On July 23, multiple services related to Garmin were taken offline, including their call center and aviation related services. Thanks to information leaked by Garmin employees, we know that this multi-day outage was caused by the Wastedlocker ransomware campaign. After four days, Garmin was able to start the process of restoring the services.
It’s reported that the requested ransom was an eye-watering $10 million. It’s suspected that Garmin actually paid the ransom. A leaked decryptor program confirms that they received the decryption key. The attack was apparently very widespread through Garmin’s network, as it seems that both workstations and public facing servers were impacted. Let’s hope Garmin learned their lesson, and are shoring up their security practices. Continue reading “This Week In Security: Garmin Ransomware, KeePass , And Twitter Warnings”
One of the more popular security builds in recent memory is USB password vaults. These small thumb drive-sized devices hold all the passwords you have to deal with, and are locked behind a authentication code on the drive itself. For their Hackaday Prize entry, [Miguel] and [Noel] asked how inexpensively one of these devices could be made. The answer, coming in the form of their Memtype project, is very inexpensively.
The Memtype project is based on the cheapest and most simplistic USB implementation on the planet. It’s built around an ATtiny85 and V-USB‘s software only implementation of a USB keyboard, requiring only a few resistors and diode in addition to the ‘tiny85 itself.
The device can only be unlocked with a four-digit pin, input through the clever use of a small SMD joystick. After inputting the correct code, the Memtype grants the user access to all the stored passwords. As far as security goes, [Miguel] and [Noel] have implemented NOEKEON in assembly, however it should be noted that all security is weaker than a pipe wrench. For managing the passwords, [Miguel] and [Noel] built a small, simple GUI app to set the PIN and write credentials to the device.
[Miguel] and [Noel] already have a demo video up for the Memtype, you can check that out below.
Continue reading “Hackaday Prize Entry: A Very Small Password Keeper”
Lifehacker has published an overview of some of the many ways you can secure your data. The post was prompted by recently released browser vulnerabilities: first IE, then Firefox. They cover techniques far beyond just browser security, like how to properly wipe your iPhone. They mention disk encryption go-to TrueCrypt along with password management tools like KeePass. They also suggest using temporary credit cards to mitigate the impact of fraud.
[photo: Rija 2.0]