Slashdot Mirror

← Back to Domains

Domain: tombom.co.uk

Stories and comments across the archive that link to tombom.co.uk.

Stories · 7

  1. AT&T Won't Block Black Hat Eavesdropping Demo

    It · Security · · posted by samzenpus · from the enough-rope-to-hang-yourself dept. · 126 comments
    snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."

  2. Cell Phone Interception At Def Con

    Mobile · Cellphones · · posted by Soulskill · from the can-i-hear-you-now dept. · 95 comments
    ChrisPaget writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."

  3. AT&T Breach May Be Worse Than Initially Thought

    Mobile · Communications · · posted by Soulskill · from the i-smell-class-action dept. · 102 comments
    ChrisPaget writes "I'm somewhat of an authority on GSM security, having given presentations on it at Shmoocon (M4V) and CCC (I'm also scheduled to talk about GSM at this year's Defcon). This is my take on the iPad ICCID disclosure — the short version is that (thanks to a bad decision by the US cell companies, not just AT&T) ICCIDs can be trivially converted to IMSIs, and the disclosure of IMSIs leads to some very severe consequences, such as name and phone number disclosure, global tower-level tracking, and making live interception a whole lot easier. My recommendation? AT&T has 114,000 SIM cards to replace and some nasty architectural problems to fix." Reader tsamsoniw adds that AT&T has criticized the security group responsible for pointing out the flaw, while the group claims they did it 'as a service to our nation.'

  4. Alienware Refusing Customers As Thieves

    Mobile · Portables · · posted by kdawson · from the please-just-take-my-money dept. · 665 comments
    ChrisPaget writes "Thinking about buying Alienware (now owned by Dell)? Think again. After buying an almost-new Alienware laptop on eBay, I've spent the last week trying to get hold of a Smart Bay caddy to connect a second hard drive (about $150 for $5 of bent metal). Four different Alienware teams have refused to even give me a price on this accessory, instead accusing me of stealing the machine since I didn't buy it directly from their eBay store. They want me to persuade the eBay seller I did buy it from to add me as an authorized user of his Alienware account — they have no concept of 'ownership transfer' and instead assume that if you're not in their system, you must be a thief."

  5. Alienware Refusing Customers As Thieves

    Mobile · Portables · · posted by kdawson · from the please-just-take-my-money dept. · 665 comments
    ChrisPaget writes "Thinking about buying Alienware (now owned by Dell)? Think again. After buying an almost-new Alienware laptop on eBay, I've spent the last week trying to get hold of a Smart Bay caddy to connect a second hard drive (about $150 for $5 of bent metal). Four different Alienware teams have refused to even give me a price on this accessory, instead accusing me of stealing the machine since I didn't buy it directly from their eBay store. They want me to persuade the eBay seller I did buy it from to add me as an authorized user of his Alienware account — they have no concept of 'ownership transfer' and instead assume that if you're not in their system, you must be a thief."

  6. Shattering Windows

    It · Security · · posted by timothy · from the fundamentalism dept. · 772 comments
    ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."

  7. Shattering Windows

    It · Security · · posted by timothy · from the fundamentalism dept. · 772 comments
    ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."