Ur wireless 902.11 networks are belong to us

This 14 year old kid walks around tram depots, figures out what signal is needed to make track points switch, builds his own TV Remote control and goes and derails 4 trams. That’s young talent for you.

Two issues in this story: Because registrars allow you to return a domain without costs within 5 days, domain kiting or tasting allows unscrupulous companies to register a domain, see how much traffic it generates and throw it back for free or re-register it every 5 days, allowing them to get free domains. Apparently the scope of this problem is huge.

The second issue is that so called reputable companies (such as Network Solutions) are posting your searches for domain names, so that above unscrupulous companies can register them before you can.

TomTom Systems are basically linux machines running on ARM CPUs. This means – we can hack them! And because they’re running Linux and a whole load of Linux apps, TomTom provides this page with the OS source codes and the tools they use.

Of course since then it has been hacked like crazy. Here’s the wiki page with all the hacks on it.

An interesting paper detailing quickly how to crack MD5sums using Google 🙂

Some lovely Firefox extensions, including cookie interceptors, site spidering, user agent switching and more

The Storm botnet is now sending around 2 billion emails per day, has around 30,000 computers hosting the webpage that is linked to in the email, runs at around 10% capacity and blasts anybody who starts looking at it with a massive DOS. This thing can take down just around everything (allthough it doesn’t seem to be doing so) and is way more powerful than the world’s most powerful supercomputers.
The article focusses on the DOS power of Storm, but what if it started doing some more interesting stuff like curing cancer, running folding at home or something?
Pretty amazing – it’s not the first of April, is it?

There you go. DIzzIE on the Rorta forums has a lovely quick guide for paying users of Netflix to rip them and then save, distribute, whatever them.
Apparently as soon as the howto came out, Netflix changed their DRM a bit, but hardly any time later the howto was modified on 2 points and you can still rip them.

A neat little entry to add to your about:config settings as an integer set at 0 is nglayout.initialpaint.delay

Pissed off with ICANN? Want your own tld and don’t think that you should have to be super available for it to happen? There is a different type of top level domain out there, called the gTLD. There are a few people offering them, but not all of them are very big. Of the 2 big ones, the Open Root Server Network seems too expensive at $1000,-.
Namespace gives one away for free and subsequent ones for $25,- per year. Switching is easy, all you have to do is add a few DNS servers in the root.hints list of your DNS server.

No lists of iPhone hacks here – there are plenty of them, there shouldn’t be any trouble at all finding them on internet. However, because the OS restore disks came in 2 flavours, part encrypted, part unencrypted, they’ve managed to hack the standard root password out of it allready:

Alpine

Have fun. I still love my Treo. When is Palm going to give me the stuff I want?!

MS is pushing the Vista upgrade with two games only supposed to work on Vista. Unfortunately people have allready managed to get them running on XP.

LOLCODE.
Clean syntax, consistent capitalization and Internet ready. It’s the language for the new web, baby.

HAI
CAN HAS STDIO?
I HAS A VAR
IM IN YR LOOP
	UP VAR!!1
	VISIBLE VAR
	IZ VAR BIGGER THAN 10? KTHXBYE
IM OUTTA YR LOOP
KTHXBYE

It’s been known for a while that CRT monitors leak radiation which makes them easily duplicable on an external monitor, leading to insane amounts of shielding.

Now it’s the LCD’s turn.

Using a radio antenna and reciever, Markus Kuhn can duplicate your LCD on an external monitor, in some cases though up to three walls away, depending on the type of monitor. Thankfully, it’s fairly easy to defend against.

He’s also found a way to reconstruct what a monitor is showing by looking at the flicker reflected through a window or on a wall.

Markus Kuhn has a few other interesting articles on his own site.

Whilst the old cracks on HD DVD and BlueRay focussed on getting the identifying keys off the media, which meant that if the DVD software was updated, the keys could be changed and the crack wouldn’t work and more (for the cracked item) the next generation of cracks involve taking the Volume Unique Keys off the player hardware (in this case the XBOX 360). This you can’t change using a software update, so that kills AACS a bit more permanently.

You don’t have to splice the optical line or attack the multiplexer to be able to read network traffic over fibre optic cable lines – all you have to do is bend it a bit, and read the light that comes off the bend. There are apparently plenty of devices which clip on to do the job, such as the Exfo FCD-10B bend coupler.

Oddly enough, anything named ‘install’ will be seen by Vista as requiring Admin rights. However, just rename it and you don’t require admin rights any more. It’s being touted as a ‘feature’ of course, but it’s one of the most bloody stupid features I’ve ever heard of.
A bit like having username ‘Magix’ and being able to log in to the same account as user ‘M’ in XP.

Navigation systems are now using FM systems more and more to tell each other where traffic jams are developing or where accidents have occurred etc. Inverse Path LLC has found a way to inject various messages using $40,- worth of equipment. Apparently the authentication is weakly encrypted and the messages aren’t encrypted at all, making this fairly trivial.

A Russian developer has built a programme which will recover your OpenOffice password using several different methods.

Quite possibly the largest one man heist in history, a conman managed to get the keys to the bank and information on where all the diamonds were stored, allowing him to bypass a > 1m GBP security system by being a nice guy.

I’ve known that WEP encryption still used to protect a lot of WiFi (wireless connections) was crackable in around 15 minutes, but these papers describe how to do it in under 60 seconds – the fastest attack I’ve found to date!

The Original paper by Tews, Weinmann and Pyshkin (pdf)

The tool (aircrack-ptw) to do it with.

And the tutorial to use the tools with (written for aircrack-ng, but with some changes from the above link it works for aircrack-ptw)

The lesson? Use WPA

Gary McKinnen, a Scot who’s exploits put Kevin Mitnick to shame, allegedly has hacked into 97 US military and NASA computers. He’s in England fighting extradition, probably because he quite sanely doesn’t want to be tried as a terrorist. The US is using threatening strong-arm tactics to get him to not fight the extradition to the US, such as leaning on the UK to revoke his rights should he eventually be extradited. A nasty picture of what both the US and the UK are all about nowadays.

Yup they’ve got a keygen. It’s early days, so it takes a few hours, but they’ll optimise it. You’ll see 🙂

On the doom9 forum you can read the whole tale of how AACS was cracked using nothing more than a memory dump 🙂

This article describes how to use the Vista upgrade version to install the full version on a clean computer using some inventive interaction with the installer.