Hacking | HazDat

10Sep/09

Let’s play $100 Password!

You probably won't find much sympathy for Elane Cioni. A mistress scorned, she's been convicted of hacking into the email account of her former-boss, the man with whom she was having an affair, and then his wife, his other girlfriends, and even his kids. (I suppose, that doesn't engender much sympathy for her main-target either.) But, you might be surprised to find out Cioni's not a very good hacker.

You might also be surprised to learn that there's a market for professional hacking and, similar to many legitimate professions, the jobs are going offshore. When it comes to password hacking, those who can, do. Those who can't, outsource. When Cioni wanted back into her boyfriend's life she turned to one of an increasing number of web sites with offers like this:

"Need to monitor your Child? Your Spouse? Your Boyfriend/Girlfriend? We Hack Passwords for $100 USD. We Crack all major web based emails. This include Hotmail, Yahoo! AOL and Gmail. We Provide Proofs Before payment." ... CONTINUE READING »

Similar Blog & News Articles

Filed under: Computers, Crime, Future Proof, Hacking, Identity Theft, Internet, Law, Privacy, Search & Seizure, Security Continue reading

9Sep/09

Electronic privacy is for the birds.

Source: Wikipedia

In a match between Bird-brain vs. broadband, you might be surprised to see who wins.

An old friend of mine pointed out what sounded like an interesting story out of South Africa. Tired of slow download speeds, a South African call center pitted a racing pigeon against Telkom South Africa Ltd.’s ADSL data service to see which could move a 4GB file faster. In total it took just under three hours for the bird to fly approximately 50 miles--about 30 times faster than the ADSL service, which had only downloaded 4% of the file in the same time.

I'm afraid we're not really comparing apapane to apapane, or even apapane to ostriches. I doubt, for instance, that the pigeon would fair quite as well over, say, a 500 or 5000 mile "data run". ... CONTINUE READING »

Similar Blog & News Articles

Pigeon transfers data faster than South Africa's Telkom (Reuters) :: Yahoo! News: Oddly Enough - Reuters

Wi-Fi security — gone in 60 seconds, AGAIN.

You're not one of those people who leave their wi-fi network open to anyone who passes by, are you? You realize, of course, that--beside the obvious security risks to your computers, your network, your passwords, email, accounting files, your bank account, private identity, maybe even sensitive medical information--that anything someone else does on your network will be traced back to you--the resident and ISP subscriber? Say, for example, the kid next door decides to use your "lightning fast DSL" to download, or worse--share--his music collection via Bit Torrent. The RIAA subpoena will be addressed to you. Or, suppose someone driving by decides to stop and explore his sexual curiosities where they can't be traced back to his network. The search warrant will be addressed to you.

But, that's not your problem, right? Because your wi-fi network is encrypted, right? I remember, back in the day, I used to brag that it would be easier to poach my cable connection from the street than hack my wi-fi, because I was using WEP encryption (cracked in 2001), a MAC filter (easily spoofed), AND I cloaked my SSID (worthless). Since then, came WPA, and more recently WPA2.

Linksys settings for WPA2 wireless secruity.

If I lost you at "lighting fast DSL", then the following probably is your problem: Computer scientists in Japan have developed a way to break the WPA encryption system used in wireless routers in just one minute. For those keeping up, presumably you upgraded your router firmware some time back, or purchased and configured a new router to utilize WPA2--which is, so far, considered to be secure. ... CONTINUE READING »

Similar Blog & News Articles

DNA hacking: the ultimate identity theft

DNA Israeli scientists are declaring war on DNA evidence. According to a paper published today in the journal, Forensic Science International: Genetics, scientists in Tel Aviv have have demonstrated that it is in fact possible to fabricate DNA evidence, opening up an entirely new avenue of reasonable doubt.

As quoted to the New York Times by lead author, Dr. Dan Frumkin, “You can just engineer a crime scene. Any biology undergraduate could perform this.” ... CONTINUE READING »

Similar Blog & News Articles

How DefCon spooked the spooks

Right about the same time as I was standing cross-legged on the wrong side of an electronic door lock that stood right between a liter of consumed soda and the nearest porcelain bowl at the FBI's Sacramento CART facility, the wizzes at DefCon were snatching the "keys to the throne" right out of the wallets of passing Feds.

Thus far, all of the Federal facilities I have visited relied heavily on some mixture electronic combination lock, wireless keycard, and biometric security devices. In my own experience, I have observed agents from other facilities use their keycards to move into and about the buildings. (Fortunately, one of them came along just in time.) As a not-insignificant annual contributor to the Federal budget, I am--to be sure--glad to see that the latest security measures are in place. However, as evidenced by a security-awareness demonstration at this year's DefCon convention in Las Vegas, "latest" does not always equal "greatest".

Representatives from Aperture Labs in Great Britain mated an RFID reader to a web camera and placed them in plain view of show-goers. As attendees passed the table, they were scanned for RFID data. Any data captured was stored on an SD card along with a picture of its owner. In attendance were members of various law enforcement agencies, both identified and incognito. Once Aperture Labs revealed details of the experiment at a panel presentation, Federal agents (at least the ones willing to admit the affiliation) were understandably unamused.

Though the SD card was subsequently destroyed, “It takes a few milliseconds to read [a chip] and, depending on what equipment I’ve got, doing the cloning can take a minute,” said Adam Laurie, co-director of Aperature Labs. “I could literally do it on the fly.”

National security and public safety concerns aside, similar chips are now mandatory in all new U.S. Passports, and have already been widely circulated in the form of major credit cards.

Filed under: Hacking, Privacy, Security, Tracking No Comments

3Aug/09

iPhone: Weapon of mass destruction?

If I've said it once, I've said it a thousand times:the iPhone will be the downfall of modern civilization as we know it.And, not just because it promotes that crazy Rock music that's all the rage with those teen-aged Greasers in their high-tops and leather jackets. It's much worse than that, says Apple. It could even promote drug trafficking.

According to Apple, "each iPhone contains a unique Exclusive Chip Identification (ECID) number that identifies the phone to the cell tower. With access to the BBP via jailbreaking, hackers may be able to change the ECID, which in turn can enable phone calls to be made anonymously (this would be desirable to drug dealers, for example...". That's a lot of acronyms that seem to suggest that, allowing users to change their ECID via the BBP could leave us all SOL, FUBAR, and possibly DOA.

But, it gets worse: "More pernicious forms of activity may also be enabled. For example, a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data. In short, taking control of the BBP software would be much the equivalent of getting inside the firewall of a corporate computer – to potentially catastrophic result. The technological protection measures were designed into the iPhone precisely to prevent these kinds of pernicious activities..."

Though this makes no sense, whatsoever, to most people, the use of the word "pernicious" twice in the same paragraph should be very very frightening to anyone who knows the definition. (Pernicious [\pər-ˈni-shəs\] : highly injurious or destructive : deadly)

The co-founders of Apple changed the world by soldering parts together in their garages. If they say it's going to end, we might want to take them seriously. It seems to me that the message is clear: Fight the iPhone hacking, drug-dealing, bandwidth-hogging hippies over there, or we'll have to fight them over here in our own backyards.

Is there an app for that?

Don't believe me? Read more @ Wired (http://www.wired.com/threatlevel/2009/07/jailbreak/)

Filed under: Cellular, Fair Use, Hacking, Law, Security No Comments

29Jul/09

Beware of Cell Phone Companies Baring Gifts!

Though, not strictly on-topic: I got a call today from my cellular telephone company offering to lower my monthly rate, plus add 500 shared minutes, plus unlimited messaging, free call forwarding (they were charging for call forwarding?!), and add unlimited data* (notice the asterisk) to the line that didn't have data, all for a few bucks less than I was already paying--and, no contract extension!

So, what's the catch?

I spent 2 hours on the phone, and researching online. I was skeptical, accusatory--even a little rude, at times. I just couldn't find anything wrong with the deal...unitl, I got to that pesky asterisk (*). (Not that I could actually see an asterisk, since the cell phone companies seem to have adopted the most liberal interpretation of an oral contract. Even Kim Basinger had to "shake on it".)

When I finally agreed that there was, apparently, nothing wrong with the offer, I asked for a "read-back" of the details. When she got to the "unlimited data", she paused and said, "well, you know, 5G's, or something like that. I mean, that's basically unlimited, right". (Insert screeching-brake sound effect here.)

I asked her to check my data usage history, and found that, when I'm traveling, I tend to go well over 5 Gigabytes of monthly usage on my current--actual--unlimited plan. Mind you, this may not be typical for all subscribers. After all, occasionally, I like to stream a little television from my smart-phone via a video adapter cable to the TV in my hotel room. And, though I won't admit to hacking my phone and unlocking its tethering capability, I could--if I wanted to. I also won't admit to broadcasting said broadband via wi-fi for a room full of people to use as an impromptu hot-spot, I could do that too--if I wanted to.

Finally, I could see why I was receiving the call. This was a Trojan Horse. An opportunity to blind a customer with pretty bauble's, as not to notice his fortress was being raided for all it's precious and truly unlimited bounty. I wasn't buyin' what she was sellin'.

Suffice it to say, a little haggling later (and, probably a little more rudeness), I kept my unlimited broadband, and lowered my cell phone bill.

Moral of the story: When a service is in abundant supply--in this case cellular providers--it's a buyers market. Now, if someone would just flood the market with physicians.

Filed under: Cellular, Hacking, Off-Topic No Comments

7Jul/09

Social Insecurity: “New algorithm guesses SSNs using date and place of birth”

Ars Technica reports: "Two researchers have found that a pair of antifraud methods intended to increase the chances of detecting bogus social security numbers has actually allowed the statistical reconstruction of the number using information that many people place on social networking sites."

Via: Ars Technica

Similar Blog & News Articles

Join the conversation...

jeffw on OT: Verizon — Oh no you di’nt!
As a LONG time Verizon customer I switched to the wonderful iPhone. Great device.Verizon's claims of great coverage doesn't apply to me. I didn't have enough bars to take or make calls and I live only 2.5 miles from downtown St Paul on the highest point within 10 miles.My AT&T coverage... »
Older »