Binary Reversing Comic

July 14, 2009 by Zach Banks 26 Comments

b300

Last month, in preparation for Defcon 17, the qualifiers were held for capture the flag, one of Defcon’s most well known events. One participant, [mongii], did a writeup on how to solve problem B300. The challenge was to find the decryption key used by a program that had several twists that hindered debugging. After grappling with self-modifying code and junk instructions, the team was finally able to find the answer. This win helped Sapheads place in the top 10. Over at xchng.info, they are collecting solutions to the other problems. Sadly, they’re not all in comic form.

Business Cards At Maker Faire

May 30, 2009 by Eliot 9 Comments

business_card

[John Park] has managed to snag a couple interesting business cards at Maker Faire. The first is Adafruit’s laser cut Spirograph card. The other is a ATtiny2313 prototyping board from Evil Mad Science; it looks to be the same style as their well-known AVR target board. We’ve also heard rumors that [Jérôme Demers] has bunch of resistor bending cards.

For more business card nonsense, check out: [Goodspeed]’s smart card emulator, [Mayer]’s embedded gears, and our web server business card.

Maker Faire 2009

May 29, 2009 by Eliot 11 Comments

jinroh

Maker Faire returns to the San Francisco Bay Area this weekend. It’s “the World’s Largest DIY Festival”. We’ve been attending off and on since 2006 and you’re sure to catch many of the projects we’ve covered in the past. Be sure to stop by our favorite hackers that will be in attendance: mightyOhm, macetech, SparkFun, Liquidware, Jeri Ellsworth, Bleep Labs, Noisebridge, Ani Niow, EMSL, and Adafruit. If you’re attending, upload your photos to the Hack a Day Flickr pool and let us know what you see.

[photo: Scott Beale / Laughing Squid]

LayerOne Coming Soon

May 1, 2009 by Eliot 15 Comments

layerone

Annual hacker conference LayerOne will be held May 23-24th in Anaheim, CA. They’ve completed the speaker lineup and have quite a few interesting talks. [David Bryan] Will be focusing on practical hacking with the GNU Radio. It’s a software defined radio that we’ve covered in the past for GSM cracking. [Datagram] will present lockpicking forensics. While lockingpicking isn’t as obvious as brute force entry, it still leaves behind evidence. He’s launched lockpickingforensics.com as a companion to this talk. LayerOne is definitely worth checking out if you’re in the Los Angeles area.

Hacking At Random 2009 Ticket Sale Extended

April 1, 2009 by Eliot 2 Comments

har09

The massive hacker camp Hacking at Random 2009 has extended their early bird ticket sales until April 14th. At EUR150, they’ve already managed to sell 1000 tickets. Every two years the european hacker community gathers together to hold a multiday camp that covers topics from hacking to art and politics. 2007’s CCCamp was largely the inspiration for this year’s ToorCamp. HAR2009 is looking for people to submit presentations, workshops, and lectures as well. They’re looking for entries that are very technology focused. The call for papers deadline is May 1st. The team is hosting a field day April 18th to tour the grounds with the various hacker villages that will be setting up. The main even is August 13-16 near Vierhouten, Netherlands.

ToorCamp Call For Papers/participation

March 29, 2009 by Eliot 6 Comments

We’ve been watching and waiting intently as ToorCamp comes together. It’s a four day hacker conference that will be held in a Washington state missile silo July 2nd-5th. While we’re excited about this debut event, its success depends entirely on those presenting. The call for papers is currently open and they’ve got a number of formats available: 20 and 50 minute talks and 1 and 2 day workshops. They’re also looking for people to organize campsites and are offering discounts for groups. We’re encouraging you to submit your talk since we’d love to see more hardware talks. You can follow @ToorCamp announcements on Twitter.

Sslstrip, Hijacking SSL In Network

February 23, 2009 by Eliot 21 Comments

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.