Wednesday, December 18, 2013

December InfoSec Links



NSA and Government
Shame on Feinstein: There is a cost to surveillance.
http://www.siliconvalleywatcher.com/mt/archives/2013/12/shame_on_feinstein_co.php?utm_source=buffer&utm_campaign=Buffer&utm_content=buffer54e85&utm_medium=twitter
RSA took $10mil to backdoor their crypto libraries.
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220
EFF reviews how the CFAA ruined lives and slowed innovation out of fear:
https://www.eff.org/deeplinks/2013/12/2013-review-tragedy-brings-cfaa-spotlight
Getting the ungettable: The NSA's Tailored Access Operations Unit
http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html
Backdoors R Us: NSA's backdoor catalog
http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html
Practical Tamper-evident Techniques
http://www.wired.com/threatlevel/2013/12/better-data-security-nail-polish/


Security and Cool Exploits
Via Chavaukin: 10 things Security should stop doing in 2014
http://blog.anitian.com/2014-stop-doing/
Acoustic cracking of PGP keys.  Fantasy attack made real:
http://www.cs.tau.ac.il/~tromer/acoustic/
SD Card Hacking
http://www.bunniestudios.com/blog/?p=3554

Target Breach Madness
International cards and those associated with a zip code fetch a premium:
http://krebsonsecurity.com/2013/12/non-us-cards-used-at-target-fetch-premium/
Putting a face on the Target breach:
http://krebsonsecurity.com/2013/12/whos-selling-credit-cards-from-target/
Target's faster checkout system explained:
http://www.quora.com/What-is-the-new-instantaneous-payment-system-being-used-at-Target
All PINs in the world leaked! (Tongue in Cheek)
http://pastebin.com/2qbRKh3R

Also hilarious: What happens when the common folk get a glimpse at the code behind:
https://twitter.com/neave/status/415533230579019777/photo/1

Monday, December 16, 2013

Bench Power Supply Complete!



Thanks to SYN Shop, the Las Vegas Hackerspace, I completed a bench top power supply.  I took a class that helped me build one from a kit.  The kit itself produced a 5v out and a configurable out that I ended up making 8.5 for Arduino.

One of the challenges of the class was to take that kit and enhance it.  I removed the resistor on the configurable channel and replaced it with a 10K Ohm potentiometer from Radio Shack.  This allows me to configure it for between 2 and 14.5 volts!



Some time later, I got tired of the alligator clips I used to connect to the two rails.  I replaced them with a barrel connector and switch.  My initial schematic was woefully flawed, however.  If I had completed it, I would have shorted the rails to ground through the switch, blown the fuse, and possibly smoked the voltage regulators.  Yeesh.

Thanks again to SYN Shop and Javid, the teacher who's kit made this possible.

Thursday, November 14, 2013

InfoSec Links for Thursday, November 14, 2013





Adobe Breach Link Blitz:
Root Cause: Cold Fusion
Also Owned: Limo Company to the rich, famous and well connected.  Note the targeted attacks (often called spear phishing) based on the original hack:
AT&T owned too:

An interesting article on how most security amounts to Integration concerns and not true security problems.
Also, putting financial security in perspective:

Updated: Skylanders Hacking



Worked with Skylanders Editor in Windows 8 64 bit.  Here is what I learned:

  1. Editor came with source code and a portal driver.  This is great if I want to play with the code itself and build a Mifare Classic encryption cracker out of it.
  2. You may need to disable the Spyro Portal Service before Editor.exe can talk to a portal.  Do this in services.msc.
  3. I was able to get the PS3 and 3DS wireless portals to work using the driver included in the Editor zip file.
  4. When working with the device in any system post-Vista, make sure to run your command prompt or batch file as an administrator.  This allows such ancient technology to access the USB where the portal connects.
  5. I was unable to get the wired portal to work.  I believe this one is from Skylanders Giants.
  6. I do not have a portal from Swap Force to test it out, but I suspect a new driver will be necessary.
  7. My Nexus will not read Mifare Classic cards with the usual apps.  You need keys and something to teach the NFC reader how to talk using the Mifare proprietary format.
  8. Breaking the Mifare encryption is my next step.  As described in the Editor v2 docs, the key is a bunch of data from Block00-01 and 35 bytes from a constant key.  I have my bead on a Mifare cracker in Backtrack Linux that will do the job quickly. 

Update: After sitting down with the Editor code and some testing, it seems like the author has done all the work for you.  Still planning an exercise to crack the key myself, though.  I conducted a practical upgrade/downgrade test on a first-gen Skylander.  A normal Skylander will go to level 10 in the first release and 15 in "Giants".  The actual Giant figs have yet to be tested, but I expect similar results.  The data pulled the same and decrypted just fine using Editor v2.0. 

Final Note: Don't tell him, but I may get SWAP Force for my son for Christmas just to get a peak at those new guys.  Curious as to how they sense the fig/element match.  It requires a pretty hefty purchase, though, so it is either that or Disney Infinity.

Tuesday, November 12, 2013

Pivoting from Planning to Doing




The above tweet by Dan Kaminsky really got into my system.  As someone who makes lists of things to do, I often get trapped planning more than doing.  Since DEFCON 21, I have tried to focus on doing.  Here is a list of my successes so far:
  • Rooted my Sony Ericsson Xperia Play and installed Cyanogenmod 9.
  • Studied Arduino and created a few basic projects.
  • Started following security wonks on Twitter and have become fairly well-versed in the conversation.
Where to go from here?
  • Hack Skylanders and Disney Infinity using tag writers and custom code.
  • Help Ethan get through Scratch manual.  He has had a blast so far.
  • Creating a product in Arduino.  Planning a card swipe emulator to apply my skills to real world annoyance.
  • And probably most important: settle on a handle.  VegasVic?

Modest Mouse - Missed the Boat



The lyrics to this song got me through a very depressing and delicate time.  I had just split with my wife and given up on religion.  This song gave me comfort that a life without religion could still be fulfilling.  It pointed to a common experience many like me have had: general despair in the ability of the individual to decide a right course for themselves.