Create an Account
username: password:
 
  MemeStreams Logo

It's always easy to manipulate people's feelings. - Laura Bush

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  (Computer Security)
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Current Topic: Computer Security

RFID-Handbook - RFID: a short introduction
Topic: Computer Security 1:05 am EDT, Aug  3, 2004

] In recent years automatic identification procedures (Auto
] ID) have become very popular in many service industries,
] purchasing and distribution logistics, industry,
] manufacturing companies and material flow systems.
] Automatic identification procedures exist to provide
] information about people, animals, goods and products.

An extremely technical discussion of RFID including schematics!

RFID-Handbook - RFID: a short introduction


RFID Exchange - Purchasing Options
Topic: Computer Security 12:58 am EDT, Aug  3, 2004

] This section shows the pricing obtained from
] manufacturers for tags, readers and related equipment. At
] present, purchasing inquiries should be made direct to
] the manufacturer or distributor. RFID Exchange will
] establish direct purchasing arrangements as soon as
] possible - please contact us for more information.

This guy has compiled a comprehensive list of companies offering rf-id developer kits. Some are extremely expensive. Some are really cheap, but not standards compliant. I like the Crosspoint unit the best.

RFID Exchange - Purchasing Options


RFDUMP.ORG - Hacking RF-ID
Topic: Computer Security 12:54 am EDT, Aug  3, 2004

] RFDump is a tool to detect RFID-Tags and show their meta
] information: Tag ID, Tag Type, manufacturer etc. The
] user data memory of a tag can be displayed and modified
] using either a Hex or an ASCII editor. In addition, the
] integrated cookie feature demonstrates how easy it is for
] a company to abuse RFID technology to spy on their
] customers. RFDump works with the ACG Multi-Tag Reader or
] similar card reader hardware.

This was one of the more interesting presentations from Black Hat. Apparently a company deployed a retail RF-ID pricing system in Germany in which the tags could be rewritten! So this guy can roll into a store with his iPaq and a PCMCIA rf-id card and recode items in the store.

Unfortunately, I can't figure out how to purchase the rf-id card that is compatible with this software. So I started doing some research... See the post above...

RFDUMP.ORG - Hacking RF-ID


The Doorman - Putting this portknocking silliness to rest
Topic: Computer Security 3:44 pm EDT, Aug  1, 2004

This morning there was a post on Slashdot about two *blackhat* talks about pointless twists on the PortKnocking concept, in which one of the authors confuses the concept of a one time password and a one time pad. Man, it doesn't take much to be considered a computer security expert these days.

Between a flashy website, articles in all the major admin journals, Blackhat talks, and endorsement from Bruce Schneier, its quite clear that this is one meme that has gone too far. It occurred to me that I could write a single packer stealth authenticator with better security and more flexibility then most pork knocker implementations in a single afternoon, so I did a google search, and fortunately somebody already did it.

] This particular implementation deviates a bit from his
] original proposal, in that the doorman watches for only a
] single UDP packet.   To get the doorman to open up, the
] packet must contain an MD5 hash which correctly hashes a
] shared secret, salted with the client's IP address and
] the (correctly rounded) time-of-day.

No replay, no multi-port silliness, no problems with route flaps fucking up your authentication, lots of features. Straight up protection from port scanners without all of the lunacy. If you think portknocking is "cool" this is what you are looking for. You can stop writing presentations for hacker cons. Its over.

The Doorman - Putting this portknocking silliness to rest


OpinionJournal - WSJ thinks concerns about electronic voting are 'bonkers'
Topic: Computer Security 10:12 am EDT, Jul 29, 2004

] As for the theories that DREs could be programmed to change
] an election outcome, Mr. Andrew dismissed them by saying,
] "the liberal Internet activists are bonkers." John Lott,
] an American Enterprise Institute economist who has
] studied election systems, adds that some of the obsession
] about DREs, "sounds a lot like an effort to anger some
] people into voting while providing the basis for lots of
] election litigation if the results are close."

OpinionJournal - WSJ thinks concerns about electronic voting are 'bonkers'


Diebold Machines
Topic: Computer Security 3:57 pm EDT, Jul 20, 2004

Well, I voted today. A few impressions.

1. There seemed to be a lot of polling locations around my apartment, and a lot of machines. No lines when I showed up (at 3). If you DOSed one machine I think it would have little effect on the outcome unless a race was very close.

2. You can't get access to the machines unless you are registered to vote in the district in question. This means that you would either have to attack your own district or you would need to be able to effectively fake the identity of someone in the district of choice while preventing them from showing up before or during your visit.

3. Old people can easily distract poll workers with stupid questions.

4. Swaping the smart cards would have been dead easy. If the system could be attacked with a bad smartcard, then you could get away with this, and you would have at least 10 minutes to play around on the console without drawing any attention.

5. You're not in an enclosed booth, so putting a sniffer inline between the smart card and the reader might get noticed. You'd have to be pretty slick to hide it. Maybe drop your copy of the league of women voter's guide on top of the reader once the card is inserted. Also, the card snaps into place in the reader. That mechanism might interfere with any custom hardware, but it depends.

6. The smart card reader is attached to the machine with a plainly visible rs232 cable. If you were really slick you might be able to place a device inline between the reader and the cable, but you might get noticed, and certainly such a device would be discovered later.

7. You could probably Van-Ek phreak polling places. I don't think anyone has discussed that. I was happy to see that in Georgia they enter you registration on a scantron form. In Tennessee they used a computer, which seemed to be network conected. I figured one might be able to associate votes with people because of that.

8. If Diebold could devise a way to make the machine start beeping in the event that one of the critical processes crashed or the administrative modes were accessed this would be a somewhat effective security mechanism. Any attack would depend on a lot of slight of hand under the noses of other people. Things that make loud noises tend to draw attention. Obviously this could never be fool proof.

9. The UI was nice. I had some trouble getting the touch screen to recognize some of my presses, but all in all it was a good voting experience.


Hackers spread hostage video
Topic: Computer Security 10:03 am EDT, Jun 18, 2004

] The origin of the video was traced to Silicon Valley Land
] Surveying Incorporated, a California land surveying and
] mapping company, said Spiegel online, the internet
] service for the respected German weekly.
]
] The magazine said that according to its research the move
] was the first time al-Qaeda had "hijacked" a website to
] broadcast its propaganda.
]
] The network usually spreads its message through Islamist
] sites but this time, Spiegel maintains, hackers created a
] special file at the company's web address at least an
] hour before global news agencies broke word of the video.

First report of Al'Q hackers

Hackers spread hostage video


Interz0ne3 Network Security Data Visualization
Topic: Computer Security 12:50 pm EDT, Apr 20, 2004

The slides from Greg Conti's talk about Network Security Data Visualization are available here.

Greg gave a very good talk. Many links and references to visualization tools.

Interz0ne3 Network Security Data Visualization


NANOG Security Curriculum
Topic: Computer Security 3:09 pm EST, Mar 26, 2004

] NANOG actively works to produce sessions and seminars to
] help foster security on the Internet. All sessions are
] taped and converted to streaming media for all to use for
] their personal education. Slides are available for each
] session as well. Over time, this effort has generated a
] valuable online tutorial for engineers and others seeking
] to learn more about running a more secure network.

Wow. Nanog has developed an awesome collection of security presentations for previous conference.

NANOG Security Curriculum


[ISN] How Tiny Swiss Cellphone Chips Helped Track Global Terror Web
Topic: Computer Security 12:11 pm EST, Mar 12, 2004

An interesting article about tracking terrorists through mobile phone SIM cards.

[ISN] How Tiny Swiss Cellphone Chips Helped Track Global Terror Web


(Last) Newer << 6 ++ 16 - 17 - 18 - 19 - 20 - 21 - 22 - 23 - 24 - 25 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0