Gadget Talks

Archive for the ‘Hacking’ Category

Over the years, a number of optional technologies have allowed new auto buyers to remotely disable and / or recover their automobiles after buy, but these devices aren't always optional, and it might not even be the buyer who activates them. According to Threat Level, a man has been charged in Austin, Texas for allegedly hacking into the computer of his employer, Texas Auto Center, and activating WebTeck remote horn triggers and kill devices installed in over 100 cars owned by the company's customers -- all from the comfort of home. After Texas Auto Center reset the offending software's passwords and figured out what is what, the Austin High Tech Crime Unit quickly traced access back to one Omar Ramos-Lopez and made an arrest -- but for many, the damage (in terms of missed work, school and tow-truck calls) had already been done. Care to form an view? Read more about the crime, and WebTeck, at our source links.

Disgruntled auto salesman bricks automobiles with remote kill-switch originally appeared on Engadget on Thu, 18 Mar 2010 06:15:00 EST. Please see our terms for use of feeds.

Permalink

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.

1024-bit RSA encryption cracked by carefully starving CPU of electricity originally appeared on Engadget on Tue, 09 Mar 2010 02:47:00 EST. Please see our terms for use of feeds.

Permalink�The Register, TechWorld �|� University of Michigan �|�Email this�|�Comments

At what point do you stop trying to track and prosecute cyber-criminals? Obviously, you can’t let criminals run around willy-nilly, but when you look at the resources involved in bringing those guys to justice—and are you really nabbing the right guys in the first place?—it’s worth at least talking about. Is fighting cyber-crime about as futile as fighting the war on drugs?

The deal is that authorities last week arrested the ringleaders of a Spain-based botnet. Botnets, of course, are hordes of computers that have been “taken over” by evildoers to do their bidding. The issue is that, sure, you can catch three guys who run a botnet, but that doesn’t necessarily mean you’re catching the people most responsible. As someone from Symantec told CNN, it “takes no more skill than it takes to run Microsoft Office” to start a botnet.

Script kiddies, in other words. You can arrest all the script kiddies you want, but they’re not the ones actually creating the destructive software in the first place.

And then you figure that many of the programmers responsible for all this madness are outside the reach of American authorities, who are the ones who are most gung-ho, let’s go get ‘em, well, what are you gonna do?

It’s sorta fascinating, if something can be “sorta” fascinating. You have criminals running amok, they’re essentially untraceable, and they’re distributing tools that any kid with a free hour can figure out how to use.

So that’s the debate: how best to go after the bad guys when they’re impossible to catch, and they’re spreading around the tools of their trade all over the place, tools that any ol’ person can put to use?

Man, all this talk about cyber-crime has me hankering to see a good sci-fi movie à la Blade Runner. Any other recommendations in that vein? Something cyberpunk-y, if you will.

Google was attacked by hackers in China. Microsoft reports that they’re the target of hackers all day, every day. Now Intel is stepping forward, and admitting in their annual 10-K filing that they were the target of a sophisticated attack. Intel observes that it might be industrial espionage, or it might be “hackers seeking to harm the company.” It makes you wonder how many attacks on smaller organizations go un-reported, or indeed even un-noticed.

The section from Intel’s 10-K is more than a little vague:

We may be subject to intellectual property theft or misuse, which could result in third-party claims and harm our business and results of operations.
We regularly face attempts by others to gain unauthorized access through the World wide web to our information technology systems by, for example, masquerading as authorized users or surreptitious introduction of software. These attempts, which might be the result of industrial or other espionage, or actions by hackers seeking to harm the company, its products, or end users, are sometimes successful. One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google. We seek to detect and investigate these security incidents and to prevent their recurrence, but in some cases we might be unaware of an incident or its magnitude and effects. The theft and/or unauthorized use or publication of our trade secrets and other confidential business information as a result of such an incident could adversely affect our competitive position and reduce marketplace acceptance of our products; the value of our investment in R&D, product development, and marketing could be reduced; and third parties might assert against us or our customers claims related to resulting losses of confidential or proprietary information or end-user data and/or system reliability. Our business could be subject to significant disruption, and we could suffer monetary and other losses, including the cost of product recalls and returns and reputational harm, in the event of such incidents and claims.

The old adage “Security is inversely proportional to convenience” rings true time and time again. I don’t know anything about how Intel has their internal network structured, but if any of their research computers are directly connected to the Internet then they’re at risk. Of course, even if Intel is using a physically separate network for R&D, cut off from the Internet, removable media can still be used to inject nasty targeted malware. I don’t envy the jobs of the network security folks at organizations like these.

Via InformationWeek.

The Chinese hacker saga continues, with some pretty huge news having emerged in the past few hours. U.S. authorities have identified, so they think, the sole person responsible for the underlying code used on attacks on Google and others. He’s a “freelance security consultant” in his 30s, and he was able to take down almighty Google by exploiting a previously unknown hole in Internet Explorer. Being an Internet Explorer public relations guy must be pretty difficult.

There’s a key distinction in that previous sentence that must be stressed: the identified man is merely responsible for the code; he didn’t actually carry out the attacks. It’d be like you creating a light saber (somehow!), and your next door neighbor using it to go crazy in the center of town.

You’ll recall that Google became incensed over the hacking, and state censorship. and subsequently threatened to pull out of China altogether. China basically reacted with, “Door let the door hit you on the way out,” while others say the whole spat is something of a proxy for a larger China-U.S. spat.

The extent to which the state was involved with the man’s “hacking” is still unknown.

As the world turns, I suppose.

I’ve been led to believe that Club Mate (pronounced: ma-tay) is the drink in the international hacker community. Being a fan of the international hacker community—and by “hacker” I don’t mean stupid idiots who DDOS Web sites for lulz, but rather people who enjoy tinkering with the world around them—I decided to buy a case.

What the devil is Club Mate? First off, it’s not Corona; there’s no alcohol in there! It’s a caffeinated iced tea drink that’s produced in Germany. Hackers (coders, tinkers, and the like) enjoy it because you get a nice portion of caffeine (20 mg per ml, or about 96ish mg per bottle) without having to deal with cubic tonnes of sugar like you might have to with traditional energy drinks (32ish mg per bottle). The secret ingredient, as the name suggests, is mate, a South American plant that’s traditionally used in awesome drinks down there, as seen in the movie The Motorcycle Diaries.

The bottles that 2600 Magazine sells—2600 Magazine is the U.S. distributor of the drink—are of the 500 ml variety. That’s a lot of mate. Smaller bottles are available, but I don’t know where you’d get those. It’s about 150 calories per bottle. I don’t know if you’d consider that high or not.

On to the taste!

It’s not bad! I fully expected the drink to taste like grim death, but it really doesn’t. I mean, it is a tea, so I really shouldn’t be surprised, but I’m not very familiar with German drinks, South American influenced or not, so I had no idea. That was a hell of a sentence right there. It sorta tastes like your standard issue green tea. I don’t know, do people dislike the taste of tea?

The big draw, though, is the caffeine. I’m about a quarter of the way through with the bottle in that there photo, and I’m already all jumpy. That means it’s working! I imagine if you’d drink the whole bottle in double-quick time you’d end up like Fry did in that one episode of Futurama. Put on a some trance—I love World of Warcraft guild Vodka’s videos specifically because of the music they use—and you’re flying through space and time.

Another bonus: all the caffeine you could want without the teeth-staining properties of coffee.

So yeah, I like Club Mate quite a bit. It’s a little expensive at $45 (plus shipping) per 12 pack, but last I checked a large coffee in New York is like $3.00, so it’s really not all that crazy.

Time to resurrect that old Droid Does chant, folks. Already headed for Android 2.1 from official sources, the Droid is gettings some extra software capabilities courtesy of a few benevolent UK hackers as well. Chris Paget has revealed a mod for Motorola's flagship that turns it from a USB peripheral into a USB host, thereby letting it communicate with and control USB devices that speak the Linux language. That includes printers, webcams, and the vast majority of other things you typically jack into your computer. Mind you, this is one hack that'll require you to get your hands dirty, as you'll need to splice a few cables together and reboot your phone to switch between modes, but that's how real modders do it anyway, right?

Droid gets a USB hack allowing it to control printers and cameras, humans put on alert originally appeared on Engadget on Wed, 10 Feb 2010 04:27:00 EST. Please see our terms for use of feeds.

Permalink�The Register �|� Chris Paget's Blog �|�Email this�|�Comments

A certain UK bank operates a delightfully dorky advertising campaign whose slogan is "we give you extra." Well, in the case of mobile software communities, that's exactly the case. From jailbroken iPhones to PS One-emulating HD2s to multitouch-enabled browsing on the Nexus One, the one group of people we know we can truly rely on are other geeks. So let's salute those heroes once more, in recognition of the VisualBoyAdvance -- a webOS-based emulator for Game Boy, Game Boy Color and Game Boy Advance games. The former two categories are said to play smooth as you like, whereas the Advance stuff suffers from slight slowdown at present. We've only seen it playing on a Pre, but there should be no reason why your Pixi wouldn't be allowed in on this party. A quick video demo awaits after the break, and the source link has all the installation details you'll need.

Continue reading VisualBoyAdvance turns your Palm Pre into a Game Boy emulator

VisualBoyAdvance turns your Palm Pre into a Game Boy emulator originally appeared on Engadget on Sat, 30 Jan 2010 16:35:00 EST. Please see our terms for use of feeds.

Permalink� �|� Pre Central �|�Email this�|�Comments

Aaron Weaver has taken the concept of Inter protocol XSS hacking to the next annoying level.  He has figured out that you can do cross site printing. That is when you visit a malicious website it can attempt to connect to and send data to your printer on your local network. The obvious use? You got it, sp*m!

So now  when you visit sites there is a potential for them to spam you, similar to the way some people receive FAX spam. While he has only gone so far as to show how you can send ASCII art, it would be interesting to see if a PostScript formatted file could be sent in a way that the printer would understand and print. For the time being, however, we're limited to low def ASCII art spam.

However, there are some fairly complicated programs that do analysis on and generate ASCII art from photos. What will be more nasty is once this turns into actual exploits against the printers themselves - as many printers contain duplicates of printed materials for weeks or years afterwards. Also, depending on what the spammers put on your printer, it’s possible this could get people fired, depending on the content of the print job (no pun intended). Very interesting research by Aaron Weaver!