Smartphone Anti-virus Software

August 1, 2009 by Zach Banks 37 Comments

cracked

With DEFCON and Black Hat going on, a lot of security issues are being made public. This year, cellphones have been a larger target than before. More and more people are carrying complex smartphones that have more ways to go wrong. Even worse, since phones are tied to a billed account, it is possible for malicious software to charge phones discreetly. However, Flexilis promises to keep your phone safe. It’s a free mobile anti-virus that works on most smartphones and PDAs with more clients in the works. It also provides easy backup and recovery options, as well as the ability to wipe the phone if it’s lost. The phone makers really need to fix the probelms, but in the meantime Flexilis can provide a quick response.

[via WSJ Digits]

Black Hat 2009: Parking Meter Hacking

July 30, 2009 by Eliot 53 Comments

For day two of Black Hat, we sat in on on [Joe Grand], [Jacob Appelbaum], and [Chris Tarnovsky]’s study of the electronic parking meter industry. They decided to study parking meters because they are available everywhere, but rarely considered from a security perspective.

Continue reading “Black Hat 2009: Parking Meter Hacking” →

Lazy Man’s USB RFID Reader

July 30, 2009 by Caleb Kraft 12 Comments

c_674_usbrfid5 (Custom)

[Don] had some Serial RFID readers that he needed to work and be powered by USB. He went out and purchased a simple serial to USB converter, but was left with the problem of the operating voltage. He supplies the schematics on his site for his solution. Basically he gutted the converter and integrated it all with the appropriate voltage broken out. The final project is nice, using the serial to USB convert as the project box and even including a nice LED to show when an RFID tag has been read.

Black Hat 2009: Breaking SSL With Null Characters

July 29, 2009 by Eliot 25 Comments

Update: The video of [Moxie]’s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.

Continue reading “Black Hat 2009: Breaking SSL With Null Characters” →

Pwnie Award Nominees 2009

July 21, 2009 by Eliot 9 Comments

[youtube=http://www.youtube.com/watch?v=5pSsLnNJIa4]

The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is [Paco Hope]’s 50 Ways to Inject Your SQL. While a strong entry, it doesn’t touch last year’s winner Kaspersky & Me: “Packin’ The K!”.

Gentle Safe Cracker

July 21, 2009 by Caleb Kraft 51 Comments

Safe_Cracker2 (Custom)

[Carlito] found a safe in his garage with mystery contents. It shows signs of attempted entry and makes interesting noises when shaken. What is the best solution to find out what is inside? Hack it open? Smash it? Blow it up? No, the best solution is to build a robot to try brute force cracking. The robot, housed in an old power supply case, is little more than a servo and a servo controller, communicating with his PC via USB. It seems like a good idea though. Unfortunately, he found it to be seriously lacking in torque, so he’s waiting now to upgrade. The contents of the safe are still a mystery.

[thanks ubernoober1477]

Build A Wireless Keylogger

July 17, 2009 by Caleb Kraft 17 Comments

wireless_keylogger_schematics (Custom)

Hardware Keylogger solutions has released the plans and files for their wireless logger. It has a range of about 50 yard between the transmitting dongle and the receiver. It is based around an Atmel AT91SAM7S64 and the PCB is pretty tiny. In case you hadn’t noticed yet, they sell them as well. The cool thing about this is that key data is transmitted in real time, allowing you to see it as it happens instead of having to go retreive the log physically like you used to.