cons

1386 Articles

The GIFAR Image Vulnerability

August 4, 2008 by 7 Comments


Researchers at NGS Software have come up with a method to embed malicious code into a picture. When viewed, the picture could send the attacker the credentials of the viewer. Social sites like Facebook and Myspace are particularly at risk, but the researchers say that any site which includes log ins and user uploaded pictures could be vulnerable. This even includes some bank sites.

The attack is simply a mashup of a GIF picture and a JAR (Java applet). The malicious JAR is compiled and then combined with information from a GIF. The GIF part fools the browser into opening it as a picture and trusting the content. The reality is, the Java VM recognizes the JAR part and automatically runs it.

The researchers claim that there are multiple ways to deal with this vulnerability. Sun could restrict their Virtual Machine or web applications could continually check and filter these hybrid files, but they say it really needs to be addressed as an issue of browser security. They think that it is not only pictures at risk, but nearly all browser content.
More details on how to create these GIFARs will be presented at this week’s Black Hat conference in Las Vegas.

More Defcon 16 Events Announced

August 2, 2008 by 1 Comment


Defcon keeps announcing more and more interesting events for next week’s conference. A free workshop is planned for the soon to be released DAVIX live CD. DAVIX is a collection of tools for data analysis and visualization. They’ll be running through a few example packet dumps to demonstrate how the tools can help you make sense of it all. [Thomas Wilhelm] will be driving out from Colorado Springs in his Mobile Hacker Space. He’s giving a talk Sunday, but will be giving presentations a few hours every day at the van. Some researchers from NIST will be setting up a four node quantum network and demonstrating some of the possible vulnerabilities in the system. Finally, as part of an EFF fundraiser, Defcon will feature a Firearms Training Simulator. Conference attendees will participate in drills designed to improve their speed, accuracy, and decision making skills.

WarBallooning At Defcon

July 30, 2008 by 3 Comments

[rocketman] has posted about a new event at Defcon dubbed WarBallooning. They are using a Kismet drone (a modified WRT54G), a webcam, and a few high gain antennas. The balloon will be launched at about 15 stories and will be remotely fed targets chosen directly by the Defcon participants. The the directional antenna will be mounted to the camera so pan and tilt can be controlled. The Kismet CSV files will be available for everyone after the event.

If you are interested in WarDriving or building you own high-gain antennas, we suggest you check out this WiFi biquad dish antenna mounted on a car. If cars are too boring, or you do not have one, you could always go WarSailing or WarFlying. Yes, the permutations are endless.

[photo: JoergHL]

Medeco High Security Lock Picking

July 29, 2008 by 11 Comments


Despite, Hack a Day seeming to be fairly lock heavy lately, we’ve yet to cover a major story from The Last HOPE. At the conference, [Jon King] talked about vulnerabilities in Medeco locks and presented his Medecoder tool. Medeco is really what makes this story interesting; unlike the EU, the US has very few high security lock manufacturers. You pretty much have to use Medeco and it’s found in many government agencies.

The Medeco locks have a vertical row of six pins arranged like most pin tumbler locks. Unlike your average lock, the rotation of the pins is important. When the key is placed in the lock, it not only moves the pins to the correct height, it also rotates them to the correct orientation. A sidebar blocks the cylinder unless the pins are rotated properly. Each pin has three possible orientations. They’re biaxial as well, which means the pin’s offset point allows for three more possible positions.

Continue reading “Medeco High Security Lock Picking”

HOPE 2008: YouTomb, A Free Culture Hack

July 25, 2008 by 9 Comments


YouTomb is a research project designed by the MIT Free Culture group to track video take downs on YouTube. To succeed, the team needed to track every single video on YouTube… which is close to impossible. Instead, they built several “explorer” scripts to track what videos were interesting. One explorer tracks all of YouTube’s lists: recommended, featured, most active, and more. Another explorer picks up every video submitted to YouTube, and a third crawls Technorati.

The explorers just find the videos; a separate group of scanner scripts checks the current status of videos. It checks both the new videos and ones that have been killed to see if they return. YouTomb archives every video it finds. They display the thumbnail of the video under fair use, but they’re still determining whether they can display each video in full.

Continue reading “HOPE 2008: YouTomb, A Free Culture Hack”

HOPE 2008: Methods Of Copying High Security Keys

July 24, 2008 by 4 Comments


[Barry Wels] is well known for his lockpicking talks, but this year he wanted to talk about how he copies high security keys. If a key blank is available, you could make a copy just by viewing the original. High security keys generally have profiles with more side cuts, which means you can guess at how deep a specific pin is by observing how many cuts it crosses. He also showed that you could imprint your arm with the key and use that as a guide. If a blank isn’t available, you could fill a similar key with solder and file that down.

[Barry] showed two different kits for casting keys. The first used soft clay in a clam shell to make an imprint of the original key. The form is then filled with a low melting point alloy (probably Wood’s metal) to create the new key. A second style uses a metal form and two part silicone to create the mold. This method works for most high security keys, but will not work on keys with active elements like sliders or magnets.

Finally, [Barry] talked about his favorite method: impressioning. Unlike picking a lock, when you’re done impressioning you have a funtional key. You start with key blank and file off the top layer. Place the blank in the lock and turn it till it jams. Then, you rock the key up and down. Observing the key under light you’ll see a small mark where each pin is. File a bit where the marks appear and repeat the process. You can’t use too much force or you might break the blank. This also works on dimple keys and as this video shows, laser cut keys. [Barry] highly recommends the impressioning book by [Oliver Diederichsen].

[photo: Rija 2.0]

Hacking At Random 2009

July 22, 2008 by 2 Comments


Hacking At Random 2009 has recently been announced. It’s brought to you by the same people who held the outdoor hacking event What The Hack, which we covered in 2005. Date, location, and many other details are still up in the air. They’re looking to host 3000 attendees and we’re guessing it will be similar in nature to last Fall’s incredible Chaos Communication Camp near Berlin. 2009 will also feature the beta run of outdoor hacker event ToorCamp near Seattle. Two great events we’re certainly looking forward to.

[photo: mark]