[youtube=http://www.youtube.com/watch?v=0KdIrzsi4IA]
[matiaz] has released an exploit which allows homebrew on the PSP3000. It takes advantage of a vulnerability when loading save games on a game called GripShift. You can see the PSP running unsigned code in the video.
[thanks wraggy]
With the Chaos Communication Congress concluded, it’s time to start looking towards the next massive European hacker event. This means Hacking at Random August 13-16th in the Netherlands. It’s a four day long camp experience that will feature many conference talks, interactive projects, and more.
The team has selected three tracks in their official call for papers: Dealing with data, Decentralization, and People and politics. You can find more details in the post. Deadline is May 1st.
[photo: mark]
Our own [Anthony Lineberry] has written up his experience participating in the 2008 Malware Challenge as part of his work for Flexilis. The contest involved taking a piece of provided malware, doing a thorough analysis of its behavior, and reporting the results. This wasn’t just to test the chops of the researchers, but also to demonstrate to network/system administrators how they could get into malware analysis themselves.
[Anthony] gives a good overview of how he created his entry (a more detailed PDF is here). First, he unpacked the malware using Ollydbg. Packers are used to obfuscate the actual malware code so that it’s harder for antivirus to pick it up. After taking a good look at the assembly, he executed the code. He used Wireshark to monitor the network traffic and determine what URL the malware was trying to reach. He changed the hostname to point at an IRC server he controlled. Eventually he would be able to issue botnet control commands directly to the malware. We look forward to seeing what next year’s contest will bring.
Make’s television series will be premiering on public television across the US over the next couple days. If it’s not showing in your area, you aren’t out of luck. All of the segments from the first episode have already been published online at makezine.tv.
[gamemaster87] put together this SNES wallet. It isn’t just a wallet, it also has internal lighting and theme music. He harvested LEDs from Christmas lights, switches and battery compartments from an old all in one joystick, and the sounds from a holiday card. There’s a Plexiglas window to show off his ID and a belt clip, because you wouldn’t want this thing in your back pocket. Match this up with the SNES clock, NES bike tail light, and the NES security system and you’ll be the king of the nintendorks.
[Steve] sent in this great step by step writeup on how to load Macintosh OSX onto an MSI wind. The MSI wind can be found pretty cheap, roughly $140. It has a 1.2Ghz Atom processor, SATA, and 6 USB ports. Its a pretty decent system for the price. Add a hard drive, DVD ROM and some RAM and you ‘ve got a complete system. You might have to update the bios to install the new operating system, there are more details about that on in the writeup. The only real drawback is that you have to run the USB in 12mbps mode instead of 480mbps.
There are lots of little tips to keep you from hitting roadblocks, so follow the steps closely or you’ll have to redo it. Since downloading the modified version of OSX is probably illegal, [steve] suggests that you go buy a copy of OSX just to try to balance it out.
[Tobias Engel] released a serious Nokia vulnerability today. By using a specially crafted SMS message, you can block the recipient from getting any future SMS messages. The attacker changes their Protocol Identifier to “Internet Electronic Mail” and then uses any email address 32 characters or more in their message. The recipient will receive no indication that they got the message and no other messages will be allowed until the phone is factory reset. You can see a demo video here. This affects many different varieties of S60 phones and no fix is known.
[Thanks fh]
