Should you ever need to get into a hardware router, you’re going to need a username and password. We all know to try admin/admin, but here’s a list of the defaults for a huge selection of routers.

If you want to piss of Microsoft, you endanger their DRM system, which protects its connections to content suppliers. FairUse4WM strips DRM off media files allowing you to do what you like with the files you paid for. It’s now at version 1.2 and looks like it’s going to keep ahead of Microsoft. You can Read more about Fairuse4wm[…]

Here’s a chemist’s take on the plausibility of the London liquid bomb plot, followed by commentary on what he calls Potemkin security. He references Schneier, and goes on about the practicality of security against these kind of plots (as almost everything can be impregnated with nitrates, such as clothing) and the practicality of guarding against Read more about The liquid plot[…]

This hack is awesome – instead of blocking an unauthorised user over your wireless connection, this guy uses dhcp to assign unkown mac adresses to a different network segment. Then he uses iptables to redirect all the traffic to a squid proxy, which uses mogrify to modify all the image content by turning the images Read more about Someone leeching your wireless?[…]

Apparently this method is easier than picking or using a picking gun. You take keys and file them down to the minimum, hit them on the back after insertion and turn the lock. With a bit of practice this allows you to open locks within 30 seconds. (pdf link)

Verichip implants a tiny RFID chip in you which contains a unique ID which will identify you at hospitals, allowing doctors to find you in the database and find your file for you. At HOPE they demonstrated that the Verichip has no encryption and no question / response mechanism, meaning that using an RFID reader Read more about Verichip implanted RIFD hacked[…]

Now everybody can use the GPS signal information – for free 🙂

A seriously elegant way to hack someone’s network: drop USB sticks containing a trojan on the target’s parking lot and wait for the mail to come in.

Apparently those Nigerians really are making millions out there scamming idiots using email

We knew RFID chips were insecure – if you didn’t you’ve been living under a rock. Anyway, this Indymedia story chronicles a few concrete examples of RFID hacking in reality.

Can be broken through a laptop with WiFi within 20 minutes allowing people to do a clean steal of the car. A bit like when they had IR car fobs which could be saved using a palm and then replayed, but now you have to break the encryption.

PCs have virusses, Macs have virusses, PDAs and cellphones have virusses, so why should RFID chips be any different? A working proof of concept has been made which is put onto an RFID chip, which infects the backend database and then transmits to other RFID chips that connect to that database.

Nobody seems to believe me when I say it’s possible, but now it’s happened – in Greece unknown people have hacked into the cellular system and been tapping politicians and officers. Yup, the bad guys can get into your wonderful surveillance infrastructure too.

Engadget is running a nice article on how to scale your video input to show better on a HD TV or projector by scaling the video feed.

Bluediving is a suite that implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack and features like bluetooth address spoofing.

Two methods of defeating RFID: The easy way – use tape to block the chip or The violent way – zap them (plans will be released at some point) using a modified single use camera

If it’s borked you can fix it – I’ve opened these things up but never expected to get them to run again afterwards – apparently you CAN transplant the platters 🙂

BBC and el Reg are running great stories about some guy who read Day of the Jackal and decided to find a dead baby, take his birth certificate, open a bank account, get a passport – and live as this baby for 23 years! Of course, he had to go and take a fictional title Read more about ID Fraud Lord Buckingham[…]

The bastards! Mark’s Sysinternals was playing around with RootkitRevealer and discovered that Sony installs its own media player on your PC, reroutes windows systems calls and hides itself to limit the amount of copies that can be made of the disc. Now you could call it DRM I guess, but if you try to remove Read more about Sony installs a rootkit on your system[…]

Samy posted a piece of very cleverly crafted stuff on his profile in MySpace, which basically made everyone who saw his profile add the same code to their profile, and add Samy to their friendslist together with some text. This shows the fragility of browsers when using AJAX to code sites, despite some fairly complicated Read more about MySpace Worm[…]

What makes the technique feasible is that each keystroke makes a relatively distinct sound, however subtle, when hit. Typical users type about 300 characters per minute, leaving enough time for a computer to isolate the sounds of individual keystrokes and categorize the letters based upon the statistical characteristics of English text. For example, the letters Read more about Sniff traffic by listening to keyboard clicks[…]

That didn’t take long… around 1 day in fact – Windows checks during the update to see if you’re a legitimate user, forcing you to click yes, continue, of course, appy, thanks, I agree, next, etc. Of course if that kind of useless clicking pisses you off, you could just use these scripts to circumvent Read more about Windows Genuine check cracked[…]

A totally new look at how to keep a secure list of passwords: broadcast them live on webradio to the world! A Secret Service invites you to submit your passwords and a timestamp for storage on the Secret Service website. It is then translated (text-to-speech), automated and broadcasted via webradio and live at Mediamatic Groundfloor Read more about A Secret Service[…]

Not quite as effective, but it only costs $30 or so…

Well, if you fake your ID to that of a trusted device and pair with another device, you get a key sent, which you can crack in 0.06 seconds. Feed it in and you don’t have to enter the PIN. Oops.