[Don] had some Serial RFID readers that he needed to work and be powered by USB. He went out and purchased a simple serial to USB converter, but was left with the problem of the operating voltage. He supplies the schematics on his site for his solution. Basically he gutted the converter and integrated it all with the appropriate voltage broken out. The final project is nice, using the serial to USB convert as the project box and even including a nice LED to show when an RFID tag has been read.
Update: The video of [Moxie]’s presentation is now online.
[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.
Continue reading “Black Hat 2009: Breaking SSL With Null Characters”
[youtube=http://www.youtube.com/watch?v=5pSsLnNJIa4]
The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is [Paco Hope]’s 50 Ways to Inject Your SQL. While a strong entry, it doesn’t touch last year’s winner Kaspersky & Me: “Packin’ The K!”.
[Carlito] found a safe in his garage with mystery contents. It shows signs of attempted entry and makes interesting noises when shaken. What is the best solution to find out what is inside? Hack it open? Smash it? Blow it up? No, the best solution is to build a robot to try brute force cracking. The robot, housed in an old power supply case, is little more than a servo and a servo controller, communicating with his PC via USB. It seems like a good idea though. Unfortunately, he found it to be seriously lacking in torque, so he’s waiting now to upgrade. The contents of the safe are still a mystery.
[thanks ubernoober1477]
Hardware Keylogger solutions has released the plans and files for their wireless logger. It has a range of about 50 yard between the transmitting dongle and the receiver. It is based around an Atmel AT91SAM7S64 and the PCB is pretty tiny. In case you hadn’t noticed yet, they sell them as well. The cool thing about this is that key data is transmitted in real time, allowing you to see it as it happens instead of having to go retreive the log physically like you used to.
Last month, in preparation for Defcon 17, the qualifiers were held for capture the flag, one of Defcon’s most well known events. One participant, [mongii], did a writeup on how to solve problem B300. The challenge was to find the decryption key used by a program that had several twists that hindered debugging. After grappling with self-modifying code and junk instructions, the team was finally able to find the answer. This win helped Sapheads place in the top 10. Over at xchng.info, they are collecting solutions to the other problems. Sadly, they’re not all in comic form.
Maxim’s iButtons, which are small ICs in button-sized disks, are starting to show up in more and more places. They have a range of uses, from temperature loggers to identification, and all use the 1-wire protocol to communicate. Over a furrtek, they hacked an iButton used for buying things from vending machines and created an infinite money cheat. They built a small rig based on the ATmega8 to read and write data to the chip. The data was encrypted, so it wasn’t feasible to put an arbitrary amount on the card. Instead, they used a similar technique to the Boston subway hack and restored a previous state to the iButton after something was bought. They also created a hand-held device to backup and restore the contents of a button for portable hacking.
[Thanks furrtek]
