security

483 Articles

System Admin Steals 20,000 Items From Work

October 2, 2008 by 32 Comments

Over the course of 10 years, [Victor Papagno] stole 19,709 pieces of equipment from the Naval Research Laboratory. He began taking stuff home in 1997 and had so much that he had to store some in a neighbors house. The report says that no secret technological information was taken.  Some items listed were CDs, hard drives, floppy disks, adding up to an estimated value of 1.6 million dollars. He could face up to two years in prison for this. We shudder to think of the total cost of all the post its, CDs, and floppy disks we’ve taken home over the years.

[via NetworkWorld]
[photo: Blude]

Remote Access Programs Are Good Security For Laptops

October 1, 2008 by 28 Comments

Don’t be [Gabriel Meija], the criminal pictured above. He stole [Jose Caceres]’ laptop, but didn’t realize that [Caceres] had installed a remote access program to track the activity on the laptop. Although the first few days were frustrating, as [Meija] didn’t seem to be using the laptop for anything but porn, [Caceres]’ luck turned when he noticed that an address was being typed in. [Caceres] turned the information over to police, who were able to find [Meija] and charge him with fourth-degree grand larceny. It’s not the first time that tech-savvy consumers have relied on remote access programs to capture the criminals who’ve stolen their computer equipment, and it certainly won’t be the last, as the technology becomes more readily available to consumers.

[via Obscure Store and Reading Room]

IPhone Forensics 101: Bypassing The Passcode

September 25, 2008 by 12 Comments

[youtube=http://www.youtube.com/watch?v=aaxSF9EOjxw]

Watch in wonder as forensics expert [Jonathan Zdziarski] takes you step by step through the process of bypassing the iPhone 3G’s passcode lock. Gasp in amazement as he creates a custom firmware bundle. [Jonathan], creator of NES.app a Nintendo emulator for the iPhone, is well respected for his work on opening the iPhone. In this presentation, he sheds some light on the forensics toolkit he helped develop for law enforcement agencies that we covered earlier.

LockCon Coming Soon

September 14, 2008 by 2 Comments

The Open Organisation Of Lockpickers (TOOOL) is planning a new annual gathering for lockpickers. October 9-12th they will hold the first ever LockCon in Sneek, Netherlands. The event was spawned from the Dutch Open lockpicking championships, but they’ve decided to expand beyond just competition into a full conference. This year the conference is limited to just 100 lockpickers, technicians, manufacturers, hackers, and law enforcement members. They’ll compete in picking competitions, safe manipulation, and key impressioning.

On a related note: Organizer [Barry Wels] just became the first non-German to win an SSDeV competition with his key impressioning skills. We covered key impressioning when we saw his talk about high security keys at The Last Hope. He says it’s only been about two years worth of study and 500 keys to become a master. He managed to open the lock in 5:13 filing two whole keys during that time.

[photo: Rija 2.0]

IPhone Screengrab Issues

September 13, 2008 by 8 Comments

This is unfortunately another story we missed out on while we were trying to keep things from burning down. We told you that [Jonathan Zdziarski] was going to demonstrate iPhone lock code bypassing in a webcast. The real surprise came when he pointed out that the iPhone takes a screenshot every time you use the home button. It does this so it can do the scaling animation. The image files are presumably deleted immediately, but as we’ve seen before it’s nearly impossible to guarantee deletion on a solid state device. There’s currently no way to disable this behavior. So, even privacy conscious people have no way to prevent their iPhone from filling up storage with screenshots of all their text message, email, and browsing activities. Hopefully Apple will address this problem just like they did with the previous secure erase issue. O’Reilly promises to publish the full webcast soon.

[via Gizmodo]

Voting Insecurities

September 12, 2008 by 13 Comments

[youtube=http://www.youtube.com/watch?v=SWDEZqqqBHE]

UCSB researchers demonstrated how disturbingly easy it is to hack into Sequoia’s e-voting systems and delete or add votes with little more than a USB key. Given the fact that recent elections have been very close, and this upcoming national one looks also to be decided by a close margin, it’s absolutely inexcusable that our voting systems could be so easily rigged. Not only that, Sequoia has fought hard against having its equipment tested and verified independently. Can we really afford to be using such insecure machines in democratic elections, when the risk of abuse is so great?

Continue reading “Voting Insecurities”

Israeli Hacker “the Analyzer” Arrested

September 6, 2008 by 4 Comments

The Israeli hacker [Ehud Tenenbaum], known as “the Analyzer”, was arrested along with 3 Canadians for allegedly hacking into a Calgary-based financial services company and withdrawing almost CDN $2 million. The arrests were the results of a months-long investigation by both the Canadian police and the U.S. Secret Service.  In 1998, [Tenenbaum] was accused of hacking into unclassified computer systems owned by NASA, and the Pentagon, among others. He is in custody without bail, although the three other suspects have been released on bond.

[thanks vor]