Skip to content

Certified Ethical Hacker – Free Flashcards

Ethical Hacking – Flashcards

http://samsclass.info/124/flashcards/index.html

cEH flashcards

This is such a fun way to learn.  A lot of infosec needs to be committed to memory and flashcards are the ideal way to learn so that the answers are automatic.

WannaCry: Cyber Attack on NHS Hospitals May 2017

Well, the Cyber Attack against the NHS has certainly caused a storm of protest. Monday we are told to expect a second wave of attacks.  So how did researchers manage to stop this attack so quickly?  The answer is that the coders made some very simple errors. They hardcoded in a kill switch, which UK researchers registered and triggered.

Step 1 – Hit the kill switch – if there is one

MalwareTech registered the domain that acted as a kill switch.

This stops the infection of new devices.  Jump to step 4 for more information on finding the command and control servers.

wcry code

Step 2 – Danger: Are you running SMB v1?

Each version of Windows uses a different SMB version.

This is a general overview by operating system

SMB versions used in Windows

Powershell Commands to find SMB version

Use the Get-SmbConnection command – look at the “Dialect” used.

powershell for smb version

Check Windows Features for SMB 1.0

Search “Windows Features”,

Is there a tick against SMB 1.0/CIFS File Sharing?  If there is, we’re in trouble.

Where SMB 1.0 CIFS File sharing is enabled, untick the box to disable it.

smb disable instructions

Step 3 – Patch the flaw

1. The National Cyber Security Centre guidance on how to patch (see below).

 

2. Microsoft have issued a patch – apply this.

We have around 24 hours before copycats create a 2nd wave of attacks.

 

National Cyber Security Centre Advice:

https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

The malware uses the vulnerability MS17-010 to propagate through a network using the SMBv1 protocol. This enables the malware to infect additional devices connected to the same network.

The NCSC advise the following steps be performed in order to contain the propagation of this malware:

  • Deploy patch MS17-010:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

  • A new patch has been made available for legacy platforms, and is available here:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks

  • If it is not possible to apply this patch, disable SMBv1. There is guidance here:

https://support.microsoft.com/en-us/help/2696547

  • and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445]

If these steps are not possible, propagation can be prevented by shutting down vulnerable systems.

Work done in the security research community has prevented a number of potential compromises.

To benefit from this, a system must be able to resolve and connect to the domain below at the point of compromise.

www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

Unlike most malware infections, your IT department should not block this domain.

Anti-virus vendors are increasingly becoming able to detect and remediate this malware, therefore updating antivirus products will provide additional protection (though this will not recover any data that has already been encrypted).

Step 4 – Look for unregistered Malware control server domains – as a Procedure

Now one thing that’s important to note is the actual registration of the domain was not on a whim. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server (C2) domains. In fact I registered several thousand of such domains in the past year.

Our standard model goes something like this.

  1. Look for unregistered or expired C2 domains belonging to active botnets and point it to our sinkhole (a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them).
  2. Gather data on the geographical distribution and scale of the infections, including IP addresses, which can be used to notify victims that they’re infected and assist law enforcement.
  3. Reverse engineer the malware and see if there are any vulnerabilities in the code which would allow us to take-over the malware/botnet and prevent the spread or malicious use, via the domain we registered.

That’s the model for locating and stopping Malware control server domains.

Reference:

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

https://www.saotn.org/disable-smbv1-windows-10-windows-server/

Hashcat – How to hack passwords – on Windows 10

Hacking / Cracking passwords and understanding encryption is an essential skill for Cyber Security, Penetration Testing, Computer Security, Information Security and Cryptology. This prep guide, will take you step by step through hashing algorithms in a visual format. The aim is that you will learn through seeing and doing – and will understand hashing algorithms at an intuitive level.

 

Reference

hashcat book

Amazon Link:

https://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=hashcat

 

 

 

Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors

The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits’ live communications, and insert encryption backdoors by the backdoor.

In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide real-time access to the full content of any named individual within one working day, as well as any “secondary data” relating to that person.

That includes encrypted content – which means that UK organizations will not be allowed to introduce true end-to-end encryption of their users’ data but will be legally required to introduce a backdoor to their systems so the authorities can read any and all communications.

In addition, comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 folks in Blighty at any given moment.

According to the draft, telcos and other comms platforms must “provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data.”

The live surveillance of individuals will require authorization from secretaries of state, overseen by a judge appointed by the prime minister. And there are a few safeguards built into the system following strong opposition to earlier drafts of the Investigatory Powers Act.

Closed doors

What will concern many, however, is how the draft paper and its contents are being handled.

The technical capability notices paper has only been provided to a select few companies – mostly ISPs and telcos – on a short four-week consultation, but a copy of the draft found its way to the Open Rights Group, which popped it online today.

According to the document, it has already passed through the UK’s Technical Advisory Board, which comprises six telco representatives – currently O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media – plus six people from the government’s intercepting agencies, and a board chairman.

That means that the contents have already been largely agreed to by most of the organizations that have been included in the closed consultation.

It is unclear whether the Home Office intends to make it available for public comment after that time or whether it will seek to push it through the legislature before anyone outside the consultation group has an opportunity to review it.

The rules will have to be formally approved by both houses of Parliament before becoming law.

You ain’t see me, right?

The process and the approach seem to be purposefully obscure. The rules come under Section 267(3)(i) of the Investigatory Powers Act – a one paragraph section that refers back to Section 253, which covers “Technical capability notices.”

There is no mention of the technical capability notices paper existing either on the Home Office website or on the Gov.uk consultation website. And the only reason we know about it is presumably because someone at one of the few companies that have been sent the draft rules decided to tell Open Rights Group about it.

But what the nine-page document does is provide the government with the legal authority to monitor anyone in the UK in real time, as well as effectively make strong and unbreakable encryption illegal.

This act of stripping away safeguards on people’s private data is also fantastic news for hackers, criminals, and anyone else who wants to snoop on Brits. The seals are finally coming off.

“This lays bare the extreme mass surveillance this Conservative government is planning after the election,” Liberal Democrat President Sal Brinton told us in a statement.

“It is a full frontal assault on civil liberties and people’s privacy. The security services need to be able to keep people safe. But these disproportionate powers are straight out of an Orwellian nightmare and have no place in a democratic society.”

The Home Office’s private consultation is open until 19 May. If you would like the UK government to know your views, then email investigatorypowers@homeoffice.gsi.gov.uk. ®

 

Reference:

https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/

nomx: The world’s most secure communications protocol – BBC Click

A great episode of BBC Click – detailing the security breaches of a super secure email server, which runs (I’m not joking) on a Raspberry Pi.  Yikes.

https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

http://www.bbc.co.uk/iplayer/episode/b08p1nts/click-29042017

I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, catchy tag lines and some pretty bold claims about their security, nomx claim to have cracked email security once and for all. Down the rabbit hole we go!

nomx

You can find the official nomx site at https://www.nomx.com and right away you will see how secure this device is.

nomx main site

Now, I’m not sure how someone is supposed to edit this PHP file right now because I can’t see the SSH instructions anywhere nor can I see the setup password anywhere either. To save you all the trouble I extracted the hash of the original password whilst I had SSH access and you can see it here:

ec949c6a38322f160e8975cea965b4f6:1b84261e5d578c248825a58512175fa17d2bc118  

It turns out this was pretty easy to break after I had a quick dig in the source to see how they generated the hash.

function generate_setup_password_salt() {  
    $salt = time() . '*' . $_SERVER['REMOTE_ADDR'] . '*' . mt_rand(0,60000);
    $salt = md5($salt);
    return $salt;
}

function encrypt_setup_password($password, $salt) {  
    return $salt . ':' . sha1($salt . ':' . $password);
}

Soooo, yeah. I also had a dig around in the config file and stumbled over this which is used during the setup process.

$CONF['min_password_length'] = 5;

Anyway, the main point for now was that I managed to crack the setup password, which was death, with a quick tweet asking for help or I could have set my own if I needed so I could create an account and login to the device.

 

The master password for the whole system is “death”.

Undocumented admin account

After delving into the database on the device and browsing through a few tables, I saw something that horrified me. There was another admin account alongside my own that I hadn’t created.

mysql> select * from admin;  
+------------------------+------------------------------------+---------------------+---------------------+--------+
| username               | password                           | created             | modified            | active |
+------------------------+------------------------------------+---------------------+---------------------+--------+
| admin@example.com      | $1$d2242313$UJ6TolBZXSQQvrXvlMZO2/ | 2015-10-10 18:31:30 | 2016-10-24 21:35:46 |      1 |
| scotthelme@hotmail.com | $1$7d33f257$qxWGsOPg1PX6Axu.NoNaK0 | 2017-03-13 17:24:05 | 2017-03-13 17:24:05 |      1 |
+------------------------+------------------------------------+---------------------+---------------------+--------+

I extracted the hash and posted it to Twitter to see if I could crowd-source the input and it didn’t take very long for someone to come back to me with the answer.

The password was, quite literally, “password”. Sure enough I immediately opened up the web interface and I could indeed login with the username admin@example.com and the password password. I had full control of the device. This is inexplicably bad for more reasons than I care to list but coupled with the above CSRF attack I now don’t need to depend on the user to be logged in to the device to perform administrative functions, I can simply login to the device with these admin credentials and do anything I like. All this requires is two simple iframes on a page.

 

Well done BBC Click!

Make your computer speak what you type using notepad

I’ve just found a site that has applications coded in Notepad.  The applications are really fun to use.  I’d recommend that you check out this site.

https://errorcode401.blogspot.co.uk/2013/07/Make-your-computer-speak-what-you-ype-using-notepad.html

Create Application using notepad to make computer speak what you type

Here is one interesting code created by us to make your computer speak what you type.

Let’s Start.

Step 1 : Open your notepad. [start >> run >> Type “notepad” >> Enter]

Step 2 : Copy the following code in notepad then save it with .hta extension [e.g MSG-Speaker.hta]

<html><head><title>Message Speaker – ErrorCode 401</title><HTA:APPLICATION
APPLICATIONNAME=”Message Speaker – ErrorCode 401″
ID=”Mesage Speaker – ErrorCode 401″
VERSION=”1.0″
MAXIMIZEBUTTON=”no”
SCROLL=”no”/></head>
<style> td { color: Black; }
caption { color: Black; }

body { font-family: Arial; background-color: #388A9F; color: #808080; }
input { background-color: #202020; color: #808080; }
textarea { background-color: #22374B; color: #D6E1EC; font-style:bold; }
</style>

Sub Window_OnLoad
Dim width,height
width=470
height=400
self.ResizeTo width,height
End Sub

Function Listen
Dim message
message = tamsg.value
If (message = null) Then
X = MsgBox(“Enter your message”, 48, “Error Message”)
Else
Set sapi=CreateObject(“sapi.spvoice”)
sapi.Speak message
End If
End Function

<body bgcolor=”white”>
<span title=”Visit our blog for more http://www.errorcode401.blogspot.in”&gt; <marquee color=”white” bgcolor=”black” style=”font-family= Book Antiqua;”>This code is uploaded on <font color=”cyan”>http://www.errorcode401.blogspot.in</font></marquee&gt;
</span> <table align=”center” width=”400″> <caption style=”font-family:Book Antiqua; font-size:20;”><hr color=”black”><b>Message Speaker</b><hr color=”black”></caption>
<tr> <td align=”center”> <span title=”Enter your Full message here”><textarea id=”tamsg” cols=”50″ rows=”10″></textarea></span> </td> </tr>
<td align=”right” color=”black” style=”font-family: Book Antiqua; font-size:18;”> <hr color=”black”> <span title=”Click here to listen your message”>
<input style=”width: 130px; height:25px; color: white; background-color: #203040; font-family:Book Antiqua; font-size:15;” type=”button” Value=”Listen” id=”btnsp” onClick=”Listen()” onmouseover=”btnsp.style.background=’#102030′” onmouseout=”btnsp.style.background=’#203040′”> </span> </td> </tr> <tr>
<td align=”right”><hr color=”black”> <span title=”All rights reserved by Attract Tech” style=”font-size: 13px; font-family:Book Antiqua;”>&copy; 2013 Attract Tech – All rights reserved.</span> </td> </tr> </table> </body> </html>

Step 3 : Now Open that file by double click then you will see one window.

Write your in text-box which you want to listen then click on listen button.

Reference:

https://errorcode401.blogspot.co.uk/2013/07/Make-your-computer-speak-what-you-ype-using-notepad.html

Embedded Cryptography Should Be A Requirement for IoT

Security is a top concern for the Internet of Things, as essential as low power consumption, affordability, and wireless connectivity.

Because IoT devices are optimized for low power consumption and affordability, many have less than optimal computing resources. The good news is there are several options for using cryptography to make it more difficult for hackers to highjack your living room webcam, video doorbell or car.

The denial-of-service attack last October showed how cheap IoT devices that had no security–in many cases not even proper password protections–could be hacked to flood Web sites with traffic, shutting them down. In an increasingly connected future, consequences could include having water or electricity shut off, security systems disabled, or even loss of life for attacks on medical devices.

For the IoT, authentication ensures that devices are interacting with authorized gateways and cloud services and they in turn verify they are working with authentic IoT nodes. The sender will use a hashing algorithm and shared secret keys to generate a tag known as a message authentication code (MAC). The receiver performs the same hashing algorithm to decode the MAC and compare it with one stored locally.

The strength of the MAC depends on the strength of the hashing algorithm, the length of the key used and whether the key is shared secretly and stored securely. The current state-of-the-art hashing algorithm for cryptographic purposes is SHA-256 with 256-bit keys.

For sharing keys securely, either a secure channel can be used or a Diffie–Hellman key exchange over an insecure channel. Storing keys securely is another challenge, and it’s advisable to store them separately from application data and the data being authenticated. Properly equipped integrated chips can require a secure boot and secure firmware updates.

Encryption has been used for millennia. Ancient Greek generals passed messages to each other encoded on leather strips. To be read they had to be rolled around a scytale, a rod made to a secret diameter. Only a rod of the proper diameter would render the message correctly.

Today AES is the accepted standard to encrypt and decrypt our messages using digital keys. Symmetric key cryptography uses the same key to encrypt and decrypt the message, making it critical to keep the key secret. Asymmetric cryptography uses a shared, public key and a private key which is kept secret.

While asymmetric key cryptography has the benefit of added security over insecure channels, it’s more than 1,000 times more computationally expensive than symmetric key cryptography. Asymmetric cryptography can be used to establish a secure channel to exchange secret keys which can be used for subsequent symmetric methods. Alternatively, symmetric key cryptography used along with Diffie–Hellman key exchange is often secure enough for many embedded applications.

For IoT devices, hardware acceleration makes sense. Authentication chips or cryptographic co-processors can carry out sophisticated encryption and authentication efficiently in hardware, saving battery life and processor cycles. It takes more effort to secure any connected computing device, but in the long run, it’s the right thing to do.

Reference:

http://tekedia.com/63866/embedded-cryptography-requirement-iot/

How to create encryption program in Notepad

Hello with this Simple HTML Application you can Encrypt and Decrypt your message by password. First of all I will show you how to create it and then I will show you how to use it.

Let’s Start.

Step 1 : First if all open your notepad. [Start >> Run >> Type “Notepad” >> Enter]
Step 2 : Copy the following code in notepad which is starting from <html>to </html>

<html><head><title>Message Encrypter/Decrypter – Error Code 401</title><HTA:APPLICATION
APPLICATIONNAME=”Message Encrypter/Decrypter – Error Code 401″
ID=”Message Encrypter/Decrypter – Error Code 401″
VERSION=”1.0″
MAXIMIZEBUTTON=”no”
SCROLL=”no”/></head>
<style> td { color: Black; }
caption { color: Black; }
body { font-family: Arial; background-color: #708090; color: #808080; }
input { background-color: #202020; color: #808080; }
textarea { background-color: #202020; color: #808080; }
</style>

Sub Window_OnLoad
Dim width,height
width=700
height=500
self.ResizeTo width,height
End Sub
Function Validate(ID)
On Error Resume Next
Key = Int(pass.value)
If (pass.value = “”) Then
X = MsgBox(“You have to enter your password..!”, 48, “Error”)
Else If (tamsg.value = “”) Then
X = MsgBox(“Enter the text to encrypt or decrypt!”, 48, “ERROR!”)
Else
Junk = SetTimeOut(KEYS(ID), 1)
End If
End If
End Function
Function KEYS(ID)
text = pass.value
code = 0
Do Until text = “”
code = ((Asc(Left(text, 1)))+code)
text = Replace(text, Left(text, 1), “”, “1”, “1”)
Loop
code = code Mod 255
akey.value = code
Junk = SetTimeOut(ID, 1)
End Function
Function Encrypt
Alpha = Array(“A”, “B”, “C”, “D”, “E”, “F”, “G”, “H”, “I”, “J”, “K”, “L”, “M”, “N”, “O”, “P”, “Q”, “R”, “S”, “T”, “U”, “V”, “W”, “X”, “Y”, “Z”)
text = tamsg.value
code = “”
key = Int(akey.value)
Do Until text = “”
cnum = Asc(Left(text, 1))
cnum = (cnum+key) Mod 255
num = cnum Mod 26
count = 0
tst = num
Do Until tst = cnum
tst = tst+26
count = count+1
Loop
code = code & Alpha(num) & count
text = Replace(text, Left(text, 1), “”, “1”, “1”)
Loop
tamsg.value = code
End Function
Function Decrypt
Alpha = Array(“A”, “B”, “C”, “D”, “E”, “F”, “G”, “H”, “I”, “J”, “K”, “L”, “M”, “N”, “O”, “P”, “Q”, “R”, “S”, “T”, “U”, “V”, “W”, “X”, “Y”, “Z”)
text = tamsg.value
code = “”
key = Int(akey.value)
Do Until text = “”
lttr = Left(text, 2)
num = Asc(Left(lttr, 1))-65
chk = Right(lttr, 1)
count = 0
Do Until count = Int(chk)
num = num+26
count = count+1
Loop
num = num-key
Do While num
<body bgcolor=”white”> <input type=”hidden” id=”akey”> <span title=””> <span title=”Visit our blog for more http://www.errorcode401.blogspot.in”&gt;
<marquee color=”white” bgcolor=”black” style=”font-family= Book Antiqua;”>This code is uploaded on <font color=”cyan”>http://www.errorcode401.blogspot.in</font></marquee&gt; </span> <table align=”center” width=”400″>
<caption style=”font-family:Book Antiqua; font-size:20;”><hr color=”black”><b>Message Encrypter-Decrypter</b><hr color=”black”></caption>
<tr> <td align=”center”><span title=”Enter your Full message here”><textarea id=”tamsg” cols=”80″ rows=”15″></textarea></span></td> </tr>
&nbsp;&nbsp;&nbsp;&nbsp; <td color=”black” style=”font-family: Book Antiqua; font-size:18;”><hr color=”black”> Password &nbsp;<span title=”Enter your password here”>
<input type=”password” id=”pass”></span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<span title=”Click Here to Encrypt your Message”> <input style=”width: 170px; height:23px; color: white; background-color: #203040; font-family:Book Antiqua;” type=”button” Value=”Encrypt” id=”btnenc” onClick=”Validate(‘Encrypt’)” onmouseover=”btnenc.style.background=’#102030′” onmouseout=”btnenc.style.background=’#203040′”> </span> <span title=”Click Here to Decrypt your Message”> <input style=”width: 170px; height:23px; color: white; background-color: #203040; font-family: Book Antiqua; font-size:13;” type=”button” Value=”Decrypt” id=”btndec” onClick=”Validate(‘Decrypt’)” onmouseover=”btndec.style.background=’#102030′” onmouseout=”btndec.style.background=’#203040′”> </span></td>
</tr> <tr> <td align=”right”><hr color=”black”><span title=”All rights reserved by Attract Tech” style=”font-size: 13px; font-family:Book Antiqua;”>&copy; 2013 Attract Tech – All rights reserved.</span></td> </tr> </table> </body> </html>

 

 Step 3 : Save it with .hta extension [eg. MSG – EncDec.hta]

How to use?

Step 1 : Double click on it. Then one window will open as shown in the following Image.

Step 2 : Write your Message/String in TextArea as shown in given Image.

Step 3 : Type your message in Password textbox.

Step 4 : Click on Encrypt Button.

Then you will see your Encrypted message in TextArea. Copy it and save it anywhere.

Write same password in password box then click on Decrypt Button you will get your original message.

Reference

https://errorcode401.blogspot.co.uk/2013/07/Create-Simple-Message-EncrypterDecrypter-Using-Notepad.html

Kali Linux can now use cloud GPUs for password-cracking

Think passwords, people. Think long, complex passwords. Not because a breach dump’s landed, but because the security-probing-oriented Kali Linux just got better at cracking passwords.

Kali is a Debian-based Linux that packs in numerous hacking and forensics tools. It’s well-regarded among white hat hackers and investigators, who appreciate its inclusion of the tools of their trades.

The developers behind the distro this week gave it a polish, adding new images optimised for GPU-using instances in Azure and Amazon Web Services. The extra grunt the GPUs afford, Kali’s backers say, will enhance the distribution’s password-probing powers. There’s also better supoprt for GPU cracking, hence our warning at the top of this story: anyone can use Kali and there’s no way to guarantee black hats won’t press it into service. And they can now do so on as many GPU-boosted cloud instances as they fancy paying for.

The new distribution, version 2017.1, also adds support for Realtek’s RTL8812AU wireless chipsets. The Linux kernel doesn’t support that silicon, but lots of mainstream modem-makers like D-Link, Belkin and TP-Link do. Adding support to Kali therefore makes it capable of probing a great many WiFi access points.

There’s also support for the OpenVAS 9 vulnerability scanner. Kali’s not included the tool in its default release, but has packaged it so a quick apt-get update and apt install openvas will install a nicely-packaged version of the tool.

 

Reference:

https://www.theregister.co.uk/2017/04/28/kali_linux_adds_gpu_support/

Homebrew crypto SNAFU on electrical grid sees GE rush patches

General Electric is pushing patches for protection relay bugs that, if exploited, could open up transmission systems to a grid-scale attack.

The company hasn’t published much by way of detail, but spoke to Reuters after this Black Hat abstract was published (the talk will be delivered to the July conference in Les Vegas).

The three New York University researchers say they cracked the homebrew encryption in the ancient GE Multilin systems. The abstract is light on detail, but it appears the researchers found a hardcoded password: “we completely broke the home brew encryption algorithm used by these protection and management devices to authenticate users and allow privileged operations. Knowledge of the passcode enables an attacker to completely pwn the device and disconnect sectors of the power grid at will, locking operators out to prolong the attack”.

Reference:

https://www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_of_black_hat_demonstration/

Comment:

Any nations civilian infrastructure is the soft underbelly for warfare.  If you can turn off the lights, or cut out regular communication channels, then you can plummet any country into disarray within minutes.  Protecting the civilian infrastructure, is too important to be left to commercial organisations, who look for the cheapest solutions.  You can imagine the opportunities for hacking that electrical smart meters offer, along with the internet of things.

%d bloggers like this: