Tunneling IP Traffic Over ICMP

August 21, 2009 by Matt Schulz 21 Comments

icmptx

We all hate it when we find an unencrypted WiFi network at our favorite coffee shop, restaurant, airport, or other venue, only to discover that there are traffic restrictions. Most limited networks allow HTTP and HTTPS traffic only, or so is the common misconception. In the majority of cases, ICMP traffic is also allowed, permitting the users to ping websites and IP addresses. You may be asking, “Ok, so why does that matter?” Well, all of your IP traffic can be piped through an ICMP tunnel, disguising all your surfing as simple ping packets. [Thomer] has a detailed guide on how to create and utilize such a tunnel using ICMPTX. So the next time you are at the local cafe and want to fire up VLC to watch TV shows from your home PC, give this guide a quick read.

Quick And Dirty Magnetic Card Reader

August 19, 2009 by Caleb Kraft 13 Comments

card

[nevdull] found himself in possession of a magnetic card reader. What else was he to do but show us all how to read from it using an AVR? He goes through the basics of how the card reader works, as well as how to detect the different card states such as entering, reading, leaving. There is source code to download to try for yourself, but unless you have the same reader, you’ll have to do some modifications. While this doesn’t get you all the way to reading the complete content off of the card, its a great start. Maybe you guys can help him finish up the last bits.

Streamfile Encrypted File Drop

August 17, 2009 by Eliot 16 Comments

streamfile

There are myriad file transfer services on the web. Streamfile tries to set itself apart by providing a unique secure service. Their file upload system is all JavaScript and doesn’t rely on Flash. It uses SSL to secure the file transport. As soon as you start uploading the file, you can hand the link off to your recipient and they can start downloading without waiting for the upload to complete. The free limit is 150MB, but their PRO service allows 2GB files.

[via Download Squad]

Tatjana Van Vark

August 13, 2009 by Caleb Kraft 49 Comments

scanplatfs1

Go to this site and you’ll be greeted by a crazy looking woman wielding a giant egg and a blunt object that looks like Jupiter with mischief in her eyes. This is Tatjana van Vark. Her library of projects ranges from the mundane such as a couple of incandescent lamps, to a fully functional Antikythera mechanism. As you browse around at things like her one of a kind cipher based on the enigma machine and her inertial navigator platform shown above, you’ll find the quality of her work astounding. Randomly peppered haikus give us a brief glimpse into her mind as we look at, literally decades, of amazing work. We’re sure many of you are drooling at the thought of some build details, but you’ll have to work for it. Decipher the haiku on the coding machine’s page for the build details… if you can.

[thanks Verimius]

Malicious ATM Found At Defcon 17

August 4, 2009 by Caleb Kraft 49 Comments

atm

A fake ATM machine, set to capture ATM information was found at Defcon 17 in vegas this year. Its design has a tinted plastic window at the top which attendees noticed had a computer in it. It was quickly removed by the police. Is this an amazing coincidence? We doubt it. Someone probably knew exactly who was going to be there and either wanted to scam some hackers or just wanted to have some fun.

Smartphone Anti-virus Software

August 1, 2009 by Zach Banks 37 Comments

cracked

With DEFCON and Black Hat going on, a lot of security issues are being made public. This year, cellphones have been a larger target than before. More and more people are carrying complex smartphones that have more ways to go wrong. Even worse, since phones are tied to a billed account, it is possible for malicious software to charge phones discreetly. However, Flexilis promises to keep your phone safe. It’s a free mobile anti-virus that works on most smartphones and PDAs with more clients in the works. It also provides easy backup and recovery options, as well as the ability to wipe the phone if it’s lost. The phone makers really need to fix the probelms, but in the meantime Flexilis can provide a quick response.

[via WSJ Digits]

Black Hat 2009: Parking Meter Hacking

July 30, 2009 by Eliot 53 Comments

For day two of Black Hat, we sat in on on [Joe Grand], [Jacob Appelbaum], and [Chris Tarnovsky]’s study of the electronic parking meter industry. They decided to study parking meters because they are available everywhere, but rarely considered from a security perspective.

Continue reading “Black Hat 2009: Parking Meter Hacking” →