MS is pushing the Vista upgrade with two games only supposed to work on Vista. Unfortunately people have allready managed to get them running on XP.

LOLCODE.
Clean syntax, consistent capitalization and Internet ready. It’s the language for the new web, baby.

HAI
CAN HAS STDIO?
I HAS A VAR
IM IN YR LOOP
	UP VAR!!1
	VISIBLE VAR
	IZ VAR BIGGER THAN 10? KTHXBYE
IM OUTTA YR LOOP
KTHXBYE

It’s been known for a while that CRT monitors leak radiation which makes them easily duplicable on an external monitor, leading to insane amounts of shielding.

Now it’s the LCD’s turn.

Using a radio antenna and reciever, Markus Kuhn can duplicate your LCD on an external monitor, in some cases though up to three walls away, depending on the type of monitor. Thankfully, it’s fairly easy to defend against.

He’s also found a way to reconstruct what a monitor is showing by looking at the flicker reflected through a window or on a wall.

Markus Kuhn has a few other interesting articles on his own site.

Whilst the old cracks on HD DVD and BlueRay focussed on getting the identifying keys off the media, which meant that if the DVD software was updated, the keys could be changed and the crack wouldn’t work and more (for the cracked item) the next generation of cracks involve taking the Volume Unique Keys off the player hardware (in this case the XBOX 360). This you can’t change using a software update, so that kills AACS a bit more permanently.

You don’t have to splice the optical line or attack the multiplexer to be able to read network traffic over fibre optic cable lines – all you have to do is bend it a bit, and read the light that comes off the bend. There are apparently plenty of devices which clip on to do the job, such as the Exfo FCD-10B bend coupler.

Oddly enough, anything named ‘install’ will be seen by Vista as requiring Admin rights. However, just rename it and you don’t require admin rights any more. It’s being touted as a ‘feature’ of course, but it’s one of the most bloody stupid features I’ve ever heard of.
A bit like having username ‘Magix’ and being able to log in to the same account as user ‘M’ in XP.

Navigation systems are now using FM systems more and more to tell each other where traffic jams are developing or where accidents have occurred etc. Inverse Path LLC has found a way to inject various messages using $40,- worth of equipment. Apparently the authentication is weakly encrypted and the messages aren’t encrypted at all, making this fairly trivial.

A Russian developer has built a programme which will recover your OpenOffice password using several different methods.

Quite possibly the largest one man heist in history, a conman managed to get the keys to the bank and information on where all the diamonds were stored, allowing him to bypass a > 1m GBP security system by being a nice guy.

I’ve known that WEP encryption still used to protect a lot of WiFi (wireless connections) was crackable in around 15 minutes, but these papers describe how to do it in under 60 seconds – the fastest attack I’ve found to date!

The Original paper by Tews, Weinmann and Pyshkin (pdf)

The tool (aircrack-ptw) to do it with.

And the tutorial to use the tools with (written for aircrack-ng, but with some changes from the above link it works for aircrack-ptw)

The lesson? Use WPA

Gary McKinnen, a Scot who’s exploits put Kevin Mitnick to shame, allegedly has hacked into 97 US military and NASA computers. He’s in England fighting extradition, probably because he quite sanely doesn’t want to be tried as a terrorist. The US is using threatening strong-arm tactics to get him to not fight the extradition to the US, such as leaning on the UK to revoke his rights should he eventually be extradited. A nasty picture of what both the US and the UK are all about nowadays.

Yup they’ve got a keygen. It’s early days, so it takes a few hours, but they’ll optimise it. You’ll see 🙂

On the doom9 forum you can read the whole tale of how AACS was cracked using nothing more than a memory dump 🙂

This article describes how to use the Vista upgrade version to install the full version on a clean computer using some inventive interaction with the installer.

Muslix64 has managed within a month to crack both Blue-Ray andHD-DVD and has released software allowing you to back up these DVDs (for personal use, of course). BackupBluray and BackupHDDVD

Showing that the government in the UK is not above the law, Scotland Yard has hacked into government computers following suspicions that the government was not exactly forthcoming with evidence into one of their investigations. It gives me a nice, cuddly feeling, knowing that the two parties get to check up on each other.

Invisible things is the website of Joanna Rutkowska, who is very interested in stealth malware insertion into kernels. She came up with the ‘blue pill’, which is a stealth VM in the kernel running side by side with the normal kernel and is pretty much undetectable. A whole load of different attack vectors are explored in the site, as well as a taxonomy for stealth malware – a sector virtually ignored by the anti-virus community.

I sometimes spend 14 hours a day working behind a PC. Any action that requires me to push the rodent around annoys the crap out of me.

So I’ve ditched the mouse and gone with a Wacom pen for the times that I can’t avoid it.

I also use Ratpoison as a window manager, so I can perform basic UI operations without resorting to the rodent. Also, Ratpoison doesn’t clutter up my interface with useless crap like “window decorations”, “window buttons” or “interface themes”. I don’t like them, I don’t use them and I really have a better use for my screen real-estate.

Because I do a lot of web development stuff, I use the Firefox plugin Conkeror most of the time.

I email with mutt, read feeds with snownews, edit anything non-binary with VIM, edit binaries with BIEW, read Usenet with tin, watch movies (on a remotely controlled display) with mplayer, I play music with mp3blaster and manage my ipod with gnupod.

For experiments with alternative inputs that do require pointing devices, I’m interesting in Dasher, which you really should check out if this is your kind of thing.

The proof of concept code opening up that RFID passport you always wanted to have has been made public and posted on Bugtraq.

Yes, after having proven time and again that RFID is not safe (it’s easily readable and copyable) those twits at the credit card companies have helped enable fraud on a massive scale by deploying RFID on credit cards. Naturally none of your data is protected at all (like, for example encryption) and (almost) all the necessary data to make a credit card purchase is on the chip. Of course that didn’t take too long to make a workable hack of and over 20 credit cards (which is every one the researchers tried) were vulnerable. Easily. You could just tatoo you credit card on your forehead, but that would be too difficult for criminals – they’d have to copy the data using writing or pictures.

How the Google OS works – links and articles about the ins and outs of google as well as other search engines. All the services and software provided by Google and how to use them. Interesting stuff.

Hardly surprisingly you can find easter eggs, customer data, backdoor passwords, nerd jokes and all kinds of other information in Google Code Search.

Not only Diebold has a monopoly on hackeable voting machines – the ones the Dutch government uses are hackeable to the point of being able to reflash them to play chess!

How to create a Verichip reader, cloner and writer – get yourself into Guantenamo Bay as a security guard, buy drinks at Baja Beach Club 🙂

Should you ever need to get into a hardware router, you’re going to need a username and password. We all know to try admin/admin, but here’s a list of the defaults for a huge selection of routers.