Security Hacks

1430 Articles

Ruckingenur II: Reverse Engineering Video Game

August 25, 2008 by 31 Comments


[Zach Barth] has released Ruckingenur II, the game of reverse engineering. The latest in his Games for Engineers series, it is a full game with multiple levels and live action cut scenes. Set with a military theme, the goal is to reverse engineer enemy items. Pictured above is a lock to a weapons cache.

The pixelized style is consistent throughout. Even the cut scenes have the effect. The reverse engineering is fun enough to keep you interested while you learn. There is an in game help system that keeps you on track as well. Our only suggestion is that he get some better costumes next time!

Subway Hacker Speaks

August 24, 2008 by 2 Comments


Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

Red Hat Confirms Security Breach

August 23, 2008 by 2 Comments


After a week of wondering, Red Hat has confirmed that someone broke in and compromised their security. Although It doesn’t appear the attacker was able to retrieve the passphrase used to sign Fedora packages, the team is switching to new keys. In a separate intrusion the attacker tampered with and signed OpenSSH packages for RHEL. While it’s good to get the full story, no one is happy how long it took Red Hat to release these details.

[via Zero Day]

[photo: afsilva]

The Underhanded Hardware Challenge

August 21, 2008 by 7 Comments

The Polytechnic Institute of NYU is hosting an interesting embedded systems contest. They’ve constructed a solid state cryptographic device that uses a 128-bit private key. Contestants will be tasked with designing and implementing several trojans into the system that will undermine the security. The system is built on a Digilent BASYS Spartan-3 FPGA board. The trojans could do a wide variety of things: transmitting unencrypted, storing and transmitting previously entered plain text, or just shutting down the system entirely. The modified devices still need to pass the factory testing procedure though, which will measure power consumption, code size, and function. After a qualification round, participants will be given the necessary hardware to compete.

[via NYC Resistor (Happy Birthday!)]

How To Hotwire Your Own Car

August 15, 2008 by 74 Comments

Ignition switch
Picture this scenario: it’s 2 AM, you’re stuck somewhere you’d rather not be, and you’ve lost your car keys. If you can’t call the Auto Club, what do you do? Hotwire your own car, of course. Wired.com has a wiki article detailing all the things you need to do to get that car running: how to identify which wires to connect, potential pitfalls of newer cars that require an RFID chip in the key, and so on. Of course, hotwiring a car that doesn’t belong to you is illegal, but this is one of those skills-like lockpicking-which just might come in handy in an emergency.

[Photo: D.B. Blas]

Antivirus Products Still Fail On Fresh Viruses

August 15, 2008 by 10 Comments


Many computer users rely on antivirus software from McAfee and Symantec to protect their computers from malware, worms, and viruses. Since the creation of viruses outpaces the protection abilities of the software, antivirus protection lags behind and may not be as secure as you think. [Gary Warner] provides some examples of current malware making the rounds that continue to be unaddressed by anti-virus vendors, including the recent “CNN Alerts: Breaking News” spam, which morphed into MSNBC alert spoofs. Our advice? Keep your antivirus software updated, but don’t believe that it will catch everything for you. Only open files from sources you know and trust.

[via Waxy]

Criminals Steal Credit Card Data Just By Wardriving

August 15, 2008 by 24 Comments

Anime doll holding VISA card
A federal grand jury in Boston has charged eleven people with the theft of more than 41 million credit and debit card numbers from retail stores. What makes this case interesting is that, although the defendants stole the data from retail establishments, they did so without ever having to leave their cars; they stole the numbers while wardriving. While the report doesn’t make it clear whether the targeted networks used weak encryption or were simply unsecured, it’s obvious that the security of your data is still not a top priority for many companies.

[photo: Mujitra]