The fine folks who brought you the De-ICE Pentest LiveCD’s have put together a nice nine minute video tutorial on Netcat. I personally love Netcat. It is a must use pentest tool. You can check it out on the heorot.net web site.
Monthly Archives: February 2008
Lock your stuff up!
Filed under Physical Security
<%image(20080214-master_lock.jpg|85|124|Master Lock)%>
So I was at the gym yesterday and noticed something that really bothered me….
As soon as I pulled into the gym parking lot I noticed that it was packed! Seems like everyone wanted to workout last night for some reason. So I grabbed my gym bag and went into the locker room to change. The locker room isn’t very big to begin with so I started to hunt for an open locker to drop my stuff into. Most every locker had a “Master Lock” brand combination or key lock. I finally found three lockers in a row that didn’t have locks. I opened up the first locker and it wasn’t empty. Someone’s cell phone, wallet, and ID all available for the taking. So I thought to myself, ok someone just forgot their lock right? I opened up the locker next to that one and saw another guys wallet and PDA just sitting there! No way…two in a row? Thinking that there is no way there would be three lockers in a row unsecured I opened up the third locker…what do you know…someones bag with car keys just sticking out of the bag. Amazing.
Lucky that I have some ethics and wouldn’t take someones stuff but the sad truth is that someone else could have easily stolen all of this stuff…wallets with credit cards, drivers license, PDA’s and cell phones all could be used for simple transactions or even worse identity theft.
Whats the lesson here? Buy yourself a lock! A Master Lock is like $3.99 (or cheaper). While you could crack one of these locks with very little effort, it does provide a good “deterrent” to prevent simple physical theft. At a busy gym someone might say something to you if you were trying to break a lock off by force, calculating magic numbers or by picking it!
Lock your stuff up at the gym…please!
Share and Enjoy
“Twilight Hack” offers Wii Homebrew Possibilities
Filed under Video Game Hardware Hacking
<%image(20080212-wii_linux.jpg|75|98|Linux on the Wii one day?)%>
As previously reported, the game save that exploits a vulnerability in the Twilight Princess game has been released. This exploit will potentially allow you to run unsigned code and eventually a ELF loader which will allow Linux to run on the Wii. All you need is a copy of Twilight Princess and an SD card to load the hacked game save file. This is the first time that the game save has been released with installation details.
Full instructions with video’s are available from the wiibrew.org web site.
Share and Enjoy
IT Security Events Calendar
Filed under General Security
Want to easily know when every security related conference takes place world wide this year? I just found a great Google Calendar that lists all of these events in one easy to view calendar. I am a big fan of Google Calendar and adding this to a existing Google Calendar is really easy. You can even get these events in a RSS feed if you like.
Check out the IT Security Events Calendar here.
Share and Enjoy
Defcon 15 Audio & Video Podcasts Now Available
Filed under Hacking
<%image(20080208-badge.jpg|130|87|Defcon 15 Badge)%>
If you happened to miss Defcon 15 last year or if you were there and have wanted to catch up on presentations you may have missed…the audio and video podcasts are available for download through two RSS feeds. Great for listening on your iPod, iPhone, or PSP! Subscribe below:
Defcon 15 Audio RSS Link
Defcon 15 Video RSS Link
Supporting materials for Defcon 15 are available here.
Looking forward to another great Defcon 16 this year!
Share and Enjoy
Free Identity Theft Prevention Materials
Filed under Identity Theft
<%image(20080207-idt_160x90_ddd_red.gif|160|90|FTC ID Theft Program)%>
Did you know that you can order free identity theft materials from the Federal Trade Commission? The FTC has a really good program called “Deter, Detect, Defend” to help educate the public about identity theft. They offer free bulk orders of pamphlets, handouts, and other paraphernalia to distribute to your company, friends, family, etc…great if you want to get good material for a security awareness program to distribute. There is a ton of good material to order, not just about identity theft, but about social networking dangers and safe web browsing among many other topics (many computer security related topics).
They even have a pre-made pdf’s and PowerPoint slides that are complete and ready to download, great if you are conducting any speeches or talks about identity theft.
You can order this free material directly from the FTC’s web site here.
Share and Enjoy
TrueCrypt adds Full Hard Disk Encryption, Mac OS X Support
Filed under Cryptography
<%image(20080206-truecrypt.jpg|254|50|TrueCrypt)%>
Big news from the TrueCrypt Foundation yesterday…the new version of TrueCrypt (v5.0) supports full disk encryption and/or encryption of the system partition using pre-boot authentication. In addition, Mac OS X support was added and a GUI interface for the Linux version is now included. From the TrueCrypt web site:
“TrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots (a TrueCrypt-encrypted system drive may also contain non-system partitions, which are encrypted as well).”
Full disk encryption only works for drives with Windows installed in this new version (including Vista). This is great news considering TrueCrypt is a free, open source encryption solution. Now there is no excuse for companies to deploy full disk encryption to laptops containing customer, employee, or other confidential data. I personally use TrueCrypt with my USB thumb drive and is simply the best mobile encryption solution I have ever used (and it’s free).
Stay tuned for my review of TrueCrypt’s full disk encryption in an upcoming article.
Download the new version of TrueCrypt here.
Share and Enjoy
Router Hacking Challenge
Filed under Hacking
The fine folks over at GNUCITIZEN are organizing a router hacking challenge which begins now and apparently through February 29th. The key here is that you need to hack your own router (ie: home dsl/cable router) and disclose any vulnerabilities that you find either via GNUCITIZEN, the sla.ckers forum or at hackerwebzine[at]gmail[dot]com.
Why are they doing this? To see what the vulnerability landscape is with home routers. There has been recent vulnerabilities disclosed with some popular home routers as well as UPnP that is included as a “feature” in almost all newer home routers. If you plan to take part, please comment and share your findings…
Share and Enjoy
Sony PSP Homebrew Primer
Filed under Video Game Hardware Hacking
<%image(20071024-psp.jpg|124|93|PSP)%>
Confused about all the different homebrew firmware that is available for the PSP? Want to know the history behind the homebrew community? Then you need to read this article which gives a great introduction to PSP homebrew.
