Thursday, April 16, 2009

GhostNet: A Chinese Cracking Network

Apparently there's a fairly large network loosely based in China that's been responsible for quite a bit of cracking, including many government systems:

http://www.schneier.com/blog/archives/2009/03/massive_chinese.html

If you follow the right links, you'll find some of the software and tactics they used.  It's definitely worth a read, if nothing else to clue you in as to what you should be watching for. 

Sniffing Keyboard Keystrokes

This is pretty creepy, and makes me glad I have a matte MacBook keyboard (see, Macs are more secure =]):

http://news.zdnet.com/2100-9595_22-280184.html

Although I'd like to see who is still using a PS/2 keyboard; I'd imagine they're pretty popular in businesses.  Although they're definitely waning in popularity; do they still sell most computers with PS/2 hookups?  I know I have a seven year old laptop that doesn’t have one. 

Saturday, March 28, 2009

How Child Pornographers run their servers

This one is soundly in the "Insanely informative but don't get caught reading it" category.  This one quote in particular hit me:
"I want to make one thing clear: if they have an email address, there is a possibility that there is child pornography on the computer because the owner possess the child pornography from the advertising provider, maybe in his spam directory. And if your computer is not 100% safe against Trojans, viruses and rootkits, there is the possibility that your computer is part of the vast child pornography network."

He's serious too.  The article was, I believe, translated from a different language by a not-so-hot translator, so occasionally it's hard to read.  But it's worth it for the ideas you can get about how to avoid detection on the internet.

http://wikileaks.org/wiki/My_life_in_child_porn

Sunday, March 22, 2009

How to rob one of the most 'secure' safes in the world

This leaves me speechless:

http://www.wired.com/politics/law/magazine/17-04/ff_diamonds?currentPage=all

I especially loved their tactics for defeating the heat sensors, the security system in the vault, and the magnetic switch.  I've always assumed there was some way to get around those, just never had the time to figure it out.  Also, the fact that the guards kept the key in an unlocked utility room next to the safe is priceless.  Talk about security through obscurity!

Saturday, March 21, 2009

NSA will pay for a backdoor into Skype

This is somewhat disturbing:

http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/

I didn't know Skype was P2P, which makes me feel a lot better about it now.  But, I'm tempted to start looking into pulling apart their network.  And the thought that Skype may just give the NSA a backdoor is saddening...whatever happened to privacy? 

Yeah.  I know.  It's the internet--what am I expecting?  But still, I'd like to think that if I was offered a bunch of cash by the NSA for a backdoor into my communications software, I'd turn it down.  At least some of us can not be evil, eh?

Tuesday, March 10, 2009

Jailbreaking the iPod Touch 2G

The Dev team recently released a Jailbreak for the iPod Touch 2G, and I was surprised to find a fairly concise writeup of how the exploit worked over at the iPhone wiki:

http://www.theiphonewiki.com/wiki/index.php?title=0x24000_Segment_Overflow

Basically, it's a classic overflow exploit.  The LLB is loaded into 0x22000000 in the memory and is 0x24000 bytes long under normal circumstances.  At 0x22024000 it has stashed some global variables which, if overwritten, provide a pathway to running unsigned code.

The flaw in the code is that the code that loads the LLB from the NOR (where it is stashed when the iPod is off) doesn't check to make sure that the LLB is less than or equal to 0x24000 bytes long.  So, all you have to do is grab Apple's LLB, stick all your code goodies onto the end of it (so it's longer than 0x24000 bytes) and load it into NOR--something they've been able to do for a while.  When the iPod loads the LLB into memory, it trashes the global variables at 0x22024000 and overwrites them with whatever you stuck at the end of the LLB.  Voila!

Friday, February 27, 2009

How to open a cash drawer at Bread Co.

Well, here's one of the first posts actually worth reading...I'll hopefully be updating this more often.

I work at a St. Louis Bread Co., and I recently figured out how to open a cash drawer without actually buying anything (thereby leaving no audit trail AFAIK). I don't consider this a major threat because you have to have access to a drawer while no one else is looking. And chances are that if no one's up front, someone is in the back watching the video feed of the eight or so cameras scattered around the shop.

Anyhow, all you'll need is a gift card that has had money on it in the past. Usually we throw away emptied cards because they can't be refilled, but if you ask nicely, we'll give them back. Or you can use one with money on it; it doesn't really matter.

On the register's screen there is a row of buttons at the top. Click the 'POS Functions', then click the button near the top of the screen that says something about Panera cards. I can't remember what it's called. Then click the button to start a new card--I think it's the second. [edit] It's titled "Issue new card". Enter a value, then swipe your card. (If you get a "Choose a side" page after this, click the Return button in the top bar and follow the prompts. It's a bug in the system.) Then click the "Send for Here" or "Send to Go" in the upper right-hand corner. You'll see the cash out screen. It defaults to paying cash, which is what you want. Click the green square button near the middle of the screen that has the value you put in for your gift card. It will open the cash drawer and try to activate your gift card. But since it's already been activated, it will give you an error. Click the "Remove" button and "ok" at the prompt. Voila! You now have an open cash drawer and nothing on the register.

I'm not sure what you're going to do with this...just be aware that the human security at most Bread Co.s is pretty high, so chances are that you'll get caught if you actually try to take anything.