Slashdot Mirror

It doesn't seem like they know what they are doing:
http://media.ccc.de/browse/congress/2012/29c3-5400-en-hacking_cisco_phones_h264.html

a window into the nationwide scope of the FBI's surveillance, monitoring, and reporting on peaceful protesters

Here's another such window:
http://events.ccc.de/congress/2012/Fahrplan/events/5338.en.html
http://mirror.fem-net.de/CCC/29C3/mp4-h264-LQ-iProd/29c3-5338-en-enemies_of_the_state_h264-iprod.mp4

It's trivial to fake fingerprints and fool fingerprint sensors.

>> Cities are moving back to Microsoft products after failed Linux experiments
FUD.
Bigger cities are moving faster to OO/LO and Linux.
FACT.
http://media.ccc.de/browse/conferences/eh2010/EH2010-3784-de-limux.html

>>In my company, we did have a pilot project which aimed at switching from Microsoft Office to OpenOffice. The results were... disastrous. Some reasons:
>>- Support Personnel had to be trained to be proficient in solving OpenOffice issues experienced by users;
>>.....

Limux projects explain how they tackled all of these issues.

Have a look :

http://media.ccc.de/browse/conferences/eh2010/EH2010-3784-de-limux.html

http://www.muenchen.de/rathaus/dms/Home/Stadtverwaltung/Direktorium/Strategische-IT-Projekte/LiMux/Dokumente/2012_Juli_London20120709.pdf

Unfortunately this time you're wrong. See .e.g http://events.ccc.de/congress/2011/Fahrplan/attachments/2014_DE-Strategic-Interception-Calc-DE-2010.pdf

It's a lot of data all right. But perfectly doable.

Here's the blurb http://events.ccc.de/congress/2011/Fahrplan/attachments/2014_DE-Strategic-Interception-Calc-DE-2010.pdf

And here you can go rummage for the video http://28c3.fem-net.de/

Unfortunately this time you're wrong. See .e.g http://events.ccc.de/congress/2011/Fahrplan/attachments/2014_DE-Strategic-Interception-Calc-DE-2010.pdf

It's a lot of data all right. But perfectly doable.

Here's the blurb http://events.ccc.de/congress/2011/Fahrplan/attachments/2014_DE-Strategic-Interception-Calc-DE-2010.pdf

And here you can go rummage for the video http://28c3.fem-net.de/

At the last Chaos Communication Congress, Helga Velroyen discussed this and other topics around hearing aid evolution. You can find her talk at ftp://ftp.ccc.de/congress/2011/mp4-h264-HQ/28c3-4669-en-bionic_ears_h264.mp4 and a corresponding blog project at http://blog.hackandhear.com/ . While I do not have to rely on hearing aids and thus have not looked very deeply into her activities, I get the impression that she is one of the most knowledgeable persons regarding this topic in the European hacker scene.

See you all there (or on 29c3 in Hamburg)!

Of course people have a reasonable expectation of privacy for that data. It isn't publicly available, and in fact the police had to request it from the cell phone company. Just because you can track someone using it quite easily does not mean they do not have an expectation of privacy.

I think this is very analogous to fact that there is no legal expectation of privacy with cordless phones, but there is for wired phones. Cell phones are even more public than cordless phones in that they are pinging a public "tower", not a private leased line.

On a more technical note, in asia, it used to be very popular to have a charm attached to your cell phone that lit up when you got a call. I think it was called a MoPod. These $10 devices would be an example of a publically available device to capture a ring signal. For the do-it-yourself-ers in the crowd (and I know you're out there), here's a pointer on taking this to the next level with a small mod on a cheap throw-away phone... Professional devices are of course more expensive and only technically available to law enforcement.

Believe it or not, there ARE actually printers that accept direct PDF input...

Ricoh: Printing a PDF File Directly

Kyocera: PDF Direct Printing

...not that I would ever recommend doing so, in my experience you can easily choke a PostScript printer just by sending it a document with some malformed placed EPS's, I can't imagine sending random PDF's will work more reliably. In fact, to do a firmware update on most PostScript printers that I've seen, you simply cat a binary executable to the print queue and it gladly executes the unsigned code within, this seems safe, doesn't it? This is the stupid shit that printer vendors have been working on, you know, instead of actually improving (unifying) their print drivers and firmware.

As sat spectrum is severely limited, GMR transmits nearly no frames with (unused) fixed plain text.
So deciphering it using known plaintext is more difficult than for GSM.

So Yeah, it took them one month since that :
http://events.ccc.de/congress/2011/Fahrplan/events/4688.en.html

video :
http://28c3.mirror.speedpartner.de/CCC/28C3/mp4-h264-LQ/28c3-4688-en-introducing_osmo_gmr_h264-iprod.mp4
http://28c3.mirror.speedpartner.de/CCC/28C3/mp4-h264-LQ/28c3-4688-en-introducing_osmo_gmr_h264-iprod.mp4.torrent

at the CCC Camp in Germany. A lot of space-related topics were presented there

1st - NOT VPN, but an INTEGRATED IPSEC SOLUTION!

Again:

---

http://www.net-security.org/article.php?id=1662&p=1

PERTINENT QUOTE/EXCERPT:

"Integrated IPsec client lacking with Android"

---

&

2nd - That looks like a website to me, not an app for ANDROID built into its kernel (like most true IPSEC setups are).

* No, I don't own an ANDROID phone (nor any smartphone, just a NOKIA mobile simple one)... why? You MAY want to listen this mp3 soundbite from today's article here:

http://it.slashdot.org/story/12/01/03/0610227/chaos-communication-congress-releases-talks

& specifically, this MP3 from that article (about mobile phone security):

http://ftp.ccc.de/congress/28C3/mp3-audio-only/28c3-4736-en-defending_mobile_phones.mp3

APK

P.S.=> This is the "why" of WHY I don't use a "smartphone"... they're a bit "TOO SMART" for their own good & until they ARE more secure? I'll hold off, & continue to do so... apk

See how many devs there (hacker/cracker/security types actually) actually do (the minority) ->

APK

If you wonder how to get it in one go: go to the mirrors, there you can use a ftp mirror. If you want to use rsync just do: rsync -rh --progress rsync://ftp.halifax.rwth-aachen.de/ccc/28C3/webm/*webm . (you must take a mirror with rsync enabled).

Karsten Nohl's talk Defending Mobile phones is excellent as usual. Other good talks are Hacking MFPs and Print Me If You Dare

Karsten Nohl's talk Defending Mobile phones is excellent as usual. Other good talks are Hacking MFPs and Print Me If You Dare

Karsten Nohl's talk Defending Mobile phones is excellent as usual. Other good talks are Hacking MFPs and Print Me If You Dare

Someone willing to invest a bit of time should try and apply Authorship Identification using JStylo to these posts. Perhaps a bit overkill...

This research was presented by n.runs at the 28th Chaoas Communication Congress: http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html.

The presentation was recorded and can be viewed at http://www.youtube.com/watch?v=R2Cq3CLI6H8.

Does not mean it's the right thing to do.
Push it to the limit until it breaks...

Have a look at : http://media.ccc.de/browse/congress/2010/27c3-4187-en-your_infrastructure_will_kill_you.html

The original press release from chaos computer club at http://www.ccc.de/de/updates/2011/staatstrojaner

points to

http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz

Feel free to do your own analysis :-)

However, AV software now does have at lease one more symptom to watch out for possible malware: the trojan included a couple of .DLLs, who didn't export any kind of function.

The original press release from chaos computer club at http://www.ccc.de/de/updates/2011/staatstrojaner

points to

http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz

Feel free to do your own analysis :-)

However, AV software now does have at lease one more symptom to watch out for possible malware: the trojan included a couple of .DLLs, who didn't export any kind of function.

http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf (german)

It appears to be a windows dll. For installing it they are presuming someone would need physical access, user installation per email attachment , or drive by download attacks.

The Command and Control Server (C+C server) hardcoded into the present trojans is on IP 207.158.22.134. This IP is assigned to commercial webhost Web Intellects in Columbus, Ohio, USA. (translated from CCC report p. 4)

Why don't we all ask WebIntellects what they're doing there?

f-secure at least will.

You're probably referring to their stated policy. However, according to CCC

All examined variants of the trojan were not recognized by any antivirus program at the time of creation of this report. ("Alle untersuchten Varianten des Trojaners wurden zum Zeitpunkt der Berichterstellung von keinem Antivirus-Programm als Schadsoftware erkannt.") -- report page 3

Also, f-secure have not promised to detect all government malware they are aware of:

We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.

So if there is an EU law or regulation (such as an international treaty) that forbids interfering with an EU government's attempt at spying on their citizens, they will honor it. Not all regulations are public, so there is no way to tell if there is such a regulation or not.

Communication uses the fixed banner string "C3PO-r2d2-POE" as handshake. So, this could be the trojan we're looking for.

Also, the code contains a function called "_0zapftis_le_execute()". "O'zapt is!" is the traditional opening phrase of the Munich October/Beer Festival, where the mayor taps the first barrel of beer with a hammer.

Source: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf

What does the "POE" mean? Porn Over Ethernet?

... you might want to check the following links, regarding Libre Software ICT projects in Africa:

Kabissa: http://kabissa.org/
Lix' Malawi project site: http://lix.cc/malawi
Lix' Malawi blog: http://blog.lix.cc/malawi
Linux Magazine article: http://www.linux.com/articles/60357
Project presentation at hacker congress (german): http://chaosradio.ccc.de/23c3_m4v_1638.html
Interesting study by TAB (German parliament): http://www.tab-beim-bundestag.de/en/publications/books/cori-2009-118.html

rgrds, MC

but it is certainly true that News Corp has always been a pirate corporation http://berlin.ccc.de/~andy/CCC/TRON/material/nds/20020415-afr.html

Being one of those not so rare flash developers that hates flash, I would indeed care to speculate

Our investigation begins no further than the massive kludge that is the Flash interface. The program has been designed for both developers and designers alike, and where the two meet, there are dragons... and exploits. The Flash IDE suffers from some truly awful bugs (dragging tabs, resizing tweens, replacing text in the text editor to name but a few), then there are the game breakers like font positions appearing differently on PC vs Mac. So Adobe's difficulty in creating a program that unifies two different ways of thinking is already apparent.

Putting aside sloppy interface design, a big problem with Flash is that AS3 has still not been adopted by the majority of 'developers', IAB standards in fact mandate the use of Flash Player version 8, which uses AS2 / Actionscript Virtual Machine 1. One of their reasons being that Flash 9 is too slow (rubbish, it's 10x faster). So because AS3 is not the standard, each and every time you run flash player, you're also running flash player with support for Flash all the way down to version 1 (which was shakey to begin with), and all the bugs that entails. Simply put, Flash is too much of a clusterfuck to fix, we're basically looking at AS2 being the IE6 of Flash.

This link goes in depth about exploits in Flash: http://events.ccc.de/congress/2008/Fahrplan/events/2596.en.html There was a video to it as well, but I can't seem to find it right now. The sheer ease with which Flash can be exploited is actually quite horrifying.

I often hear this claim that simple phones are considered secure, while smartphones are not. There is a very interesting podcast on the German Chaos Computer Club's site that discusses the state of GSM security, and there are many serious concerns there. For example, a SIM card is able to run programs that are installed transparently over the network, without the user knowing anything of it.

The interviewee has a list of related publications on his university website.

If at all possible, get someone to translate this podcast into English for you, then go ahead and treat yourself to a nice smartphone -- accepting that there is no security out there ;-)

Reverse Engineering a real-world RFID payment system: http://events.ccc.de/congress/2010/Fahrplan/events/4036.en.html Video of the presentation (in English)

Note that that the comprised system was "MIFARE Classic", which is an extremely flawed implementation. Other systems are not necessarily such an easy target (and FeliCa is almost certainly better than MIFARE Classic).

Of course, while there are certainly better and more secure ways to implement stored-payment cards, I guess the real lesson is that the entities who choose which system/standard to use are often not very well qualified to do so...

Reverse Engineering a real-world RFID payment system:
http://events.ccc.de/congress/2010/Fahrplan/events/4036.en.html
Video of the presentation (in English)

More videos from the Chaos Communication Congress 27

Reverse Engineering a real-world RFID payment system:
http://events.ccc.de/congress/2010/Fahrplan/events/4036.en.html
Video of the presentation (in English)

More videos from the Chaos Communication Congress 27

They crawled the whole IPv4 address space, and have done several talks about their findings. The talk they did at 27C3 is available for download and I certainly recommend watching it.

Info about the talk: http://events.ccc.de/congress/2010/Fahrplan/events/4121.en.html
Download Links: http://events.ccc.de/congress/2010/wiki/Conference_Recordings

They crawled the whole IPv4 address space, and have done several talks about their findings. The talk they did at 27C3 is available for download and I certainly recommend watching it.

Info about the talk: http://events.ccc.de/congress/2010/Fahrplan/events/4121.en.html
Download Links: http://events.ccc.de/congress/2010/wiki/Conference_Recordings

Here's just some.

That link didn't work until I appended this line to my hosts file:
85.214.111.134 events.ccc.de
Is this just a United States problem?

There are just so many ways you can bust people using Tor. Here's just some. Any dedicated professional organization -- the RIAA, MPAA, CIA, China, etc -- can find you if they think it's worth their time and effort. Spending the resources to catch one person obviously would rarely be worth it, but the real concern is whether they feel it's worth it to laydown a blanket exploit to catch as many people as possible so they can filter through the ones they want to expose at their leisure.

Here's an example of why it's so damned hard to maintain anonymity on these networks. Alice is trying to do something online that Bob doesn't want her to do. So she uses Tor. Bob sees that someone is using Tor to break their rules. Bob starts a DOS against all IPs of potential infiltrators, one at a time, until suddenly, the bad activity stops. They let up on their DOS and it starts again. Bingo -- you've just figured out Alice's IP. It can happen so fast that all Alice experiences is a tiny network hiccup. But it gets easier. If Bob is a government, they don't even *need* to do a DOS; ISPs under their control can periodically probe their users for them. Or Bob can just rely on natural network outages and just correlate the outages with lulls in people doing the Bad Thing(TM).

This is but one type of attack against anonymity of these sort of networks out of dozens. There's Sybil attacks, where Bob makes a bunch of fake Tor identities, isolating Alice with a bunch of compromised nodes so that what she sends can be known for certainty that it originated with her. There's clock skew attacks, where you look at the user's unique clock skew when doing the bad thing (Tor has only partial immunity to this). There's cookie attacks, javascript attacks, browser property attacks (everything from user agent strings to browser window height), SSL client certificate attacks, and on and on in order to correlate private browsing with hidden browsing. And on and on and on.

What makes you think you need to break crypto to crack Tor? Have you never bothered to do a google search on Tor's known and unfixed vulnerabilities? Here's a top hit.

"IF this passed in the US?"

It would never pass in the US mate. Your government would NEVER allow that LOL! Are you kidding?

Dutch Law is soo sensible its not funny.

And as for your stupid analogy to:

""Learn to install a better alarm and not allow your car to be hot-wired so easy"?

In the eyes of your law - YES. NOT DUTCH LAW.
Remember your laws are f*****ed?

Maybe you should check out: http://media.ccc.de/browse/congress/2010/27c3-4263-en-resisting_excessive_government_surveillance.html

And take a look at your Patriot Act.

THIS LAW MAKES PERFECT SENSE. ITS ONLY LOGICAL RIGHT? THINK ABOUT IT.............. SHEESH. Americans LOL!!

Using only Short Message Service (SMS) communications—messages that can be sent between mobile phones—a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. As well as text messages, the SMS protocol can be used to transmit small programs, called "binaries," that run on a phone.

This was also covered HERE ON SLASHDOT, 'SMS of Death' Could Crash Many Mobile Phones.

It's old news really... I remember karsten nohl talking about this end of 2009. Check out this ccc talk, gave me lots of ideas for a USRP I had access to at the time: http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html

This was already demonstrated in December https://events.ccc.de/congress/2010/Fahrplan/events/4060.de.html I think there was even a /. submission at that time. Although I can't find it right now...

Sony don't want pirates using PSN and if you try signing on from a modded box they will have ways of finding out, e.g. running an arbitrary challenge / response during signon. You could still run modded firmware and play pirate stuff and get away with it but it might be smart to stay well away from the online service. Of course it means no patches, DLC, multiplayer but that is rather the point. Microsoft does similar with XBL too.

Well, only until someone works around the challenge / response. I recall someone's IM software from a decade ago that implemented a challenge / response to prevent third-party clients from connecting. In short order, there was a procedure to install the authorized client's binaries in a subdirectory so the third-party client client could compute checksums on arbitrary sub-ranges of the code. I expect something similar to appear soon for PS3; worst-case you'd need to completely virtualize the system and run Sony's authorized firmware inside a VM. Looking at http://events.ccc.de/congress/2005/fahrplan/attachments/545-Paper_TheCellProcessor.pdf, Cell processors have virtualization support built-in. In fact, http://en.wikipedia.org/wiki/Comparison_of_platform_virtual_machines lists several GPL'ed systems that already support PowerPC.

I wonder if Sony's going to demand a take-down of this post?

The Chaos Computer Club is a Hacker group. Anonymous is a bunch of rude kids growing up on the internet.

1.This post (and the linked-to article) make a great effort to hide the name of the "conference in Germany". $deity knows why, but the conference was the 27th Chaos Communication Congress (27C3), organised by the Chaos Computer Club.

2.The "SMS of death" was not new in any way - it was well known and discussed back in 2008 at the 25C3. What the researchers effectively showed was that the manufacturers and the GSM networks had *still* not fixed the problem, even years later!

1.This post (and the linked-to article) make a great effort to hide the name of the "conference in Germany". $deity knows why, but the conference was the 27th Chaos Communication Congress (27C3), organised by the Chaos Computer Club.

2.The "SMS of death" was not new in any way - it was well known and discussed back in 2008 at the 25C3. What the researchers effectively showed was that the manufacturers and the GSM networks had *still* not fixed the problem, even years later!

Mac OS X is not BSD.

Many buzzwords are associated with Mac OS X: Mach kernel, microkernel, FreeBSD kernel, C++, 64 bit, UNIX... and while all of these apply in some way, "XNU", the Mac OS X kernel is neither Mach, nor FreeBSD-based, it's not a microkernel, it's not written in C++ and it's not 64 bit - but it is UNIX... but just since recently.

This video and powerpoint clears up the confusion by presenting details of the Mac OS X kernel architecture, its components Mach, BSD and I/O-Kit, what's so different and special about this design, and what the special strengths of it are.

A recording of the presentation will soon appear here and should answer your request for more details.

Yesterday Tiffany Strauchs Rad who describes herself as a "hacker lawyer" gave a related talk at the 27th Chaos Communication Congress: https://events.ccc.de/congress/2010/Fahrplan/events/4236.en.html Recordings of this talk should be available soon. At the end of her talk where a similar question was asked and her answer was more or less: "follow me on twitter (TiffanyRad)".