A fake ATM machine, set to capture ATM information was found at Defcon 17 in vegas this year. Its design has a tinted plastic window at the top which attendees noticed had a computer in it. It was quickly removed by the police. Is this an amazing coincidence? We doubt it. Someone probably knew exactly who was going to be there and either wanted to scam some hackers or just wanted to have some fun.
With DEFCON and Black Hat going on, a lot of security issues are being made public. This year, cellphones have been a larger target than before. More and more people are carrying complex smartphones that have more ways to go wrong. Even worse, since phones are tied to a billed account, it is possible for malicious software to charge phones discreetly. However, Flexilis promises to keep your phone safe. It’s a free mobile anti-virus that works on most smartphones and PDAs with more clients in the works. It also provides easy backup and recovery options, as well as the ability to wipe the phone if it’s lost. The phone makers really need to fix the probelms, but in the meantime Flexilis can provide a quick response.
[via WSJ Digits]
For day two of Black Hat, we sat in on on [Joe Grand], [Jacob Appelbaum], and [Chris Tarnovsky]’s study of the electronic parking meter industry. They decided to study parking meters because they are available everywhere, but rarely considered from a security perspective.
[Don] had some Serial RFID readers that he needed to work and be powered by USB. He went out and purchased a simple serial to USB converter, but was left with the problem of the operating voltage. He supplies the schematics on his site for his solution. Basically he gutted the converter and integrated it all with the appropriate voltage broken out. The final project is nice, using the serial to USB convert as the project box and even including a nice LED to show when an RFID tag has been read.
Update: The video of [Moxie]’s presentation is now online.
[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.
Continue reading “Black Hat 2009: Breaking SSL With Null Characters”
[youtube=http://www.youtube.com/watch?v=5pSsLnNJIa4]
The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is [Paco Hope]’s 50 Ways to Inject Your SQL. While a strong entry, it doesn’t touch last year’s winner Kaspersky & Me: “Packin’ The K!”.
[Carlito] found a safe in his garage with mystery contents. It shows signs of attempted entry and makes interesting noises when shaken. What is the best solution to find out what is inside? Hack it open? Smash it? Blow it up? No, the best solution is to build a robot to try brute force cracking. The robot, housed in an old power supply case, is little more than a servo and a servo controller, communicating with his PC via USB. It seems like a good idea though. Unfortunately, he found it to be seriously lacking in torque, so he’s waiting now to upgrade. The contents of the safe are still a mystery.
[thanks ubernoober1477]
