The liquid plot

Here’s a chemist’s take on the plausibility of the London liquid bomb plot, followed by commentary on what he calls Potemkin security. He references Schneier, and goes on about the practicality of security against these kind of plots (as almost everything can be impregnated with nitrates, such as clothing) and the practicality of guarding against Read more about The liquid plot[…]

Lock picking through bumping

Apparently this method is easier than picking or using a picking gun. You take keys and file them down to the minimum, hit them on the back after insertion and turn the lock. With a bit of practice this allows you to open locks within 30 seconds. (pdf link)

USB hacking

A seriously elegant way to hack someone’s network: drop USB sticks containing a trojan on the target’s parking lot and wait for the mail to come in.

Contactless ignitions

Can be broken through a laptop with WiFi within 20 minutes allowing people to do a clean steal of the car. A bit like when they had IR car fobs which could be saved using a palm and then replayed, but now you have to break the encryption.

RFID virusses

PCs have virusses, Macs have virusses, PDAs and cellphones have virusses, so why should RFID chips be any different? A working proof of concept has been made which is put onto an RFID chip, which infects the backend database and then transmits to other RFID chips that connect to that database.

Why surveillance can be bad

Nobody seems to believe me when I say it’s possible, but now it’s happened – in Greece unknown people have hacked into the cellular system and been tapping politicians and officers. Yup, the bad guys can get into your wonderful surveillance infrastructure too.

MySpace Worm

Samy posted a piece of very cleverly crafted stuff on his profile in MySpace, which basically made everyone who saw his profile add the same code to their profile, and add Samy to their friendslist together with some text. This shows the fragility of browsers when using AJAX to code sites, despite some fairly complicated Read more about MySpace Worm[…]

Sniff traffic by listening to keyboard clicks

What makes the technique feasible is that each keystroke makes a relatively distinct sound, however subtle, when hit. Typical users type about 300 characters per minute, leaving enough time for a computer to isolate the sounds of individual keystrokes and categorize the letters based upon the statistical characteristics of English text. For example, the letters Read more about Sniff traffic by listening to keyboard clicks[…]

A Secret Service

A totally new look at how to keep a secure list of passwords: broadcast them live on webradio to the world! A Secret Service invites you to submit your passwords and a timestamp for storage on the Secret Service website. It is then translated (text-to-speech), automated and broadcasted via webradio and live at Mediamatic Groundfloor Read more about A Secret Service[…]