LockCon Coming Soon

September 14, 2008 by Eliot 2 Comments

The Open Organisation Of Lockpickers (TOOOL) is planning a new annual gathering for lockpickers. October 9-12th they will hold the first ever LockCon in Sneek, Netherlands. The event was spawned from the Dutch Open lockpicking championships, but they’ve decided to expand beyond just competition into a full conference. This year the conference is limited to just 100 lockpickers, technicians, manufacturers, hackers, and law enforcement members. They’ll compete in picking competitions, safe manipulation, and key impressioning.

On a related note: Organizer [Barry Wels] just became the first non-German to win an SSDeV competition with his key impressioning skills. We covered key impressioning when we saw his talk about high security keys at The Last Hope. He says it’s only been about two years worth of study and 500 keys to become a master. He managed to open the lock in 5:13 filing two whole keys during that time.

[photo: Rija 2.0]

IPhone Screengrab Issues

September 13, 2008 by Eliot 8 Comments

This is unfortunately another story we missed out on while we were trying to keep things from burning down. We told you that [Jonathan Zdziarski] was going to demonstrate iPhone lock code bypassing in a webcast. The real surprise came when he pointed out that the iPhone takes a screenshot every time you use the home button. It does this so it can do the scaling animation. The image files are presumably deleted immediately, but as we’ve seen before it’s nearly impossible to guarantee deletion on a solid state device. There’s currently no way to disable this behavior. So, even privacy conscious people have no way to prevent their iPhone from filling up storage with screenshots of all their text message, email, and browsing activities. Hopefully Apple will address this problem just like they did with the previous secure erase issue. O’Reilly promises to publish the full webcast soon.

[via Gizmodo]

Voting Insecurities

September 12, 2008 by Kimberly Lau 13 Comments

[youtube=http://www.youtube.com/watch?v=SWDEZqqqBHE]

UCSB researchers demonstrated how disturbingly easy it is to hack into Sequoia’s e-voting systems and delete or add votes with little more than a USB key. Given the fact that recent elections have been very close, and this upcoming national one looks also to be decided by a close margin, it’s absolutely inexcusable that our voting systems could be so easily rigged. Not only that, Sequoia has fought hard against having its equipment tested and verified independently. Can we really afford to be using such insecure machines in democratic elections, when the risk of abuse is so great?

Continue reading “Voting Insecurities” →

Israeli Hacker “the Analyzer” Arrested

September 6, 2008 by Kimberly Lau 4 Comments

The Israeli hacker [Ehud Tenenbaum], known as “the Analyzer”, was arrested along with 3 Canadians for allegedly hacking into a Calgary-based financial services company and withdrawing almost CDN $2 million. The arrests were the results of a months-long investigation by both the Canadian police and the U.S. Secret Service. In 1998, [Tenenbaum] was accused of hacking into unclassified computer systems owned by NASA, and the Pentagon, among others. He is in custody without bail, although the three other suspects have been released on bond.

[thanks vor]

Bypassing The IPhone Passcode Lock In Live Webcast

September 6, 2008 by Kimberly Lau 11 Comments

[Jonathan Zdziarski], a data forensics expert and iPhone hacker, will demonstrate in a live O’Reilly webcast on September 11, 2008, how to bypass the iPhone passcode lock security. Although the presentation is targeted towards law enforcement, it will probably viewed by a lot of hackers and geeks, who could use the information for good or evil. It also doesn’t strike us as very good security if the iPhone passcode is easily bypassed. Then what’s the point of having one?

[via Gizmodo]

Testing IR Camera Blocking

August 27, 2008 by Kimberly Lau 37 Comments

[youtube=http://www.youtube.com/watch?v=0u5hAfnq2-4&hl=en&fs=1&rel=0][randy] from F.A.T. tested the theory that infrared LEDs can actually hide you from the prying eyes of surveillance cameras. We’ve previously covered camouflage, IR, and other suggestions for eluding the cameras, but haven’t taken to sewing stuff onto our clothes yet. [randy] lined his hoodie with high-intensity infrared LEDs, hoping to create a halo effect that would hide his head, and tested his results. Unfortunately, his efforts were unsuccessful. He tested many many different combinations and we’re confident in his conclusion that it would be very hard to make this work.

Customers Make VoIP Calls On American Airlines Flights

August 26, 2008 by Kimberly Lau 13 Comments

Less than a week after American Airlines introduced in-flight internet, hackers have already figured out how to use the system to make VoIP calls in a few easy steps with Phweet, a Twitter application. While the network blocks most VoIP services, Phweet can connect two people using a Flash app. Aircell, the company responsible for the system, is aware of the oversight, but it remains to be seen whether this little loophole will be fixed in a timely manner. Meanwhile, we encourage those of you who do fly on American Airlines to avoid making those phone calls; your neighbor would probably appreciate it.