Domain: whatthehack.org
Stories and comments across the archive that link to whatthehack.org.
Comments · 27
-
Re: Survey: what doesn't outperforms Vista
Guess Ubuntu 8.10 would lose, once installed
on this one -
More fingerprint snake oil?
The use of this LCD screen as a fingerprint scanner will most likely suffer from the same problems as all fingerprint locks. They rely on the "something you have" principle as an authorization token. Until, that is, someone removes your finger from your hand.
Also, fingerprints are per se not exactly unique. Ask the lawyer who was misidentified as a terrorist for having similar fingerprint features.
And of course, it is not exactly difficult to copy and fake someone else's fingerprint.
BTW: the Chaos Computer Club rocks. -
Melanie @ WhatTheHack
I saw Melanie's talk at What The Hack in summer 2005, and got to speak with her a little afterwards. That was before the virus made news, but her interests in RFID were in strong evidence. Here's the abstract: program.whatthehack.org Here's video (MP4) of her talk, "Fun and Mayhem with RFID:" rehash.whatthehack.org You can find other videos from WTH at the same site (disclosure: I'm there, too!)
-
Melanie @ WhatTheHack
I saw Melanie's talk at What The Hack in summer 2005, and got to speak with her a little afterwards. That was before the virus made news, but her interests in RFID were in strong evidence. Here's the abstract: program.whatthehack.org Here's video (MP4) of her talk, "Fun and Mayhem with RFID:" rehash.whatthehack.org You can find other videos from WTH at the same site (disclosure: I'm there, too!)
-
The technology used
Many people here seem to make claims on RFID security without knowledge of the technology actually used. I have done some research on the subject so I think I can give some pointers. Details about the technology can be found at ICAO's web page and short presentation on the subject Jacobs/Wichers Schreur.
The communication between the password and the reader is encrypted using information in the Machine Readable Zone at the bottom of the passport. This is the basic way to authorize passport reading. The MRZ-information is generated from the information of the passport holder and random numbers. If bad numbering scheme is used, breaking the encryption is quite possible. If large enough random numbers are used, breaking the encryption with brute force is currently not practical.
The authentication is done using public key cryptography. Currently only Passive Authentication is mandatory, but Active Authentiacation is supported and it is mandatory when fingerprint information is contained in the passport. With only Passive Authentication cloning of MRZ-compromized passport is easy, but with Active Authentication it should be unfeasibly difficult.
Reading and cloning an European RFID passport which is using all available security measures (like the e-passports in Finland) is not as trivia as many people here seem to think. As long as there are no backdoors in the cryptography (e.g. for the intelligence agencies) I think the technology is quite sound. Not using all available cryptography is just bad choise by the goverment issuing the passports.
The scheme in TFA is nothing new and nothing revolutionary. If you have physical access to a passport with only Passive Authentication cloning is trivial, as pointed in TFA. This is actually how the technology was designed to work. Maybe the design is bad, but that is hardly big suprise, since the technology is compromize between many organizations and goverments. When someone clones a passport which has Active Authentication, then that is real news.
-
Fingerprint spoofing made easy.
Check the following presentation.
http://rehash.whatthehack.org/tmp/wth_spoofing_fin gerprints_in_10_minutes.mp4
The guy made a false fingerprint with the help of the original owner of the print within 10 minutes.
It even spoofed the most expensive and best fingerprint scanners.
Fingerprint scanners schould only be used where security doesn't depend on the fingerprint but you want to make someone easily identifiable. Like the mailboxes we have on our network printers. You still can supply a separate PIN code, to prevent just anyone accessing your print jobs.
Same counts for RFID. -
Re:List of which kits are susceptableThese guys seem to be pretending to be doing it for the good of the industry, but their site seems to list a lot of Bluetooth Hacks & Attacks. And they didn't seem to have made any effort to contact vendors to get the problem corrected, either.
Don't be too tough on them. I saw their demo at WhatTheHack last weekend. After the session I asked which brand to buy for security, and the reply was that Nokia had done a good job of making up for their mess. Also their story at the time was that they test a lot of bluetooth stuff for the industry, working with the industry to find holes before phones go to market (not quite sure of the timing, but I am sure that they cooperate).
-
Pics of the demo on WhatTheHack last friday
These guys showed this on WhatTheHack - conference in The Netherlands last friday.
I made some pics of the demo, starting with this one:
http://geektechnique.org/gallery/wth2005/DSC04384
(browse with 'next' through the pics of the demo)
BTW, WTH was great! ;-) -
Re:300 Miles? Not gonna happen . . . At what bps?
He did it using HF, i was pointing out it was going to be extremely hard doing it with UHF. It's not that hard establish long range at HF. http://wiki.whatthehack.org/index.php/Wifi_over_5
0 0_km%3F_Impossible%3F I dont want to be one of those ppl that sits around and tells other what they cant do, BUT, im really skeptical on the concept that these guys will lug two huge 8 foot dishes up a 15,000ft mountain to establish a wifi link. -
500 miles also done
At whatthehack there was someone telling about how he managed a 500 km connection (which is 311 miles says google)...
-
500 miles also done
At whatthehack there was someone telling about how he managed a 500 km connection (which is 311 miles says google)...
-
Re:What the Hack Languages?
All the main conference stuff has been in English. At the 'speedgeek', common-denominator languages were used in the (non-recorded) short presentations - I was with a German and a Dutch guy (I'm British), we all spoke English, so that's what was used in the presentations.
All the officiating is done in English. A few people are wearing name badges with the country codes or flags of the languages they speak.
If you want to get the videos, try here or here (the former might go offline when the conference packs up tommorow).
Also, there's video footage of the last conference - Hackers at Large. here and here.
I'm getting, over the next few days, as much of this as I can, and will make it available on BitTorrent if the rehash servers go down.
-
Re:What the Hack Languages?
All the main conference stuff has been in English. At the 'speedgeek', common-denominator languages were used in the (non-recorded) short presentations - I was with a German and a Dutch guy (I'm British), we all spoke English, so that's what was used in the presentations.
All the officiating is done in English. A few people are wearing name badges with the country codes or flags of the languages they speak.
If you want to get the videos, try here or here (the former might go offline when the conference packs up tommorow).
Also, there's video footage of the last conference - Hackers at Large. here and here.
I'm getting, over the next few days, as much of this as I can, and will make it available on BitTorrent if the rehash servers go down.
-
Some news from the WTH campsite
Some news from the WTH campsite:
you can follow *everything* at in video by rehash. There is some great talks you can follow there, all withouth wearing socks soaked from walking from tent to tent on the wet fields....
Yes there is a police presence This is especially interesting considering the events surounding the previous event, hacking at large. Back then media reports claimed that the dutch national itelligence service proclaimed that all the visiters were "staatsgevaarlijke anarchisten" (anarchists that are a danger to the state). Which is fun. Ofcourse what is less fun is that the dutch system for collecting internet traffic from ISP`s and sending it to law enforment agencies was just in place. One of the problems that still needed to be ironed out of this system was that the port of the amsterdam internet exchange used by the law enforment agencies was know. Internet providers peer with the police to get intercepted traffic to them as cheaply as possible while still being real-time. Not only was the port know, but the traffic graph for it was also public.... and it showed a *huge* spike during HAL. People who want to speculate on the police presence have all oppertunity to do so here. Fact is that when entering the campsite you pass two huge police trailers, there is a photo of them at the "lawfull interception workshop" wiki entry. since this wiki fooled associated press I feel fine about admitting it fooled me. You got to admit it would make a great oppertunity to ask for an explanation of that spike.("lawfull interception" is newspeak for goverment/law enforcement interception, not "legal under article 8 of the european human rights law".)
The reason the police might have a physical pressence now could be explained by the permit story of this year. Once local politicians realised the permit they promised read: "what the hack hacker conference" they suddenly backed out citing "public order" concerns. During the the introdution talks it was mentiond that the field kept clear for trauma helicopters is also in the planning to group the riot police if that is needed. (We are in the middle of nowhere, forests, fields with cows an horses as far as the eye can see. What would we destroy even if we werent a bunch of nerds without a single bit of muscle mass?) Another quote from the police side of things: police officer to openBSD kernel hacker who just explained what he does: "But could you break into a computer?" cute
;-) Also the fact that the police wear the pink wrists bands is concidental, or so we are told.Yes there was psychadelic research politics talk. It was great fun. It mostly talked about the US research into medicinal use of drugs that are considered recreational and the politics that suround it. Ofcourse associated press forgot to mention the talks about oild depletion and honest research into what the real energy options are. Or the many, many other great talks.. Every dutch privacy, police powers and digital rights watchdog is here and has one or more talks. Meeting these people face to face is cool. There was also a talk on the working condiction of the people who produce our hardware....
The chaos computer club has brought some blinkenlights where you you play pong on using the dect phone network used for the event. There are dome tents that look cool, pinball machines from all over the country, lockpickers, a local campsite wide radio station....
Expect a *huge* contribution to tor network to come from the netherlands shortly.
Now I have to get back to my tent, I need to turn in in time to be awake for the "lobbying at national and european level" lecture tomorow morning... This politics stuff is very importand for us anachist types.
-
Some news from the WTH campsite
Some news from the WTH campsite:
you can follow *everything* at in video by rehash. There is some great talks you can follow there, all withouth wearing socks soaked from walking from tent to tent on the wet fields....
Yes there is a police presence This is especially interesting considering the events surounding the previous event, hacking at large. Back then media reports claimed that the dutch national itelligence service proclaimed that all the visiters were "staatsgevaarlijke anarchisten" (anarchists that are a danger to the state). Which is fun. Ofcourse what is less fun is that the dutch system for collecting internet traffic from ISP`s and sending it to law enforment agencies was just in place. One of the problems that still needed to be ironed out of this system was that the port of the amsterdam internet exchange used by the law enforment agencies was know. Internet providers peer with the police to get intercepted traffic to them as cheaply as possible while still being real-time. Not only was the port know, but the traffic graph for it was also public.... and it showed a *huge* spike during HAL. People who want to speculate on the police presence have all oppertunity to do so here. Fact is that when entering the campsite you pass two huge police trailers, there is a photo of them at the "lawfull interception workshop" wiki entry. since this wiki fooled associated press I feel fine about admitting it fooled me. You got to admit it would make a great oppertunity to ask for an explanation of that spike.("lawfull interception" is newspeak for goverment/law enforcement interception, not "legal under article 8 of the european human rights law".)
The reason the police might have a physical pressence now could be explained by the permit story of this year. Once local politicians realised the permit they promised read: "what the hack hacker conference" they suddenly backed out citing "public order" concerns. During the the introdution talks it was mentiond that the field kept clear for trauma helicopters is also in the planning to group the riot police if that is needed. (We are in the middle of nowhere, forests, fields with cows an horses as far as the eye can see. What would we destroy even if we werent a bunch of nerds without a single bit of muscle mass?) Another quote from the police side of things: police officer to openBSD kernel hacker who just explained what he does: "But could you break into a computer?" cute
;-) Also the fact that the police wear the pink wrists bands is concidental, or so we are told.Yes there was psychadelic research politics talk. It was great fun. It mostly talked about the US research into medicinal use of drugs that are considered recreational and the politics that suround it. Ofcourse associated press forgot to mention the talks about oild depletion and honest research into what the real energy options are. Or the many, many other great talks.. Every dutch privacy, police powers and digital rights watchdog is here and has one or more talks. Meeting these people face to face is cool. There was also a talk on the working condiction of the people who produce our hardware....
The chaos computer club has brought some blinkenlights where you you play pong on using the dect phone network used for the event. There are dome tents that look cool, pinball machines from all over the country, lockpickers, a local campsite wide radio station....
Expect a *huge* contribution to tor network to come from the netherlands shortly.
Now I have to get back to my tent, I need to turn in in time to be awake for the "lobbying at national and european level" lecture tomorow morning... This politics stuff is very importand for us anachist types.
-
Some news from the WTH campsite
Some news from the WTH campsite:
you can follow *everything* at in video by rehash. There is some great talks you can follow there, all withouth wearing socks soaked from walking from tent to tent on the wet fields....
Yes there is a police presence This is especially interesting considering the events surounding the previous event, hacking at large. Back then media reports claimed that the dutch national itelligence service proclaimed that all the visiters were "staatsgevaarlijke anarchisten" (anarchists that are a danger to the state). Which is fun. Ofcourse what is less fun is that the dutch system for collecting internet traffic from ISP`s and sending it to law enforment agencies was just in place. One of the problems that still needed to be ironed out of this system was that the port of the amsterdam internet exchange used by the law enforment agencies was know. Internet providers peer with the police to get intercepted traffic to them as cheaply as possible while still being real-time. Not only was the port know, but the traffic graph for it was also public.... and it showed a *huge* spike during HAL. People who want to speculate on the police presence have all oppertunity to do so here. Fact is that when entering the campsite you pass two huge police trailers, there is a photo of them at the "lawfull interception workshop" wiki entry. since this wiki fooled associated press I feel fine about admitting it fooled me. You got to admit it would make a great oppertunity to ask for an explanation of that spike.("lawfull interception" is newspeak for goverment/law enforcement interception, not "legal under article 8 of the european human rights law".)
The reason the police might have a physical pressence now could be explained by the permit story of this year. Once local politicians realised the permit they promised read: "what the hack hacker conference" they suddenly backed out citing "public order" concerns. During the the introdution talks it was mentiond that the field kept clear for trauma helicopters is also in the planning to group the riot police if that is needed. (We are in the middle of nowhere, forests, fields with cows an horses as far as the eye can see. What would we destroy even if we werent a bunch of nerds without a single bit of muscle mass?) Another quote from the police side of things: police officer to openBSD kernel hacker who just explained what he does: "But could you break into a computer?" cute
;-) Also the fact that the police wear the pink wrists bands is concidental, or so we are told.Yes there was psychadelic research politics talk. It was great fun. It mostly talked about the US research into medicinal use of drugs that are considered recreational and the politics that suround it. Ofcourse associated press forgot to mention the talks about oild depletion and honest research into what the real energy options are. Or the many, many other great talks.. Every dutch privacy, police powers and digital rights watchdog is here and has one or more talks. Meeting these people face to face is cool. There was also a talk on the working condiction of the people who produce our hardware....
The chaos computer club has brought some blinkenlights where you you play pong on using the dect phone network used for the event. There are dome tents that look cool, pinball machines from all over the country, lockpickers, a local campsite wide radio station....
Expect a *huge* contribution to tor network to come from the netherlands shortly.
Now I have to get back to my tent, I need to turn in in time to be awake for the "lobbying at national and european level" lecture tomorow morning... This politics stuff is very importand for us anachist types.
-
Some news from the WTH campsite
Some news from the WTH campsite:
you can follow *everything* at in video by rehash. There is some great talks you can follow there, all withouth wearing socks soaked from walking from tent to tent on the wet fields....
Yes there is a police presence This is especially interesting considering the events surounding the previous event, hacking at large. Back then media reports claimed that the dutch national itelligence service proclaimed that all the visiters were "staatsgevaarlijke anarchisten" (anarchists that are a danger to the state). Which is fun. Ofcourse what is less fun is that the dutch system for collecting internet traffic from ISP`s and sending it to law enforment agencies was just in place. One of the problems that still needed to be ironed out of this system was that the port of the amsterdam internet exchange used by the law enforment agencies was know. Internet providers peer with the police to get intercepted traffic to them as cheaply as possible while still being real-time. Not only was the port know, but the traffic graph for it was also public.... and it showed a *huge* spike during HAL. People who want to speculate on the police presence have all oppertunity to do so here. Fact is that when entering the campsite you pass two huge police trailers, there is a photo of them at the "lawfull interception workshop" wiki entry. since this wiki fooled associated press I feel fine about admitting it fooled me. You got to admit it would make a great oppertunity to ask for an explanation of that spike.("lawfull interception" is newspeak for goverment/law enforcement interception, not "legal under article 8 of the european human rights law".)
The reason the police might have a physical pressence now could be explained by the permit story of this year. Once local politicians realised the permit they promised read: "what the hack hacker conference" they suddenly backed out citing "public order" concerns. During the the introdution talks it was mentiond that the field kept clear for trauma helicopters is also in the planning to group the riot police if that is needed. (We are in the middle of nowhere, forests, fields with cows an horses as far as the eye can see. What would we destroy even if we werent a bunch of nerds without a single bit of muscle mass?) Another quote from the police side of things: police officer to openBSD kernel hacker who just explained what he does: "But could you break into a computer?" cute
;-) Also the fact that the police wear the pink wrists bands is concidental, or so we are told.Yes there was psychadelic research politics talk. It was great fun. It mostly talked about the US research into medicinal use of drugs that are considered recreational and the politics that suround it. Ofcourse associated press forgot to mention the talks about oild depletion and honest research into what the real energy options are. Or the many, many other great talks.. Every dutch privacy, police powers and digital rights watchdog is here and has one or more talks. Meeting these people face to face is cool. There was also a talk on the working condiction of the people who produce our hardware....
The chaos computer club has brought some blinkenlights where you you play pong on using the dect phone network used for the event. There are dome tents that look cool, pinball machines from all over the country, lockpickers, a local campsite wide radio station....
Expect a *huge* contribution to tor network to come from the netherlands shortly.
Now I have to get back to my tent, I need to turn in in time to be awake for the "lobbying at national and european level" lecture tomorow morning... This politics stuff is very importand for us anachist types.
-
Some news from the WTH campsite
Some news from the WTH campsite:
you can follow *everything* at in video by rehash. There is some great talks you can follow there, all withouth wearing socks soaked from walking from tent to tent on the wet fields....
Yes there is a police presence This is especially interesting considering the events surounding the previous event, hacking at large. Back then media reports claimed that the dutch national itelligence service proclaimed that all the visiters were "staatsgevaarlijke anarchisten" (anarchists that are a danger to the state). Which is fun. Ofcourse what is less fun is that the dutch system for collecting internet traffic from ISP`s and sending it to law enforment agencies was just in place. One of the problems that still needed to be ironed out of this system was that the port of the amsterdam internet exchange used by the law enforment agencies was know. Internet providers peer with the police to get intercepted traffic to them as cheaply as possible while still being real-time. Not only was the port know, but the traffic graph for it was also public.... and it showed a *huge* spike during HAL. People who want to speculate on the police presence have all oppertunity to do so here. Fact is that when entering the campsite you pass two huge police trailers, there is a photo of them at the "lawfull interception workshop" wiki entry. since this wiki fooled associated press I feel fine about admitting it fooled me. You got to admit it would make a great oppertunity to ask for an explanation of that spike.("lawfull interception" is newspeak for goverment/law enforcement interception, not "legal under article 8 of the european human rights law".)
The reason the police might have a physical pressence now could be explained by the permit story of this year. Once local politicians realised the permit they promised read: "what the hack hacker conference" they suddenly backed out citing "public order" concerns. During the the introdution talks it was mentiond that the field kept clear for trauma helicopters is also in the planning to group the riot police if that is needed. (We are in the middle of nowhere, forests, fields with cows an horses as far as the eye can see. What would we destroy even if we werent a bunch of nerds without a single bit of muscle mass?) Another quote from the police side of things: police officer to openBSD kernel hacker who just explained what he does: "But could you break into a computer?" cute
;-) Also the fact that the police wear the pink wrists bands is concidental, or so we are told.Yes there was psychadelic research politics talk. It was great fun. It mostly talked about the US research into medicinal use of drugs that are considered recreational and the politics that suround it. Ofcourse associated press forgot to mention the talks about oild depletion and honest research into what the real energy options are. Or the many, many other great talks.. Every dutch privacy, police powers and digital rights watchdog is here and has one or more talks. Meeting these people face to face is cool. There was also a talk on the working condiction of the people who produce our hardware....
The chaos computer club has brought some blinkenlights where you you play pong on using the dect phone network used for the event. There are dome tents that look cool, pinball machines from all over the country, lockpickers, a local campsite wide radio station....
Expect a *huge* contribution to tor network to come from the netherlands shortly.
Now I have to get back to my tent, I need to turn in in time to be awake for the "lobbying at national and european level" lecture tomorow morning... This politics stuff is very importand for us anachist types.
-
Phrack releases final issuePhrack releases (final) hardcover issue 63 at what-the-hack.
Pitty it is not online at phrack.org yet!
-
Re:Is this true ?
true, at least the dutch police is present at WTH.
The WTH guys actually fooled the press by publishing a faked information in their wiki that the police is giving a Lawfull Interception Workshop. -
Related linksOur earlier slashdot annoucement about whathehack.
Whatthehack wiki has details about the various events.
If you read the FAQ from the main site
The Netherlands
Is not in any US state. Neither is it the capital of Denmark: it is a small monarchy, roughly 200 x 300 kilometers at the longest and widest, 16 million inhabitants. Western industrialized country, high standard of living, expensive, lousy food anywhere but on our campsite, but you can drink the tap water. No major injections needed to travel there, no visa requirements for inhabitants of other western industrialized countries but immigration officials can be fairly nasty towards pretty much anyone else.
Showers and toilets
Please be assured there will be enough of both. Due to popular demand (and because the location allows for it this time) many toilets will be of the water-flushing kind.
-
Related linksOur earlier slashdot annoucement about whathehack.
Whatthehack wiki has details about the various events.
If you read the FAQ from the main site
The Netherlands
Is not in any US state. Neither is it the capital of Denmark: it is a small monarchy, roughly 200 x 300 kilometers at the longest and widest, 16 million inhabitants. Western industrialized country, high standard of living, expensive, lousy food anywhere but on our campsite, but you can drink the tap water. No major injections needed to travel there, no visa requirements for inhabitants of other western industrialized countries but immigration officials can be fairly nasty towards pretty much anyone else.
Showers and toilets
Please be assured there will be enough of both. Due to popular demand (and because the location allows for it this time) many toilets will be of the water-flushing kind.
-
Any Artbot people coming to What The Hack?
What The Hack is the latest edition of the one of the oldest and largest outdoor hacker festivals in the Netherlands. I would LOVE to have some of the ArtBot people and bots from this event coming to WTH - we start building only a week later, so if you are around... Check out What The Wiki and the program for the latest...
-
Any Artbot people coming to What The Hack?
What The Hack is the latest edition of the one of the oldest and largest outdoor hacker festivals in the Netherlands. I would LOVE to have some of the ArtBot people and bots from this event coming to WTH - we start building only a week later, so if you are around... Check out What The Wiki and the program for the latest...
-
Any Artbot people coming to What The Hack?
What The Hack is the latest edition of the one of the oldest and largest outdoor hacker festivals in the Netherlands. I would LOVE to have some of the ArtBot people and bots from this event coming to WTH - we start building only a week later, so if you are around... Check out What The Wiki and the program for the latest...
-
Pentabarf
Check out Pentabarf. It is the Software that was used to organise the Chaos Communication Congress and the upcoming What The Hack conference. I don't know if the software fullfills all your needs but it might be worth a look. Btw. the project page is in german only, right now, so you may want to access it with some mean of translation.
-
good timing
with the What the Hack conference! I can now to a double geek europe conference trip...at the expense of my girlfriend, job, and family...
http://www.whatthehack.org/