Author Archives: agent0x0

The Honey Stick Project: Tracking Mobile Storage Devices

Filed under Security Awareness

<%image(20080319-honey_pot.jpg|99|110|Honey Pot!)%>

Here is a pretty cool project that I stumbled upon over at Security Catalyst. The concept is to have a “Honey Pot for mobile storage devices” but each mobile storage device (USB key, iPod, etc…) in reality becomes it’s own “Honey Stick” where the researcher can safely track how many people are plugging these devices into their computers. The hope is that by leaving these devices around in public areas, someone will pick them up..and plug them in. There is even a psychological aspect to this because the researcher, Scott Wright, is actually finding people that want to return these found devices to the owner!

While there may be some privacy concerns conducting this type of public experiment…Scott seems to have done his homework on this project thus far. I am looking forward to reading more about his results as the experiment continues. He has results for his first “stream” here. Check out the Honey Stick Project web site for full details and information.

Hannaford Brothers Credit Card Breach

Filed under Identity Theft

Another day…another credit card breach!

This time 4.2 million credit cards were exposed. I personally smell a bit of TJX in this one…

“The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization,” said Hannaford CEO Ron Hodge, in a statement posted to the company’s Web site.

The key phrase being “transmission of card authorization”. Sniffed? Bad Wifi security? Only time will tell…much speculation at this point. However, has some good speculation about what might have happened.


Filed under Penetration Testing

Larry and Paul from the PaulDotCom Security Weekly Podcast have a very good two part series interviewing pdp and Adrian from GNUCITIZEN. Lots of good information about embedded device hacking and all the cool things GNUCITIZEN is working on. Check out the mp3’s of the Podcast below….better yet…subscribe to the PaulDotCom Security Weekly Podcast! These guys always have good content and are interesting to listen to as well.

Interview with GNUCITIZEN – Part 1
Interview with GNUCITIZEN – Part 2