If you weren’t at [Cory Doctorow’s] DEF CON talk on Friday you missed out. Fighting Back in the War on General Purpose Computing was inspiring, informed, and incomparable. At the very lowest level his point was that it isn’t the devices gathering data about us that is the big problem, it’s the legislation that makes it illegal for us to make them secure. The good news is that all of the DEF CON talks are recorded and published freely. While you wait for that to happen, read on for a recap and to learn how you can help the EFF fix this mess.
The Electronic Frontier Foundation have released an alpha of their own Open Wireless Router Firmware as part of the Open Wireless Movement. This project aims to make it easier to share your wireless network with others, while maintaining security and prioritization of traffic.
We’ve seen a lot of hacks based on alternative router firmware, such as this standalone web radio. The EFF have based their router firmware off of CeroWRT, one of the many open source firmware options out there. At this time, the firmware package only targets the Netgear WNDR3800.
Many routers out there have guest modes, but they are quite limited and often have serious vulnerabilities. If you’re interested in sharing your wireless network, this firmware will help out by letting you share a specified amount of bandwidth. It also aims to have a secure web interface, and secure auto-update using Tor.
The EFF has announced this “pre-alpha hacker release” as a call for hackers who want to join in the fun. Development is happening over on Github, where you’ll find all of the source and issues.
The first full day of DEF CON was packed with hacking hardware and cars. I got to learn about why your car is less secure than you might think, pick some locks, and found out that there are electronic DEF CON badges after all. Keep reading for all the detail.
Adafruit Technologies has announced the winner of the Open Source Kinect contest. [Hector], who we mentioned yesterday has won, providing both RGB and depth access to the device. Some of you were asking at that time, why the contest was not over yet. Well, Adafruit had to verify. The image you see above are of another user[qdot], verifying the drivers on his machine.
What is interesting is how Adafruit has chosen to close this contest. Not only are they giving [Hector] his prize money, they are also donating an additional $2,000 to the EFF who fight for our right to legally hack and reverse engineer our own equipment.
[Hector] is being generous as well, using his prize money to help pay for gadgets to hack with some teams he is involved with, mainly the iPhone Dev Team and the Wii hacker team “Twiizers”
The Massachusetts Bay Transit Authority (MBTA) has dropped its federal case against three MIT researchers, “the subway hackers”. This happened in October and now the EFF brings news that the students will be working with the MBTA to improve their system. The overall goal is to raise security while keeping expenses minimal.
This whole mess started in August when a gag order was issued against the students’ presentation at Defcon. It’s a shame no one ever saw it because it covers a lot of interesting ground. A PDF of the banned slides is still online. They performed several attacks against both the subway’s fare system and physical security. Our favorites by far were using GNU Radio to sniff the RFID card’s transaction and bruteforcing Mifare Classic with an FPGA.
With a new administration coming into power, the Electronic Frontier Foundation feels that it’s time for a change (see what we did there). They’ve posted an agenda that covers fixing privacy issues that have come to the forefront in the last eight years. It involves repairing amendments that prevent corporations from being sued for warrantless wiretapping. They would also modernize the Electronic Communications Privacy Act so that it would cover modern technology. The heavily abused State Secrets Privilege needs reform as well. Their final issue is with REAL ID and datafarming that many state governments have already rejected. If even a bit of this gets fixed, we’ll be happy. In any case, it’ll be good to have a more tech focused administration that doesn’t need the internet explained to it in terms of dumptrucks and tubes.
[photo: Jake Appelbaum]
The US Department of Homeland Security recently disclosed a new policy that allows agents to seize laptops, or anything capable of storing information, “for a reasonable period of time”. Okay, so this seems normal; A government agency is declaring they may confiscate personal property. However, the strange part of this story is that under this policy, federal agents can confiscate these things without any suspicion of wrong doing or any reason what so ever. So what happens to your personal data after they seize your laptop? Apparently they share the data with federal agencies, and in some cases the private sector, as additional services such as file decryption or translation are needed. While this may seem like a major violation of privacy, it is important to note that this policy only applies to people entering the United States. However given the direction that our federal government is moving in the area of security, it wouldn’t surprise me if this policy will soon apply for domestic flights as well.
[photo: postmodern sleaze]