Tag Archive for: open

China is now engaged in open hybrid warfare against the West

/in


Conflict rages in Gaza and Ukraine, and tensions heighten over Taiwan. In Beijing, US Secretary of State Antony Blinken has just held difficult talks with Chinese foreign minister Wang Yi. Despite Xi Jinping’s statement at a joint press conference that the US and China should “seek common ground … rather than engage in vicious competition”, efforts at detente seem to have been fruitless.

Yet in the midst of a worsening geostrategic crisis, President Biden last week signed a bill into law threatening a ban on TikTok, a social media app enjoyed by millions of young people worldwide. What does this curious nexus of events tell us?

In essence, the inane appeal of TikTok is at the heart of the matter. Social media activity has gripped a new global generation, and there are few limits to the access such platforms have to data owned by their users.

Since TikTok’s owner, ByteDance, is Chinese, it is obliged by law to serve the Chinese state. There have been allegations in turn that information collected by TikTok is exploited by the Chinese state, which is why Western governments including the UK and US have forbidden its use on government devices. There is also considerable suspicion that the algorithms used on the platform are used to present users with politically useful narratives. 

If ByteDance refuses to sell the platform, and instead allows it to be banned or closed down, many will take this as an indication that Beijing would value control of sensitive algorithms more than the prosperity of the company that uses them. All indications are that China would block any sale.

The issue, however, is larger than one app. The Chinese Communist Party has weaponised every aspect of its interactions with the outside world with the aim of undermining, defeating and supplanting the West as the arbiter of global norms. After years of blind denial or compromised silence, in the past couple of weeks there has been a remarkable surge of Western media attention on how far and fast this process is progressing.

A few instances stand out. In Beijing this week, Mr Blinken said that the US and China needed to be clear what their differences are, “to avoid…

Source…

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds (Video)

/in


https://www.vecteezy.com/photo/24543747-hand-using-keycard-for-smart-digital-door-lock-while-open-or-close-the-door-at-home-or-apartment-nfc-technology-fingerprint-scan-pin-number-smartphone-and-contactless-lifestyle-conceptshttps://www.vecteezy.com/photo/24543747-hand-using-keycard-for-smart-digital-door-lock-while-open-or-close-the-door-at-home-or-apartment-nfc-technology-fingerprint-scan-pin-number-smartphone-and-contactless-lifestyle-concepts

When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology.

But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the…

Source…

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

/in


When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the Computer Security and Industrial Cryptography group at…

Source…

6 Best Open Source IAM Tools in 2024

/in


Identity access management (IAM) tools, crucial for cybersecurity, have become highly sought-after due to rising identity-related breaches. A Statista report revealed that 80% of global respondents experienced cyber breaches linked to authentication vulnerabilities in 2023. Additionally, 70% of US-based IAM professionals expressed concerns about identity-based threats.

IAM tools help organizations secure and manage user identities and access to resources, ensuring only authorized individuals gain access. While proprietary IAM solutions like Okta, OneLogin and Cyberark dominate the market, open-source IAMs offer flexibility and low cost. Let’s explore their features, pricing, benefits and limitations.

Best open source IAM tools comparison

The following table provides a snapshot of how these open-source IAMs compare to each other.

Identity lifecycle management Multi-factor Authentication (MFA) Single Sign-on (SSO) and Single Logout (SLO) Pricing
OpenIAM Yes Adaptive MFA Yes Free version or subscription; contact vendor for a quote.
Keycloak Yes Yes Yes Free.
Ory Yes Yes Yes, within certain subscriptions. Free version for EU region; US and EU plans starting at $29/month.
Aerobase Server Yes Yes Yes, for browser applications. Free version or plans starting at $690/month.
ForgeRock Yes Yes Yes, when configured. Starts at $3 per user per month for Workforce plans.
Shibboleth Consortium Yes MFA profile standard for IdPs. Only supported on Shibboleth 3.2 and above. Starts at $2,960/year.



OpenIAM: Best for workforce and customer identity

OpenIAM logo.
Image: OpenIAM

This open-source IAM solution caters to both workforce and customer identities. Suitable for enterprise use, it offers organizations a set of features designed to streamline user access across various platforms. It boasts a robust web access control for identity management, diverse applications, Single Sign-On (SSO), Desktop SSO and API integration controls. It also includes Two-Factor/Multi-Factor Authentication (2FA/MFA) and role-based access control management. In addition to these core features, OpenIAM provides supplementary capabilities like SSH key management, session management and password…

Source…