via SPOOFEM.COM releases beta version of desktop application.

Caller ID spoofing service provider SPOOFEM.COM announced on Monday the release of its free desktop application , version 1.B . The company said the SDA, available at http://www.spoofem.com, provides consumers with easy access to all of the services that are available on SPOOFEM.COM, including caller-id spoofing, spoofing text and e-mail messages,

Videos:
Defcon 17 Awards Ceremony **Check out I-Hacked/RBCP @ 01:04:56**
Interview Nathan Hamiel and Shawn Moyer on hacking Web 2.0
Quadrotor UAV at Defcon 17
Apple keyboard with evil firmware can root any computer
hacking-defcon-2009-badge
video of KreiosC2
Hacking the iPhone
Defcon Video by Ax0n

Tools/Slides:
dnsTTrap
ucsniff
ippon
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
Foca Online
Tactical Fingerprinting using Foca
maltego-firefox
CSRF – Yeah, It Still Works
KreiosC2
Prank o Matic

Photos:
vissago
stits -some NSFW-
epitti

Music:
BlackBall Defcon 17- up’D by Great Scott

Misc/Blog:
Black Hat USA 2009 Media Archives
Ax0n’s DefCon 17 Wrap-Up
RBCP’s Blog on Defcon
DEFCON 0×11 Post-Mortem

News:
Feds at DefCon Alarmed After RFIDs Scanned
Researchers offer tools for eavesdropping and video hijacking
Danger from automatic updates
Hanging with hackers can make you paranoid
Rio hotel in Las Vegas responds to claims over malicious ATMs
Malicious ATM Catches Hackers
iPhone attacked by SMS – Danger!

THIS YEAR THEY EXIST.

Ok — so defcon isnt exactly the most expensive con there is.. In fact, it is quite a steal at $120. But sometimes hackers are poor. Sometimes the difference is having beer and no badge, or a badge and no beer. Both are a bad situation.

So let me show you how to get into Defcon for a measly $15! (That still leaves you some scratch for BEER!) It is time to introduce this years I-Hacked T-Shirt.

Not only will you get into Defcon for free (minus the cost of the tshirt of course) but you will have access to areas most “Humans” simply wont! Imagine hob-knobbing in the goon’s private skybox! Imagine finding the talk that you are most interested in, COMPLETELY FULL… With a normal badge you would be out of luck, but using the 2009 Defcon17 I-Hacked shirt, you can tell some sad sorry sap to get the hell out of your seat, because you are a goon and they have to listen to you! And it is completely legal!

How were we able to do this? Simple, We were able to (easily I might add) obtain the details of the badges early by social engineering the company that Joe Grand used for production. Not only did they provide the final proofs back to us, but actually sent us some PHYSICAL SAMPLES! (wh000000t!)

We took those proofs and produced a T-Shirt that we feel captures the “hacker spirit”. This limited edition 2009 Defcon17 I-Hacked tshirt, which is SURE to be “THE” topic of DC17 and making it to DEFCON LORE can be had for only 15 bucks.

All proceeds will go to providing beer to those who are wearing the shirts.

The bottom line is PayPal has frozen my assets (which aren’t theirs.. how can they do this?) including all the support money my family is relying on.

I’ve spent hours on the phone (on hold) to PayPal at approximately 30 cents a minute to try to get this resolved only to be told to use email. I’m considering legal action over this.

HFC is at a complete standstill. We can not order shirts for the conference. Subscriptions are bouncing. Informer is down. Subscribers are (rightly) pissed because they don’t have what they’ve paid for. I can’t order the items for the DEFCON auction. There are too many problems to list here. The biggest is that PayPal has locked down my family’s survival money.

I have no clue what to do at this point.

Does the EFF have any leverage? I can’t tell you how tempted I am to just turn to the dark side here and…

Paypal are you out there? Help Johnny & his good cause out!

Upgrading to FireFox 3.5 is not a good idea for those who want to remain anonymous using proxy’s for socks 5 via an SSH encrypted traffic tunnel for items like http, ftp…etc or users running TOR. FireFox 3.5 has a bug and you cannot stop DNS LEAK (s). Searching the web I have found FireFox 3.5 DNS LEAK problem yet to be widely publicized…if at all.

This needs to be addressed to the community as it is a serious issue. If you don’t believe me do some investigative work and test it yourself.

Start up FireFox 3.5, enable your SSH tunnel settings using putty. I have a Linux server with open SSH that I use to proxy http traffic. Enable your ssh SOCKS proxy 127.0.0.1 and proxy port and lastly set the FireFox 3.5 about Config to true for network.proyx.socks remote.
The above settings should enable you to go wherever you want with out having DNS leaks and anonymous browsing in places such as a coffee shop or in a college doom room that has restricted access.

Turn on WireShark and let it run on your nic while you do some web surfing. If 3.5 firefox worked correctly you will not see any DNS data since you are using a socks5 proxy with the about:config toggel network.proxy.socks_remote_dns option TRUE.

The Examples Below Shows FireFox 3.5 using an SSH tunnel via putty to proxy HTTP. With all settings configured FireFox 3.5 still leaks out DNS web queries.
Tested in FireFox 3.5 32bit windows XP:

The leaking IP address 10.20.20.78

WireShark analysis on FireFox 3.5 – showing LEAKING DNS – MAKE IT RAIN!!!

The DNS Leak issue in FireFox 3.5 is a BIG BUG because even if you use the about:Config force remote DNS look ups using a proxy the requests are still sent to your local DNS. The local DNS query leaks your web searches out for anyone with a brain cell and WireShark to view a users web query’s in plain text. FireFox 3.5 has the toggle network.proxy.socks_remote_dns option in it but when adding the option in about:Config it does nothing and is all show no go. The setting does nothing and allows DNS to Leak.

The only way to be sure you are truly staying off the DNS leak trap is to roll back to FireFox 3.0.

One post is all I have been able to find about this DNS LEAK issue and it was in brevity on a FireFox IP forum. The issue has yet to be resolved. http://code.google.com/p/FireFox-showip/issues/detail?id=21#c2

WireShark analysis using FireFox 3.0 – FireFox 3.0 no leaks and everything is tunneling over SSH correctly: There was nothing to show for DNS because FireFox 3.0 is working correctly and will not show the DSN protocol because it is using remote DNS via an SSH tunnel.

Cheers,

Tw1zl3r = there is no place like 127.0.0.1

Security experts are warning of a serious vulnerability in the iPhone that could allow hackers to remotely execute code on the device.

Security researcher Charlie Miller announced the findings at the SyScan conference in Singapore yesterday. He is now reportedly working with Apple to get the problem fixed as soon as possible.
Advertisement

Patrick Runald, chief security advisor at Finnish web security firm F-Secure, argued on the firm’s blog that the vulnerability, which exploits a weakness in the way the device deals with text messages, is “as bad as it gets”.

“The vulnerability seems to allow unsigned code to run, which circumvents a core part of iPhone’s security model,” he wrote. “It’s usually only able to run signed code, i.e. apps that have been approved by Apple. No user interaction is required, which is unlike current mobile malware.”

The vulnerability could enable hackers to remotely turn on the GPS function to monitor the handset’s location, or turn the microphone on to listen in on conversations, Miller is reported as saying.

Apple will be hoping it finds a fix for the vulnerability before Miller discusses the flaw in greater detail at a planned Black Hat presentation.

It has been a bad week for the iPhone. Supplies have been running out in parts of the US, and the blogosphere has been awash with claims that the new 3GS model is prone to overheating.

But I am working on a new article and I am needing an invite to grandcentral. I know that you cant generate these anymore, but HOPEFULLY someone generated an invite that didnt get used.

Anyone willing to kick me a grandcentral invite? If so you will get some major props! Please send to gcinvite [at] i-hacked D0T com

Thanks~!

The week will kick off on Monday, March 2nd with an open house for individuals and organizations who are interested in learning more about the organization and how they can take advantage the Underground Lab for meetings, classes and other activities.

The creative talents of CCCKC members will be showcased on Wednesday March, 4th. The member project showcase will be followed by a screening of Make:TV, a public television series which will be shown for the first time in the Kansas City area that night. If you’re curious about what CCCKC and the maker culture are all about, this is the night to come be inspired. Projects to be showcased range from alternative methods of energy generation to a labyrinth game which is controlled with the balance board from a Nintendo Wii Fit.

Thursday, March 5th is the regular member meeting where members come together to discuss group projects being developed for donation to local organizations and plan future community service projects like our monthly free computer repair opportunities.

Friday evening will feature a slate of speakers covering topics ranging from improving home security and information management to protecting data from theft while using public wireless internet.

On Saturday the public is invited to take part in a range of free workshops on basic electronics and soldering, e-textiles and Nintendo Wii hacking. All day members will be available to assist members of the public choose, install and configure computers using the free and open source Linux operating system.

About The Cowtown Computer Congress

The Cowtown Computer Congress (CCCKC) is a not for profit technology cooperative founded to advance technology of all kinds. They are a member supported organization providing technology classes, workshops and services to the public free of charge. CCCKC brings together some of the finest minds in midwest to collaborate on research and projects for other local groups. Through their affiliate program, CCCKC gives assistance to specialized technology user groups by providing them with a facility to hold meetings and work on projects of their own.

CCCKC’s Underground Lab is located 85 feet below the surface of the earth at 31st Street and Southwest Trafficway in Kansas City, Missouri.

http://www.cowtowncomputercongress.org

learn more about the song

Join thousands of New Zealanders already against this law by blacking out your Facebook photo, your websites, your Myspace pages, your Twitter account, in protest against this unjust new law that may come into effect on February 28.

Just use this image (Right-click, Save-As) with the text:”(your name) is blacked out: Stand up against “Guilt Upon Accusation” for New Zealand http://creativefreedom.org.nz/blackout.html”

With only 100 compromised ATM cards thieves were able to grab $9 million bucks from the banking system in a new style of attack. Law enforcement sources told Fox 5 it’s one of the most frightening well-coordinated heists they’ve ever seen. “We’ve seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here,” FBI Agent Ross Rice told Fox 5. “We’ve never seen one this well coordinated,” the FBI said.

How did the hackers steal $9 million in one 30-minute time period using only 100 ATM cards you ask? That shouldn’t be possible given the daily limits usually about $500/day placed on all ATM cards. Well it turns out that the hackers applied military like precision to old ATM Scam techniques and added a touch of devious ingenuity to pull this one off. Here is a look at how the theft was perpetrated.

First, the bad guys had to obtain the ATM cards. To accomplish this they hacked into RBS WorldPay and stole at least 100 payroll cards. According to RBS WorldPay, “Payroll cards are used by a growing number of U.S. firms to pay wages to employees. A payroll card is a reloadable stored value card that can be used at any point of sale that accepts credit and debit cards.”