Domain: rootsecure.net
Stories and comments across the archive that link to rootsecure.net.
Comments · 10
-
Optical TEMPEST
A faraday cage is not enough. Make sure no optical signals can get out of the room.
-
Re:Grandad Remembers
It was demonstrated on low speed modems, some of which directly tied the blinkenlights to the serial traffic(including, if memory serves, an embarassing case where some model of fancy 'encrypted' modem tied the blinkenlights to the serial traffic before the encryption stage...); but the author concluded that status indicator lights on higher speed stuff were(either in response to the possibility of attack, or just because humans can't distinguish between ultrafast blinking and 'on', which would make excessively fast blinks useless as indicators) not usefully coupled to the data channel for anything more than vague inference about traffic volume...
-
Re:Okay, I don't get the issue here.I just don't see how being predictable makes this any worse, when you're apparently dealing with someone already on your own network, or on the route between you and your DNS server.
Googling for "DNS Transaction ID" gives me Attacking the DNS Protocol [pdf] as the number one result. Reading that document seems to indicate that being able to guess the transaction id is exactly what eliminates any need to packet sniff between two machines.
-
Re:ANI can be spoofedIt's harder to aquire the needed control, but certainly not impossible. There are places that will help you.
There are so many ways. Be government. Pay off a phone company insider. Set up your own phony phone company even.
Thanks for the feedback! Your response got me to wondering, so I just did some googling. It appears from the first link I found: Automated Caller ID / ANI Spoofing that it is relatively easy to spoof either of these, today, as long as one has access to a willing VOIP company. Didn't used to be so easy!
-
Re:Simple question
This had some simple answers:
http://www.rootsecure.net/?p=reports/callerid_spoo fing
I'm sure there's many similar pages out there. Short answer: the real one. -
A Good Paper
Here is another good discussion (PDF): http://www.rootsecure.net/content/downloads/pdf/s
k ype_protocol.pdf. -
I guess no one has heard of rootsecure.net
http://www.rootsecure.net/ has been around since 2002 and has custom/exclusive content as well as top stories from other news sources. Not to mention that it offers RSS feeds for syndication, an audio podcast, and daily email newletters.
-
PDF of the Presentation
I found this linked on Nick84's site (http://www.rootsecure.net/): http://www.infowarrior.org/users/rforno/lynn-cisc
o .pdf If I'm correct, it's the slides that were taken off of the hand out cd. Another link from a Wired article: http://cryptome.org/lynn-cisco.zip -
Re:Biometrics
Biometrics can certainly be spoofed. How easy this is depends entirely upon the equipment being used for recording and verifying it.
Here's a link to a Norwegian article about one successful breach:
http://www.tu.no/nyheter/ikt/article30692.ece
The article links to this Swedish one on the same story:
http://www.nyteknik.se/pub/ipsart.asp?art_id=37392
and this concerning some Japanese experiments:
http://www.rootsecure.net/content/downloads/pdf_do wnloads/fingerprint_scanners.pdf
(mind the /.-inserted spaces in those links if you're copying them) -
Stole my idea..
I started doing this a week ago using Asterisk+NuFone.. hopefully NuFone doesn't have to change their rules any time soon. I thought about setting up a service, but was afraid of the legal consequences. Here's the easiest way to do this: Download and install this CD Xorcom Debian/Asterisk CD ( Linux+Asterisk Debian Distro ) Purchase a DID from Voicepulse Purchase $5.00 worth of minutes from NuFone.net Download the cidspoof.agi script Configure your extensions.conf in Asterisk.. fire it up, call the DID, enter the spoof number and outgoing.. voila. It will end up cost you like $15.00 for a month or 250 minutes worth of spoofing time. =)