Hello yall…
It is sunday evening and my daugther has gone to sleep and the wife is making her hair in the bedroom, finally i have some time for my self and my tech toys. I've got this cool new MacBookPro 17" as work computer and im thinking that what games should i install on it??? or should i do it at all???
I also found out last week that our university is been hit by some script-kiddy and some bullshit virus, the "cracker" calls himself "Promish" the fun part is that the virus is basically total bullshit virus. I actually think that i know who the so called "cracker" is, the only question is that should i burn the "cracker's" ass.
Lately i've been thinking a lot of opening my own website where i could make some money. Do you guys have any ideas of what kind of website would be profitable???
tomorrow is back to work… and 2 exams on next week also, Cisco CCNA 2 written exam and C++ exam also… hopefully it will go well, really don't have that much energy or motivation to make more exams…
Cr3sc0
sunnuntaina 13. joulukuuta 2009
perjantaina 11. joulukuuta 2009
torstaina 10. joulukuuta 2009
Want to watch HULU on your mac in europe??? then check out this video
Want to watch HULU on your mac in europe??? then check out this video
Hulu.com in Europe - For Mac Users from Kurt von Moos on Vimeo.
keskiviikkona 9. joulukuuta 2009
RFID passport identity theft made simple
You’re confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don’t know is that the man behind you is recording the data sent by your passport’s RFID chip as it is scanned.
Your name, nationality, gender, birthday, birthplace and a nicely digitized photo is in his hands. With that info he can photoshop up a passport, get a copy of your Social Security card and with that get credit cards and bank accounts in your name.
Rewarding individual enterprise
Thanks to bureaucratic confidence in RFID technology this is a real threat. An article in the Communications of the Association for Computing Machinery goes into the details:
The weak 52-bit key encryption is easily broken. Then just counterfeit the passport, get a social security card and start shopping!
As the article notes, forging a passport can be expensive. It might be easier just to steal it.
The Storage Bits take
The RFIDiocy keeps getting worse. The Feds were pwnd at DefCon earlier this year.
But these are just the risks we know about today. What new technologies will appear in the next 15 years to make both eavesdropping and forgery easier?
The RFID passport is a technological sitting duck for bad guys of all kinds - criminals and terrorists - courtesy of the US State Department.
As I noted in previous post:
Your name, nationality, gender, birthday, birthplace and a nicely digitized photo is in his hands. With that info he can photoshop up a passport, get a copy of your Social Security card and with that get credit cards and bank accounts in your name.
Rewarding individual enterprise
Thanks to bureaucratic confidence in RFID technology this is a real threat. An article in the Communications of the Association for Computing Machinery goes into the details:
For successful data retrieval the perpetrator’s antenna must catch two different interactions: the forward channel, which is the signal being sent from the RFID reader to the RFID token; and the backward channel, which is the data being sent back from the RFID token to the RFID reader. . . .They’ve got your data, now what?
. . . the perpetrator would need only an antenna and an amplifier to boost the signal capture, a radio-frequency mixer and filter, and a computer to store the data. The amplifier itself would not even need to be that powerful, since it would need to boost the signal over only a short distance of three to five meters. . . . These RFID “sniffers” can then be plugged into a laptop via a USB port.
The weak 52-bit key encryption is easily broken. Then just counterfeit the passport, get a social security card and start shopping!
As the article notes, forging a passport can be expensive. It might be easier just to steal it.
The Storage Bits take
The RFIDiocy keeps getting worse. The Feds were pwnd at DefCon earlier this year.
But these are just the risks we know about today. What new technologies will appear in the next 15 years to make both eavesdropping and forgery easier?
The RFID passport is a technological sitting duck for bad guys of all kinds - criminals and terrorists - courtesy of the US State Department.
As I noted in previous post:
The time to end this nonsense is now. There are perfectly usable non-RF storage technologies - like 3D barcodes - that can safely store data in hard to crack, hard to hack formats.We can do better. And we must.
tiistaina 8. joulukuuta 2009
Metalab 's open support letter regarding the recent hackerspace raid
On November 28th, the police conducted a raid on a suspected illegal nightclub in Malmö. The official reason for the operation was that they suspected the club, which arranged a punk concert that evening, to sell alcoholic beverages without permission. And the police did indeed find and seize some beer, wine, and booze there, as well as a few other personal belongings that are not too surprising at a punk concert (firecrackers, pepper spray, etc.) Details can be found in the police's official press release.
So far, so unexciting.
What the press release fails to mention is that the police also raided the premises of another organisation that had nothing to do with the nightclub, other than being located in the same building: the hackerspace Forskningsavdelningen.
Forskningsavdelningen is a hackerspace - a place for people with in an interest in technology to share knowledge and work together. What does this organisation, located on a different floor, have to do with a suspected illegal club organised by a different organisation? Not much, it would seem.
Okay, so maybe it was bad luck that they were raided. Less than perfect intelligence on behalf of the police. Embarrassing, but no big deal.
Except that the police actually confiscated six computers, a WiFi router, and other valuable technical equipment from Forskningsavdelningen - and now want to raise charges of "preparation for Grand Theft" and "IT intrusion".
The grounds for the charge of preparation for Grand Theft is that the equipment in the hackerspace included two key copying machines and a collection of lock picking tools. According to the police, this indicates that a burglary was planned. Similarly, the presence of a "special antenna to receive wireless signals over long distance" is used to justify the suspicion of IT intrusion.
All of these tools are perfectly legal to own and operate - unless of course they are actually used for illegal purposes. A knife can be used to cut a steak or to stab somebody. If I own a knife, does that indicate that I am planning an assault?
Owning an antenna - even a "special", modified antenna - does not indicate an intention to commit a crime. It indicates an interest in wireless transmission, and may in fact be the first prototype of tomorrow's technology.
What about lock picking? Same thing. Lock picking is a sport practised by official clubs all over Europe. In addition to the edification of their members, these clubs provide a valuable service to the public by demonstrating the security flaws in common locks. Participation in this sport is no more a preparation for burglary than sport shooting is a preparation for murder.
We are deeply concerned by this disregard of the most basic legal right - the presumption of innocence. We are worried by the fact that the open, critical study of technology is used as grounds for accusing innocent people.
As members of the Metalab, a hackerspace in Vienna, Austria, we express our solidarity with our friends in Sweden. We join them in demanding the return of all seized equipment and we sincerely hope that this whole affair will turn out to be a misunderstanding rather than an intentional interference with the rights of innocent citizens.
To restore the principle of legal certainty and avoid similar mistakes in the future, we strongly recommend a full investigation of the raid (its reasons and actual execution) as well as the legal grounds (or lack thereof) of raising charges based on the possession of legal equipment.
About the Metalab:
The Metalab is a hackerspace in Vienna, and as such a sister project of Forskningsavdelningen. Our organisation is privately financed by its members, as well as publicly subsidised and has been host to widely recognised talks, conferences, workshops, and social events. Moreover, the Metalab has given birth to various commercial, civic, philanthropic, and social ventures. These sorts of advances can only grow in certain environments - and hackerspaces, like the Metalab, strive to provide such an environment. An environment that may seem odd or ominous to outsiders. An environment that usually harbourstechnology that's not a common sight in just any home or office. But after all, this is the whole point of a hackerspace - to collectively extend the individuals' possibilities.Hackerspaces enrich their region's cultural and technological scene. They are places of information, discussion, experimentation and openness. They are the real world manifestations of a new paradigm, originated in the free, border-less and undiscriminating nature of the internet and its communications structures. Hackerspaces are places where freedom of opinion meets creativity and spawns inspiration. They're the birth-place of start-up firms that employ cutting edge technology, of altruistic community projects and of art in new media.
The TSA makes another stupid move
When the TSA make mistakes this egregious it really isn’t all that hard to pick on them.
The latest is that their Screening Management Standard Operating Procedure is published on the internet. I actually like that. I don’t think that security through obscurity is a good idea. Of course the document is marked SSI and includes this footnote on every page:
SENSITIVE SECURITY INFORMATION
WARNING: THIS RECORD CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER 49 CFR PARTS 15 AND 1520. NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A “NEED TO KNOW,” AS DEFINED IN 49 CFR PARTS 15 AND 1520, EXCEPT WITH THE WRITTEN PERMISSION OF THE ADMINISTRATOR OF THE TRANSPORTATION SECURITY ADMINISTRATION OR THE SECRETARY OF TRANSPORTATION. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTIES OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC DISCLOSURE GOVERNED BY 5 U.S.C. 552 AND 49 CFR PARTS 15 AND 1520.
So the decision to publish it on the Internet is probably a questionable one. On top of that, however, is where the real idiocy shines. They chose to publish a redacted version of the document, hiding all the super-important stuff from the public. But they apparently don’t understand how redaction works in the electronic document world. See, rather than actually removing the offending text from the document they just drew a black box on top of it. Turns out that PDF documents don’t really care about the black box like that and the actual content of the document is still in the file.
Yup, their crack legal staff managed to screw this one up pretty badly. Want to know which twelve passports will instantly get you shunted over for secondary screening, simply by showing them to the ID-checking agent? Check out Section 2A-2 (C) (1) (b) (iv). Want to know the procedure for CIA-escorted passengers to be processed through the checkpoint? That’s in the document, too. Details on the calibration process of the metal detectors is in there. So is the procedure for screening foreign dignitaries.
It is pretty pathetic that the folks supposedly responsible for administering this “security” program cannot even be bothered to do the simplest parts of their job correctly. Then again, passing through the checkpoint every time I fly it is pretty clear that they do a lot of things incorrectly. Just chalk this one up to more of the same idiocy. More done badly.
Want to read it for yourself? Grab a copy here. Who knows how long they’ll keep it online.
Once you’ve downloaded the PDF you’ll see the black boxes. Simply highlight the text (start above and drag down to below the redaction area) so that you’re selecting all of the stuff in the “redacted” area. Copy the selection and paste it into the word processing client of your choice.
maanantaina 7. joulukuuta 2009
Nokia to halve smartphone offerings in 2010
"We see ... really fierce competition certainly in the high end, but we also see it in the mid to low end of smartphones increasing," said Jo Harlow, chief of Nokia's smartphone unit, via Reuters. "We will defend our position, but we believe we also have tools to play offense as well as defense."
Part of that "defense" will be to push smartphone prices lower while at the same time increasing margins. Recent figures showed that Nokia had lost smartphone market share for the most recent quarter, from 41 percent to 35 percent.
"Reducing the number of smartphone models makes a lot of sense ... but Nokia has to be very careful in finding the right balance: its large product portfolio has been one of its strong competitive advantages in the past," concludes Bernstein analyst Pierre Ferragu.
Tilaa:
Blogitekstit (Atom)
