Category Archives: Hacks

Gerald Blanchard: Masterthief

Posted on by
1

This guy started stealing at 6 and never looked back. Banks, jewelry, skimming, scamming, he’s done it all. Using high-tech gadgets and doing parachuting in or using air ducts, he got in anywhere. A gripping read of a real life Pink Panther style master thief, who made a few too many mistakes and got caught.

Art of the Steal: On the Trail of World’s Most Ingenious Thief | Magazine.

Foil impressioning lockpicking

Posted on by
Reply

The way the tool works is that you first take some aluminum foil and make a ‘U shaped’ form using the special tool to do so and make small incisions on pre-determined positions. Next thing you do is put the foil over a special blank that already has the profile of your target lock. The clever thing about this tool is that the ‘U shaped foil tube’ is wrapped around some sort of needle, and the foil can not be pushed in when entering the lock! Once the key is inserted, the needle is taken out from the back of the tool, and the pins are now resting on the foil. Because of the cuts in the foil, each pin will stand on it’s own ‘island’ of foil, and when it is pushed in will not disturb the neighboring pin!

This technique will open most locks and you can buy a kit for around $58,- or a simpler model for $21,-

via Advanced foil impressioning « Blackbag, Barry’s weblog.

US Army takes down CIA / Saudi extremist website

Posted on by
Reply

Showing there is little unity and policy when it comes to cyber warfare in the US, the military took down a website used to gather intelligence on extremists. In the process of doing so they took down around 300 servers around the world and pissed off all the other intelligence gathering agencies that were covertly monitoring the site to gain information on the identities and plans of terrorist extremists.

Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies.

Chip and PIN broken

Posted on by
Reply

Cambridge University security researchers have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorised by chip-and-PIN. The flaw creates a means to make transactions that are “Verified by PIN” using a stolen uncancelled card without knowing the PIN number. Fraudsters would insert a “wedge” between the stolen card and terminal tricking the terminal into believing that the PIN was correctly verified

via Chip and PIN security busted • The Register.

Predator UAV feeds unencrypted

Posted on by
Reply

It looks like the Iranians have found out that the video feeds  from Predator drones are in some cases unencrypted and can be tapped into using a $26,- program called Skygrabber.

FOXNews.com – Iranian-Backed Insurgents Hack U.S. Drones.

Now it turns out that the ROVER system, a hand held video system for infantry, also recieves unencrypted video from all kinds of airborne sources, from U2’s to Harriers, Tornado’s, F-15’s, F-16’s, etc. And can be tapped in the same way.

Gizmodo

Now this is nothing new – some guy was tapping into unencrypted military satellite feeds during the Iraqi wars – and is due in part to bandwidth limitations: the militaries are huge bandwidth hogs and there just isn’t enough to go around for all the tasks they’d like to use, let alone if it was all encrypted.

The question is, can Skygrabber tap targetted drones or is it a haphazard affair?

Oops – global warming researchers hacked

Posted on by
Reply

And allthough the authenticity of the 1079 emails and 72 documents hasn’t been verified, it shows that the researchers have manipulated the data to fit their models, can’t explain the lack of global warming and have plans set up to destroy the credibility of any scientist doubting their stance.

Michelle Malkin » The global warming scandal of the century.

[edit]You can find the full archives here

Dutch Hacker informs Jailbroken iPhones that they’re insecure

Posted on by
Reply

Fantastic – this guy port scans the T-Mobile range and finds the jailbroken iphones on the network, then SSH’s in using the default password and blips a message to the iphone telling the user the iphone has been hacked. Users can find out how to close the hole by visiting a website and paying EUR. 5,- using Paypal. He states that users don’t have to pay and he won’t do anything bad to them, so it isn’t exactly ransom.

What’s the hole? Most idiots who jailbreak fail to change the default root password. Duh!

Dutch Hacker Holds Jailbroken iPhones Hostage For €5 Ransom While Exposing Security Vulnerability – Iphone jailbreak hack – Gizmodo.

Windows 7 officially supports logon UI background customization

Posted on by
Reply

Although this functionality was designed with OEMs in mind, it is pretty easy to turn on and off using regedit and some images lying around your hard drive.

First, a check is made to determine if the customization functionality is enabled or not. More precisely, a DWORD value named OEMBackground in the HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background key is checked. Its data, of Boolean type, defines whether or not this behavior is turned on, i.e. 1 for enabled, 0 for disabled. This value may not exist by default, depending on your system.

Afterwards, if customization is enabled, the primary monitor’s screen height and width are retrieved via calls to GetSystemMetrics. These values are used in the computation of the screen width (w)/height (h) ratio. For example, my desktop resolution is 1920×1200. The ratio, computed by the division of w/h, is 1.6:1.

The result of this computation is looked up in an internal table that drives what image to load on disk. Although I don’t have a large enough monitor to test, it appears resolutions higher than 1920×1200 will force the loading and zooming of an image of closest compatibility (i.e. same ratio, smaller image).

As this is an OEM feature images are derived from %windir%\system32\oobe\info\backgrounds. Like the registry value, this folder may not exist by default. The following files (sorted by width-to-height ratio) are supported in this folder:

  • backgroundDefault.jpg
  • background768x1280.jpg  (0.6)
  • background900x1440.jpg  (0.625)
  • background960x1280.jpg  (0.75)
  • background1024x1280.jpg (0.8)
  • background1280x1024.jpg (1.25)
  • background1024x768.jpg  (1.33-)
  • background1280x960.jpg  (1.33-)
  • background1600x1200.jpg (1.33-)
  • background1440x900.jpg  (1.6)
  • background1920x1200.jpg (1.6)
  • background1280x768.jpg  (1.66-)
  • background1360x768.jpg  (1.770833-)

NOTE: Images must be less than 256kb in size. Thanks for pushing me to investigate, Jay C.

The backgroundDefault.jpg image is loaded and stretched-to-fit when a resolution/ratio-specific background cannot be found. The other resolution/ratio-specific files are self-explanatory. If the background cannot be loaded (e.g. image physically too large, incorrect ratio, etc.), the default SKU-based image is loaded from imagesres.dll. You’ll see a Windows Server-themed grayish background in there, too, suggesting this functionality is not specific to client SKUs.”

Windows 7 to officially support logon UI background customization – Within Windows.

Wireless network modded to see through walls

Posted on by
Reply

the way radio signals vary in a wireless network can reveal the movement of people behind closed doors. Joey Wilson and Neal Patwari have developed a technique called variance-based radio tomographic imaging which processes the signals to reveal signs of movement. They’ve even tested the idea with a 34-node wireless network using the IEEE 802.15.4 wireless protocol

via Technology Review: Blogs: arXiv blog: Wireless network modded to see through walls.

Dutch passports require unsecure fingerprints

Posted on by
Reply

We should all know by now that the fingerprint biometric is a bad one: not only can you duplicate it fairly easily using just gummy bears, or increase the risk of having your finger cut off for you, they also give too many false negatives; some people will never be able to use fingerprint scanners.

The problem here is that because they have to automate the fingerprinting process, you get a lower level of accuracy in the scans. No two prints by the same finger are ever exactly the same. This is corrected for by error correction codes, which adds information to the prints to allow the computer to correct for these disparities. If you can get to these codes, you can find out information about the original fingerprint and the amount of data loss that is expected. So searching through the error correction code database allows you to find a fingerprint that is similar to yours and has a large correction. This means you can become this other person fairly easily.

Vingerafdrukparanoia is terecht (opinie) | Webwereld.

Augmented Google Earth Gets Real-Time People, Cars, Clouds | Popular Science

Posted on by
Reply

Researchers from Georgia Tech have devised methods to take real-time, real-world information and layer it onto Google Earth

They use live video feeds (sometimes from many angles) to find the position and motion of various objects, which they then combine with behavioral simulations to produce real-time animations for Google Earth or Microsoft Virtual Earth.

They use motion capture data to help their animated humans move realistically, and were able to extrapolate cars’ motion throughout an entire stretch of road from just a few spotty camera angles

Now where would you happen to have loads of CCTVs you could use to spy on everybody realtime? I wonder…

via Augmented Google Earth Gets Real-Time People, Cars, Clouds | Popular Science.