On the night of March 8, cruising 22,000 miles above the Earth, U.S. Navy communications satellite FLTSAT-8 suddenly erupted with illicit activity. Jubilant voices and anthems crowded the channel on a junkyard's worth of homemade gear from across vast and silent stretches of the Amazon: Ronaldo, a Brazilian soccer idol, had just scored his first goal with the Corinthians.

It was a party that won't soon be forgotten. Ten days later, Brazilian Federal Police swooped in on 39 suspects in six states in the largest crackdown to date on a growing problem here: illegal hijacking of U.S. military satellite transponders. null

This is so ridiculously and awesomely Gibson-esque. Hordes of low tek from The Sprawl hacking military satellites with homebrew gear and hacker know-how.

Unbelievably Excellent!

The Great Brazilian Sat-Hack Crackdown

“Needless to say, we were enraged” says Zombocom. /b/ responded by getting organized - they created an IRC channel (#time_vote) devoted to the hack, and started to recruit. Shortly afterward, one of the members discovered that the ’salt’, the key to authenticating requests, was poorly hidden in Time.com’s voting flash application and could be extracted. With the salt in hand - the autovoters were back online, rocking the vote.

The things people put in Flash...

Inside the precision hackAKA Still more uses of SWFScan

All white people like hummus. In fact, if you find a white person who does not like hummus then they probably just haven’t tasted it or they are the wrong kind of white person. In either case, they are probably not someone that you want to know.

Putting out a plate of hummus and pita makes white people very comfortable. It reminds them of home since at any given time a white person has hummus in their fridge. Even the most barren white refrigerator will have a package of the stuff next to an empty Brita filter.

Found this blog today. It is excellent ;-)

Stuff White People Like: Hummus

1. How will you reach a massive audience?

In real estate the wisdom says “location, location, location.” In consumer Internet, think “distribution, distribution, distribution.” Thousands of products launch every month on hundreds of thousands of new Web pages. How does a company rise above the noise to attract massive discovery and adoption? YouTube did it through existing channels like MySpace, which already reached millions. Yelp had strong SEO, which found them a mass audience searching for restaurants and nightlife. Facebook’s University-centric approach landed them 80% adoption across a campus within 60 days of launch. Every Net entrepreneur should answer these questions: How do we get to one million users? Then how do we get to 10 million users? Then how will you get deep engagement by your users.null

Reid Hoffman: My Rule of Three for Investing

A couple of weeks ago we posted a tutorial on using SQLite in PHP. I thought I'd expand on that tutorial and demonstrate how to work with SQLite using C# and .NET. In this tutorial, we're going to build a simple wrapper class around the SQLite c/c++ interface.

Writing a .NET Wrapper for SQLite

SSL acceleration is a technique that off-loads the processor intensive public key encryption algorithms used in SSL transactions to a hardware accelerator. These solutions often involve a considerable up front investment as the specialized equipment is rather costly. This article though looks at using off the shelf server hardware and open source software to build a cost effective SSL accelerator.

Save for Later

o3 magazine | Open Source SSL Acceleration

"We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin. Verizon Business released a report Wednesday that examines trends in security breaches. "What we see now is people going right to the source ... and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks."

Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details from TJ Maxx and other U.S. retail networks. The affidavit, which accused Albert "Cumbajohnny" Gonzalez of leading the carding ring, indicated that the thieves had stolen "PIN blocks associated with millions of debit cards" and obtained "technical assistance from criminal associates in decrypting encrypted PIN numbers."

But until now, no one had confirmed that thieves were actively cracking PIN encryption.

... shit.

Information about how to conduct attacks on encrypted PINs isn't new and has been surfacing in academic research for several years. In the first paper, in 2003, a researcher at Cambridge University published information about attacks that, with the help of an insider, would yield PINs from an issuer bank's system.

.... Cambridge? I only know of one group in Cambridge that does this...

When you Google "2003 Cambridge University pin" and get a result on Cryptome, you know its gonna be good.

I was not disappointed: Decimalisation table attacks for PIN cracking

We present an attack on hardware security modules used by retail banks for the
secure storage and verication of customer PINs in ATM (cash machine) infrastructures.
By using adaptive decimalisation tables and guesses, the maximum amount
of information is learnt about the true PIN upon each guess. It takes an average of
15 guesses to determine a four digit PIN using this technique, instead of the 5000
guesses intended. In a single 30 minute lunch-break, an attacker can thus discover
approximately 7000 PINs rather than 24 with the brute force method. With a $300
withdrawal limit per card, the potential bounty is raised from $7200 to $2.1 million
and a single motivated attacker could withdraw $30{50 thousand of this each day.
This attack thus presents a serious threat to bank security.

As Decius and I have said for years, at the bottom of most good security tales you always end up with either Felton or Anderson. :-)

The paper also helped me understand (remember?) the significance of the Pin Offset field on ABA track II. (it funny/sad when you google something and come up with your own website. I'm getting old.)

Verizon: Cracking PINs for Fun and Profit

SQUIRRELS + COFFEE

| CSS Is Aw | esome

This is amazing. Office life would be much better if everyone spoke in autotune.

Autotuning... but in real life