security

471 Articles

Black Hat 2008: EFF Coders’ Rights Project Announced

August 6, 2008 by No comments

The EFF has just announce the creation of the Coders’ Rights Project website at the Black Hat conference. The sites’ main goal is to centralize legal information for coders, and to help protect important security work from legal actions that may be taken against them with the DMCA and other legal black holes. While this is in no way a fully comprehensive list of everything you need to know, it looks like a good place to start, and provides a few FAQs for suggestions on how to stay in the legal clear as much as possible. At numerous points the documents suggest you speak with a lawyer, if you have any deeper questions, which you absolutely should. This can be very helpful if a person or group finds a security risk, and wants to publish it, or just wants to start looking into possible security risks.

More On GIFAR

August 6, 2008 by 9 Comments


[pdp] provides some perspective on the news regarding the GIFAR attack developed by researchers at NGS Software. As he explains, the idea behind the attack, which basically relies on combining a JAR with other files is not new. Combining JAR/ZIP files with GIF/JPG files will create hybrid files with headers at both the top and bottom of the file and allow them to bypass any image manipulation library as valid files. While tightened security and more stringent file validation practices are advisable, the problem is larger than just a vulnerability in browser security. ZIP is an incredibly generic packing technology used everywhere, from Microsoft files to Open Office documents, and of course, in JAR files. He closes with, “any file format that is based on ZIP, you allow your users to upload on your server, can be used in an attack”

[photo: Jon Jacobsen]

Essential Bluetooth Hacking Tools

August 1, 2008 by 9 Comments

Security-Hacks has a great roundup of essential Bluetooth hacking tools. As they point out, Bluetooth technology is very useful for communication with mobile devices. However, it is also vulnerable to privacy and security invasions. Learning the ins and outs of these tools will allow you to familiarize yourself with Bluetooth vulnerabilities and strengths, and enable you to protect yourself from attackers. The list is separated into two parts – tools to detect Bluetooth devices, and tools to hack into Bluetooth devices. Check out BlueScanner, which will detect Bluetooth-enabled devices, and will extract as much information as possible from those devices. Other great tools to explore include BTCrawler, which scans for Windows Mobile devices, or Bluediving, which is a Bluetooth penetration suite, and offers some unique features like the ability to spoof Bluetooth addresses, and an L2CAP packet generator. Most of the tools are available for use with Linux platforms, but there are a few you can also use with Windows.

[via Digg]

Teenager Invents Vehicular Antitheft System

July 30, 2008 by 31 Comments

We are very inspired by the story of [Morris Mbetsa], an 18-year-old Kenyan who’s invented the “Block & Track”, an antitheft and tracking system for vehicles that’s phone-based. [Mbetsa] has no formal training, but he’s been a lifelong inventor and tinkerer. [Mbetsa] combined voice, DTMF, and SMS text messaging technologies with cellphone based services to allow the owner to control the vehicle’s electrical system remotely. The owner, using his cellphone, can take control of the ignition, and disable it at any time. Other features include the ability to lock the car remotely, and the capability of dialing into the car and listening in on any conversations taking place within the vehicle. [Mbetsa] is currently looking for funding to take his invention to the next level; we’re eager to see what he’ll come up with next.

[via Digg]

Lock Picking And Security Disclosure

July 28, 2008 by 5 Comments


Slate is running an interesting article about taking new security approaches to lock vulnerabilities. In the past, lock makers such as Medeco have been able to quietly update their product lines to strengthen their security, but as movements such as Locksport International gain popularity and lock picking videos on YouTube become dime a dozen, lock makers can no longer rely on security through obscurity. It’s no question that an increased interest in this field helps lock manufacturers to create more secure products, but because patching these flaws often means changing critical features of the lock, it becomes a very expensive game of cat-and-mouse.

Traditional lock picking has employed the use of picksets, like the credit card sized set given out sold at The Last HOPE, but more recent methods of lock hacking have used bump keys or even magnets. However, as manufacturers make their locks less susceptible to picking and bumping, not even high-security locks will ward off someone determined enough to create a copy of the key, either by observing the original or using impressioning, as [Barry Wels] covered in a recent talk at HOPE 2008.

Adeona: An Open Source Laptop Tracking System

July 26, 2008 by 24 Comments


Adeona is an open source internet-based laptop tracking system that is free to use. It’s available for Linux, OSX, and Windows XP/Vista. After installation, Adeona will submit at random intervals, anonymously encrypted updates on the computer’s location to servers on the Internet, specifically to OpenDHT, a free storage service. The information is kept on the servers for one week. If your laptop becomes lost or stolen, you can use the retrieval tool to access information about where your laptop was last used: the external IP address, internal IP address, and nearby routers. If your laptop is a Mac, you can also download isightcapture to grab a picture of the thief. Adeona is designed to protect against common criminals who may not have much technological knowledge, and does not have any protections against events such as disk wipes. The open source nature of Adeona’s system means that there’s ample opportunity to improve upon the release or add extensions. Here’s one user who really likes what he sees.

[via Schneier]

Five Plugins And Tips To Secure Your WordPress Blog

July 26, 2008 by 3 Comments


How do you protect your own blog from getting hacked? There’s never a foolproof answer, but with some added tools and caution, you can make your website a little safer from getting into harm’s way. Cats Who Code has five plug-ins and tips you can use to protect your WordPress install. Some of the tips are common sense advice that can apply to anything related to technology – such as making backups often and using strong passwords. Others include suggested plugins that can help you verify whether your WordPress install has any security holes, or small tricks to hide the version of WordPress you’re using. Do you have any useful plugins or tricks to share to keep your blog safe from hackers?

[via Digg]