security

471 Articles

Voting Insecurities

September 12, 2008 by 13 Comments

[youtube=http://www.youtube.com/watch?v=SWDEZqqqBHE]

UCSB researchers demonstrated how disturbingly easy it is to hack into Sequoia’s e-voting systems and delete or add votes with little more than a USB key. Given the fact that recent elections have been very close, and this upcoming national one looks also to be decided by a close margin, it’s absolutely inexcusable that our voting systems could be so easily rigged. Not only that, Sequoia has fought hard against having its equipment tested and verified independently. Can we really afford to be using such insecure machines in democratic elections, when the risk of abuse is so great?

Continue reading “Voting Insecurities”

Israeli Hacker “the Analyzer” Arrested

September 6, 2008 by 4 Comments

The Israeli hacker [Ehud Tenenbaum], known as “the Analyzer”, was arrested along with 3 Canadians for allegedly hacking into a Calgary-based financial services company and withdrawing almost CDN $2 million. The arrests were the results of a months-long investigation by both the Canadian police and the U.S. Secret Service.  In 1998, [Tenenbaum] was accused of hacking into unclassified computer systems owned by NASA, and the Pentagon, among others. He is in custody without bail, although the three other suspects have been released on bond.

[thanks vor]

Bypassing The IPhone Passcode Lock In Live Webcast

September 6, 2008 by 11 Comments

[Jonathan Zdziarski], a data forensics expert and iPhone hacker, will demonstrate in a live O’Reilly webcast on September 11, 2008, how to bypass the iPhone passcode lock security. Although the presentation is targeted towards law enforcement, it will probably viewed by a lot of hackers and geeks, who could use the information for good or evil. It also doesn’t strike us as very good security if the iPhone passcode is easily bypassed. Then what’s the point of having one?

[via Gizmodo]

Testing IR Camera Blocking

August 27, 2008 by 37 Comments

[youtube=http://www.youtube.com/watch?v=0u5hAfnq2-4&hl=en&fs=1&rel=0][randy] from F.A.T. tested the theory that infrared LEDs can actually hide you from the prying eyes of surveillance cameras. We’ve previously covered camouflage, IR, and other suggestions for eluding the cameras, but haven’t taken to sewing stuff onto our clothes yet. [randy] lined his hoodie with high-intensity infrared LEDs, hoping to create a halo effect that would hide his head, and tested his results. Unfortunately, his efforts were unsuccessful. He tested many many different combinations and we’re confident in his conclusion that it would be very hard to make this work.

Customers Make VoIP Calls On American Airlines Flights

August 26, 2008 by 13 Comments


Less than a week after American Airlines introduced in-flight internet, hackers have already figured out how to use the system to make VoIP calls in a few easy steps with Phweet, a Twitter application. While the network blocks most VoIP services, Phweet can connect two people using a Flash app. Aircell, the company responsible for the system, is aware of the oversight, but it remains to be seen whether this little loophole will be fixed in a timely manner. Meanwhile, we encourage those of you who do fly on American Airlines to avoid making those phone calls; your neighbor would probably appreciate it.

[via Digg]

Red Hat Confirms Security Breach

August 23, 2008 by 2 Comments


After a week of wondering, Red Hat has confirmed that someone broke in and compromised their security. Although It doesn’t appear the attacker was able to retrieve the passphrase used to sign Fedora packages, the team is switching to new keys. In a separate intrusion the attacker tampered with and signed OpenSSH packages for RHEL. While it’s good to get the full story, no one is happy how long it took Red Hat to release these details.

[via Zero Day]

[photo: afsilva]

The Underhanded Hardware Challenge

August 21, 2008 by 7 Comments

The Polytechnic Institute of NYU is hosting an interesting embedded systems contest. They’ve constructed a solid state cryptographic device that uses a 128-bit private key. Contestants will be tasked with designing and implementing several trojans into the system that will undermine the security. The system is built on a Digilent BASYS Spartan-3 FPGA board. The trojans could do a wide variety of things: transmitting unencrypted, storing and transmitting previously entered plain text, or just shutting down the system entirely. The modified devices still need to pass the factory testing procedure though, which will measure power consumption, code size, and function. After a qualification round, participants will be given the necessary hardware to compete.

[via NYC Resistor (Happy Birthday!)]