The Edge of I-Hacked

from Perspectives

When you use a secure protocol like SSL or SSH to communicate on the Internet, your communication is vulnerable to a “man-in-the-middle” attack unless you are able to identify the remote server in a secure manner. One way to do this is to have the server participate in a “Public Key Infrastructure” (PKI) and buy a certificate from a certificate authority like VeriSign.

Unfortunately, PKI’s can be expensive and cumbersome to operate, leading to widespread use of a simple and cheap “Trust-on-first-use” mechanism commonly associated with SSH and HTTPS with self-signed certificates. Unfortunately, this comes at the cost of security.

Few users bother to verify the correctness of the key manually (hey, we’re lazy by nature!), but Perspectives provides a simple “no effort” way to get significantly more information about whether a key is correct for that destination. A client can automatically make a secure connection to one of several publicly available “network notary servers” located around the world. These servers tell the client:

1. What key does the server see for host.domain.com right now?
2. What keys has the server seen in the past for host.domain.com ?

The replies from the network notaries can go a long way toward either providing the user with confidence that the key it received is valid, or that a real threat of a “man in the middle” attack exists.

The end result is that instead of having applications issue bland warnings, which users often ignore, the application can either skip the warning if notary data indicates the the key is valid, or give a very stern warning in the rare cases when an attack appears to be in progress.

from Yahoo! News

Intel on Thursday showed off a wireless electric power system that analysts say could revolutionize modern life by freeing devices from transformers and wall outlets.

Intel chief technology officer Justin Rattner demonstrated a Wireless Energy Resonant Link as he spoke at the California firm’s annual developers forum in San Francisco.

Electricity was sent wirelessly to a lamp on stage, lighting a 60 watt bulb that uses more power than a typical laptop computer.

Most importantly, the electricity was transmitted without zapping anything or anyone that got between the sending and receiving units.

“The trick with wireless power is not can you do it; it’s can you do it safely and efficiently,” Intel researcher Josh Smith said in an online video explaining the breakthrough.

GreatScott crushed the I-Hacked.com party @ Defcon Saturday night! Get his mix while you can.

Great_Scott_-_DefCon16_I-Hacked.com_Skybox_Mix.part1
Great_Scott_-_DefCon16_I-Hacked.com_Skybox_Mix.part2

Tracklist
# 1. Moonbootica - Jump Around
# 2. edIT - Battling Go-Go Yubari in Downtown LA v. Dr. Dre feat. Snoop Dog - Next Episode part I v. Beastie Boys - Ch-Check It Out
# 3. edIT - If You Crump Stand Up (just a taste)
# 4. The Crystal Method - PHD v. Beastie Boys - Body Movin’
# 5. The Chemical Brothers - Block Rockin’ Beats v. The Gorillaz - Windmill
# 6. Q45 + Amy B - Naughty (Kissy Sell Out Mix)
# 7. Andrea Doria - Bucci Bag (Richard Vission Remix)
# 8. Dom Almond - Shake It (Philipe Boyar Remix)
# 9. Loose Cannons - Girls In Hats (Kissy Sell Out Remix)
# 10. Moonbootica - Roll The Dice
# 11. Kraddy - Conscious Ferilla v. Fatboy Slim - Star 69
# 12. Cicada - The Things You Say (Mr Miyagi Remix)
# 13. Slyde - Kiss Kiss Bang Bang (Twocker Remix) v. Klubbheads - Kickin’ Hard
# 14. Sander Kleinenberg - The Fruit (Ivan Gough and Grant Smith Remix)
# 15. Audio Bullys - Gimme That Punk (12″ Mix)
# 16. The Breakfastaz - Girls Money Drink and Drugs (Devil’s Gun Money Shot Remix)
# 17. Dopamine + Klaus Hill - Ah Baby (Elite Force Remix) v. Beastie Boys - Intergalactic
# 18. Uberzone - Okay v. Hybrid - Kill City [edit] v. Deltron3030 - Virus
# 19. Elite Force - Engine
# 20. EdIT - If You Crump Stand up v. Dr. Dre feat. Snoop Dog - Next Episode part II

Make sure you check him out @ Great Scott

Backup download

***UPDATED SLIDES & TOOLS CAN BE FOUND AT https://www.defcon.org/html/links/defcon-media-archives.html ***

Download the Defcon16 ISO here.

File: defcon16.iso
Size: 734537728
MD5: 04F944946A3AA4B6B9C6C2E738D0B9D0
SHA1: 6F63D4E58B71D6F161793699E9DB131B75D4A8D7

Its packed full of the slides OF ALL the talks, along with the software used to hack Joe Grand’s Defcon16 Badge

from hackmii.com

As you all know, I’ve been working on libdi (or the DVD Access library) for a while now. We had some problems getting it out to release because of the difficulties we encountered while writing the second part of this topic. The DVDX installer instead will install a small, hidden, channel on your Wii that allows you to read DVDs on an unmodified system. It is not an installer for a patched IOS. You may however need one, depending on your system.

Usage of this package is fairly simple. Run the installer.dol found in the package, follow the onscreen instructions, and you’re done.

Once you’ve done that, you can enjoy the splendor of mplayer. That what started out as a simple proof of concept has rapidly turned into a full-featured media player, under the nourishing hands of dhewg. The main aim of the mplayer project was to get DVDVideo going, but it also supports reading video files off the SD card. (Experimental).

A patch for Wii64, the N64 emulator for the Wii, will also be available shortly. This patch will allow you to read games off a DVD.

Download links:

mplayer
libdi

If you have a modchip, you also need patchmii, in addition to the DVDX stub installer.
patchmii_core

Note that libdi is meant for developers, as it is embedded into applications that use it. End-users only need to grab it to run installer.dol once.

Please note that DVD R (as opposed to DVD-R) discs will need to have their BookType set to DVD-ROM to work properly in Normal mode (if you have no modchip). PatchMii mode does not have this requirement, but requires a modchip.

Well, I am finally home semi-caught up on sleep so I figured I would post a quick wrap-up of DefCon16.

Defcon16 had a really good schedule this year, and as such I attended some great talks, and some that sounded good that ended up no-so-great. But hey that is pretty much how it always goes. The talks that specifically stick out in my mind are Satan is on my friends list, Sniffing Cable Modems, Shifting the Focus of WiFi Security, Malware Detection through Network Flow Analysis, and Next Generation Collaborative Reversing with IdaPro & CollabReate. If you presented and you didnt make this list dont get all butt-hurt about it — I probably either chose wrong and didn’t go to yours, or was simply too hung over to make it. (or it sucked )

Speaking of hung-over, I always find the most fulfilling side-effect of Defcon to be the social networking. It was wild hanging out & catching up with old friends and meeting a ton of new ones. Whether it was drinking Chimay in the VIP lounge at Body English, bar tending at someone else’s party, watching as my Driftnet wall move from sports and news to strictly PORN during the live podcast at 9:15PM, to watching the most spirited game of “Elevator Roulette” grow from 3 players to 20 after “the incident”, it was awesome partying with everyone like we have known each other for ages.

Speaking of the Podcaster’s Meetup, I got to give it up to Mubix for putting that together. It was cool hanging out with the guys from Network Security Podcast, Sploitcast, Securibit, Pauldotcom and Security Justice. If you happen to catch the podcast, the reason I wasn’t immediately available was because of the very indepth discussion on ozone oxygen replacement I was having with “Platinum”. If you met him you know what I mean — if not just go with it. Oh, also got to shout out to Jur1st for stepping up and talking about HackerSpaces & specifically the CCCKC. If you are in KC and read this kind of blog, you really need to get involved.

The I-Hacked party went OFF! It was a great success, I really got to give it up to the DJ’s: Great Scott!, Paul Vegasbreaks, & XMS you guys made the party! Also got to give a huge shout-out to Graffiti Research Lab for releasing your “L.A.S.E.R.” software! I think everyone who hit our party enjoyed tagging the CTF wall with their own graffiti. If the guy from GRL reads this send me an email (hevnsnt (a) i-hacked dotcom, got something for you.

Not going to give any shout-outs, cause I would hate to miss someone — but for those that hung out with me during DC16, I hope you had as much fun as I did. Oh, and I love my lanyard. (shout! )

Lets end this with some of my favorite quotes from DC16:
“I think someone picked the f**king locks and escaped onto the roof.”
“There were f**king midgets!!!!!!!”
“I need ten VIP passes”
“I’m oldskool ok, I’ve been here since defcon2….call russ”
“mayday naydyallay” (buahhahaha really everything @viperpu twitter’d)
“that sausage ain’t kosher” (wasnt there for that one, but damn thats funny)
and everyone’s favorite: “That was a dick move, but I need WAAAATER”

(more…)

from msnbc.com

CHARLESTON, W.Va. - A West Virginia mother is seeking a recall of a popular walkie-talkie after her 3-year-old’s toy apparently intercepted a profanity-laced conversation between truckers about drugs and strip clubs.

Deborah Pancaro, 34, said she contacted Fisher-Price after she heard a conversation in which a man said “10-4” and other things that led her to believe the device was relaying a CB radio conversation.

“They said we should go smoke some weed, and were talking about being in a strip bar, some really explicit things,” Pancaro said Thursday.

buahahah. Fail. Thanks http://twitter.com/dryden1

So.. Got our usb pin headers installed–

Used the Defcon16 CD to find the driver..

Loaded hyperterminal — connected to COM6 9600-8N1 presented with this!

DEFCON 16 Badge by Joe Grand (Kingpin)

I might be growing up, but I’m never backing down

From corporate greed
And authority
From fihting for what I believe

From my enemies
And my family
From society’s pressure of responsibility

From church and state
And blind belief
From those trying to rewrite history

From backstabbing friends
And snake oil fiends
From those in my past with no integrity

You
can’t
me.

Goto www.kingpinempire.com

Welcome to the debug terminal…

Entering RECEIVE mode.

woot, we got it first! Incase you didn’t hear, these are a VERY LIMITED EDITION. I have heard 1000 first run, 2000 friday, 2000 sat. (not official)

www.kingpinempire.com

This is the #1 badge straight from china!

Goto www.kingpinempire.com
LEDs make clue patterns.
Battery will last way longer than Defcon does.
Own hotel TV’s or control your your bsodomiser with infrared
Spend time in the hardware hacking village.
impress kingpin to win prizes.
modify badge
modify hardware
modify firmware.
look at source code
schematics and other badge infoz on defcon cd. (image coming soon)
enter badge contest
create warez with other hackerz
transfer will abort if bad CRC, no data received. or button pressed
the further you are away, the less likely it will work.
Transfer data via IR at a speedy 776 bits per second.
Enter transmit mode on one badge.
Hold one badge up to another badge.
Maximum file transfer size intentioneally limited to 128KB
Desired file to transmit must have read-only bit set and in /directory.
DS card must be formatted as fat16.
Insert SD cards into two badges. wake up with button press.
ZZZZZZZ.
Next mode is sleep mode.
Hack IR LED for wider propaginationand higher brightness.
Turn off all TV’s in range.
If no SD card inserted, enters TV-B-Gone mode.
Next Mode is transmit mode.
Press button to change modes.
Badge starts up in receive mode.
Insert battery.