Monthly Archives: August 2014

FAA Bans Planesharing Startups

Posted on by
Reply

Airpooler – an Uber for plane rides – fucked up private pilots in the US flying people to destinations for the price of fuel (and so to get their hours) by asking the FAA for clarification of a 1964 rule.

The FAA clarification not only extends to ride sharing services, but also to the old fashion word of mouth / paper board note that has been in use pretty universally.

The FAA states that this kind of flying is commercial and for that you need to spend huge amounts of money on a commercial pilots license.

FAA Bans Planesharing Startups | TechCrunch.

Researchers find security flaws in backscatter X-ray scanners

Posted on by
Reply

In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an “all-clear” image to the operator even when contraband was detected

via Researchers find security flaws in backscatter X-ray scanners – ScienceBlog.com.

This was demonstrated on German TV in 2009, but better late than never guys!

Ancient Space | The Game

Posted on by
Reply

Ancient Space is a story driven single player real time strategy game where you take command of a fleet embarking on a scientific mission to chart undiscovered reaches of space called ‘The Black Zone’. Overcome overwhelming odds and fight for your life and the survival of your ship and its crew.

Ancient Space features real time strategic starship battles that encourages tactical maneuvering. In time honored RTS tradition, you build and upgrade your fleet as you complete mission objectives and gather resources which allow you to progress further into the game. Chart your approach – from defense to offense and everything in between such as escort and stealth missions.

Embark and explore the darkest recesses of space in this tale of strategic resource management and engrossing interstellar warfare.

via Ancient Space | The Game.

UPS: We’ve Been Hacked – Credit Card data compromised since January

Posted on by
Reply

The United Parcel Service announced Wednesday that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised. There are 4,470 franchised center locations throughout the U.S., according to UPS.

via UPS: We’ve Been Hacked – TIME.

So you don’t know when UPS found out about the hack, but if it’s been fighting the fight since January 20, it’s been a bit long in handing over customer data to the hackers.

Internet provider Ziggo promises unlimited acces to internet with all devices. Limits access.

Posted on by
Reply

Ziggo claims: “Unlimited access to WifiSpots” (WifiSpot is a wifi sharing service whereby you can access wifi from all Ziggo subscribers). Also claims: “Internet on multiple devices silmutaneously” and “The whole famile online easily at the same time. Via computer, tablet and mobile”.

Unfortunately they only allow access to two devices on Wifispots at the same time.

Advertising commission rules: “please change your advertising”

Stichting reclame code : uitspraken zoeken.

It’s very easy to hack traffic lights

Posted on by
Reply

The lights use a wireless radio at 900MHz or 5.8GHz to transmit data to each other. They are all on the same subnet. Entering the network doesn’t require a password and the data is unencrypted. The controller for a network has a debug port opened by default. It’s thus easy to get into the controller and send your own commands. Then you can change lights and control cameras!

Researchers find it’s terrifyingly easy to hack traffic lights | Ars Technica.

Use a video of a crisps bag to hear what is said in the room

Posted on by
Reply

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

via Extracting audio from visual information | MIT News Office.

Cisco’s need upgrading – routing tables are up for grabs!

Posted on by
Reply

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic.

via Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products.

US Terrorist-Tracking System tracks many many non-terrorists

Posted on by
Reply

Nearly half of the people on the U.S. government’s widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept.

Of the 680,000 people caught up in the government’s Terrorist Screening Database—a watchlist of “known or suspected terrorists” that is shared with local law enforcement agencies, private contractors, and foreign governments—more than 40 percent are described by the government as having “no recognized terrorist group affiliation.” That category—280,000 people—dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.

via Barack Obama's Secret Terrorist-Tracking System, by the Numbers – The InterceptThe Intercept.

Child porn used to justify reading of cloud data by Google, MicroSoft

Posted on by
Reply

With privacy concerns being raised more and more about the use of cloud storage, tech giants are turning to the age old scare tactic of using child porn as an excuse to burrow through users data.

Google Spotted Explicit Images Of A Child In A Man's Email And Tipped Off The Authorities – Business Insider.

Microsoft tip leads to child porn arrest in Pennsylvania.

Twitch TV shows why copyright is ridiculous as it shuts down music in videos

Posted on by
Reply

Twitch TV – a gaming TV channel with billions of watchers – will attempt to detect music playing in the background. If a 10 second spell seems to be copyrighted, they will remove the sound for half an hour.
I suppose the rationale is that the music companies and the RIAA think this is a potentially lost sale or something? It’s not surprising the users are up in arms about this.

Twitch Cracks Down On Music In Videos, Users Freak Out.

Russia gang hacks 1.2 billion usernames and passwords

Posted on by
Reply

A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security – a US firm specialising in discovering breaches.

Hold Security described the hack as the "largest data breach known to date".

It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".

via BBC News – Russia gang hacks 1.2 billion usernames and passwords.

seL4 – Open source formally verified bug free microkernel OS released

Posted on by
Reply

General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world’s first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world’s most highly-assured OS.

What’s being released?

It includes all of the kernel’s source code, all the proofs, plus other code and proofs useful for building highly trustworthy systems. All is under standard open-source licensing terms — either GPL version 2, or the 2-clause BSD licence.

via Home | seL4.

Unique about seL4 is its unprecedented degree of assurance, achieved through formal verification. Specifically, the ARM version of seL4 is the first (and still only) general-purpose OS kernel with a full code-level functional correctness proof, meaning a mathematical proof that the implementation (written in C) adheres to its specification. In short, the implementation is proved to be bug-free (see below). This also implies a number of other properties, such as freedom from buffer overflows, null pointer exceptions, use-after-free, etc

Aero Glass – AR for pilots using Epson Moverio glasses

Posted on by
Reply

Using the Epson Moverio glasses, Augmented reality projects the following features onto the lenses in 3D.

Airports
Navigation Aids
ADS-B traffic
Flight Plan route & waypoints
Airways
Geographic points of interest (cities, villages, visual navigation points)

Soon followed by:

Airspaces
Terrain elevation
Procedures
ILS approach cones
FLARM traffic (for glider)
Weather
Dynamic Data (NOTAM, TFRs)
Ground Phase stuff other than runways (taxiways, gates etc)
3D Terrain Avoidance
Obstacles

They plan to sell them for around $700,- which is very cheap for a fighter pilot helmet / Heads up display / HUD!

Aero Glass.

Malware without files on the PC, encoded in the registry

Posted on by
Reply

As the entry point, they exploit a vulnerability in Microsoft Word with the help of a crafted Word document they spread via email. The same approach would work with any other exploit.
After that, they make sure that the malicious activities survive system re-boot by creating an encoded autostart registry key. To remain undetected, this key is disguised/hidden.
Decoding this key shows two new aspects: Code which makes sure the affected system has Microsoft PowerShell installed and additional code.
The additional code is a Base64-encoded PowerShell script, which calls and executes the shellcode (assembly).
As a final step, this shellcode executes a Windows binary, the payload. In the case analyzed, the binary tried to connect to hard coded IP addresses to receive further commands, but the attackers could have triggered any other action at this point.
All activities are stored in the registry. No file is ever created.

Malware that resides in the registry only – a rare and rather new approach

via .

BadUSB – Turning USB peripherals into hacking vectors

Posted on by
Reply

Once reprogrammed, benign devices can turn malicious in many ways, including:

A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.

The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.

A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

via Turning USB peripherals into BadUSB | Security Research Labs.

Looks like Karsten Nohl has done it again!

Nasa validates ‘impossible’ space drive

Posted on by
Reply

British scientist Roger Shawyer has been trying to interest people in his EmDrive for some years through his company SPR Ltd. Shawyer claims the EmDrive converts electric power into thrust, without the need for any propellant by bouncing microwaves around in a closed container. He has built a number of demonstration systems[…]a US scientist, Guido Fetta, has built his own propellant-less microwave thruster, and managed to persuade Nasa to test it out. The test results were presented on July 30 at the 50th Joint Propulsion Conference in Cleveland, Ohio. Astonishingly enough, they are positive[…]he Nasa team has avoided trying to explain its results in favour of simply reporting what it found: “This paper will not address the physics of the quantum vacuum plasma thruster, but instead will describe the test integration, test operations, and the results obtained from the test campaign.”[…]A working microwave thruster would radically cut the cost of satellites and space stations and extend their working life, drive deep-space missions, and take astronauts to Mars in weeks rather than months. In hindsight, it may turn out to be another great British invention that someone else turned into a success.

via Nasa validates 'impossible' space drive (Wired UK).