Black Hat 2009: Breaking SSL With Null Characters

Update: The video of [Moxie]’s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.

Continue reading “Black Hat 2009: Breaking SSL With Null Characters”

Black Hat 2009: Powerline And Optical Keysniffing

sniff

The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.

Continue reading “Black Hat 2009: Powerline And Optical Keysniffing”

Doorway Subwoofer

doorway

We’ve seen some crazy speaker builds in the past (massive folded horns for example). [DiscoJones] wanted to build a set of speakers that could reach very low frequencies and be very efficient. Instead of constructing a large box, he built a baffle that could be placed in a doorway and use the blocked off room as an enclosure. It has eight 12inch subwoofers, eight midrange drivers, and four tweeters. The speakers are fairly cheap and he built a simple crossover to help them work a little better together. The goal was always deep bass though, so don’t expect very high fidelity from a setup like this.

Thin Client As Robot Platform

geode

[Extra Ketchup] has a couple Neoware thin clients and thought they would make a good robotics platform. It’s a Geode based board that came with Windows CE. He built a small Gentoo system to fit on the 130MB solid state drive. He likes the idea of using it as a platform because the board has serial, parallel, and USB support. The best part is shown above; it can run off of just 4 AA’s.

DENCON

dencon

Defcon, the world’s largest hacker convention, is this coming weekend in Las Vegas. While the convention generally focuses on breaking new technology, digital archivist [Jason Scott] has an interesting surprise for attendees this year. With some help from VintageTech, he’ll be assembling a massive den of retro computing machinery. They’ll have fully functional systems like the PDP-11/70 for people to play with. It sure to be one of the more unique things to see at the con.

Pwnie Award Nominees 2009

[youtube=http://www.youtube.com/watch?v=5pSsLnNJIa4]

The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is [Paco Hope]’s 50 Ways to Inject Your SQL. While a strong entry, it doesn’t touch last year’s winner Kaspersky & Me: “Packin’ The K!”.