security

483 Articles

Essential Bluetooth Hacking Tools

August 1, 2008 by 9 Comments

Security-Hacks has a great roundup of essential Bluetooth hacking tools. As they point out, Bluetooth technology is very useful for communication with mobile devices. However, it is also vulnerable to privacy and security invasions. Learning the ins and outs of these tools will allow you to familiarize yourself with Bluetooth vulnerabilities and strengths, and enable you to protect yourself from attackers. The list is separated into two parts – tools to detect Bluetooth devices, and tools to hack into Bluetooth devices. Check out BlueScanner, which will detect Bluetooth-enabled devices, and will extract as much information as possible from those devices. Other great tools to explore include BTCrawler, which scans for Windows Mobile devices, or Bluediving, which is a Bluetooth penetration suite, and offers some unique features like the ability to spoof Bluetooth addresses, and an L2CAP packet generator. Most of the tools are available for use with Linux platforms, but there are a few you can also use with Windows.

[via Digg]

Teenager Invents Vehicular Antitheft System

July 30, 2008 by 31 Comments

We are very inspired by the story of [Morris Mbetsa], an 18-year-old Kenyan who’s invented the “Block & Track”, an antitheft and tracking system for vehicles that’s phone-based. [Mbetsa] has no formal training, but he’s been a lifelong inventor and tinkerer. [Mbetsa] combined voice, DTMF, and SMS text messaging technologies with cellphone based services to allow the owner to control the vehicle’s electrical system remotely. The owner, using his cellphone, can take control of the ignition, and disable it at any time. Other features include the ability to lock the car remotely, and the capability of dialing into the car and listening in on any conversations taking place within the vehicle. [Mbetsa] is currently looking for funding to take his invention to the next level; we’re eager to see what he’ll come up with next.

[via Digg]

Lock Picking And Security Disclosure

July 28, 2008 by 5 Comments


Slate is running an interesting article about taking new security approaches to lock vulnerabilities. In the past, lock makers such as Medeco have been able to quietly update their product lines to strengthen their security, but as movements such as Locksport International gain popularity and lock picking videos on YouTube become dime a dozen, lock makers can no longer rely on security through obscurity. It’s no question that an increased interest in this field helps lock manufacturers to create more secure products, but because patching these flaws often means changing critical features of the lock, it becomes a very expensive game of cat-and-mouse.

Traditional lock picking has employed the use of picksets, like the credit card sized set given out sold at The Last HOPE, but more recent methods of lock hacking have used bump keys or even magnets. However, as manufacturers make their locks less susceptible to picking and bumping, not even high-security locks will ward off someone determined enough to create a copy of the key, either by observing the original or using impressioning, as [Barry Wels] covered in a recent talk at HOPE 2008.

Adeona: An Open Source Laptop Tracking System

July 26, 2008 by 24 Comments


Adeona is an open source internet-based laptop tracking system that is free to use. It’s available for Linux, OSX, and Windows XP/Vista. After installation, Adeona will submit at random intervals, anonymously encrypted updates on the computer’s location to servers on the Internet, specifically to OpenDHT, a free storage service. The information is kept on the servers for one week. If your laptop becomes lost or stolen, you can use the retrieval tool to access information about where your laptop was last used: the external IP address, internal IP address, and nearby routers. If your laptop is a Mac, you can also download isightcapture to grab a picture of the thief. Adeona is designed to protect against common criminals who may not have much technological knowledge, and does not have any protections against events such as disk wipes. The open source nature of Adeona’s system means that there’s ample opportunity to improve upon the release or add extensions. Here’s one user who really likes what he sees.

[via Schneier]

Five Plugins And Tips To Secure Your WordPress Blog

July 26, 2008 by 3 Comments


How do you protect your own blog from getting hacked? There’s never a foolproof answer, but with some added tools and caution, you can make your website a little safer from getting into harm’s way. Cats Who Code has five plug-ins and tips you can use to protect your WordPress install. Some of the tips are common sense advice that can apply to anything related to technology – such as making backups often and using strong passwords. Others include suggested plugins that can help you verify whether your WordPress install has any security holes, or small tricks to hide the version of WordPress you’re using. Do you have any useful plugins or tricks to share to keep your blog safe from hackers?

[via Digg]

Predictive Blacklisting With DShield

July 25, 2008 by 4 Comments


The DShield project is hoping to change how we protect our networks from malware with predictive blacklisting. Using a method similar to Google’s PageRank, DShield collects logs from network administrators to help develop a score based on maliciousness. They combine this score with information about where the malware has already hit to determine an overall threat level.

Similar to antivirus programs, the system still relies on networks being attacked to rate the threat level. They have shown though, that the predictive method is consistently more effective than manual blacklisting. The system has been available for free for the past year. Those utilizing the system have been reporting positive results. They do note that there are a few people whose network infrastructure doesn’t match up with the predictions very well. If you would like to participate, go to their site and sign up.

HOPE 2008: Methods Of Copying High Security Keys

July 24, 2008 by 4 Comments


[Barry Wels] is well known for his lockpicking talks, but this year he wanted to talk about how he copies high security keys. If a key blank is available, you could make a copy just by viewing the original. High security keys generally have profiles with more side cuts, which means you can guess at how deep a specific pin is by observing how many cuts it crosses. He also showed that you could imprint your arm with the key and use that as a guide. If a blank isn’t available, you could fill a similar key with solder and file that down.

[Barry] showed two different kits for casting keys. The first used soft clay in a clam shell to make an imprint of the original key. The form is then filled with a low melting point alloy (probably Wood’s metal) to create the new key. A second style uses a metal form and two part silicone to create the mold. This method works for most high security keys, but will not work on keys with active elements like sliders or magnets.

Finally, [Barry] talked about his favorite method: impressioning. Unlike picking a lock, when you’re done impressioning you have a funtional key. You start with key blank and file off the top layer. Place the blank in the lock and turn it till it jams. Then, you rock the key up and down. Observing the key under light you’ll see a small mark where each pin is. File a bit where the marks appear and repeat the process. You can’t use too much force or you might break the blank. This also works on dimple keys and as this video shows, laser cut keys. [Barry] highly recommends the impressioning book by [Oliver Diederichsen].

[photo: Rija 2.0]