The Last HOPE has just released a list of all the schedule talks at the conference. 97 different talks will be divided over three tracks during the course of the three day conference. It looks like a lot of interesting events will be going down. The Cold Boot encryption attack tools will be released. Representatives from Graffiti Research Lab will be showing The Complete First Season and unveiling their One Laser Tag Per Child system. Virgil Griffith from WikiScanner will be mining even deeper into the wretched hive of scum and villainy. Karsten Nohl will present why hardware obfuscation is an impossibility and how they defeated the MiFare crypto. The Last HOPE will be in New York City July 18-20, 2008
Day: June 19, 2008
Wii Menu 3.3 Already Circumvented
Well, that didn’t take long. Three days after the release of the Wii Menu 3.3 update (which prevents homebrew loading on the Wii by killing a special hack), the update has been circumvented. The update targeted the ubiquitous Twilight Hack, which allows homebrew software to be loaded from the Wii’s SD card slot by using a special game save. The team at HackMii were quick to disassemble, analyze, and scoff at the update, with member [bushing] quipping “we are not impressed.” The team found bug exploits for new code in the the update that cause it to ignore the Twilight Hack. They have yet to release the fix to the public, but its likely that they’ll do so at least as fast as they developed it.
[via Wii Fanboy]
[photo: cibomahto]
Neutering The Apple Remote Desktop Exploit
Yesterday, Slashdot reported a privilege escalation vulnerability in OSX. Using AppleScript you can tell the ARDAgent to execute arbitrary shell script. Since, ARDAgent is running as root, all child processes inherit root privleges. Intego points out that if the user has activated Apple Remote Desktop sharing the ARDAgent can’t be exploited in this fashion. So, the short term solution is to turn on ARD, which you can do without giving any accounts access privileges. TUAW has an illustrated guide to doing this in 10.4 and 10.5.
Wiretapping And How To Avoid It
No matter who you suspect is plotting your doom, you’ll need need to know the way wiretapping works in order to learn their plans and shield yourself from their surveillance. Luckily, ITSecurity has posted a comprehensive
article about wiretapping, including information on how to wiretap and how to find out if someone is wiretapping you.
One of the more intriguing methods of wiretapping the articles discusses is a service by a company called FlexiSPY. It works by covertly installing a program onto the target’s cellphone. Once installed, the spying party can listen to anything going on in the room the target is in by calling the phone. It won’t ring, vibrate, or give any indication that it is transmitting audio data.
Some of the more hack-oriented methods involve tapping into a landline, using special software to record VoIP calls, or buying a wiretapping kit. Of course, countermeasures, are also discussed, but some of the links they provide are a little more informative on the topic of defense against wiretapping.
Check Washing Vulnerabilities
[vector] sent in some of his other work, but I found his posts(part 1, part 2, part 3 and final thoughts) on check washing experiments pretty interesting. His results should be enough to make you think twice about writing checks. He tested a few different pens and tested them on real check using Acetone and Alcohol as solvents.
The Price Of His Toys Returns
We’re big fans of scratch built transportation and got some great news earlier this month: After a long hiatus, thepriceofhistoys.com has returned and is ready to serve up all the news about kit cars and home-built cars that you could want. For those who don’t know, kit cars are sets of car parts that require assembly often lacking drivetrain components, which must be acquired from donor vehicles. Aside from kit cars, home-builds, and the occasional custom job, many of the cars the site discusses are also for sale.
Kit cars can be pretty fun on their own, but many of the builds featured on the site spice it up further by adding varying levels of customization. This Tornado McLaren M6 GTR Replica, for example, uses a 3.5L V8 Rover engine and some custom body work to improve visibility. Another fascinating and rare kit uses a Beetle’s chassis and features a body that looks like a Beetle crossed with a Porche. Of course, none of these are as practical cutting a Geo Metro in half for improved milage, but to car kit builders, practicality holds a very low place on their list of priorities.