security

471 Articles

Anti-paparazzi Sunglasses

June 27, 2008 by 27 Comments

UPDATE: Video can also be found here.

Ah, the life of the work-a-day hacker: sure, it’s glamorous, but all the paparazzi dogging your every step can get unbearably stressful. Thankfully, you have a recourse with these anti-paparazzi sunglasses. They work by mounting two small infrared lights on the front. The wearer is completely inconspicuous to the human eye, but cameras only see a big white blur where your face should be.

Building them is a snap: just take a pair of sunglasses, attach two small but powerful IR LEDS to two pairs of wires, one wire per LED. Then attach the LEDs to the glasses; the video suggests making a hole in the rim of the glasses to embed the LEDs. Glue or otherwise affix the wires to the temples of the glasses. At the end of the temples, attach lithium batteries. They should make contact with the black wire, but the red wires should be left suspended near the batteries without making contact. When you put them on the red wire makes contact, turning the lights on. It’s functional, but we’re thinking that installing an on/off switch would be more elegant and it would allow you to wear them without depleting the batteries.

[via BoingBoing]

IronKey USB Key Has Military Grade Encryption

June 26, 2008 by 32 Comments


Plenty of USB storage keys are on the market, but Ironkey is the first to use military level encryption. Sold in 1GB, 2GB, and 4GB sizes, the key features a processor called the Cryptochip, which uses Public Key Cryptography ciphers linked to an online account to create encryption keys on the hardware. A Federal Information Processing standard 140-2 compliant true random number generator on the Cryptochip ensure that encryption keys are extremely secure and totally random.

Ironkeys come in different sizes, but there are also three different versions, each with unique features. The basic version has a very James Bond-esque feature to destroy the data on it in case of an emergency. The personal version is loaded with Firefox 3 with various addons that make browsing encrypted and anonymous. The enterprise version is made to order with no specific price on the IronKey site, just a form to order one built to your specifications. All of them support Windows, OS X, and a large amount of Linux distros, and they all come in tamper proof and water resistant cases with a brushed metal finish. We tend to think this level of security is overkill for the average person, but people can’t seem to get with our freewheeling approach to security; remember, we leave our WLAN open.

[via LinuxDevices]

IPhone 2.0 Adds Secure Wipe

June 25, 2008 by 6 Comments


AppleInsider is reporting that iPhone Software v2.0 will add a secure wipe feature. The screenshot above shows the text “This will take about an hour.” added to the normal erase feature. This time is used to overwrite data to the disk multiple times. The need for secure phone erasure came to light after a researcher was able to recover personal information from a refurbished iPhone using forensic tools. Since then, a few people have published techniques for obliterating personal data using either the GUI or the more thorough command line method. Remote wipe has also been added to the new firmware in case the phone is stolen. We’re happy to see security being made easily accessible to nontechnical users and expect that remote wipe will become standard on laptops in the future.

Citibank ATM PIN Heist Mystery Continues

June 24, 2008 by 12 Comments


For the last few months, the FBI have been investigating a breach of Citibank’s ATM transaction processing servers. We’ve seen credit card numbers get stolen before, but these compromised servers were used to collect card numbers and PINs as transactions took place. The group responsible hired people to write new cards and use them to make ATM withdrawals. The card makers would keep a percentage and launder the rest. This is just a very small part of story and the extent of the breach isn’t fully realised yet. Threat Level’s [Kevin Poulson] has the whole story on this disturbing situation.

[photo: Bryan Derballa]

Crawling + SQL Injection With Scrawlr

June 24, 2008 by 3 Comments

Scrawlr is the latest tool to come out of HP’s Web Security Research Group. It was built in response to the massive number of SQL injection attacks happening on the web this year. Most of these vulnerable sites are found through googling, so Scrawlr works the same way. Point it at your web server and it will crawl all of the pages and evaluate the URL parameters to see if they’re vulnerable to verbose injection. It reports the SQL server and table names if it comes across anything.

It only supports 1500 pages right now and can’t do authentication or blind injection. It’s still a free tool and a great way to identify if your site is vulnerable to automated tools finding you website via search engines.

[via Acidus]

How-To: Make An RGB Combination Door Lock (Part 2)

June 20, 2008 by 19 Comments


In part 1 we showed you how to build your own prototype RGB keypad. Today we’ll show off some new ideas we worked on to create the project and turn it from prototype to fully functional battle station er door lock.

Continue reading “How-To: Make An RGB Combination Door Lock (Part 2)”