Slashdot Mirror

← Back to Domains

Domain: uni-erlangen.de

Stories and comments across the archive that link to uni-erlangen.de.

Stories · 3

  1. Unscrambling an Android Telephone With FROST

    It · Android · · posted by timothy · from the no-mr-bond-I-just-want-your-phone dept. · 55 comments
    Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone's confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag."

  2. Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release

    It · Security · · posted by timothy · from the read-among-the-lines dept. · 303 comments
    Effugas writes "After pushing OpenSSH to perform feats of secure tunneling far beyond what I ever expected it could do, it became clear that some genuinely useful modes of network operation were simply inaccessable without either replacing or manipulating core network protocols. Since the basic infrastructure of the Internet isn't likely to change any time soon, that left...creative manipulation and reconstruction of the Lingua Reseaux: TCP/IP. Taking advantage of expectations, pitting layers against eachother, finding new uses for old options and data fields -- instead of simply unleashing the latest incarnation of some "Ping of Death", could such work unveil hidden functionality within existing networks? As I discussed at Black Hat 2002 and the inimitable Defcon X, the answer is yes. And now, proof of this is ready. BSD Licensed (in deference to the very source of TCP/IP), The Paketto Keiretsu, Version 1.0, is a collection of five interwoven "proof of concepts" that explore, extract, and expose previously untapped capacities embedded deep within networks and their stacks, at Layers 2 through 4. The five -- scanrand, minewt, lc ( linkcat ), paratrace, and the OpenQVIS cross-disciplinary-a-go-go phentropy -- demonstrate Stateless TCP Scanning, Inverse SYN Cookies, Guerrila Multicast, Parasitic Tracerouting, Ethernet Trailer Cryptography, and quite a bit more. (For details, stop by DoxPara Research or check out the latest slides. The academic paper is coming "soon".) In terms of actual usefulness, scanrand is no nmap, but it's still interesting: During an authorized test inside a multinational corporation's class B, scanrand detected 8300 web servers across 65,536 addresses. Time elapsed: approximately 4 seconds."

  3. Linux Goes Unicode

    Developers · Linux · · posted by michael · from the hollow-rectangles-galore dept. · 8 comments
    Markus Kuhn writes: "Linux and other Unices are well on the way of making UTF-8 their single main character encoding. Replacing ASCII with UTF-8 is now one of the hottest Linux developer topics. Soon gone will be the annoying restrictions that Latin-1 imposes currently on even English language Linux users (no en/em dashes, no smart quotes, no math symbols, etc.). Counted are the days of the bewildering number of different regional ASCII extensions such as ISO 8859-1/2/3/5/7/9/13/15, KOI8-R/U, GBK, CP1251, VISCII, TIS-620, EUC-JP/KR, SJIS. Pioneered by the fathers of Unix in Plan 9 a decade ago, the ASCII-compatible UTF-8 encoding of Unicode / ISO 10646 (UCS) has emerged as the final way-to-go out of the current character-set chaos. With glibc 2.2.x and XFree86 4.x, the basic infrastructure for UTF-8 support is now well in place. To get started, read the UTF-8 FAQ and look at some of the UTF-8 example files listed there with xterm, emacs, vim, etc. Then think about whether running in a UTF-8 locale and using UTF-8 files, filenames, terminals and stdin/stdout has any consequences for software that you use or maintain. Join the linux-utf8 mailing list if you need advice. In two years from now, it should be possible to recommend every Linux user to switch over to UTF-8 permanently."