Fresh hacks every day
Preregistration for ToorCon San Diego ends today. The current price is $100 and it will be $140. This is the 10th year for the San Diego hacker convention which will happen September 26th - 28th. The schedule for ToorCon X has already been posted. We highly recommend this convention. We've attended the last four years and it's always been a favorite. … [Read more...]
The second ToorCon Seattle got off to a quick start last Friday with a round of Lightning Talks at the Public Nerd Area. Each talk was limited to 5 minutes and covered a broad range of topics. Some talks were just supplying a chunk of information while others were a call to action for personal projects. Here are a few of the talks that we found interesting. … [Read more...]
[Vivek Ramachandran]'s Cafe Latte attack was one of the last talks we caught at ToorCon. I've found quite a few articles about it, but none really get it right. It's fairly simple and deals with cracking WEP keys from unassociated laptops. First your WEP honeypot tells the client that it has successfully associated. The next thing the client does is broadcast a WEP encrypted ARP packet. By … [Read more...]
[Nathan McFeters] and [Rob Carter] gave a presentation on the problems with URI handling. URIs are used to send commands to external applications from a web browser. itms:// for iTunes for example. Any application that registers a URI has the potential to be abused through this route. For their first example they showed a stack overflow in Trillian's AIM handling. The next demo created a "Critical … [Read more...]
[Alexander Lash] gave a short overview of what you need to unlock a CDMA phone. He strongly recommended Howard Forums for finding most of the info you need. You'll probably need BitPim and the Qualcomm PST (product support tools). Using the PST you can flash your new carrier's firmware and then activate the phone on their network. Verizon offers two ways to get unlimited EVDO data. $59 for a data … [Read more...]
We dropped in on [Charlie Miller]'s fuzzing seminar at the end of the day yesterday. Fuzzing become a fairly popular topic in the last year and essentially involves giving a program garbage input, hoping that it will break. If it can't handle the fake data and fails in a non-graceful fashion, you could have found a potentially exploitable bug. Fuzzing is a fairly simple idea, but as Charlie points … [Read more...]
[Rodney Thayer] gave a 2 hour seminar on cryptographic technology. It was designed to give the audience a working knowledge for dealing with vendors. He gave some rules of thumb for choosing encryption. In order of preference, when doing symmetric key crypto: use AES with a minimum 128bit key, if not that 3-key Triple-DES, or last RC4 with 128bit key. For hashing: SHA 256 preferred, SHA 1 if you … [Read more...]
Subscribe for weekly videos
Recent comments