Month: August 2008

USB Wall Charger

August 8, 2008 by 20 Comments


[rbhays] did this sweet little hack back in 2006. He took a Motorola cellphone wall charger and modified it into a USB wall charger. He needed to charge his iPod, but misplaced the original charger. A replacement would have cost him $30. So he did what any respectable hacker would do, he cut up something else to make it work for him.

He had one sitting around that was equipped with a mini USB end. He checked it out and it was the perfect voltage. Some commenters below the project noted that their motorola charger had a higher voltage rating than his. Those would still work, but would require some extra steps to bring the voltage down.

After some careful soldering, and a bit of super glue, he’s left with a perfectly good wall charger. He can charge most things that only use the juice from the wall. Some things refuse to charge though, such as Zunes. There was another project by [Cvesey] that claims to charge Zunes as well. While wall chargers may be available fairly cheaply now, many of us have some of these cellphone chargers just sitting around. Now we have a use for them.

New E-Passports Cloned

August 7, 2008 by 17 Comments


Within an hour, Jeron Van Beek was able to create a successful clone of Britain’s new E-Passport. All he needed was a £40 card reader, two £10 RFID chips, and a small, improvised script. Although the exact details were not specified, it looks like he read the ID on the real passport using the RFID reader, then he wrote it to the two blank chips and put them in the fake passports. There is also a flaw which may allow outright forging of the passports. Nearly all of the 45 countries using the system have not yet registered with the Public Key Directory, which was put in place to make forging impossible.

The government is claiming that this hack is a hoax, but recent reports have shown that these RFID systems were never secure. No matter what the actual truth is about these hacks, it can certainly be said that the ability to clone or forge these passports would be a devastating security issue for every country involved.

[Photo: Digital World Tokyo]

[via The Guardian]

Homeland Security Issues Policy On Laptop Seizures

August 7, 2008 by 40 Comments


The US Department of Homeland Security recently disclosed a new policy that allows agents to seize laptops, or anything capable of storing information, “for a reasonable period of time”. Okay, so this seems normal; A government agency is declaring they may confiscate personal property. However, the strange part of this story is that under this policy, federal agents can confiscate these things without any suspicion of wrong doing or any reason what so ever. So what happens to your personal data after they seize your laptop? Apparently they share the data with federal agencies, and in some cases the private sector, as additional services such as file decryption or translation are needed. While this may seem like a major violation of privacy, it is important to note that this policy only applies to people entering the United States. However given the direction that our federal government is moving in the area of security, it wouldn’t surprise me if this policy will soon apply for domestic flights as well.

[photo: postmodern sleaze]

[via eff.org]

Hacking Pleo For Face Recognition And Remote Control

August 7, 2008 by 4 Comments


GRIP, the Group for Interdisciplinary Psychology at the University of Bamberg have put together a couple tutorials on hacking the Pleo. For those unfamiliar, the Pleo is a small robot shaped like a dinosaur. Their goal was to make it cute and simulate emotion at a higher level than previously attained by consumer robots. Ugobe, the makers of Pleo encourage hacking of the unit and the controlling software. Look at the “developers” area of their site to download all kinds of tools to work on your Pleo.

The two tutorials released by GRIP cover adding wireless communication with a PC and adding a higher resolution camera to the unit. The goal was to make the platform capable of doing facial recognition.

Continue reading “Hacking Pleo For Face Recognition And Remote Control”

Black Hat 2008: Pwnie Award Ceremony

August 6, 2008 by 9 Comments


The first night of Black Hat briefings concluded with the Pwnie Award Ceremony. The awards reward achievements in security… but mostly failures. Notably, this was the first year anyone accepted an award in person. Hack a Day took home an early victory by producing a MacBook mini-DVI to VGA adapter (pictured above). The ceremony was fairly straight forward after that. Best Server-Side Bug went to the Windows IGMP kernel vulnerability. It was a remote kernel code execution exploit in the default Windows firewall. The Best Client-Side Bug went to Multiple URL protocol handling flaws like this URI exploit. Mass 0wnage went to WordPress for many many vulnerabilities. Most Innovative Research went to the Cold Boot Attack team. Lamest Vendor Response was won by McAfee for saying XSS can’t be used to hack a server. The Most Overhyped Bug went to [Dan Kaminsky] for his DNS vulnerability. Most Epic FAIL was won by the team behind Debian for shipping the OpenSSL bug for two solid years. Lifetime Achievement Award was won by [Tim Newsham]. Finally, the Best Song was by Kaspersky Labs for Packin’ The K!, which you can find embedded below.

Continue reading “Black Hat 2008: Pwnie Award Ceremony”

Black Hat 2008: FasTrak Toll System Completely Broken

August 6, 2008 by 35 Comments


FasTrak is the electronic toll collection system used by the state of California. Motorists can purchase a toll transponder for ~$26 and link the serial number with a debit account to have their tolls deducted automatically. Today at Black Hat in Las Vegas, security researcher [Nate Lawson] presented not just the privacy problems with FasTrak, but why absolutely no transaction from the tag should be trusted.

Continue reading “Black Hat 2008: FasTrak Toll System Completely Broken”

Black Hat 2008: Dan Kaminsky Releases DNS Information

August 6, 2008 by No comments


[Dan Kaminsky]’s much anticipated talk on his DNS findings finally happened at Black Hat 2008 in Las Vegas today. [Dan] has already uploaded the complete slides from his talk as well as posted a short summary to his site. New information in the slides since our previous coverage includes “Forgot My Password” attacks and new attacks on internal network vulnerabilities as a side of effect of DNS cache poisoning. [Dan]’s talk today was over capacity; our shot of the conference room overflow is shown above.