A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.
Continue reading “25C3: Hackers completely break SSL using 200 PS3s”
Preregistration for ToorCon San Diego ends today. The current price is $100 and it will be $140. This is the 10th year for the San Diego hacker convention which will happen September 26th – 28th. The schedule for ToorCon X has already been posted. We highly recommend this convention. We’ve attended the last four years and it’s always been a favorite.
Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.
A new Discovery Channel show titled Prototype This! will debut on October 15, 2008. Hoping to capture the same demographic as Mythbusters‘ audience, the show is about designing and creating robots, gadgets, and other things that nerds will love. Prototype This! is hosted by four wide-ranging experts: [Zoz Brooks], who’s got a PhD in robotics, [Mike North], who also has a PhD, in material sciences, [Terry Sandin], a special effects veteran of the Hollywood film industry, and [Joe Grand], who we’ve covered recently for his Defcon badge work. [Daniel Terdiman]’s glimpse behind the scenes reveals some interesting projects, from a stair-climbing robot to the creation of a pyro pack. We’ll be sure to set our DVRs to record.
[via Zero Day]
British computer hacker [Gary McKinnon] lost his final appeal to block his extradition to the U.S. He stands accused of hacking into almost 100 U.S. military and NASA computers from his girlfriend’s aunt’s house in London over a four year period by the U.S. government. If convicted of the crimes in a U.S. court, he could face up to 70 years imprisonment. [Gary McKinnon] freely admitted to hacking into the computers, but claimed that he did it out of curiosity, not out of malice or any terroristic aims. He was looking for information on UFOs. The U.S. government claimed that in addition to hacking into the computers, he also stole 950 passwords and erased important files. [McKinnon’s] next move will be to appeal to the European Court, and if unsuccessful, he will have no other option but to stand trial in the U.S. court system.
[Jeffrey Robert Weinberg] has been sentenced to 2 years in state prison for a single act of computer intrusion. He had already served time in federal prison for hacking into Lexis-Nexis. Weinberg was caught through his cyberstalking – he went after an Internet celebrity. [Amor Hilton] was a MySpace user with a popular show on Stickam. Hilton found herself locked out of her MySpace account, and her cellphone account disconnected. She alleged that he demanded phone sex and nude photos of her. [Hilton] worked with the police to identify the hacker using a photo that he sent. After [Weinberg] completes his sentence in state prison, he will have to face repercussions for violation of his federal probation, which came with severe restrictions on his computer usage.
The 25th annual Chaos Communications Congress is happening December 27-30th in Berlin, Germany. They’ve just published their official call for papers. Last year’s 24C3 was incredible and we’ll take any chance we get to attend an event held by the fine folks in the CCC. We hope to see you there!