Helix 2.0 has been released. Helix is a collection of various tools for electronic forensics. Just like on TV, you can use this to find all kinds of information on a computer. Some of the useful tools added were Winlockpwn a tool for breaking windows security, Volitility which processes data out of the raw memory, and several other tools that are beyond our comprehension.
You’ve undoubtedly noticed that the title says Helix V2.0, but the image and header of the Helix site say 3. We have no idea why. Look at the download info to see that it says V2.0.
[Via Midnight Research labs]
The Israeli hacker [Ehud Tenenbaum], known as “the Analyzer”, was arrested along with 3 Canadians for allegedly hacking into a Calgary-based financial services company and withdrawing almost CDN $2 million. The arrests were the results of a months-long investigation by both the Canadian police and the U.S. Secret Service. In 1998, [Tenenbaum] was accused of hacking into unclassified computer systems owned by NASA, and the Pentagon, among others. He is in custody without bail, although the three other suspects have been released on bond.
[Jonathan Zdziarski], a data forensics expert and iPhone hacker, will demonstrate in a live O’Reilly webcast on September 11, 2008, how to bypass the iPhone passcode lock security. Although the presentation is targeted towards law enforcement, it will probably viewed by a lot of hackers and geeks, who could use the information for good or evil. It also doesn’t strike us as very good security if the iPhone passcode is easily bypassed. Then what’s the point of having one?
[Jason Scott] curated a nice collection of links related to [Phil Lapsley]’s work on phone phreaking. [Lapsley]’s book, The History of Phone Phreaking, will be released in 2009. Meanwhile phone phreak enthusiasts can peruse his site and bone up on some interesting material, including documents that revealed the inner workings of the telephone switchboard(PDF), and the Youth International Party Line (YIPL)/Technological American Party (TAP) FBI files(PDF), which is really intriguing for the various doodles and conversations that were documented. If you have some spare time, we definitely recommend sifting through it.
Researchers at Georgia Tech are working on a Tongue Drive System, which transforms the tongue into a tool that can manipulate computers and manage appliances and wheelchairs. This project has huge implications for the disabled, especially for those with few motor skills and limited movement. Many disabled Americans are paralyzed from the neck down, and this system could be a literal lifesaver, providing them with a method of communication and control over their own lives. Scientists have been attracted to the tongue’s potential for a long time. It provides several advantages over using other organs or appendages. It’s very sensitive, tactile, is not connected to the spinal cord, and does not usually end up being harmed in accidents. By placing a tiny magnet underneath the tongue, it’s transformed into a virtual keyboard. Sensors placed in the cheek track the magnet’s movement and processes the commands into directions for electronics, be it a wheelchair or a home appliance. We’re excited to see where this will go.
Over the weekend, a hacker broke into FEMA’s new PBX voicemail system, made over 400 overseas phone calls to Asia and the Middle East, and ran up a $12,000 bill. The low tech hack took advantage of a “hole” that was not covered when a contractor upgraded the voicemail system. FEMA is currently conducting its own internal investigation, but FEMA spokesman [Tom Olshanski] did not have any information about the contractor responsible or what specific hole was the cause of the breach. Ironically, Homeland Security, of which FEMA is a part, had issued a warning in 2003 about the very same vulnerability.
Zero Day posted a list of tools and applications that were released at Defcon 16. The applications run the gamut, from Beholder, an open source wireless IDS tool, to CollabREate, a reverse-engineering plugin that allows multiple people to share a single project. The list covers a lot of ground, and there’s a lot for hackers to play around with and explore. It’s nice to see someone bothering to maintain a list since the majority of conference tools just get lost in the shuffle and are never seen again.