- Recent
- Popular
- Tags (0)
- Subscribers (1)
- Uninformed v10 is outOctober 14
-
The nice underground magazine Uninformed v10 came out today.
Kinda reminds me of the old days of underground magazines. Fine to see that there are still several around.
What is special about issue 10?
HD Moore talks about penetrating systems via IPv6, and hypes our thc-ipv6 attack toolkit
Thanks HD Moore, and the article sure is a read.
Have fun guys, here is the link:
http://www.uninformed.org/?v=10&a=3 - The Risk of ePassports and RFIDSeptember 29
-
Today vonJeek/THC released his tool and a video how to duplicate (clone) and modify
a Passport with RFID chip.
http://freeworld.thc.org/thc-epassport/
The weakness is in the way the system has been rolled out. The terminal accepts
self-signed data.
This attack is different to the grunwald attack. VonJeek's attack makes it possible to copy,
forge and modify the data so that it is still accepted as a genuine valid passport by the terminal.
Using a Certification Authority (CA) could solve the attack but at the same time
introduces a new set of attack vectors:
1. The CA becomes a single point of failure. It becomes the juicy/high-value target for the attacker.
Single point of failures are not good. Attractive targets are not good.
Any person with access to the CA key can undetectably fake passports. Direct attacks, virus,
misplacing the key by accident (the UK government is good at this!) or bribery are just a few
ways of getting the CA key.
2. The single CA would need to be trusted by all governments. This is not practical as this
means that passports would no longer be a national matter.
3. Multiple CA's would not work either. Any country c - Windows Mobile file recovery HOWTOSeptember 24
-
During one of my recent projects, it became necessary to undelete files from a Windows Mobile device. Unfortantely, there are no free, reliable tools that will do this. Also, the device that I needed to do this on, was configured so as to not allow 3rd party apps to run on it, limiting my options. Now, you'd think "i'll just google this' but alas, even google will not tell you how to do this. So after a few hours of poking around I found this solution that I thought I'd share with you just so that the next time someone googles this, there actually will be 1 relevant hit.
The steps are quite simple. First download http://nah6.com/~itsme/itsutilsbin-20080313.zip
Hook up your windows mobile device to your activesync host. You need active sync for this to work.
Unzip and find loads of funky utils written by Dutch hacker Itsme.
Most windows mobile devices run their disk partitions on a chip called DiskOnChip (DOC). Older devices us DOC 3, newer ones DOC 4. One of the utils we need is pdocread.exe. The first time you run any itsutil, it'll upload a dll to the device that performs the low-level functions. First, we run from a dos box:
pdocread -l
This will list all disks and partitions on your device and the hex file handle.
To find the actual size in blocks of the partition, you need to address the partition using the hex file handle:
pdocread -h -t
This will tell you the amount - Port Scanning the InternetAugust 10
-
Today fyodor/nmap gave a talk at defcon ("Nmap: Scanning the Internet"). It was one of the better if not the best presentation at defcon for me. Fyodor presents his research with a lot of charm, fun and motivation.
Nmap can now be used to scan the entire Internet.
Before joining THC I was doing research for Team-Teso. In 2000 one of our problems at Teso was that many script kiddies entered the arena
and started setting up DDoS hosts and owning like mad. Hacking became mainstream.
At Teso we did not like script kiddies and we abhorred those doing DDoS. A small group of Teso and some friends reverse engineered the backdoors and started scanning for them. Our objective was to discourage script kiddies and stop DDoS attacks (by removing the DDoS agents).
Techniques
We developed a new scanner (called 'bscan', not published but a handful of people had it) that was capable of scanning
the internet.
The main features of bscan were:
- Raw SYN scanner. Full TCP/IP stack in userland.
- Using ghost IP and ghost MAC (untraceable)
- Modular. We developed loadable modules for telnet handshake, bind, http (HEAD / HTTP/1.0), ...
- Sending out 50.000 or more syn packets per second.
- Running on linux, sunos/solaris and bsd.
In short the scanner was capable of scanning the entire Internet (0.0.0.0 - 239.255.255.255). The scanner retrieved all Web Server versions
or - GSM Researcher stopped at Heathrow Airport by UK government officialsApril 16
-
I was leaving today from the United Kingdom/Heathrow airport. I am about to speak at the HITB IT security conference about GSM security and the USRP (gnu-radio project).
I was searched by British authorities while waiting at the Gate and reading a newspaper. A UK Government employee flipped his badge and said "Let's talk. Come over here".
They detained my USRP (Software Defined Radio), my mobile phone and my personal SIM card.
I informed them about my work and any possible risk in January before I was giving a talk about GSM security at Blackhat/Washington DC. They knew who I am, where i live, which day I speak at the conference and who I work for.
I'm involved in the GSM software project where we also developed a new attack against the GSM encryption A51. We published our research in February at the Blackhat security conference in Washington DC.
I understand that the government wanted to make sure that I'm not exporting any cryptanalytic device.
I did not. I will not. The USRP is a radio. My mobile phone is a normal nokia 3310 phone and my SIM card is a sim card.
They said they do not know what the USRP is and that I can not take it until they have checked it in the lab. This can take 14 days (1/2 month).
So be it. They have it for 14 days. Guys, enjoy the device! It's fun playing around with it!
I'm uneasy that they took my mobile ph