The Edge of I-Hacked

From phonelosers.org

By going to search.twitter.com, you can type in 4sq.com and you’ll get a list of everyone on the planet that is currently checking in to someplace. You can even modify your search to include only local businesses. This is great for creepy stalkers who want to keep tabs on random pretty girls. A creepy stalker could jump in his car and speed to the pub for a chance to meet the girl of his dreams. Everywhere she goes.

Another use for Foursquare is for burglars to know when houses are empty. If @sexygirl535 is out having fun with her friends at a bar, then she’s not home, right? So quick, drive over there and break into her house! You know she doesn’t have roommates because she constantly tweets about how it sucks to live alone. A website called Please Rob Me has been set up for just this purpose.

And then there’s the PLA’s favorite pasttime – making prank calls to people. Foursquare is the perfect tool for this. In that search box up there, you click on the Twitter username which probably gives you the name of the person checking in. Then you click on the link in their post and you’ll have the phone number of the business they’re at. Now you can call the business, ask for that person and say something crazy to them. They’re almost always surprised that anyone could know that they’re there. It rarely occurs to them that just minutes ago they transmitted their location to the entire world. Visit the site to Listen to these:

I’m From The Future! Gil gets a call from himself in the future, warning him of dire consequences if he buys Tylenol. Gil doesn’t believe himself.

Shaggy gets a telemarketing call from the Red Cross while eating at Royal Thai Cuisine.

Nicole is getting a pedicure when she gets a call from a Foursquare representative, warning her not to post her location to the public.

Blockbuster tells Sabrina that she’s no longer welcome in their stores. She posted a series of tweets after this calls which went like this: “Just had the dumbest prank played on me thx to foursquare! Guy called Blockbuster, asked for me, told me he was from Corp. & that I wasn’t…..welcome there, and how to leave the store! I was so frickin’ pissed that someone had the nerve to call the store and do that shit!…..I hung up on the tool and told the Blockbuster staff, who were very apologetic. Just a reminder to be careful on foursquare updates! Seriously though! If that had been real, I would have been SO insulted! Just beware of any weird calls if you check-in on foursquare!”

Carlie is surprised to get a call from an internet stalker and decides on the phone not to use Foursquare anymore.

I am giving a presentation to the KC FBI Infragard group, would you mind taking a ONE QUESTION poll for me? (Will take less than 1 min)

This does not track anything but your answer and some geo location stats. I am looking for a lot of responses, so please help! Also, if you dont mind, could you share with your network? I have already shared it with my Facebook friends, and I am wondering if you would be willing to do the same. I prefer not to share on twitter as my twitter following is all “Security Professionals” and would skew the data immensely. I am looking for “real world” data.

Please Take the Poll:

http://www.micropoll.com/akira/mpview/842973-237543

—-if you want to share ——
A friend of mine is giving a presentation to the FBI Infragard group, would you mind taking a ONE QUESTION poll for me? (Will take less than 1 min) It is outside of Facebook, and does not track anything but your answer.

Poll Link: http://www.micropoll.com/akira/mpview/842973-237543
—-if you want to share ——

So if you have not heard about Square yet, it is a really good idea enabling pretty much everyone the ability to take credit cards. It is a small device (about the size of a headphone splitter) that connects to your smartphone and allows you to swipe cards for payments.

square payment

So these devices have some amazing potential. Imagine not having to carry cash ever again. Want to pay a street vendor? Swipe. Pay your buddy back for beers last night.. Swipe. You get the point.

However, I have some questions about the security of these devices. Sure, we can all scoff at the apparent lack of security people are already doing with these, sense they are uploading 1080p videos of them swiping their cards on youtube (I will let you figure out why 1080p + creditcards + pause + photoshop = disaster for that poor soul)

But I am also curious on the transmission path and residual “noise”. Anyone who has fired up Karmetasploit knows that iphones are pretty easy prey — they love connecting to any wifi spot they come across. I wonder what safeguards are put in place to stop me from “middling” them?

Hey @square guys, send me a couple of squares — I would love to do a free security audit of them. I think you got a great product, I would love to help make it better (secured). Feel free to contact me on twitter!

via Social Hacking.

Many security researchers are familiar with BeEF, a browser exploitation framework by Wade Alcorn. In short, BeEF is a program that brings together various types of code for taking advantage of known vulnerabilities in web browsers. If a target computer loads a certain bit of code within a web page, that code connects to a server control panel which can then execute certain attacks against the “zombie” machine.After noting potential security issues with the gadgets in Google Wave, I set about to finally setup a BeEF testbed and see if Google Wave was as capable a platform for malware delivery as I suspected.

via HackZine.com.

This site began with a 2008 crowbox experiment, which turned nature’s pests into practical players in society by autonomously training crows to conduct mutually beneficial behaviours with humans.

I did the initial experiment in 2008 in an attempt to teach crows how to live more purposefully for man, so that man would not annihilate the species.

At the time, I taught some captive crows, remotely, through basic operant conditioning, to feed coins into a vending machine so they could get peanuts. The idea is that a group of wild crows would teach other crows, including their offspring, to find the coins and put them into the vending machine to get peanuts. For this experiment, I received coverage all over the globe – from the New York Times, TED.com, Gizmodo and even Oprah covered the experiment!

But now – it’s your turn. The crowbox experiment is open source and this site exists to let the whole world know how to make a crow machine and then share the results.

Download the files, post some questions in the forums, add a page or three to the wiki. The open source crowbox experiment is still in beta, but together we can build it into something great.

Read about how the crowbox works, and see the story of how this whole thing began (below)!

Computer Security News

via SPOOFEM.COM releases beta version of desktop application.

Caller ID spoofing service provider SPOOFEM.COM announced on Monday the release of its free desktop application , version 1.B . The company said the SDA, available at http://www.spoofem.com, provides consumers with easy access to all of the services that are available on SPOOFEM.COM, including caller-id spoofing, spoofing text and e-mail messages,

via Introduction to Metasploit Unleashed.

Free MetaSploit Class — YEA!

This is it! After months of hard work, we are finally ready to present the free version of our online course – Metasploit Unleashed – Mastering the Framework. This resource will be a living, breathing Metasploit documentation entity. We will keep on updating and adding new modules and chapters as the MSF evolves.

This course has be written in a manner to encompass not just the front end “user” aspects of the framework, but rather give you an introduction to the capabilities that Metasploit provides. We aim to give you an in depth look into the many features of the MSF, and provide you with the skill and confidence to utilize this amazing tool to its utmost capabilities.

Here we will try to sort out all the news, blogs, tools and more. Check back for updates and comment any findings.

Videos:
Defcon 17 Awards Ceremony **Check out I-Hacked/RBCP @ 01:04:56**
Interview Nathan Hamiel and Shawn Moyer on hacking Web 2.0
Quadrotor UAV at Defcon 17
Apple keyboard with evil firmware can root any computer
hacking-defcon-2009-badge
video of KreiosC2
Hacking the iPhone
Defcon Video by Ax0n

Tools/Slides:
dnsTTrap
ucsniff
ippon
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
Foca Online
Tactical Fingerprinting using Foca
maltego-firefox
CSRF – Yeah, It Still Works
KreiosC2
Prank o Matic

Photos:
vissago
stits -some NSFW-
epitti

Music:
BlackBall Defcon 17- up’D by Great Scott

Misc/Blog:
Black Hat USA 2009 Media Archives
Ax0n’s DefCon 17 Wrap-Up
RBCP’s Blog on Defcon
DEFCON 0×11 Post-Mortem

News:
Feds at DefCon Alarmed After RFIDs Scanned
Researchers offer tools for eavesdropping and video hijacking
Danger from automatic updates
Hanging with hackers can make you paranoid
Rio hotel in Las Vegas responds to claims over malicious ATMs
Malicious ATM Catches Hackers
iPhone attacked by SMS – Danger!

Ya I know it’s the same text as last year, we are tired… The difference is….

THIS YEAR THEY EXIST.

Ok — so defcon isnt exactly the most expensive con there is.. In fact, it is quite a steal at $120. But sometimes hackers are poor. Sometimes the difference is having beer and no badge, or a badge and no beer. Both are a bad situation.

So let me show you how to get into Defcon for a measly $15! (That still leaves you some scratch for BEER!) It is time to introduce this years I-Hacked T-Shirt.

Not only will you get into Defcon for free (minus the cost of the tshirt of course) but you will have access to areas most “Humans” simply wont! Imagine hob-knobbing in the goon’s private skybox! Imagine finding the talk that you are most interested in, COMPLETELY FULL… With a normal badge you would be out of luck, but using the 2009 Defcon17 I-Hacked shirt, you can tell some sad sorry sap to get the hell out of your seat, because you are a goon and they have to listen to you! And it is completely legal!

How were we able to do this? Simple, We were able to (easily I might add) obtain the details of the badges early by social engineering the company that Joe Grand used for production. Not only did they provide the final proofs back to us, but actually sent us some PHYSICAL SAMPLES! (wh000000t!)

We took those proofs and produced a T-Shirt that we feel captures the “hacker spirit”. This limited edition 2009 Defcon17 I-Hacked tshirt, which is SURE to be “THE” topic of DC17 and making it to DEFCON LORE can be had for only 15 bucks.

All proceeds will go to providing beer to those who are wearing the shirts.