Slashdot Mirror

If the disc itself can withstand a EMP pulse, just build yourself a RFID Zapper.

The RFID destroyer would be no larger than a small matchbox. There is no need for a MASSIVE (as in size) electromagnet, only a small, strong, directed em pulse.

The RFID-Zapper project uses a camera flash coil to induce enough current in the aerial to kill the silicon. I have tested something similar using a CCFL backlight inverter coil.

RFID-Zapper

5) What measures do you recommend in the different areas described below, and why? By whom should they be implemented?
5a) Classification of commercial content.
5b) Opt-in /opt out. Should the Opt-in (where the user has to explicitly request access to adult content rather by accessing it by default) approach be applied in all EU countries?
5c) Age verification: should Mobile network operators implement face to face identity check to determine the age of the user? Should this process also be applied when a customer buys a pre-paid card?
5d) Filtering and blocking systems. Should filtering systems be installed by default when the subscription allows internet access?
5e) Chat rooms. Should chat rooms accessible by children be moderated (in an automatic way or by a person)?
5f) Raising awareness among parents and children
5g) Dedicated mobile phone packs for children, for which age group?

I have frequent [attempted] political discussions with my parents. With friends and other family as well, of course, but my discussions with my parents tend to be the most interesting and warranted of smashing one's head against a wall in frustration. They are both hardcore, straight-ticket republicans who dutifully watch Fox News as all patriotic Americans should.

They realize their news is probably slanted, but do not care to expend the effort to try and find out how or to what end$. Not that I blame them too much, it's a lot of effort, our news seems to try very hard to make sure of that. However, they simply accept Fox News as the whole God-given truth whilst decrying CNN as half a degree above communist (not to necessarily say it isn't). Furthermore, ALL internet news is fabricated by liberals who seek merely to usurp Bush's residency as one of the most successful presidents in history (Ok, this is a slight exaggeration on my part as I've gleaned from various occasional concessions, but they mostly think he is a great and swell guy, by golly).

Someone posted a link to an interview with one of TPB's sysadmins, which I listened to and fed them some of the details. Notably the part involving the whole **AA->White House->Swedish Justice Department->Police->Illegal Raid chain of events. Every single detail was roundly denied by them as being too outlandish to have actually happened. There is no chance whatsoever that any of this was done by our government. Why would our government be able to tell another government what to do in spite of that action being against their laws? Positively absurd. Moreover, in spite of a large number of facts and event descriptions being presented in the interview, they were all LIBERALLY SLANTED facts, designed specifically by liberal spin doctors (of which the Republicans have none) as a smear on Bush's image. This is true to such a degree that listening to these lies is not even necessary, they can be dismissed before even considering such a misguided folly. Ascertaining facts. Pff. I'll stick with my TV-fed opinions and political-armchair-quarterback 15 second editorials between the nightly murder report and that picture of the kitten with 3 legs that overcame all the adversity thank you very much. (Apologies to sportscasters everywhere, as you are frequently far more thorough than most political analysts I see)

----------

Copyright Infringement may be a modern day Axis of Evil, but I'm much more afraid of the Axis of Bunnies.

In Chaosradio International #009 one of the maintainers of TPB called "Peter" mentions traffic data and server capability of TPB and also comments on the Pirate Bay induced traffic on the Swedish part of the internet. According to Peter, each of the Pirate Bay high end servers handles about 20000 connections per second. This kind of packet flow once brought the main router of one of the biggest Swedish internet service providers to its knees. The traffic volume to and from the Pirate Bay actually isn't very high, just a couple of gigabits per second. The induced traffic between the peers allegedly reaches 50% of the total Swedish internet traffic. Swedes can get 1Gbps connections to their homes and don't have to pay an arm and a leg for it. 100Mbps is quite common.

The interview also covers the political environment and the internet culture of Sweden, and of course the raid.

There is a podcast available by the Chaos Computer Club : http://www.ccc.de/updates/2006/chaosradio-pirate-b ay?language=de This podcast, done yesterday, has an extensive interview with one of the admins of thepiratebay on the police raid and the future of TPB.

For those of you who don't see anything conclusive in these graphs or who don't believe that TPB could have that kind of influence:

In Chaosradio International #009 one of the maintainers of TPB called "Peter" mentions traffic data and server capability of TPB and also comments on the Pirate Bay induced traffic on the Swedish part of the internet. According to Peter, each of the Pirate Bay high end servers handles about 20000 connections per second. This kind of packet flow once brought the main router of one of the biggest Swedish internet service providers to its knees. The traffic volume to and from the Pirate Bay actually isn't very high, just a couple of gigabits per second (which matches quite nicely what you see in the graphs if you know how to read them). The induced traffic between the peers allegedly reaches 50% of the total Swedish internet traffic. Swedes can get 1Gbps connections to their homes and don't have to pay an arm and a leg for it. 100Mbps is quite common.

This video (and many more) is also available as a torrent:
http://media.ccc.de/filez/congress/2005/lectures/v ideo/mp4/22C3-videos-incomplete-20050423-torrents/

I saw a video from a conference in Germany that has to do with infared hacking. It's quite interesting if you have the time to watch it.

Try this: RFID-Zapper
It uses the capacitor of a disposable camera (that normally powers the flash) to generate a strong electro-magnetic field to destroy the RFID-chip.

Simply disinfect the offending device with a RFID zapper . Oh, wait...

This idea is really cool, but implementing it by putting hooks into each device driver seems overly complicated.

Also, there's "GEOM gate" on FreeBSD: http://garage.freebsd.pl/GEOM_Gate.pdf
For other cool stuff with GEOM see here and here. See also this discussion thread about ggate's limits.

How would you teach security if not by trying out the attack tools?

I don't see what the hoopla is about here. He asked them to do a scan, not open them up and format the hard disk or download files on it.

Maybe his next assignment is the ethics. Maybe it's just a test to see if any of his students find this ethically wrong and refuse to do it. Maybe he would have given them extra points.

I run several servers on the Internet, and I get port scanned all the time. Even more so at home, where my dynamic DSL IP is hit by worms many times each day.

Dear American proto-hackers, you are welcome to come to Europe and learn the tools of your trade here. We meet every year between Christmas and New Year at the CCC Congress, and we have a LAN there, so people can get acquainted with the tools.

http://www.ccc.de/biometrie/fingerabdruck_kopieren .xml?language=en Can you say "home business"?

Luckily, this has already be solved for the fingerprints, and there has been some experimentation with iris patterns printed onto contact lenses which has had some success.

Just Say NO!

... and this is what saddens me the most! The "Great British Public" being hoodwinked again! Did you know that the ID Cards Roadshow put up by the Government banned the NoToID people from leafleting the crowd to try and put a different view?

Most people I have talked to who were for ID cards are easily persuaded to be against them. I'm not even going to say outright that ID cards are bad (although that is, rather obviously, my view!), but if people can be so easily swayed, in the worst case, it is presumably the last opinion they heard that they will agree with! Most people don't know enough about the issues (both pros and cons) to be able to make a reasoned decision. I have never had a conversation with a Pro ID Card person (or group) which has provided me with a solid reason why ID cards will be good for Britain.

Have you not noticed how the Gov keep changing tack? First it was terrorism, fraud, but then Charles Clarke admitted they would not have help fight terrorism or fraud.
Next they jump on the distinctly right wing agenda immigration bandwagon, but if an illegal immigrant doesn't have "papers", surely, and ID card is simply another "paper" they won't have?
Next, someone in the spin-doctor think-tank picks up on ID Theft, and now ID cards are going to do away with it all together. The people who know suggest it might actually make it easier to steal someone's ID, and actually harder to get your ID back! If someone discovers your password or PIN number, you can change it, but if someone forges your fingerprint you are right royally screwed!

Each time the Gov put forward some reason for ID cards, someone (and sometimes from within the Gov!) has debunked it. They are squirming around looking for a good reason. I'd really like to know why they think it is a good idea, but I don't think they've told us what they really think yet!

Just Say No!

Er. *cough*, anyone thought of faking fingerprints?

Whatever cleverness the ID Card people think of, someone will find a way round it until the only people who are affected in their daily lives by ID Cards will be the law abiding, who will also be the suckers who pay for the priviledge!

Just Say NO

... RFID-Zapper! http://events.ccc.de/congress/2005/wiki/RFID-Zappe r(EN) ( also linked in RMS's Personal Page )

Aren't static keys always inferior to dynamic keys?* (Isn't that why we're supposed to regularly change our passwords?)

Isn't biometric data static?

So why is anyone interested in biometric security?

Isn't it (perhaps counterintuitively) an inherently insecure means of indentification, by its very nature?

I must be missing something.

*(Maybe this is because anything can be duplicated and forged, given enough time. Changing your key a lot makes forging impractical?)

As the link to the good stuff is hidden in dutch text here it is:
https://events.ccc.de/congress/2005/wiki/RFID-Zapp er(EN)

I figured I'd add a little more to how "fuzzing" works as the article left me a little disappointed as to what it actually is. There are a few things online about it, including a decent white paper written by Ilja van Sprundel. There's also a large amount of fuzzing going on to test the security of WAP. It's basically the standard buffer overflow attack.

The crux of this attack is using a buffer overflow to gain superuser privileges. This might be trivial on Windows, so I'll relay the "la/ls" story to you regarding how to gain it in Linux. The part of this trick involves figuring out how to get an executable file from your machine to another user's machine. Let's say you know some company or institution is running a webserver on their unix/linux machines from a server and you go to visit their site. Now, their code isn't completely up to date and there's a security hole in one of their web applications. You know (after toying around with said web app on your home machine) that certain large chunks of hex in a field will result in a submission that essentially writes your binary to their $HOME directory. The name of this file will be, of course, "la."

Now hopefully their home directory is like mine and it's full of crap. So they'll never notice the "la" file but everyday they use that machine, they type "ls" to display the file. One day, their finger slips and they type "la" resulting in the execution of my binary. Instantly, another executable is written, this time called "ps" and a thread is started that simply spin locks on the processor--chewing up cycles. The machine might slow or freeze but an admin will notice this process and go into the users directory (as root) and type "ps -al" to see all the existing processes. Instead, it executes your "ps" virus and subsequently, the spinlocking stops with "ps" printed to output with the super user killing "la" and thinking everything is fixed. In the background however, the "ps" process is active ... silently idling waiting to do it's malicious purpose ...

I'm sure there's a hundred things wrong with what I've said, I'm not a hacker--I just like to point out possible security holes.

Improbable but not impossible.

One more thing about the article, the beauty of OSS is that it is impossible to implement security through obfuscation--a major pitfall to security in application design.

http://events.ccc.de/congress/2005/wiki/RFID-Zappe r(EN)

Build and use the cool RFID Zapper.

I have a feeling that their server might not be up to a Slashdotting, so use www.mirrordot.org if possible...

And that's just because most beople can't afford A real EMP shock generator

This might also come in handy when you want to use the RFID Zapper.

From the article:
What is the RFID-Zapper?
The RFID-Zapper is a gadget to deactivate (i.e. destroy) passive RFID-Tags permanently.

Great article - here are some of the hardware details:
[Quotes from "The Cell Processor - A short Introduction" by Torsten Hoefler - bracketed comments are mine.]

A single Cell, essentially a Network on Chip, offers up to 256 GFlop single precision floating point performance.

A prototype was produced with 90nm silicon on insulator (SOI) technology with 8 copper layers (wiring). It consists of 241 Million Transistors on 235 mm^2 and consumes 60-80W. ...

The Power Processing Element (PPE) [1 per chip] offers the normal PowerPC (PPC) ISA. It is a dual threaded 64 bit power processor which includes VMX (aka Altivec which is comparable to SSE). Its architecture is very simple to guarantee high clock rates. Thus, it uses only in order execution with a deep super scalar 2-way pipeline with more than 20 stages. It offers a 2x32kB L1 split cache, a 512kB L2 cache and virtualization. ...

Synergistic Processing Element [7 for game console (IIRC), or 8 per chip]- The SPE is essentially a full blown vector CPU with own RAM. Its ISA is not compatible to VMX and has a fixed length of 32 Bit. Current SPEs have about 21 Million Transistors where 2/3 of them are dedicated to the SRAM (memory). The processor has no branch prediction or scheduling logic, and relies on the program- mer/compiler to find parallelism in the code. As the PPE, it uses two independent pipelines and issues two instructions per cycle, one SIMD computation operation and one memory access operation. All instructions are processed strictly in-order and each instruction works with 128 Bit compound data items. 4 single precision floating point units and 4 integer units offer up to 32GOps each. The single precision floating point units are not IEEE754 compliant in terms of rounding and special val- ues. [denormalized numbers - +0, -0, +/-inf, etc.] The single precision units can also be used to compute double precision floating
point numbers which are compliant to the IEEE754 standard. But their computa-
tion is rather slow (3-4GFlops)....each SPE has it's own 256kB RAM which is called Local Storage (LS). This SRAM storage can be accessed extremely fast in 128 bit lines. Additionally, each SPE has a large register file of 128 128 bit registers which store all available data types. There is no cache, virtual memory support or coherency for the Local Storage...

The Element Interconnect Bus [1 per chip] - The EIB is the central communication channel inside a Cell processor, it consists of four 128 bit wide concentric rings. The ring uses buffered point to point commu- nication to transfer the data and is therewith scalable. It can move 96 bytes per cycle and is optimized for 1024 bit data blocks. Additional nodes (e.g. SPEs) can be added easily and increase only the maximal latency of the ring.

The I/O Interconnect - FlexIO The I/O Interconnect connects the Cell processor (the EIB) to the external world, e.g. other cell processors :). It offers 12 uni-directional byte-lanes which are 96 wires. Each lane may transport up to 6.4GB/s, which make 76.8 GB accumulated bandwidth. 7 lanes are outgoing (44.8 GB/s) and 5 lanes incoming (32 GB/s). There are cache coherent (CPU interconnect) and non coherent links (device interconnect) and two cell processors can be connected glueless. ...

The Memory Interface Controller The MIC connects the EIB to the main DRAM memory, which is in this case Rambus XDR memory which offers a bandwidth of 25.2 GB/s. The memory is ECC protected...

Actually..
I have seen a detailed analysis at 22C3 of the Cell and it's impressive. Really, by any means. But the maximum gains will be achieved only after a few years/months after the PS3 is out and not in graphics but in AI, physics simulation. Also it looked very well if you're a blade server user, but you'll have to tweak your apps. It's a multicore and does not care about backward compatibility.


The slides of the presentation can be downloaded from http://gustav.informatik.tu-chemnitz.de/~htor/sec/ 22c3_slides.pdf


Bottom line is that when the Emotion Engine (PS2 core processor) came out the claims where not substantiated by facts and Sony fudged its way through making hilarious claims (which no one in the mainstream press ridiculed at the time).

PS. There is a patent filed from Sony a few years back that basically says that Cell processor can communicate with each other and share their computing power, like in a room your PS3 can use your PC/PDA/Oven spare cycles to help you frag in better quality. Was hyped by Sony when they annouced the PS3 but havent seen anything in the PS3 at the moment.

But who cares in the end? The only thing that I'm excited about is the Revolution controller!

R.

...especially seeing as the Core Duo supports the new Vanderpool Virtualization Technology (VT) extensions, making the x86 architecture now completely virtualizable, meaning that the tricks used by VMware and friends are no longer necessary.

i like ann harrison (afterall she's a nice woman and john gilmore's gf), but sorry, her article on wired about 22c3 is a shame. way too short and touching lectures you could write entire essays on in a single sentence.
i wonder why my /. submission about the entire conference http://events.ccc.de/congress/2005/ got rejected..

videos from all lectures: ftp://dewy.fem.tu-ilmenau.de/

Quintessenz is located in Vienna. In the Museumsquartier to be precise. That's also where the q/gate "anonymous surveillance system" is installed. The stuff about blinding cctv by lasers was presented at the 22c3 last week in Berlin AFAICT.

Last summer on WTH: Spoofing fingerprints in 10 minutes shown at WTH last summer. The guy on the video also says that he never encountered a fingerprint reader which couldn't be fooled. Interesting is also to see is that he does not make a fake finger, but only a thin acryl layer placed over ones real finger. And also on the CCC website: A image gallery with text (EN) how to copy a finger print. So it's not all about the Play-Doh

Bullshit, postscript is a Turing-Complete programming Language! PDF is not, so the comparison lacks a bit of depth. For a nice comparison, ceck out:

page 4 of these slides :
http://www.ccc.de/congress/2004/fahrplan/files/185 -inside-pdf-slides.pdf

they belong to this interesting speech from last year:

http://www.ccc.de/congress/2004/fahrplan/event/67. en.html

Bullshit, postscript is a Turing-Complete programming Language! PDF is not, so the comparison lacks a bit of depth. For a nice comparison, ceck out:

page 4 of these slides :
http://www.ccc.de/congress/2004/fahrplan/files/185 -inside-pdf-slides.pdf

they belong to this interesting speech from last year:

http://www.ccc.de/congress/2004/fahrplan/event/67. en.html

...change your fingerprint every 6 weeks:
How To Fake Fingerprints

Hackerethics (CCC)

Specifically I am referring to: "Make public data available, protect private data."

To quote the CCC: "To protect the privacy of the individual and to strengthen the freedom of the information which concern the public the yet last point was added."

This reminds me of the vulnerabilities discovered in linux (and other systems) concerning firewire; Since Firewire devices can read and write directly to the computers memory, you can do some nasty stuff. The issues are documented on the website of the german CCC: http://www.ccc.de/congress/2004/fahrplan/event/14. de.html

The reason I don't like biometrics for identification is that it's virtually impossible to get a new identification should the old one be compromised. Worse, with fingerprints at least, you're leaving copies of your ID everywhere you go on everything you touch.

Imagine someone gets ahold of your identity right now. Yes, it's going to be a pain, but you can get a new SSN, driver's license number, credit cards, etc. But what if a thief gets your fingerprint and creates a fake ? How do you cancel that? Sure, in theory, a database of compromised biometrics could be created to prevent future unauthorized use, but now what about your legitimate use? If my fingerprints were compromised, would I no longer be allowed in to Disneyland? And in a more serious application, would I be denied credit? Be unable to use an ATM?

Anyone on breaking the biometric authentication?

Anyone on breaking the biometric authentication?

Check out Pentabarf. It is the Software that was used to organise the Chaos Communication Congress and the upcoming What The Hack conference. I don't know if the software fullfills all your needs but it might be worth a look. Btw. the project page is in german only, right now, so you may want to access it with some mean of translation.

The real problem here is the false negatives. Suppose I switch from typing to writing for a couple of weeks. Two weeks later, all my viens have moved back into the base of my palm and away from the little finger. It's too temperamental compared to ascii passwords :)

Left Wing Propaganda ahoy! Honestly, while I like your idea, I'm not convinced fingerprints are the best solution.

Where before, in order to have the library think you're "you" all you needed was a card (which can be faked, stolen, etc), now you need the same fingerprint - much harder to do.

But not impossible.

When someone steals your library card, the card can be cancelled. What are you going to do when someone steals your fingerprint, huh? Cut your finger off?

.. and just follow the instructions.
How to fake fingerprints.

You can (potentially) circumvent this with the method described in this link.

In fact, this appears so easy to circumvent, that one would almost think that the RIAA came up with it as a copy protection scheme! 8)=

You'll want this link, then...

Boing Boing linked to an article the other day describing how to create a fingerprint prosthetic made from wood glue starting only with a print on a bottle. Also, as I've posted recently, there's the Gummi Bear method and here's the article mentioned by pilgrim23 about the guy in Malaysia that had his finger cut off by carjackers.

The proliferation of stupid uses of fingerprints is just going to backfire & render all uses insecure.
This article describes how easy is would be to make back up copies of all the fingerprints you would need to fool these devices. All you need is a relatively clean copy of a print...

In order to fake a fingerprint, one needs an original first. Latent fingerprints are nothing but fat and sweat on touched items. Thus to retrieve someone elses fingerprint (in this case the fingerprint you want to forge) one should rely on well tested forensic research methods. Which is what's to be explained here. (Figure 1).

A good source of originals for our counterfeits are glasses, doorknobs and glossy paper. The standard method of forensic research makes them visible: Sprinkling it with colored powder, which sticks to the fat (Figure 2).

Another solution involves Cyanoacrylat, the main ingredient of superglue. A small amount thereof is poured into a bottlecap, which is then turned upside down and put over the fingerprint. (Figure 3).

The Cyanoacrylat gasses out and reacts with the fat residue to a solid, white substance (Figure 4).

The further treatment involves scanning/photographing (Figure 5) and a bit of graphical refurbishment (Figure 6).

The goal is to get an exact image of the fingerprint, for further use as mold, out of which the dummy is made. The easiest way is to print the image on a transparency slide (the ones normally used for an overhead projector) with a laser printer. The toner forms a relief, which is later used similar to letter press printing. Wood glue is suitable for producing the dummy (Figure 7)

A small dash of glycerene may be used to optimize humidity and workability. After thorough mixing, the dummy gets coated with a thin layer of the compound (Figure 8,9).

After the glue has dried (Figure 10), it is pulled off the foil (Figure 11) and is cut to finger size.

Theatrical glue is used to glue the dummy onto the own finger (Figure 12).

The new identity is ready!

If they do this then I'll just whip up my own personal but fictional fingerprint in photoshop. Or even better yet, set up a file sharing service for lifted finger prints of celebrities. That just-released movie finds its way on to the p2p networks with Jack Valenti's fingerprint ID. If you have access to a laser printer and some wood glue then you too can have a fake fingerprint.