Security Hacks

1540 Articles

BIOS Password Cracking

October 7, 2010 by 45 Comments

[Dogbert] took a look at the security that goes into BIOS passwords on many laptops. He starts off with a little background about how the systems work. People are bound to forget their passwords, so when you enter a wrong one three times in a row you get a message similar to the one above that locks you out until all power is removed from the system (then you get three more tries). But check out that five-digit number in the picture. That’s a checksum of the password. Some BIOS versions display it automatically, some require you to hold down a certain key during POST, but it’s the pivotal data needed to crack the password.

[Dogbert’s] post doesn’t go into verbose detail about the algorithms he uses to brute force the passwords. But he has posted the Python scripts he uses to do so. Learning how to generate the passwords based on the checksum is as simple as studying the code, which is often the best way to learn.

Arduino, RFID, And You

October 7, 2010 by 13 Comments

[Matt] has mixed up a batch of two RFID reading door lock systems. While the “door lock” part of the setup has yet to come into existence, the “RFID reading” section is up and running. By using the Parallax RFID readers (for cheap, remember?) and an Arduino, [Matt] is able to parse an RFID tag, look its number up in a database, and then have a computer announce “Access Denied” in a creamy “Douglas Adam’s sliding door of Hitchiker’s Guide” kind of way with Python.

Good books aside, catch a not as exciting as you’re thinking video after the jump.

Continue reading “Arduino, RFID, And You”

Cheap(er) Biometric Gun Safe

October 5, 2010 by 30 Comments

[Greg] sent in his biometric pistol safe lock. He keeps his guide light on details so not every Joe can crack the system (there is a thread to sift through if you really wanted to), but the idea runs fairly simple anyway. [Greg] took an old garage door opening fingerprint scanner and wired it into a half broken keypad based pistol safe. While he did have some issues finding a signal that only fired when the correct fingerprint is scanned, a little magic with a CMOS HEX inverter fixed that problem quick.

This does bring one question to our minds, are fingerprint scanners as easy to crack as fingerprint readers?

You’re Stealing It Wrong: A Speech By Jason Scott

October 1, 2010 by 22 Comments

slipped disk in all of his glory

[Jason Scott], data historian extraordinaire gave this fantastic speech at Defcon 18 about the history of inter-pirate piracy. At an hour long, it is an enthralling journey through computer history, especially pertaining to piracy. Take a seat, no matter how much you know about security and piracy, you are likely to learn a few things. We find the lesser discussed issues like pirates stealing other pirates work interesting, as well as the part where pirates have to crack really boring software to have a release when there’s nothing better out there. Also worth noting, according to [Jason], the demoscene evolved from the little opening sequences from cracks. There are just too many interesting aspects to note here, even some porn related stories during the BBS days.

This is a great lesson from someone who is both knowledgeable and entertaining. [Jason] teaches this stuff without ever sounding stuffy, boring, or overly technical. Catch the video after the break.

Continue reading “You’re Stealing It Wrong: A Speech By Jason Scott”

GPU Processing And Password Cracking

September 27, 2010 by 53 Comments

Recently, research students at Georgia Tech released a report outlining the dangers that GPUs pose to the current state of password security. There are a number of ways to crack a password, all with their different pros and cons, but when it comes down to it, the limiting factor in all of these methods is processing complexity. The more operations that need to be run, the longer it takes, and the less useful each tool is for cracking passwords. In the past, most recommendations for password security revolved around making sure your password wasn’t something predictable, such as “password” or your birthday. With today’s (and tomorrows) GPUs, this may no longer be enough.

Continue reading “GPU Processing And Password Cracking”

DRM Causes Vulnerabilities

September 26, 2010 by 26 Comments

This image is from Microsoft's DRM page.

We often hear people touting the evilness of DRM, but usually they are talking about the idea of ownership. In this case, DRM is actually causing harm. It turns out that Microsoft’s msnetobj.dll, which is supposed to enforce DRM on your computer, stopping you from doing certain things like saving files you don’t “own” is open to 3 attacks.  Vulnerable to buffer overflow, integer overflow, and denial of service, this sucker is riddled with issues.

The vulnerabilities in this file aren’t groundbreaking. Buffer overflow is a common method to get to many systems. The problem here, according to some commenters at BoingBoing, is the fact that this DLL is called every time you open a media file.

[via BoingBoing]

Portable Password Vault

September 26, 2010 by 38 Comments

This little box remembers all of your user names and passwords. Inside you’ll find an Atmel AT89S5131 microcontroller which has built-in USB capability. When the box is plugged into a USB port it identifies as a keyboard. Manipulating the buttons on the top and side will select and print out various stored usernames and passwords. Passwords are generated on-chip from a random seed and the device itself requires a passcode after power up as a security feature.

[SigFLUP’s] included a pretty nifty configuration algorithm. It doesn’t rely on a terminal connection, since the device is a keyboard you can communicate with it in an editor window (which should make it platform independent). There’s no code available, but trying to write your own to the spec outlined in the demo after the break will make for a fun weekend project.

Continue reading “Portable Password Vault”