You obviously you need to find out what that process is. Pop over to the Microsoft tech net site, Windows Sysinternals. https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx You will see down the left hand side of the page numerous utilities. Choose ‘Process Utilities’ and download ‘Process Explorer.’ This tiny app will not install onto your PC, it runs as a stand alone. It will tell you what is running and what is using all that CPU power. This is a powerful tool. When you have identified the proc
  24. Just a little something to think about. There has never been a computer system created that cannot be hacked. Hackers look for mistakes in code to compromise systems, they crash the system by leveraging these mistakes, initiating buffer overruns and other tricks that allow the hacker to inject their own code into a computer system. As the complexity of systems increase, bugs are more and more common place. In a recent study by Carnegie Mellon University, commercial software typically has 20 to 30 bugs for every 1000 lines of code. 50 million lines of code means 1 million to 1.5 million po
×
×
  • Create New...