ChronIC is the Chronos Integrated Commander, a wearable Sub-GHz RF hacking tool. Written in python.

Skyjack takes over Parrot drones, deauthenticating their true owner and taking over control, turning them into zombie drones under your own control.

pytacle is a tool inspired by tentacle. It automates the task of sniffing GSM frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data. All You need is a USRP (or similar) to capture the GSM band and a kraken instance with the berlin tables (only about 2TB).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot is needed to restart the webserver to make any modification to the device.

The CEO of the UN’s Global Compact initiative, Lise Kingo, talks about the sustainability shift in the C-suite, FDI’s role in achieving the SDGs and how CEOs can address common risks.

I am often asked what I see as the biggest potential game-changers in tech — particularly as it relates to social good. Mobile, social, the cloud, and analytics continue to emerge as key themes. However, analytics is emerging as the true game changer — catalyzed by advances in open architecture.

Let me unpack what I mean by "open architecture." Open means that anyone can access it, contribute to it, and innovate on top of it. At Blackbaud, where I serve as chief technology officer, one of our core tenets has been to design an open, cloud-based software and data architecture. We're cultivating a technical community of partners, customers, and engineers (inside and outside of the company) who are innovating in different ways and contributing to this ecosystem.

From this vantage point, I see the way that openness accelerates the velocity of innovation. Looking at it from a different angle, open ecosystems also yield data and analytics that enable everyone who is part of them to gain more insights and intelligence.

This data can power intelligent software solutions, surface actionable events, maintain accurate and current data assets, and generally drive more results for users. In other words, an open cloud-based architecture elevates usage, which in turn generates more and more data and intelligence that make the system even more powerful.

With data, analytics, and intelligence in mind, the following capabilities emerge as candidates to have a great positive impact.

The Internet of Things

Internet of Things (IoT) technology is cheap and accessible and can transform normal household items into network devices that generate data. In my house, the lights, thermostats, appliances, cars, doors, and windows are all connected devices. These connected devices generate data and intelligence (such as trends in usage, optimization of electricity consumption, and so on). Much like a household, there are many IoT possibilities for nonprofits and other players in the social good space to generate valuable, actionable data.

Instrumentation

Instrumentation provides us with the ability to understand what's happening within our software. As Blackbaud ships features and capabilities within solutions, we monitor usage. We do so to understand if our customers can easily discover the new capability (do they use it the first time they log on?) and to determine if our customers find it valuable (is their use ongoing?). This data-driven approach is an extremely effective way of measuring both the quality of the user experience and the overall value of the work we're doing.

We can learn a lot about our customers just by observing what they do. Across the software industry, instrumentation is driving advances in understanding that enable more targeted solutions to users' challenges.

Usage Information

Like instrumentation, usage data enables us to understand the leading indicators that yield the best, most effective outcomes. For example, through usage data, we were able to understand that nonprofits who proactively thank donors within one week of giving have an advantage. They were much more effective at converting those individuals to longer-term supporters and recurring donors.

Predictive Intelligence

Predictive analytics showcase some of the most stunning and innovative applications of data. At Blackbaud, we think of predictive analytics as a kind of "self-driving car." It guides and sometimes fully automates tasks for our users, enabling them to gain much greater results. A few examples of predictive analytics scenarios that we're working on include

• Extending the most compelling message to a specific person at just the right time via the best channel, to keep them engaged, generate a donation, invite them to an event, or simply share a story.
• Intelligently connecting nonprofits, corporations, individuals, foundations, faith-based organizations, schools, and other stakeholders across the ecosystem we serve. That action enables us to more efficiently coordinate efforts and services and drive greater good together.
• Leveraging social information, an understanding of a person's network, geographical context, and other analytics to help connect an advocate with a nonprofit, school, or foundation, in just the right way.

We leverage the correlation of many different, disparate data sources to drive true intelligence and to power new, predictive user experiences across our applications. Our data platform is what powers this intelligence. This platform drives value across our solutions in other ways, including

• Correcting, appending, and de-duplicating data across the system
• Business intelligence and reporting that shows trends in data
• Real-time data pipelines that spark events across the system based on changes to the data

I’ve included only a few examples of technology capabilities we're researching that we believe will have a strong positive impact. The central theme of these capabilities is providing more actionable data and intelligence. Our commitment to delivering a robust, scalable, and flexible data architecture as well as open, cloud-based software enables us to take advantage of this technology. It also enables us to harness these capabilities to drive greater value for the customers we serve.

This blog post was written by Mary Beth Westmoreland.

spanhidden

Fall has arrived, and with it comes fundraising season. More than one-third of charitable giving happens in the last three months of the year, and the emergence of Giving Tuesday (on November 28 this year) makes the year's end even more critical for charities.

Feeling overwhelmed? Your local NetSquared group is here to help with free, in-person events being held across the U.S. and the globe.

Naples, Florida, is hosting a meetup on tools for effective email fundraising; Chippewa Falls, Wisconsin, is hosting a series of Giving Tuesday brainstorming sessions; and Chicago, Illinois, will explore how your CRM can save end-of-year fundraising plans.

With more than 75 events scheduled for October, there's probably an event scheduled for your community, so RSVP now for one of our meetups.

Join us!

Upcoming Tech4Good Events

This roundup of face-to-face nonprofit tech events includes meetups from NetSquared, NTEN's Tech Clubs, and other awesome organizations. If you're holding monthly events that gather the #nptech community, let me know, and I'll include you in the next community calendar, or apply today to start your own NetSquared group.

Jump to events in North America or go international with events in

• Africa and Middle East
• Asia and Pacific Rim
• Central and South America
• Europe and U.K.

North America

Monday, October 2, 2017

• Vancouver, British Columbia: Photojournalism for Nonprofits and Small Businesses #Storymakers2017

Tuesday, October 3, 2017

• Portland, Oregon
  • Happy Hour with Nonprofit Tech Luminaries
  • NTEN Presents: Oregon Nonprofit Tech Roundup
• Montréal, Québec: Développer une Présence Web Efficace
• Naples, Florida: Tools for Effective Email Communication
• Mason, Ohio: Connecting Nonprofits and Techies in Cincinnati

Wednesday, October 4, 2017

• Pittsburgh, Pennsylvania: Bagels and Bytes — Allegheny
• Baltimore, Maryland: WordPress 101 and Tech Help and Consultations
• San Francisco, California: Code for America Civic Hack Night (Weekly)

Thursday, October 5, 2017

• Calgary, Alberta: Evening on Data Ethics

Friday, October 6, 2017

• Seattle, Washington: King County Executive Director Forum

Monday, October 9, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming

Tuesday, October 10, 2017

• Columbus, Ohio: Nonprofit IT Forum
• Decatur, Illinois: Free and Low-Cost Resources for Nonprofit Software
• Ottawa, Ontario: Review Progress on Data Analysis Projects

Wednesday, October 11, 2017

• Mason, Ohio: Help Create an App for Homeless to Manage Money More Effectively
• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Boston, Massachusetts: Tech Networks of Boston Roundtable: Building an Effective Data Culture at Your Nonprofit
• O’Fallon, Missouri: Learn How to Apply for a $10,000 per Month Google AdWords Grant
• Phoenix, Arizona: Website Building 101: Quick and Easy Web Presence for Nonprofits
• Los Angeles, California: Nonprofit Volunteer Management
• Chicago, Illinois: Net Neutrality

Thursday, October 12, 2017

• Chicago, Illinois: It's Never Too Late: How Your CRM Can Save End-of-Year Fundraising
• Seattle, Washington: What You Need to Know About Board Governance

Saturday, October 14, 2017

• Saint Paul, Minnesota: Minnesota Blogger Conference | by Get Social Events, the Social Media Breakfast Folks ($25)

Monday, October 16, 2017

• San Francisco, California: Social Impact in Tech: Panel Discussion with LinkedIn, Lyft, and Salesforce
• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming
• Seattle, Washington: Fall Nonprofit Technology Speed Geek

Tuesday, October 17, 2017

• Buffalo, New York: Essential Data Management
• Orlando, Florida: Tech4Good Orlando October: Search Engine Optimization and Strategy

Wednesday, October 18, 2017

• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Houston, Texas: NetSquared Houston
• Research Triangle Park, North Carolina: Crowdsourcing Change: The Social Web to Nonprofits

Thursday, October 19, 2017

• Monroeville, Pennsylvania: TechNow 2017 Conference
• Sweet Briar, Virginia: Using Data to Reach Your Audience

Friday, October 20, 2017

• West Chester, Ohio: Southwest Ohio Give Camp
• Boston, Massachusetts: Tech Networks of Boston Roundtable: Can Appmaker Help You? A Free Database Tool from Google

Monday, October 23, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming
• Austin, Texas: Engaging the Millennial Donor

Tuesday, October 24, 2017

• Vancouver, British Columbia: How Delivering Webinars Can Benefit Your Mission

Wednesday, October 25, 2017

• Baltimore, Maryland: Salesforce 101 for Nonprofits and Free Tech Help and Guidance
• San Francisco, California: Code for America Civic Hack Night (Weekly)
• Seattle, Washington: Recruit, Engage, and Retain a Great Board

Monday, October 30, 2017

• Chippewa Falls, Wisconsin: Giving Tuesday Brainstorming

Tuesday, October 31, 2017

• Seattle, Washington: Bolder and Wiser: Nonprofit Advocacy Rights (Part 2)

Central and South America

Wednesday, October 4, 2017

• Guatemala City, Guatemala: Pechakucha Guatemala — Historias Digitales Vol. 15

Africa and Middle East

Sunday, October 1, 2017

• Cotonou, Benin: L'Utilité des Logiciels de TechSoup dans la Progression d Nos ONG dans le Monde
• Kampala, Uganda: Digital Storytelling for Nonprofits Workshop

Monday, October 2, 2017

• Ouagadougou, Burkina Faso: Monthly Meeting of Local Members

Saturday, October 7, 2017

• Matloding, South Africa: Technology for Rural Development
• Bunda, Tanzania: Microsoft Cloud Computing
• Morogoro, Tanzania: Role of ICT for Farm Management

Wednesday, October 11, 2017

• Bamenda, Cameroon: How to Create Digital Stories

Friday, October 13, 2017

• Katabi, Uganda: Using Social Media Applications for Development
• Pangani, Tanzania: Storymakers Campaign

Saturday, October 14, 2017

• Bunda, Tanzania: Microsoft Cloud Computing

Sunday, October 15, 2017

• Cotonou, Benin: Les Logiciels Mis en Don par Techsoup.org pour les ONG et Association au Benin

Saturday, October 21, 2017

• Bunda, Tanzania: Microsoft Cloud Computing

Saturday, October 28, 2017

• Bunda, Tanzania: Microsoft Cloud Computing
• Morogoro, Tanzania: Technology for Livelihood Improvement

Asia and Pacific Rim

Tuesday, October 3, 2017

• Taipei, Taiwan: NGO要怎麼搞群眾募資？- 綠盟經驗談

Wednesday, October 4, 2017

• Singapore, Singapore: DataJam!

Tuesday, October 10, 2017

• Wellington, New Zealand: Set Your Email Newsletter on Fire | Net2Welly Oct '17 Meetup

Sunday, October 15, 2017

• Jakarta, Indonesia: Web Hosting

Europe and U.K.

Tuesday, October 3, 2017

• Paris, France: AdWords Express — Grands Débutants

Wednesday, October 4, 2017

• Puidoux, Switzerland: 7ème Journée Pédagogique ESV-SPV (AVMES/AVMD)

Friday, October 6, 2017

• Carouge, Switzerland: 12h de Hackaton pour Afficher les Termes et Conditions, Que Vous Ne Lirez Jamais

Saturday, October 7, 2017

• Genève, Switzerland: LINforum3 Partage Idée, Réflexion, Projet, Startup, Service … Responsables!

Wednesday, October 11, 2017

• Cambridge, United Kingdom: Social Media Surgery — Hands-on Help with Social Media

Thursday, October 12, 2017

• Paris, France: La Data pour Vous Renforcer

Saturday, October 14, 2017

• Pully, Switzerland: Intergen.Digital à Pully

Monday, October 16, 2017

• Birmingham, United Kingdom: Social Media Session

Tuesday, October 17, 2017

• Dublin, Ireland: Smart Cities for Good

Wednesday, October 18, 2017

• Paris, France: Forum National des Associations et des Fondations
• Bordeaux, France: Les Personas pour Optimiser Votre Conversion

Thursday, October 19, 2017

• Bath, United Kingdom: Tech for Good Community Mapping
• Paris, France: Brainstorming, Plans d'Actions sur Internet

Wednesday, October 25, 2017

• Manchester, United Kingdom: Tech for Good: At the BBC
• Paris, France: AdWords – Initiation
• Paudex, Switzerland: RdV4–0.ch: 3. Solutions Informatiques — Cloud — SaaS — Services en Ligne

Thursday, October 26, 2017

• Barcelona, Spain: ¡Relanzamos NetSquared Barcelona! ¡Te Esperamos!
• Paris, France: Analytics — Initiation

Tuesday, October 31, 2017

• Renens, Switzerland: OpenLab: Visite du Fablab de Renens

Left photo: Gregory Munyaneza / NetSquared Rwanda / CC BY

Center photo: Chrispin Okumu / NetSquared Kenya / CC BY

Right photo: Chrispin Okumu / NetSquared Kenya / CC BY

spanhidden

Computer and network security is an ever-evolving field. As technology advances, cybercriminals find new ways to exploit vulnerabilities in order to get at your personal, financial, or organizational data. We recently spoke with Symantec's Director of Security Response Kevin Haley to get an idea of what threats you'll face in the next year or two.

In short, expect a continuation of common threats like ransomware, as well as the emergence of new threats from connected devices and the so-called Internet of Things. Plus, keep an eye out for the resurgence of an old threat made new.

Ransomware with a Twist

Ransomware — malicious software that locks your data or otherwise compromises your computer in an attempt to extort money — is not a new threat. It's been around for a number of years in various forms. But according to Haley, a new form of ransomware doesn't just lock your files; instead, it threatens to publicly release your data unless you pay up.

For many individuals, this may simply mean an embarrassing leakage of personal data — browser history, emails, photos, and so on. For a nonprofit, especially one that deals with sensitive sociopolitical issues, the possibility of data leakage can have more serious ramifications. It could pose a threat to the community you serve.

Email That Looks Like It Came from a Co-worker

In traditional phishing attempts, scammers create an email that appears to be from a legitimate source — say, Google, Amazon, or Apple. Then they attempt to steal account information, such as usernames and passwords. But in an emerging form of phishing, hackers may use emails purportedly from co-workers or business associates to try to steal information from your organization.

For example, Haley says, you may receive an email from a vendor or a colleague asking for specific pieces of information (such as tax forms) or for money outright. The only problem is that these emails originate from scammers, not your colleagues. And once you email an important piece of information to these impersonators, there's no way to get it back.

With proper data handling, though, you can avoid these sorts of nightmares. See our recent post, 5 Data Security Risks for Nonprofits (and How to Fix Them), to learn more.

The Internet of Things Can Make People Vulnerable

From smart locks to Internet-connected appliances, the Internet of Things promises to change the way we interact with all sorts of items within our homes and offices. But with this comes the potential for security headaches.

According to Haley, these "smart" devices are rarely protected properly, and are easy to infect with malware. And this isn't just an issue that may cause problems some years down the line. Last year, as CNET reported, a network of malware-infected DVRs and webcams overloaded a number of popular websites and online services, temporarily knocking them offline.

Word Macro Viruses Make a Comeback

Perhaps the most surprising threat Haley warned about was the revival of Word macro viruses.

Macro viruses use Microsoft Word's macro programming feature — typically used to automate certain tasks within Word — to infect your computer. Macro viruses have been around for many, many years. And Word disables macros by default: If you open a Word document with a macro, you'll have to click a button to tell Word to turn on any macros within that document.

With this new wave of macro viruses, however, criminals employ social engineering trickery to goad you into turning on macros, allowing the macro virus to do its thing.

Fortunately, you can easily protect yourself from getting infected. First, don't open file attachments from people you don't know. If you receive a Word document with macros from someone you do know, confirm with that person to make sure that they intended to send the macros and that they are safe to run.

As Always, Vigilance Is Key

Although specific threats may evolve over time, good security practices never go out of style. Use a security software package and keep it updated. Enforce good account security practices within your organization.

Don't open file attachments from people you don't know, and don't open unexpected file downloads. Secure all your devices as best you can. And if something seems fishy — perhaps that email from your boss doesn't seem quite right — don't be afraid to question it.

By taking small steps like these, you might save yourself — and your organization — some serious pain.

spanhidden

Egypt became the ‘bread basket’ of Africa in 2018, attracting the largest number of foreign investments in food manufacturing. 

Poor infrastructure and political instability deter tourism, but small and manageable steps to avoid chaos and promote hospitality can work wonders.