Black Hat 2008: FasTrak toll system completely broken

August 6, 2008 By 36 Comments


FasTrak is the electronic toll collection system used by the state of California. Motorists can purchase a toll transponder for ~$26 and link the serial number with a debit account to have their tolls deducted automatically. Today at Black Hat in Las Vegas, security researcher [Nate Lawson] presented not just the privacy problems with FasTrak, but why absolutely … Read the rest

Filed Under: cons, security hacks, transportation hacks Tagged With: , , , , , , , , , , , , , ,

Black Hat 2008: Dan Kaminsky releases DNS information

August 6, 2008 By Leave a Comment


[Dan Kaminsky]‘s much anticipated talk on his DNS findings finally happened at Black Hat 2008 in Las Vegas today. [Dan] has already uploaded the complete slides from his talk as well as posted a short summary to his site. New information in the slides since our previous coverage includes “Forgot My Password” attacks and new attacks on internal network vulnerabilities … Read the rest

Filed Under: cons, misc hacks, news Tagged With: , , , , , , , , ,

Black Hat 2008: EFF Coders’ Rights Project announced

August 6, 2008 By Leave a Comment

The EFF has just announce the creation of the Coders’ Rights Project website at the Black Hat conference. The sites’ main goal is to centralize legal information for coders, and to help protect important security work from legal actions that may be taken against them with the DMCA and other legal black holes. While this is in no way … Read the rest

Filed Under: news, security hacks Tagged With: , , , , ,

More on GIFAR

August 6, 2008 By 9 Comments


[pdp] provides some perspective on the news regarding the GIFAR attack developed by researchers at NGS Software. As he explains, the idea behind the attack, which basically relies on combining a JAR with other files is not new. Combining JAR/ZIP files with GIF/JPG files will create hybrid files with headers at both the top and bottom of the file and … Read the rest

Filed Under: news, security hacks Tagged With: , , , , , , , ,

The GIFAR image vulnerability

August 4, 2008 By 7 Comments


Researchers at NGS Software have come up with a method to embed malicious code into a picture. When viewed, the picture could send the attacker the credentials of the viewer. Social sites like Facebook and Myspace are particularly at risk, but the researchers say that any site which includes log ins and user uploaded pictures could be vulnerable. This … Read the rest

Filed Under: cons, news, security hacks Tagged With: , , , , , ,

DNS cache poisoning webcast

July 24, 2008 By 4 Comments


UPDATE: Full audio of the webcast is now available

Today Black Hat held a preview webcast with [Dan Kaminsky] about the massive DNS bug he discovered. On July 8th, multiple vendors announced a patch for an undisclosed DNS vulnerability. [Dan Kaminisky] did not release the details of the vulnerability at that time, but encouraged security researchers to not release … Read the rest

Filed Under: news, security hacks Tagged With: , , , , , , , , , , , , ,

Black Hat hackers face off in Iron Chef style competition

July 7, 2008 By 1 Comment


Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from … Read the rest

Filed Under: cons, news Tagged With: , , , , ,
« Older Posts
Newer Posts »