The Fraunhofer institute has found a way to crack Bitlocker, which is the Windows Vista drive encryption mechanism.
Booting from a USB stick allows you to replace the bootscreen with a fake bitlocker bootscreenafter which the PIN is stored on the harddisk for later retreival by booting with a Linux USB stick afterwards.
Fraunhofer SIT – Security Test Lab – Bitlocker_Video.
The Fraunhofer institute has found a way to crack Bitlocker, which is the Windows Vista drive encryption mechanism.
Booting from a USB stick allows you to replace the bootscreen with a fake bitlocker bootscreenafter which the PIN is stored on the harddisk for later retreival by booting with a Linux USB stick afterwards.
Fraunhofer SIT – Security Test Lab – Bitlocker_Video.
And allthough the authenticity of the 1079 emails and 72 documents hasn’t been verified, it shows that the researchers have manipulated the data to fit their models, can’t explain the lack of global warming and have plans set up to destroy the credibility of any scientist doubting their stance.
Michelle Malkin » The global warming scandal of the century.
[edit]You can find the full archives here
Turns out that there is malware out there that downloads kiddie porn to your PC without you knowing – until the police pay you a friendly visit. Fortunately the download rate is something like 40 sites per minute, which is humanly impossible, but try explaining that away!
AP IMPACT: Framed for child porn — by a PC virus by AP: Yahoo! Tech.
Fantastic – this guy port scans the T-Mobile range and finds the jailbroken iphones on the network, then SSH’s in using the default password and blips a message to the iphone telling the user the iphone has been hacked. Users can find out how to close the hole by visiting a website and paying EUR. 5,- using Paypal. He states that users don’t have to pay and he won’t do anything bad to them, so it isn’t exactly ransom.
What’s the hole? Most idiots who jailbreak fail to change the default root password. Duh!
”
Although this functionality was designed with OEMs in mind, it is pretty easy to turn on and off using regedit and some images lying around your hard drive.
First, a check is made to determine if the customization functionality is enabled or not. More precisely, a DWORD value named OEMBackground in the HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background key is checked. Its data, of Boolean type, defines whether or not this behavior is turned on, i.e. 1 for enabled, 0 for disabled. This value may not exist by default, depending on your system.
Afterwards, if customization is enabled, the primary monitor’s screen height and width are retrieved via calls to GetSystemMetrics. These values are used in the computation of the screen width (w)/height (h) ratio. For example, my desktop resolution is 1920×1200. The ratio, computed by the division of w/h, is 1.6:1.
The result of this computation is looked up in an internal table that drives what image to load on disk. Although I don’t have a large enough monitor to test, it appears resolutions higher than 1920×1200 will force the loading and zooming of an image of closest compatibility (i.e. same ratio, smaller image).
As this is an OEM feature images are derived from %windir%\system32\oobe\info\backgrounds. Like the registry value, this folder may not exist by default. The following files (sorted by width-to-height ratio) are supported in this folder:
NOTE: Images must be less than 256kb in size. Thanks for pushing me to investigate, Jay C.
The backgroundDefault.jpg image is loaded and stretched-to-fit when a resolution/ratio-specific background cannot be found. The other resolution/ratio-specific files are self-explanatory. If the background cannot be loaded (e.g. image physically too large, incorrect ratio, etc.), the default SKU-based image is loaded from imagesres.dll. You’ll see a Windows Server-themed grayish background in there, too, suggesting this functionality is not specific to client SKUs.”
Windows 7 to officially support logon UI background customization – Within Windows.
It took this network of 200,000 IP adresses 2 weeks to amass $3M. Who knows how long it has been operating or how much it scammed in total?
$3 Million In Click Fraud Over Two Weeks? Just The Beginning – Chinese click fraud ring – Gizmodo.
the way radio signals vary in a wireless network can reveal the movement of people behind closed doors. Joey Wilson and Neal Patwari have developed a technique called variance-based radio tomographic imaging which processes the signals to reveal signs of movement. They’ve even tested the idea with a 34-node wireless network using the IEEE 802.15.4 wireless protocol
via Technology Review: Blogs: arXiv blog: Wireless network modded to see through walls.
We should all know by now that the fingerprint biometric is a bad one: not only can you duplicate it fairly easily using just gummy bears, or increase the risk of having your finger cut off for you, they also give too many false negatives; some people will never be able to use fingerprint scanners.
The problem here is that because they have to automate the fingerprinting process, you get a lower level of accuracy in the scans. No two prints by the same finger are ever exactly the same. This is corrected for by error correction codes, which adds information to the prints to allow the computer to correct for these disparities. If you can get to these codes, you can find out information about the original fingerprint and the amount of data loss that is expected. So searching through the error correction code database allows you to find a fingerprint that is similar to yours and has a large correction. This means you can become this other person fairly easily.
Vingerafdrukparanoia is terecht (opinie) | Webwereld.
Researchers from Georgia Tech have devised methods to take real-time, real-world information and layer it onto Google Earth
They use live video feeds (sometimes from many angles) to find the position and motion of various objects, which they then combine with behavioral simulations to produce real-time animations for Google Earth or Microsoft Virtual Earth.
They use motion capture data to help their animated humans move realistically, and were able to extrapolate cars’ motion throughout an entire stretch of road from just a few spotty camera angles
Now where would you happen to have loads of CCTVs you could use to spy on everybody realtime? I wonder…
via Augmented Google Earth Gets Real-Time People, Cars, Clouds | Popular Science.
This thing has a 300MHz processor and has been hacked to run Linux with mouse and sound support.
$38 Zipit Wireless Messenger receives Linux injection, becomes $38 netbook.
Bill Moorier had an MRI scan of his head done, took the data and put in into an online interactive browser. So if you feel like taking a tour through his brain – http://abstractnonsense.com/mri/ .
Someone with way too much time on their hands ported a NES emulator to JavaScript. Feel like playing Super Mario Bros or Zelda at work? Grab a fast browser like Google Chrome and head on over here,
http://benfirshman.com/projects/jsnes/
Even though they keep supporting Internet Explorer 6, they’re not going to support XP?
Microsoft had stated the reason for continuing support for IE6 was that it came with Windows XP and so they had to keep supporting it. Now it turns out that they’re not supporting XP either. Not exactly their road map, but oh well.
XP is thus fully broken, with a security hole in the TCP/IP implementation.
You’re doing well, MS – it took you long enough to fix the hole for Vista et al as well!
Microsoft: No TCP/IP patches for you, XP.
By changing the qdr:nXX parameter after enabling the time parameter in ‘Search Options’, you can get Google to refresh every second and show you the new indexes.
Realtime Googelen met url-hack | Webwereld.
All those crib sheets with quick command references for shell programming, using Linux or vim, etc. have been collected here for your printing pleasure!
TechPosters: Technical Posters and Cheats for IT Guys.
Using SQL injection and the recent IIS faults, a grey hat hacker called Unu from Romania has hacked 4 large banks and a UK government website. He’s on a roll, and MS has no fix for their IIS holes…
Hacker ‘Unu’ valt Europese banken aan | Webwereld.
Pretty soon there will be released into the wild a Skype trojan that, once installed, logs calls as mp3’s and mails the conversations to a remote server.
This is the cyber air force, responsible for defensive as well as offensive use of cyberspace – ie. hacking, sniffing and cracking other nation’s networks, as well as defending US networking.
US military cyber force activated • The Register.
The National ID card was hacked – last week. It only took 12 minutes to do. Now the government is flying in the face of the evidence and bluntly stating it never happened. Maybe if they say it often enough it’ll become true. Or not.
Government rubbishes ID card hack report • The Register.
After all the millions spent on it, after all the privacy concerns and the backlash, after the bloody minded determination of the Wacky Jacqui to implement this, it only took 12 minutes to clone the fucker.
Slashdot IT Story | UK National ID Card Cloned In 12 Minutes.
UCSniff can be placed on a laptop and put in a network where it will VLAN hop untill it finds the VoIP VLAN channel. It then throws out spoofed ARP packets like a man-in-the-middle attack and gets all voice and video traffic thrown to itself. Together with a plugin called VideoJak they can then insert video loops into the stream, meaning that whoever sees the camera output (the guard) will only see the loop and not what the webcam is seeing.
Surveillance camera hack swaps live feed with spoof video • The Register.