Wednesday, August 31, 2005

Federal Data Mining an Invasion of Privacy

A new report says federal agencies using electronic data mining techniques are running afoul of Government rules to protect privacy rights. The report by congressional investigators says none of the 5 federal agencies who use data mining are following all of the rules for gathering such personal information, and as a result, there's no way to be sure that individual privacy rights are being properly protected. The Government Accountability Office says the failure to follow the rules has increased the risk that personal information could be exposed or changed, or has made it harder for people to keep track of their personal data. The agencies like the FBI and the IRS has been using data mining to track terrorists, catch criminals or prevent fraud.


We Should all Sleep Better Now...

When FBI supervisors in Miami met with new interim U.S. Attorney Alex Acosta last month, they wondered what the top enforcement priority for Acosta and Attorney General Alberto Gonzales would be.

Would it be terrorism? Organized crime? Narcotics trafficking? Immigration? Or maybe public corruption?

The agents were stunned to learn that a top prosecutorial priority of Acosta and the Department of Justice was none of the above. Instead, Acosta told them, it's obscenity. Not pornography involving children, but pornographic material featuring consenting adults.


Is it Possible to Have a Secure Disaster?

Natural disasters like Hurricane Katrina often pave the way for looting, price gouging, and other opportunistic scams -- including identity theft. Most Gulf Coast residents are still in survival mode, focused on keeping themselves, their loved ones, and their belongings out of harm's way. But as they deal with the devastation, how can they safeguard their personal information to keep identity thieves from compounding their problems?

Think about all of the data/information that is now lost and/or in the open in New Orleans. Think of all the fuss that has been made in the past over just one missing tape. How many tapes do you think are floating down Bourbon Street this AM?

How many corporate DR plans were up for the task? It is one thing to be a large company with just offices in the area, but what if your headquarters (and DR site) were in the path Katrina? Could your company operate in an area under water and Martial Law?


How to Secure your Wireless Network

A couple of good videos on securing your wireless network on a dlink and linksys router.

New Search Engine Based on Unintended Information Revelation (UIR)

I hope there is a lot of testing, discussion and debate before something like this is deployed. False positives could be very scary...
Existing search engines process individual documents based on the number of times a key word appears in a single document, but UIR constructs a concept chain graph used to search for the best path connecting two ideas within a multitude of documents.

To develop the method, researchers used the chapters of the 9/11 Commission Report to establish concept ontologies – lists of terms of interest in the specific domains relevant to the researchers: aviation, security and anti-terrorism issues.

"A concept chain graph will show you what's common between two seemingly unconnected things," said Srihari. "With regular searches, the input is a set of key words, the search produces a ranked list of documents, any one of which could satisfy the query.

"UIR, on the other hand, is a composite query, not a keyword query. It is designed to find the best path, the best chain of associations between two or more ideas. It returns to you an evidence trail that says, 'This is how these pieces are connected.'"

The hope is to develop the core algorithms exposing veiled paths through documents generated by different individuals or organisations.


Tuesday, August 30, 2005

Chinese researcher warns of nude Web chats

Practice safe chatting - do we need condoms for web cams?

A Chinese researcher has warned of a new threat to public health and morality - naked Internet chatting. Up to 20,000 Chinese Internet users log on to chatrooms each night in which users in various states of undress talk to each other with the help of Web cams, the Shanghai Daily newspaper said Tuesday, citing China Youth Association researcher Liu Gang.

"At first, we thought if was merely a game for a few mentally abnormal people," the paper quoted Liu as saying. "But as our research continued, we found the problem was much larger than expected," Liu said.

Needle Exchange For Hackers (not!)

Ok article, but not necessarily a good analogy. An addict turns in a dirty needle and gets a clean one – no exchange of information is required. The “hackers” aren’t turning in their tools. This is closer to a slut vs. a prostitute – one gets paid the other doesn’t and either way, everyone involved gets a little dirty...


Needle exchange programs operate on the gritty premise that junkies will shoot up regardless of risk, so you might as well give them clean needles to prevent the spread of disease. That's the same kind of logic behind programs such as iDefense's Vulnerability Contributor Program (VCP) and 3Com/TippingPoint Technologies' new Zero Day Initiative (ZDI), which pay independent researchers for newly discovered software vulnerabilities. Hackers will never stop uncovering flaws, so you might as well encourage them with cash payouts to report those vulnerabilities to a trustworthy security company. The company then shares this information with customers and affected vendors, and waits until a patch is available before publicly announcing the vulnerability. "We're doing the QA that vendors should have done before they ever put the product on the shelf," says Michael Sutton, director of iDefense Labs and the VCP. "Vendors benefit because they get advanced warning, and end users benefit because they get vulnerabilities patched."

Monday, August 29, 2005

Portable Freeware Collection

A site dedicated to the collection and cataloguing of freeware that can be extracted to any directory and run independently without prior installation. These can be carried around on a memory stick / USB flash drive, or copied / migrated from PC to PC via simple copying of files. Hence the term portable freeware...

Same Church, different pew...

The Portable Virtual Privacy Machine
- Carry your entire Internet communication system on a tiny USB drive. Contains a complete virtual Linux machine with privacy-enabled Open Source Internet applications. No installation needed - just plug the drive into any Windows or Linux computer, and click on the Virtual Privacy Machine icon and you're ready to go.

Police chief- Lockerbie Evidence was Faked

Think this is the first and/or last time?

"A FORMER Scottish police chief has given lawyers a signed statement claiming that key evidence in the Lockerbie bombing trial was fabricated.

The retired officer - of assistant chief constable rank or higher - has testified that the CIA planted the tiny fragment of circuit board crucial in convicting a Libyan for the 1989 mass murder of 270 people."

Sunday, August 28, 2005

Stealing from Geeks

Stealing from phone geeks might not be the best plan in the world.

Friday, August 26, 2005

Microsoft - Security at Home Videos

Microsoft has a nice collection of free online security videos for educational or training purposes for home users on how to protect against computer viruses, spyware, spam, etc.

Security Now! with Steve Gibson

A weekly look at hot topics in security from the creator of ShieldsUP and Spinrite (and TWiT regular). Released every week by midnight Thursday, just in time for your weekend podcasting...

The feed URL is: http://feeds.feedburner.com/securitynow

Thursday, August 25, 2005

A Socio-Technical Approach to Internet Security

Interesting research grant from the NSF:

Technical security measures are often breached through social means, but little research has tackled the problem of system security in the context of the entire socio-technical system, with the interactions between the social and technical parts integrated into one model. Similar problems exist in the field of system safety, but recently a new accident model has been devised that uses a systems-theoretic approach to understand accident causation. Systems theory allows complex relationships between events and the system as a whole to be taken into account, so this new model permits an accident to be considered not simply as arising from a chain of individual component failures, but from the interactions among system components, including those that have not failed.

This exploratory research will examine how this new approach to safety can be applied to Internet security, using worms as a first example. The long-term goal is to create a general model of trustworthiness that can incorporate both safety and security, along with system modeling tools and analysis methods that can be used to create more trustworthy socio-technical systems. This research provides a unique opportunity to link two research disciplines, safety and security, that have many commonalities but, up to now, relatively little communication or interaction.

Why We Must Leave Iraq

Larry Johnson is far from being an anti-war advocate, but he is an intelligence expert and his opinions come from the many years of experience he has attained.

He breaks it down into three parts.

Tuesday, August 23, 2005

Blue Sky and Fresh Air

Via the WiFi at Rapid City SD Airport...

Where I was - http://www.spearfish.com/canyon/

Live from Deadwood

Regular stuff tomorrow...

Wednesday, August 17, 2005

Believe Nothing You Read...

...and only half of what you see.

Like it or not, fake images are everywhere and have become a part of today's culture. Thanks to the popularity of digital cameras and the availability of desktop imaging software that allows users to easily manipulate images, fake images have become commonplace, especially on the Internet.

Unmanned Planes Patrolling Borders

Customs and Border Protection, a part of the Department of Homeland Security, has tested UAVs along the Mexican border, and is considering using these surveillance planes permanently. The Coast Guard, also under the umbrella of Homeland Security, has bought 45 of Bell Helicopter’s “Eagle Eye” tilt-rotor UAVs and will begin rolling them out in September.4 Each Eagle Eye costs $5.5 million.

'Home banking hacker' arrested

Self-confessed home banking hacker Pieter Miclotte has been arrested on charges of fraud. Miclotte reported to Ghent police on Friday 8/12, just hours after Belgian media quoted him saying that thieving via home banking is as easy as plundering a shop with its doors open. He told newspaper 'Het Laatste Nieuws' that he'd robbed customers of two banks, namely ING and Keytrade, via online banking. He claimed to have stolen thousands of euros in recent weeks. Miclotte said he gained access during chat sessions to the computers of other online chatters and went looking for information about their banking and bank access codes. He allegedly used those codes to transfer large sums of money to his own accounts.

Tuesday, August 16, 2005

Guard against Social Engineering Attacks

I am delighted to report the release of a marvelous device to guard against social engineering attacks: http://www.stopabductions.com/

Users have reported that since wearing one, they have not once succumbed to numerous invitations to update their details at PayPal and/or a variety of banks. One user was briefly tempted to collect his winnings from a lottery he had never entered and to assist the survivors of a former West African dictator tragically killed in a plane crash in 1998 to repatriate a trunk full of money, but then he discovered the rear of the anti-social-engineering device had ridden up, temporarily exposing his amygdyla to the harmful thought rays.

It has also been reported that the device also protects against mobile phone radiation. Scientists have been unable to confirm whether a slight increase in head temperature since wearing the device is due to GSM-induced cerebral currents or reduced convective cooling.

Monday, August 15, 2005

The third issue of (IN)SECURE

A free digital security magazine published in PDF format: http://www.insecuremag.com

The covered topics are:

- Security vulnerabilities, exploits and patches
- PDA attacks: palm sized devices - PC sized threats
- Adding service signatures to Nmap
- CSO and CISO - perception vs. reality in the security kingdom
- Unified threat management: IT security's silver bullet?
- The reality of SQL injection
- 12 months of progress for the Microsoft Security Response Centre
- Interview with Michal Zalewski, security researcher
- OpenSSH for Macintosh
- Method for forensic validation of backup tapes

shmoocon 2006 - Register Today!

An annual East coast hacker convention hell-bent on offering an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, as well as open discussion of critical information security issues. ShmooCon 2006 will be January 13-15, 2006, in Washington, D.C..

Pre-registration is open. $75 gets you in the door this year if you sign up by October 1st. Space is limited once again, so getting a seat early is encouraged.

a nonist public service pamphlet — Without question one of the best commentaries written about blogging you’ll ever see. Great stuff.

There is a growing epidemic in the cyberworld. a scourge which causes more suffering with each passing day. as blogging has exploded and, under the stewardship of the veterans, the form has matured more and more bloggers are finding themselves disillusioned, dissatisfied, taking long breaks, and in many cases simply closing up shop. this debilitating scourge ebbs and flows but there is hardly a blogger among us who has not felt it’s dark touch. we’re speaking, of course, about blog depression.

we here at the nonist have spoken before about the “blog life crisis” which is a natural part of any blog’s life-span. what we turn our attention to now, however, is the more insidious, prolonged strain of dissatisfaction which stays with a blogger, right below the surface, throughout a blog’s lifetime.


Bored on the phone? Beware the Jerk-O-Meter

Researchers at the Massachusetts Institute of Technology are developing software for cell phones that would analyze speech patterns and voice tones to rate people -- on a scale of 0 to 100 percent -- on how engaged they are in a conversation.

Anmol Madan, who led the project while he pursued a master's degree at MIT, sees the Jerk-O-Meter as a tool for improving relationships, not ending them. Or it might assist telephone sales and marketing efforts.

"Think of a situation where you could actually prevent an argument," he said. "Just having this device can make people more attentive because they know they're being monitored."

(Item sent in by regular reader - Thanks, Dan!)

Saturday, August 13, 2005

Secure Planet?

Fear of a Warm Planet...

Here's the kind of stuff that can keep you awake at night. It's scary because it's real.

God Bless America - Video ode to the American hillbilly


A video montage of still photos set to the theme from Deliverance. I could watch it a 100 times...

Friday, August 12, 2005

Court Overturns Ruling Saying Reading Someone's Email Isn't A Wiretap

Last year, there was a big uproar over the fact that a court found that a bookseller who offered his customers free email accounts did not violate wiretapping laws by reading their emails in order to see what Amazon was offering as deals. The ruling hinged on the wording of wiretap laws. The judges in the case admitted they weren't comfortable with the decision, but the problem was in the way the law was worded. The law only applies to "intercepted" communications -- and since the messages were (temporarily) on a server, reading through them technically was not "intercepting" communications, since they already had them. It appears that a new ruling now reverses that ruling and says that it is wiretapping, and the original case can go on. While the end result may seem like a good thing, protecting the rights of individuals to keep their email private from their email providers, the decision is still questionable. The real problem here is the wiretap law that is not designed to handle this situation at all. The article above notes that the law hopefully will still be changed -- which would solve this issue. However, in the meantime, it does sound like the judges may have decided something not based on what the law actually says.

Summer read: Markoff's "What the Dormouse Said"

While there have been several histories of the personal computer, well-known technology writer John Markoff has created the first ever to spotlight the unique political and cultural forces that gave rise to this revolutionary technology. Focusing on the period of 1962 through 1975 in the San Francisco Bay Area, where a heady mix of tech industries, radicalism, and readily available drugs flourished, What the Dormouse Said tells the story of the birth of the personal computer through the people, politics, and protest that defined its unique era.

Here's an excerpt:

Bill Duvall at work on one of the Augment Group's yoga workstations.

Dave Evans was one of the Augment team members who had strong ties to the counterculture, and one evening Steward Brand brought Ken Kesey by for a look at the NLS system. It was several years after the Merry Prankster era and Kesey's legal problems over a marijuana arrest, and he had become a celebrity as a result of the publication of Tom Wolfe's The Electric Kool-Aid Acid Test, in which he was the main character. He was quarreling with Hollywood movie studios over the film based on his novel Sometimes a Great Notion and was preparing to retreat to a dairy farm in Oregon.

For an hour, Evans took the system through its paces, showing the writer how it was possible to manipulate text, retrieve information, and collaborate with others. At the end of the demonstration Kesey sighed and said, "It's the next thing after acid."

Thursday, August 11, 2005

MD5 Used as a Defence

A team of Chinese maths enthusiasts have thrown NSW's speed cameras system into disarray by cracking the technology used to store data about errant motorists.

The NRMA has called for a full audit of the way the state's 110 enforcement cameras are used after a motorist escaped a conviction by claiming that data was vulnerable to hackers.

A Sydney magistrate, Laurence Lawson, threw out the case because the Roads and Traffic Authority failed to find an expert to testify that its speed camera images were secure.

The motorist's defence lawyer, Denis Mirabilis, argued successfully that an algorithm known as MD5, which is used to store the time, date, place, numberplate and speed of cars caught on camera, was a discredited piece of technology.

Password Crackers, Encryption Tools, Penetration Tester List

A website with list of available programs, websites, and companies that specialize in security, password hacking, cracks, security publications, computer forensics and more.

Gee, the Stuff from DefCon Just Keeps Comming...

Video from the DefCon WiFI Shootout event along with some photos and topographical information.

Wednesday, August 10, 2005

And it's not even Friday: WiFi Speed Spray

This revolutionary product enhances the transfer of computer data through the air. You'll be amazed! Why spend $$$ to upgrade your network when all you need to speed things up is WiFi Speed Spray!

Do you live in a polluted environment such as Los Angeles? If so, you've probably experienced the heartbreak of data transfer slow-down.

WiFi Speed Spray™ can overcome the effects of pollution, increase fidelity, and provide you with the fastest wireless data transfer possible. Compatible with ALL 802.XXx standards!

It's a scientific fact. Radio waves become sluggish under a variety of common environmental conditions. Besides air pollution, radio waves slow down in noisy environments, at night, and in "high emission" areas such as computer rooms, offices that use fluorescent lighting, and even in the kitchen (those pesky microwave ovens are to blame!).

WiFi Speed Spray™ is designed to eliminate these harsh conditions selectively. Only the radio wave path is affected. It's 100% SAFE to use, natural, no harmful toxic substances, and no side-effects. It's so safe, you can even BREATHE it in.

Hack Your Life

lifehack.org - Daily digest and pointer on productivity, getting things done and lifehacks

What if you applied the hacker mindset to your everyday life? Getting things done quicker and smarter than normal people. LifeHack is updated daily with the most recently notable articles being: the art of traveling with one bag, optimizing your bathing, note taking systems, and how to get a project up and running.

Too Much Security Can be Bad - Man's Testicles Locked In Padlock

According to the Portsmouth Herald, police reported that the 39-year-old man was intoxicated when they arrived at the scene on July 30 at about 3:40 a.m. The man, who was not identified, told them that he had the padlock around his testicles for two weeks.

The man said that a friend put the lock on while he was drunk and passed out. When he woke up, the friend was gone.

"Never in my 13 years have I seen anything like this," Cpl. H.D. Wood told the Herald.

The man told police that he tried to remove the lock with a hacksaw because the key had broken off in the lock.

He was taken to Exeter Hospital, where a locksmith removed the padlock. He was treated and released, and the hospital said he had no lasting injury.

Police said that they did not know the motive for the incident.

One More Last Tidbit from DefCon

The Shmoo Group's DefCon 13 presentation, "Shmoo-Fu", is available as PDF HERE.

While the presentation is interesting enough (prob should of been there). The sidebar/disclaimer for Law Enforcement Agents makes for a just as interesting read...

Tuesday, August 09, 2005

One Last DefCon Tidbit - Wireless Interception Distance Records

Don't believe wireless distance limitations. Again and again they're proven wrong.

At DefCon earlier this month, a group was able to set up an unamplified 802.11 network at a distance of 124.9 miles.

The record holders relied on more than just a pair of wireless laptops. The equipment required for the feat, according to the event website, included a "collection of homemade antennas, surplus 12 foot satellite dishes, home-welded support structures, scaffolds, ropes and computers".

Bad news for those of us who rely on physical distance to secure our wireless networks.

Even more important, the world record for communicating with a passive RFID device was set at 69 feet. (Pictures 69 here.) Remember that the next time someone tells you that it's impossible to read RFID identity cards at a distance.

Whenever you hear a manufacturer talk about a distance limitation for any wireless technology -- wireless LANs, RFID, Bluetooth, anything -- assume he's wrong. If he's not wrong today, he will be in a couple of years. Assume that someone who spends some money and effort building more sensitive technology can do much better, and that it will take less money and effort over the years. Technology always gets better; it never gets worse. If something is difficult and expensive now, it will get easier and cheaper in the future.

Monday, August 08, 2005

No Monad scripting in first Windows Vista

Just one day after the first public reports of viruses being written for an upcoming feature of Microsoft's Windows operating system, Microsoft has confirmed that it will not include theMonad Shell feature in the first generally available release of Microsoft Vista, expected in the second half of 2006.

The Monad Shell, provides a way for users to access the operating system using text-based commands rather than the traditional Windows graphical user interface. In the past, Microsoft has said that Monad will be part of "Longhorn," the code name for both the next client and server versions of Windows.

In an interview Friday, Microsoft Director of Product Management Eric Berg said Monad will not be included in the first commercial version of Windows Vista, expected in the second half of 2006. But the product is expected to be included in Windows over the next "three to five years," he said. "Our intention is to synchronize it with both client and server operating systems."

Security experts had worried that if Monad were to be included in a widely used client, it might become an attractive target for hackers, especially if the shell were to be enabled by default.

Ray was worried about this...

Saturday, August 06, 2005

London Bombing Details

Interesting details about the bombs used in the 7/7 London bombings:

The NYPD officials said investigators believe the bombers used a peroxide-based explosive called HMDT, or hexamethylene triperoxide diamine. HMDT can be made using ordinary ingredients like hydrogen peroxide (hair bleach), citric acid (a common food preservative) and heat tablets (sometimes used by the military for cooking).

HMDT degrades at room temperature, so the bombers preserved it in a way that offered an early warning sign, said Michael Sheehan, deputy commissioner of counterterrorism at the nation's largest police department.

"In the flophouse where this was built in Leeds, they had commercial grade refrigerators to keep the materials cool," Sheehan said, describing the setup as "an indicator of a problem."

Among the other details cited by Sheehan:

The bombers transported the explosives in beverage coolers tucked in the backs of two cars to the outskirts of London.

Investigators believe the three bombs that exploded in the subway were detonated by cell phones that had alarms set to 8:50 a.m.

For those of you upset that the police divulged the recipe -- citric acid, hair bleach, and food heater tablets -- the details are already out there.

And here are some images of home-made explosives seized in the various raids after the bombings.

Normally this kind of information would be classified, but presumably the London (and U.S.) governments feel that the more people that know about this, the better. Anyone owning a commercial-grade refrigerator without a good reason should expect a knock on his door.

Remote-Controlled Humans

Now here is a way to secure/manage your staff...

NTT has demonstrated a remote-control system for people. The researchers outfit their subject with two electrodes behind the ears that "pull" her in one direction or another. As you can see in the video accompanying a Forbes article on the technology, the subject walks (and laughs) like she's just hammered.

Friday, August 05, 2005

2005 or 1984?

Cops can dig through your trash legally, says judge...

A Montana Supreme Court justice says it's within the law for police to sift through your garbage for incriminating stuff, even without a warrant or court approval. The Supreme Court of Montana ruled last month that police could conduct a warrantless "trash dive" into the trash cans in the alley behind the home of a man named Darrell Pelvit. The cops discovered pseudoephedrine boxes -- a solvent with uses including the manufacture of methamphetamine -- and Pelvit eventually ended up in prison.

Pelvit's attorney argued that his client had a reasonable expectation of privacy in his trash, but the court rejected the argument and said the trash was, well, meant to be thrown away.

What's remarkable is the concurring opinion of Montana Supreme Court Justice James C. Nelson, who reluctantly went along with his colleagues but warned that George Orwell's 1984 had arrived.

So dumpster diving is legal for everyone?

Wearable tech at Siggraph: Fridays are for Fun!

The fourth annual Cyberfashion show at SIGGRAPH took place this week in Los Angeles.

Wearable Environmental Information Networks of Japan, or WIN, showed several notable designs, including Report-the-World, a get-up designed for future stealth journalists. A retro trench coat hides 10 hidden cameras for capturing 360-degree panoramic images. The front pocket holds a small computer, a ring-embedded speaker transmits location-based audio instructions, and a head-mounted display is stylishly encrusted with Swarovski crystals, like an electric tiara.

WIN also demonstrated Dog @ Watch for children. The plushy-form device for the wrist hides a GPS sensor, a cell phone for voice-dialing parents and an alarm sensor to monitor the wearer's safety.

Kirsten McCall, a 9-year-old model, acknowledged the value of safety features to "protect against bad guy kidnappers," but was more excited about other potential features. "I'd like a jacket that has a TV on the sleeve, so I can watch shows all day -- but mostly, I want clothes that do my homework for me."


Thursday, August 04, 2005

Elevator Hack: Press Two Buttons at Once and Head Straight for the Lobby

Here’s a hack that will put most elevators in a hidden “Express” mode that bypasses all the floors and sends you right to the lobby. Love it!

“The designers of some elevators include a hidden feature that is very handy if you’re in a hurry or it’s a busy time in the building (like check-out time in a hotel). While some elevators require a key, others can be put into “Express” mode by pressing the “Door Close” and “Floor” buttons at the same time. This sweeps the car to the floor of your choice and avoids stops at any other floor. This seems to work on most elevators that I have tried!

“Most elevators have the option for this to work, but on some of them the option is turned off by whoever runs them. This is a rather fun hack, so the next time you are on an elevator, give it a try, you have nothing to lose.” Source: The Damnblog.com

Elevators that have been tested and worked on:
Otis Elevators (All But The Ones Made In 1992),
Dover (Model Numbers: EL546 And ELOD862),
–And Most Desert Elevators(All, But Model Numbers ELD5433 And ELF3655)

Wednesday, August 03, 2005

More Lynn/Cisco Information

Jennifer Granick is Lynn's attorney, and she has blogged about what happened at BlackHat and DefCon. Photographs of and a .pdf of the slides Lynn actually used for his talk can be found here.

Sign of the Times? Better Wi-Fi than Wife! I always say...

UK Commissioner Wants 10-years for Refusing Access to Encrypted Data

Sir Ian Blair, Commissioner of the Metropolitan Police, will this week propose a 10-year mandatory minimum sentence for anyone refusing to provide police with details of how to access encrypted information on their computers.

Dozens of computers have been seized in the UK and Italy in the wake of the recent bombings. At present, police can hold suspects for a maximum of 14 days under terrorism legislation, often insufficient time to break into whatever information their computers may contain.

'A lot of the stuff that we have on computers is encrypted, and for that reason I am interested in creating an offence of refusing to reveal an encryption key,' Blair said. 'It has to be punishable by a term of at least 10 years.'

However, the civil rights group Liberty says the proposals are 'like suggesting that the police should be able to steam open your mail after you've put it in the post box'.

WiFi pistol shown at Defcon

Every year, smaller, more powerful processors come to market - hacker weaponry follows the same trend. Last year, the Shmoo Group and Flexilis demonstrated long-ranged WiFi and Bluetooth rifles, but this year, wireless weaponry becomes smaller, but much more powerful. The Shmoo Group, known for melding cool security gear into hardware, showed off their latest creation, a powerful 802.11 pistol, which can detect WiFi networks for miles.

The WiFi pistol consists of a Compaq IPaq PDA, a Compact Flash battery sleeve, a Senao wireless card, a 9db patch antenna, a rotary attenuator, one watt amp and an external battery pack.

The electronics are mounted on a slingshot frame that has an integrated pistol grip. The PDA runs Wellreiter, which is a network detection and auditing tool similar to NetStumbler or Kismet. With everything turned up full blast, the pistol can detect networks miles away. Beetle, a member of the Shmoo Group, says that the pistol usually detects 50-60 networks instantly.

The one watt amplifier, combined with the nine db antenna and the power coming the Senao card, produce an incredible amount of radiated energy. The rotary attenuator can reduce the power feeding the antenna, to prevent power swamping of close access points. Under normal usage, Beetle says that the pistol can last eight hours straight.

Tuesday, August 02, 2005

Phrack #63 (PHRACK FINAL) e-zine released!

Looks like Phrack #63 is available for download... From the introduction.txt file:

For 20 years PHRACK magazine has been the most technical, most original,
the most Hacker magazine in the world. The last five of those years have
been under the guidance of the current editorial team. Over that time, many
new techniques, new bugs and new attacks have been published in PHRACK. We
enojoyed every single moment working on the magazine.

The time is right for new blood, and a fresh phrackstaff.

PHRACK 63 marks the end of the line for some and the start of the line for
others. Our hearts will alwasy be with PHRACK.

Expect a new release, under a new regime, sometime in 2006/2007.

As long as there is technology, there will be hackers. As long as there are
hackers, there will be PHRACK magazine. We look forward to the next 20 years.

Hacking Hotel Infrared Systems

From Wired:

A vulnerability in many hotel television infrared systems can allow a hacker to obtain guests' names and their room numbers from the billing system.

It can also let someone read the e-mail of guests who use web mail through the TV, putting business travelers at risk of corporate espionage. And it can allow an intruder to add or delete charges on a hotel guest's bill or watch pornographic films and other premium content on their hotel TV without paying for it....

"No one thinks about the security risks of infrared because they think it's used for minor things like garage doors and TV remotes," Laurie said. "But infrared uses really simple codes, and they don't put any kind of authentication (in it).... If the system was designed properly, I shouldn't be able to do what I can do."



Monday, August 01, 2005

An anonymous Internet communication system

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan