DNS Attack

March 30, 2012

Apparently the loosely organized hacking collective/meme known as Anonymous has announced that they will take out the Internet’s root DNS servers with a massive DDoS tomorrow.

How likely is it that they’ll succeed? Not very, for a whole host of reasons.

Open a Padlock With a Coke Can

January 17, 2012

Well, I wish I’d known about this technique the last time I forgot my gym lock combination.

Iran Drone

December 21, 2011

The recent capture of an American drone by Iranian forces has been a hot news item. Interestingly, Iranian engineers are coming forward with information on how it was captured. Rather than trying to crack the encryption on the command-and-control link to the pilot, they used spoofed GPS data to force its autopilot to land in Iran, all the while thinking it was in Kandahar. Nice hack.


November 15, 2011

From a post on the Interesting People mailing list:

Craig S Wright says: “I was contracted to test the systems on a Boeing 747. They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 – VLANs. We managed to break the VLANs and access other systems and with source routing could access the Engine management systems.”


Columbia FOG

November 8, 2011

An interesting, DARPA-funded project over at Columbia: FOG allows for false documents to be created which then “beacon” a message back to the originator when they are opened. Clearly, the intent is twofold – to seed places like Wikileaks with false information, and to ferret out people who are trading in stolen documents.

PIN Harvesting

August 22, 2011

Sure, if you want to steal someone’s ATM PIN, you can shoulder-surf it, or use a pinhole camera, or even compromise the ATM itself. But why bother when a thermal camera is so much easier?


August 17, 2011

A new piece of Android software, which installs itself as “Google++”, is a true bundle of joy. Not only does it steal data from the phone, it is also capable of answering phone calls from a predetermined number (after setting the handset to silent and turning on the speakerphone) to allow the attacker to eavesdrop on the surrounding environment.

Much as I chafe at the restrictive nature of the Apple App Store, it really is a model that makes sense for an appliance like a phone. It’s nice to have the added flexibility of a platform like Android, but it also imports all of the security problems of a general computing device along with the capabilities.

Fifth Amendment

July 18, 2011

The EFF has filed a friend of the court brief in a Colorado federal courtroom, asserting that compelling a defendant to reveal the password to her computer’s encrypted hard drive is a violation of the Fifth Amendment. This will be an interesting legal precedent; I don’t think that the British tactic of holding someone in contempt until their password is revealed has been used here in the USA.

Military Hacking

June 1, 2011

From this article at the Wall Street Journal:

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force… Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say.

As Lauren Weinstein pointed out on the IP list, you couldn’t possibly come up with a better challenge to incite black hats. “You think only a foreign government can take out a power grid? Well, watch _this_!”


May 27, 2011

IT World is running a fun article on features that we’ve lost from our computers over the years. While the common perception is that technology is always getting better, it does occasionally happen that a really useful concept or feature vanishes, never to reappear.

(My favorite, which isn’t in the article, was the old SCO Unix capability to turn all of the text in a terminal window red if you were logged in as root. It was so simple, but such a great visual clue.)