ToorCon 9: Real world fuzzing

October 20, 2007 By 5 Comments


We dropped in on [Charlie Miller]‘s fuzzing seminar at the end of the day yesterday. Fuzzing become a fairly popular topic in the last year and essentially involves giving a program garbage input, hoping that it will break. If it can’t handle the fake data and fails in a non-graceful fashion, you could have found a potentially exploitable bug. Fuzzing … Read the rest

Filed Under: Cellphone Hacks, iphone hacks, Uncategorized

Barcode Infiltrator

September 2, 2010 By 25 Comments

Whenever someone manages to expose vulnerabilities in everyday devices, we love to root for them. [Adrian] over at Irongeek has been inspired to exploit barcodes as a means to attack a POS database. Based on an idea from a Pauldotcom episode, he set out to make a rapid attack device, using an LED to spoof the signals that would be … Read the rest

Filed Under: classic hacks, security hacks Tagged With: , , , , , ,

Black Hat 2009: Breaking SSL with null characters

July 29, 2009 By 25 Comments

Update: The video of [Moxie]‘s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently … Read the rest

Filed Under: cons, downloads hacks, security hacks Tagged With: , , , , , , , , ,

Smart card emulator

March 3, 2009 By 41 Comments

goodcard10

Here’s a quick prototype from [Travis Goodspeed]. It’s a smart card built around an MSP430 microcontroller. We’ve used the MSP430 in the past because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like Java Card exist for running applets on smart cards, … Read the rest

Filed Under: security hacks, tool hacks Tagged With: , , , , , , , , , ,

Clickjacking webcast tomorrow

November 19, 2008 By 2 Comments

[Jeremiah Grossman] and [Eric Lawrence] will be presenting on clickjacking and browser security in an online seminar tomorrow. Clickjacking allows an attacker to transparently place links exactly where a user would be clicking, essentially forcing the user to perform actions without their knowledge. This method of attack has been known for a few years, but researchers have focused their … Read the rest

Filed Under: news, security hacks Tagged With: , , , , ,

Smart phone hacking roundup

October 26, 2008 By 11 Comments

T-Mobile’s G1 was released last week and there has been at least one Android vulnerability announced already. The New York Times reported on research done by [Charlie Miller], who also helped find one of the first iPhone bugs, so we think the report is fairly credible. Last year, we saw him deliver a seminar on real world fuzzing at … Read the rest

Filed Under: Android Hacks, Cellphone Hacks, g1 hacks, iphone hacks, news, security hacks Tagged With: , , , , , , , , ,

Dan Kaminsky’s DNS Black Hat video

August 25, 2008 By 2 Comments


Black Hat has published the media from Dan Kaminsky’s infamous DNS vulnerability talk. You can get the full video (101MB) or just the audio.

The full archive of slides and white papers from this year has been posted too.… Read the rest

Filed Under: downloads hacks, security hacks Tagged With: , , , , , ,
« Older Posts