MBTA Drops Lawsuit Against MIT Subway Hackers

December 23, 2008 by Eliot 8 Comments

The Massachusetts Bay Transit Authority (MBTA) has dropped its federal case against three MIT researchers, “the subway hackers”. This happened in October and now the EFF brings news that the students will be working with the MBTA to improve their system. The overall goal is to raise security while keeping expenses minimal.

This whole mess started in August when a gag order was issued against the students’ presentation at Defcon. It’s a shame no one ever saw it because it covers a lot of interesting ground. A PDF of the banned slides is still online. They performed several attacks against both the subway’s fare system and physical security. Our favorites by far were using GNU Radio to sniff the RFID card’s transaction and bruteforcing Mifare Classic with an FPGA.

Free Issue Of Hackin9

December 23, 2008 by Eliot 9 Comments

hackin9

Until midnight tonight, you can download a free copy of the 1/2008 issue of security magazine hackin9. It’s 84pages, 10.5MB, and requires you to provide an email address they don’t verify.

[via TaoSecurity]

Tor Hardware Privacy Adapter

December 21, 2008 by Eliot 33 Comments

hardwaretor

The Janus team have published a preview of their new Privacy Adapter. It’s a small two port router. You just plug it in-line between your computer/switch and your internet connection. It will then anonymize all of you traffic via the Tor network. You can also use it with OpenVPN. The hardware appears to be a Gumstix computer mounted to a daughtercard with two ethernet ports. It will have a web configuration just like a standard router. This looks like a great plug-n-play privacy device. The only improvement we would suggest is adding auto-detect so a crossover cable isn’t required.

Janus is responsible for JanusVM, a virtual machine designed to protect your privacy with technologies like Tor and OpenVPN.

[via @hdmoore]

Securing Your Data

December 20, 2008 by Eliot 6 Comments

Lifehacker has published an overview of some of the many ways you can secure your data. The post was prompted by recently released browser vulnerabilities: first IE, then Firefox. They cover techniques far beyond just browser security, like how to properly wipe your iPhone. They mention disk encryption go-to TrueCrypt along with password management tools like KeePass. They also suggest using temporary credit cards to mitigate the impact of fraud.

[photo: Rija 2.0]

PS3 Home Hacking

December 15, 2008 by Eliot 21 Comments

ps3

Last week Sony launched the public beta of Home, their virtual world for the PlayStation 3. It wasn’t met with much fanfare and has proven to be quite buggy. Many were less than charmed by scarcity being ported to the virtual world. Others took it upon themselves to hack the service. Connections between the user’s home console and Sony’s server are unencrypted. You can sniff the requests and responses off the wire and modify them live. It seems you need the console to establish the initial connection, but after that you’re free to use builtin tools like Download.jsp, UploadFileServlet, and Delete.jsp to modify any file on the host server. You can also set up a proxy server to modify content, but that will only affect what your console sees.

[photo: nic0]

[via Joystiq]

Acrylic Tumbler Lock

December 9, 2008 by Eliot 21 Comments

acrylictumbler

Sometimes describing how a lock actually works can be the hardest part of teaching someone about lockpicking. [Mike Gee] has designed an acrylic lock that may just be the ticket for these situations. All of the pieces are cut from clear acrylic. As you insert the key, you can see it raise the four pins up to the shear line. He says that it will definitely take some tweaking as you assemble it to get it to function smoothly. Embedded below is a video of the lock in use. You can find plans on Thingiverse.

Continue reading “Acrylic Tumbler Lock” →

Nintendo Keyless Entry

December 8, 2008 by Caleb Kraft 17 Comments

[youtube=http://www.youtube.com/watch?v=bUm7daf36Mk]

The Nintendo keyless entry system will vigilantly guard your door from intruders. Enter the right code and you get access, enter the wrong code and it will deny you and take your picture. [action_owl] did a fantastic job on this lock, using mainly recycled parts like an old CDRom and an Arduino. It works both with or without the computer. If you choose not to use the computer, you don’t get pictures of the people who entered the code wrong.

We like this project, but we feel it needs to be pointed out that this lock is pretty useless. Everyone already knows the code to get in is UP, UP, DOWN, DOWN, LEFT, RIGHT, LEFT, RIGHT, B, A.