Intel 4004 Internals

January 9, 2009 by Eliot 15 Comments

The silicon wizards at Flylogic have certainly posted an interesting chip this time around. The Intel 4004 was the first widely used microprocessor. The logic gates are much larger than you’d find in modern chips. The unique feature is that each gate is designed to make the most efficient use of the silicon instead of the standardized shapes you find now. They’ve uploaded a full image of the chip.

For an introduction to silicon hacking, we reccomend [bunnie]’s talk from Toorcon and [Karsten]’s talk from 24C3. You can find many more posts on the topic in our silicon tag.

Brute Force Attack On Twitter

January 7, 2009 by Caleb Kraft 22 Comments

[youtube=http://www.youtube.com/watch?v=IKNbggNJMVI]

Wired Threat Level has posted an interview with the hacker who recently broke into several high profile twitter accounts, such as Fox News, and Barack Obama. Since we know how much you all love twitter, we thought you might want to learn more about it. Apparently he used a brute force method to get into a member of the support team. The password was “happiness” which was cracked pretty quickly. This might be a good time to review your own strategies to prevent brute force attacks.

The Malware Challenge

January 3, 2009 by Eliot 15 Comments

malware

Our own [Anthony Lineberry] has written up his experience participating in the 2008 Malware Challenge as part of his work for Flexilis. The contest involved taking a piece of provided malware, doing a thorough analysis of its behavior, and reporting the results. This wasn’t just to test the chops of the researchers, but also to demonstrate to network/system administrators how they could get into malware analysis themselves.

[Anthony] gives a good overview of how he created his entry (a more detailed PDF is here). First, he unpacked the malware using Ollydbg. Packers are used to obfuscate the actual malware code so that it’s harder for antivirus to pick it up. After taking a good look at the assembly, he executed the code. He used Wireshark to monitor the network traffic and determine what URL the malware was trying to reach. He changed the hostname to point at an IRC server he controlled. Eventually he would be able to issue botnet control commands directly to the malware. We look forward to seeing what next year’s contest will bring.

25C3: Nokia Exploit Stops All Inbound SMS

December 30, 2008 by Eliot 21 Comments

[Tobias Engel] released a serious Nokia vulnerability today. By using a specially crafted SMS message, you can block the recipient from getting any future SMS messages. The attacker changes their Protocol Identifier to “Internet Electronic Mail” and then uses any email address 32 characters or more in their message. The recipient will receive no indication that they got the message and no other messages will be allowed until the phone is factory reset. You can see a demo video here. This affects many different varieties of S60 phones and no fix is known.

[Thanks fh]

25C3: Hackers Completely Break SSL Using 200 PS3s

December 30, 2008 by Eliot 78 Comments

A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.

Continue reading “25C3: Hackers Completely Break SSL Using 200 PS3s” →

25C3: CTF Dominated By Iphone-dev Team, HackMii

December 30, 2008 by Eliot 4 Comments

25c3ctf

While we had been excited about 25C3’s CTF competition, we couldn’t even venture a guess as to who would win. It seems the iphone-dev team weren’t satisfied to just give an amazing talk. They teamed up with the Wii hackers from HackMii to win the competition. You can see their progress during the eight hour competition above in red. It’s impressive to see hardware hackers jumping over to network security AND completely killing at it.

Surviving A Hacker Conference

December 25, 2008 by Eliot 14 Comments

concrowd

With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.