Jump to content


  • Posts

  • Joined

  • Last visited

About socket

  • Birthday 11/11/1995

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

socket's Achievements


Newbie (1/14)



  1. Nu este legal s? umbli cu servere furate("root") ?i-n plus în regulament este interzis? comercializarea lor pe acest forum.
  2. Poate ca au un motiv ca au facut asta, banuiesc(100% sigur) ca posturile care ti le-a sters erau de cacat sau incalca regulamentul.
  3. 0 posturi -> 4like, 2 dislike misto asa
  4. Kick-boxing si fotbal
  5. Researchers at Wandera, a mobile security company, have alerted Apple to a potential security vulnerability in iOS that could be used by attackers to fool users into giving up their credit card data and personal information. The vulnerability, based on the default behavior of iOS devices with Wi-Fi turned on, could be used to inject a fake "captive portal" page that imitates the Apple Pay interface. The attack leverages a well-known issue Ars has reported on in the past: iOS devices with Wi-Fi turned on will attempt by default to connect to any access point with a known SSID. Those SSIDs are broadcast by "probe" messages from the device whenever it's not connected to a network. A rogue access point could use a probe request capture to masquerade as a known network, and then throw up a pop-up screen masquerading as any web page or app. The Wandera attack uses this behavior to get a mobile device to connect and then presents a pop-up portal page—the type usually used when connecting to a public WiFi service to present a Web-based login screen—that is designed to resemble an Apple Pay screen for entering credit card data. The attack could be launched by someone nearby a customer who has just completed or is conducting an Apple Pay transaction so that the user is fooled into believing Apple Pay itself is requesting that credit card data is reentered. An attacker could loiter near a point-of-sale system with an Apple Pay terminal and continuously launch the attack. Considering that the fake captive portal page is displayed beneath a "Log In" title bar, this attack may not fool many people. “In high footfall locations, even a very small ratio of success will yield a large number of valuable credit card numbers," said Eldar Tuvey, CEO of Wandera, in a statement e-mailed to Ars. "It’s all so easy for them. Using readily available technology, which they may be discretely carrying about their person, hackers can for the first time focus their efforts where their victims are at their most susceptible—at the checkout.” The real vulnerability exploited here is iOS' automatic WiFi connection and the format in which iOS displays captive portal pages. There are some very simple ways to prevent this sort of attack—such as turning Wi-Fi off when not deliberately connecting to a network. The Wandera researchers reccommended that Apple and Google should "consider adopting a secure warning when displaying captive portal pages to users, so that users exercise caution." Additionally, they suggest that users close and re-open payment applications to enter credit card data and use the camera capture capability of the apps to input credit card data whenever possible. Ars spoke with an Apple spokesperson, and is awaiting an official response. However, as the screenshots show, this spoof looks considerably different from Apple Pay's actual interface, and a card registration screen popping up after a transaction is hardly expected behavior for the service. Apple Pay never asks for credit card data during a transaction. Ars will update this story as more information becomes available. Source
  6. Without public notice or debate, the Obama administration has expanded the National Security Agency's warrantless surveillance of Americans' international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents. In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad—including traffic that flows to suspicious Internet addresses or contains malware, the documents show. The Justice Department allowed the agency to monitor only addresses and "cybersignatures"—patterns associated with computer intrusions—that it could tie to foreign governments. But the documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers. The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses, and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance. While the Senate passed legislation this week limiting some of the NSA's authority, it involved provisions in the USA Patriot Act and did not apply to the warrantless wiretapping program. Government officials defended the NSA's monitoring of suspected hackers as necessary to shield Americans from the increasingly aggressive activities of foreign governments. But critics say it raises difficult trade-offs that should be subject to public debate. The NSA's activities run "smack into law enforcement land," said Jonathan Mayer, a cybersecurity scholar at Stanford Law School who has researched privacy issues and who reviewed several of the documents. "That's a major policy decision about how to structure cybersecurity in the US and not a conversation that has been had in public." It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion—a foreign government or a criminal gang—and the NSA is supposed to focus on foreign intelligence, not law enforcement. The government can also gather significant volumes of Americans' information—anything from private e-mails to trade secrets and business dealings—through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it. One internal NSA document notes that agency surveillance activities through "hacker signatures pull in a lot." Brian Hale, the spokesman for the Office of the Director of National Intelligence, said, "It should come as no surprise that the US government gathers intelligence on foreign powers that attempt to penetrate US networks and steal the private information of US citizens and companies." He added that "targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose." The effort is the latest known expansion of the NSA's warrantless surveillance program, which allows the government to intercept Americans' cross-border communications if the target is a foreigner abroad. While the NSA has long searched for specific e-mail addresses and phone numbers of foreign intelligence targets, the Obama administration three years ago started allowing the agency to search its communications streams for less-identifying Internet protocol addresses or strings of harmful computer code. The surveillance activity traces to changes that began after the Sept. 11 terrorist attacks. The government tore down a so-called wall that prevented intelligence and criminal investigators from sharing information about suspected spies and terrorists. The barrier had been erected to protect Americans' rights because intelligence investigations use lower legal standards than criminal inquiries, but policy makers decided it was too much of an obstacle to terrorism investigations. The NSA also started the warrantless wiretapping program, which caused an outcry when it was disclosed in 2005. In 2008, under the FISA Amendments Act, Congress legalized the surveillance program so long as the agency targeted only noncitizens abroad. A year later, the new Obama administration began crafting a new cybersecurity policy—including weighing whether the Internet had made the distinction between a spy and a criminal obsolete. "Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical," the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA's internal files. About that time, the documents show, the NSA—whose mission includes protecting military and intelligence networks against intruders—proposed using the warrantless surveillance program for cybersecurity purposes. The agency received "guidance on targeting using the signatures" from the Foreign Intelligence Surveillance Court, according to an internal newsletter. In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments. That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a "huge collection gap against cyberthreats to the nation" because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location, or pretend to be someone else. So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any "malicious cyberactivity," even if it did not yet know who was behind the attack. The newsletter described the further expansion as one of "highest priorities" of the NSA director, Gen. Keith B. Alexander. However, a former senior intelligence official said that the government never asked the court to grant that authority. Meanwhile, the FBI in 2011 had obtained a new kind of wiretap order from the secret surveillance court for cybersecurity investigations, permitting it to target Internet data flowing to or from specific Internet addresses linked to certain governments. To carry out the orders, the FBI negotiated in 2012 to use the NSA's system for monitoring Internet traffic crossing "chokepoints operated by US providers through which international communications enter and leave the United States," according to a 2012 NSA document. The NSA would send the intercepted traffic to the bureau's "cyberdata repository" in Quantico, Virginia. The disclosure that the NSA and the FBI have expanded their cybersurveillance adds a dimension to a recurring debate over the post-Sept. 11 expansion of government spying powers: Information about Americans sometimes gets swept up incidentally when foreigners are targeted, and prosecutors can use that information in criminal cases. Citing the potential for a copy of data "exfiltrated" by a hacker to contain "so much" information about Americans, one NSA lawyer suggested keeping the stolen data out of the agency's regular repository for information collected by surveillance so that analysts working on unrelated issues could not query it, a 2010 training document showed. But it is not clear whether the agency or the FBI has imposed any additional limits on the data of hacking victims. In a response to questions for this article, the FBI pointed to its existing procedures for protecting victims' data acquired during investigations but also said it continually reviewed its policies "to adapt to these changing threats while protecting civil liberties and the interests of victims of cybercrimes." None of these actions or proposals had been disclosed to the public. As recently as February, when President Obama spoke about cybersecurity at an event at Stanford University, he lauded the importance of transparency but did not mention this change. "The technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it," Obama said. source
  7. SourceForge has sworn off its ways of wrapping "unmaintained" code from open source projects in installers that offer bundled commercial products in the wake of objections raised by some open source communities. But one policy remains in effect—the takeover of project pages SourceForge's staff decides are inactive, and assignment of ownership of those projects to staff accounts. One of the latest projects grabbed in this way is the Nmap security auditing tool. Further Reading SourceForge locked in projects of fleeing users, cashed in on malvertising [updated] "Hotel California" of code repositories lets you check out, but you can never leave. The practice of reassigning ownership was broadly exposed by SourceForge's takeover of the project page for the Windows version of the GIMP image manipulation tool. While SourceForge staff claimed in a blog post that the project's account had been abandoned, an official statement from the GIMP development team denied that SourceForge had contacted them about the account, saying that no permission had been given to SourceForge to take over maintenance of the project. Something similar happened to Nmap, as its developer Gordon Lyon reported in an e-mail message to the project's mailing list today. "The bad news is that Sourceforge has also hijacked the Nmap account from me," Lyon, known as "Fyodor" in Internet discussions, wrote. "The old Nmap project page is now blank. Meanwhile they have moved all the Nmap content to their new page which only they control. So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP. But we certainly don't trust them one bit! " Lyon urged Nmap users to only download the tool from Nmap's official web page to ensure their security. "We will ask Sourceforge to remove the hijacked Nmap page, but more importantly we want to reiterate that you should only download Nmap from our official SSL Nmap site," he wrote. "If you don't trust SSL by itself (and we don't blame you), you can also check the GPG signatures." Update: Ludovic Fauvet, founder and CTO of Videolabs SAS. Developer of VLC media player, said in a blog post yesterday that SourceForge similarly took over the VLC project's account on SourceForge. VLC was, in 2012, the most downloaded project on SourceForge, and still remains among its top projects even though the project moved to its own download infrastructure two years ago. That happened, because as Fauvet wrote, "in 2012 Geeknet started to add more banners to their pages and did not bother filtering ads that were obvious scam, misleading users to click on these fake “downloads” buttons. Some if not all of these advertisers were distributing VLC bundled with crapware (as we like to call them)." The VLC team complained to SourceForge, and were assured by the SourceForge team that something would be done about it. But the misleading ads kept coming back. "In consequence they also offered to share some revenues with us," Fauvet wrote. "They gave few thousands dollars every couple of month to the non-profit (which was welcome since we’re all volunteers) but we were still unhappy because a lot of VLC users were still impacted by these misleading ads." And after Dice acquired Slashdot Media in September of 2012, Fauvet said, the contacts at SourceForge that the VLC team had been working with disappeared, "leaving us without any way to reach the new team for quite some time." The misleading ads got worse, so in April 2013 the VLC team started to move the project to its own dedicated servers for download, ending user complaints about the ads—but also eliminating a major source of revenue for SourceForge, as "they lost their biggest project which was making a significant portion of their revenues since VLC was the most downloaded software on SourceForge at the time." SourceForge attempted to lure VLC back with its "DevShare" revenue sharing program, Fauvet said, in July of 2013. At the same time, VLC's new servers were targeted by a large distributed denial of service attack. "We still don't know who was behind the attack and their motivations but the coincidence is striking," Fauvet wrote. When news emerged that GIMP had been taken over as a mirror, Fauvet noted, "We were quite surprised to discover that the same happened to VLC, the project has been taken over without notice, removing all access to it but luckily the binaries weren’t touched." Ars has received a response from Slashdot Media's Roberto Galoppini,Senior Director of Business Development for SourceForge, regarding Lyon's complaint: We have taken Fyodor’s concerns seriously and below you find our take on the matter: We find no indication that the “nmap” project has ever contained files, delivered any downloads, or had any changes made aside from the automated migration from our old SourceForge platform to the new platform which is powered by Apache Allura. We wish to assure the Open Source and security communities that we never modified fyodor’s “nmap” project on SourceForge. At the end of 2011, we established a SourceForge-hosted mirror of the nmap software, using verbatim copies of nmap’s releases, and have continued to keep that mirror up-to-date since. SourceForge was founded on the idea that Open Source software should always be available to the community, an idea backed by the Open Source Definition, and we continue to uphold that belief by mirroring important projects on our site. In an e-mail to Ars, Lyon said, "Sourceforge did not communicate with me prior to seizing the account. They have communicated with me many times in the past about participating in these monetization strategies, and I always declined." In response to Galoppini's statement that the Nmap project had no files in it, Lyon retorted, "Actually we had so many files there that we received numerous that we were over our Sourceforge file storage limit! Perhaps the confusion is that we were using the SF-provided 'web storage' space so we could directly link the files and include HTML and images rather than their individual-file-download-from-a-list system. We never liked the latter system." Lyon also forwarded a screenshot of an e-mail from Galoppini from December of 2011, in which Galoppini said SourceForge would never repeat the mistake that CNET's Download.com made: bundling other software with downloaded installers. Lyon had explained the reason Nmap was using a link to perform downloads from its own repository was related to "the brouhaha we had this week over Download.com's practice of bundling malware with our installer." Gallopini replied, "That's really bad...Of course we don't do similar things." Source
  8. GitHub has revoked an unknown number of cryptographic keys used to access accounts after a developer found they contained a catastrophic weakness that came to light some seven years ago. The keys, which allow authorized users to log into public repository accounts belonging to the likes of Spotify, Yandex, and UK government developers, were generated using a buggy pseudo random number generator originally contained in the Debian distribution of Linux. During a 20-month span from 2006 to 2008, the pool of numbers available was so small that it made cracking the secret keys trivial. Almost seven years after Debian maintainers patched the bug and implored users to revoke old keys and regenerate new ones, London-based developer Ben Cartwright-Cox said he discovered the weakness still resided in a statistically significant number of keys used to gain secure shell (SSH) access to GitHub accounts. "If you have just/as of late gotten an email about your keys being revoked, this is because of me, and if you have, you should really go through and make sure that no one has done anything terrible to you, since you have opened yourself to people doing very mean things to you for what is most likely a very long time," Cartwright-Cox wrote in a blog post published Monday. "It would be safe to assume that due to the low barrier of entry for this, that the users that have bad keys in their accounts should be assumed to be compromised and anything that allowed that key entry may have been hit by an attacker." Cartwright-Cox told Ars that he found about 94 keys on GitHub that contained the Debian-derived weakness. He said that after he reported his finding to GitHub officials in March he learned the actual number of site users was much higher. GitHub revoked the keys early last month, he said. GitHub officials didn't respond to a request to comment. Separately, the UK developer said he found nine GitHub SSH keys that contained woefully insufficient numbers of bits. Two of them had only 256 bits, making it possible for him to factor them and clone the private key in less than an hour. The remaining seven had only have 512 bits. During the time the Debian bug was active, the pool of bits available when generating OpenSSH keys was so limited that there were only 32,767 possible outcomes for a given architecture, key size, and key type. Cartwright-Cox said attackers could have used the same methods he employed to find weak keys and then used several techniques to gain unauthorized access to the accounts the keys protected. The task would have been aided by obtaining the list of insecure Debian SSH keys off one or more public sites, such as this one. In an e-mail, he elaborated: If I wanted to be more noisy I could have just done what I said [in the blog post] and looped though the keys, that may or may not have set off alarms at Github itself (I'd give it a 25% chance that it would). So the breakdown of how this could have been done is the following: Grab the bad key list. It contains the public and private parts of all the SSH keys that would have been made if the user had a version of OpenSSH that had Debian RNG bug, then get each private key on the list, and try to log into GitHub's ssh with them. Depending on what key you succeed with it will tell you what user name it matches up with, in the example I provided since my key is loaded it tells me "Hi benjojo! You've successfully authenticated, but GitHub does not provide shell access." but if I was to try with a weak key that matched up with another user it would say "Hi {user}! You've successfully authenticated, but GitHub does not provide shell access." and then I know what user I can compromise with that. Technically, attackers don't even need the private key to see if a site accepts authentication from a user, HD Moore, chief research officer at Rapid7 and co-founder of the Metasploit hacking framework, told Ars. Just the public key and this Metasploit module will do. "This trick can also be used to see what internet-facing servers allow logins from what public keys, even if the private key is not available, which is a neat reconnaissance/opsec technique," Moore said. The randomness bug was introduced in late 2006, when Debian maintainers removed two lines of code in the OpenSSL code base in an attempt to fix warnings received by some users. In the process, the maintainers wiped out almost all of the entropy that OpenSSL relied on for its randomness engine. The epic mistake, which eventually migrated to the Ubuntu distribution of Linux as well, wasn't diagnosed for 20 months, and by that time an untold number of cryptographic keys had been generated. The bug was unusual in that installing a patch was only the beginning of the healing process. To fully recover, users had to revoke any keys made during that 20-month period and generate new ones using the updated OS. The discovery that GitHub users continued to rely on these hopelessly weak keys eight years after they came to light is testament to just how monumental the Debian debacle was and how hard it is for users to mop up after the mess it created. Source
  9. So many hacks, so few days in the week to write alarming stories about every one. Every weekend, WIRED Security rounds up the security vulnerabilities and privacy updates that didn’t quite rise to our level for in-depth reporting this week, but deserve your attention nonetheless. First the big stories: The FBI has a secret fleet of planes spying on you, and they are not alone. United Airlines grounded all its planes on Monday because false flight plans were being uploaded to the flight decks. The US Senate finally passed some NSA surveillance reform in the form of the USA Freedom Act–the first of its kind since Edward Snowden revealed the extent of the Big Brother nightmare that is domestic counter-terrorism in the 21st century. Facebook decided that revealing your location in Messenger isn’t a bug; it’s a feature! A feature you can now, thankfully, opt out of. And our own Andy Greenberg demonstrated that the front lines of the gun control debate are moving closer to home, as it’s now incredibly easily to build your own untraceable guns. But there was a lot of other news this week, summarized below. To read the full story linked in each post, click on the headlines. And be safe out there! —Emily Dreyfuss Chinese Hackers Access Four Million Federal Workers’ Payroll Data Another month, another massive breach of a federal agency revealed. Hackers based in China accessed the records of four million federal workers when they hacked the Office of Payroll Management (OPM) in an attack first discovered in April. Despite the agency’s focus on payroll, it’s not clear if any data was stolen that could lead to financial fraud; no direct deposit information was accessed, according to the Washington Post. Instead, the attackers may have been seeking data useful for identifying government staffers with security clearances, potentially to target them in future “spear phishing” attacks. The Department of Homeland Security has taken credit for identifying the attack with its EINSTEIN intrusion detection system. But critics are questioning why that years-in-development system couldn’t have caught the attack earlier. The Chinese government, per usual, has denied any involvement. The OPM intrusion marks the second major federal breach revealed this year, following news that Russian hackers accessed unclassified White House networks as well as those of the State Department. — Andy Greenberg California Senate Passes Bill Requiring Warrants To Search Electronic Devices Another small victory for opponents of the all-pervasive morass of electronic surveillance, at least in one state: the California senate unanimously passed the California Electronic Communications Privacy Act, a bill requiring law enforcement to obtain a search warrant or wiretap order prior to searching smartphones, laptops, or electronic devices, or accessing information stored on remote servers. The bill will be heard by the State Assembly this summer. — Yael Grauer Skype Bug Broke App on Android, iOS and Windows It only took Skype 24 hours to fix the bug, but for a moment, messaging “http://:” (without the quotes) in chat not only made Skype crash in Windows, Android, and iOS, but would immediately crash it again after restarting when Skype downloaded chat history for the server, meaning that clearing the chat history didn’t resolve the issue. This bug trailed on the heels of the iOS glitch discovered last week that caused iPhones to crash when sent a string of characters, though users are far more likely to type in http://: by accident than they are to text the complicated string of Arabic and English characters required to crash iOS devices. Before the fix was in, Skype users could get around the bug by installing an older version of Skype, or having the sender delete the offending message. — Yael Grauer Most Macs Vulnerable to Permanent Backdooring Macs shipped prior to mid-2014 are vulnerable to an exploit that would allow an attacker to permanently control the machine, even if you reinstall OS X or reformat the drive. The vulnerability, discovered by security researcher Pedro Vilaca, allows attackers to install malicious firmware that essentially overwrites the firmware that boots up the machine right after older Macs awake from sleep. The code is installed via one of the many security vulnerabilities found in web browsers such as Safari. One way to avoid this hack is to change your computer’s default setting to deactivate sleep mode. You can also download software to detect whether an attack has taken place, though the software won’t prevent it from happening. — Yael Grauer Twitter Just Killed Politwoops The greatest Twitter account you’ve never heard of is now dead. Politwoops, an online archive of public statements made–and deleted–by U.S. politicians on Twitter, was an online transparency project started in 2012 by the Sunlight Foundation. It was created to provide a record of ways that elected officials sometimes quietly reverse their messaging. Originally, Sunlight had permission to use Twitter’s API for the project, which used a human curation workflow to analyze the tweets. But the social networking service has now reneged, citing the expectation of privacy for all accounts. Sunlight Foundation points out that elected officials shouldn’t share the same expectations of privacy as private citizens do, and that transparency leads to accountability. Now it has one fewer tool to use on that mission. — Yael Grauer Now You, Too, Can Track FBI Spy Planes As you’ve probably heard by now, the FBI is flying spy planes over American cities, and they’re registered to at least 13 fictitious companies. The specific capabilities of these planes is unclear, but they may have high-tech cameras and perhaps even cell-site simulators to scoop up massive amounts of data. Luckily, tracking the planes themselves has proven to be a bit easier than determining their capabilities. L.A.-based technologist John Wiseman used public records request for flight routes and programmed a radio receiver to intercept airplane transmissions, allowing him to identify planes flying in L.A. in real time. You can do the same, by tapping into a database of 115 spy planes that engineer Brian Abelson created by looking up registration numbers associated with planes owned by FBI front companies, as revealed by the AP. Flight information and history is available on that link, and users can analyze the data set by registering for a free account at Enigma, the data search and discovery platform where Wiseman works. — Yael Grauer Source
  10. Americans’ garages, those sacred suburban havens of automobiles and expensive tools, are probably more important to us than many of our online accounts. But some garages are only protected by a code whose security is equivalent to a two-character password. And security researcher Samy Kamkar can crack that laughable safeguard in seconds, with little more than a hacked child’s toy. On Thursday, Kamkar revealed a new tool he’s created called OpenSesame, which he says can open any garage door that uses an insecure “fixed code” system for its wireless communication with a remote. Built from a discontinued Mattel toy called the IM-ME, altered with a cheap antennae and an open source hardware attachment, Kamkar’s less-than-$100 device can try every possible combination for these garage doors and open them in seconds. “It’s a huge joke,” says Kamkar, a serial hacker who works as an independent developer and consultant. “The worst case scenario is that if someone wants to break into your garage, they can use a device you wouldn’t even notice in their pocket, and within seconds the garage door is open.” Before barricading or booby-trapping your garage against OpenSesame intruders, it’s important to note Kamkar’s exploit doesn’t work against just any garage door—only ones that respond to a “fixed code” wirelessly transmitted by a remote instead of a more secure “rolling code” that changes with every button press. And it’s not clear just how many garage doors actually use that fixed code system. Kamkar found that his own garage door, in a newly built Los Angeles condo, was vulnerable to his attack, though he couldn’t identify device’s manufacturer; the receiver in his building was hidden. When he checked the attack against two friends’ garage door openers—both made by a company called Linear owned by the parent company Nortek—it worked both times. Nortek didn’t immediately respond to WIRED’s request for comment. Another major brand of garage door opener, Genie, didn’t respond to to a request for comment either, but says on its website that its devices use rolling codes. A spokesperson for Chamberlain, the owner of the Liftmaster brand and one of the biggest sellers of garage door openers, initially told WIRED the company hasn’t sold fixed code doors since 1992. But when Kamkar dug up a 2007 manual for a Liftmaster device that seemed to use fixed codes, Chamberlain marketing executive Corey Sorice added that the company has supported and serviced older garage door openers until much more recently. “To the extent there are still operators in the market begin serviced by replacement parts, part of the objective is to get to safer and more secure products,” he said in a phone interview, using the industry term “operator” to mean a garage door opener. “We’d love to see people check the safety and security of their operators and move forward.” Kamkar has posted his own video to help people determine if their garage door is vulnerable or not. To attack fixed code garage door openers, criminals have for years used “code grabbers” that capture the code from a user’s garage door button press and replay it later to open the door. But for these vulnerable systems, Kamkar has reduced the time necessary so that it’s become practical try every possible wireless code. That means someone could walk or drive through a neighborhood, going door-to-door and trying the device until one of the vulnerable garages opens. “For code grabbers, you have to sit there and wait for the person to hit the button,” says Kamkar. “For this, [the victim] never even has to be there.” To perform his brute-force attack, Kamkar used a pre-smartphone toy called a Radica IM-ME. That chunky pink handheld device for wireless text messaging, once sold by Mattel, has been adopted by radio hackers because it’s capable of broadcasting and receiving at a broad range of frequencies. Kamkar added his own antenna to the IM-ME and used GoodFET, a tool built by well-known radio hacker Travis Goodspeed, to reprogram the IM-ME with his cracking program. The fixed-code garage door remotes Kamkar tested use at most 12 bit codes—that’s 4,096 possibilities. In modern computer security terms, that’s a trivial level of security: Kamkar calculates that a password with just two characters offers at least 5,184 possibilities. “Imagine if your bank only let you have a two character password,” Kamkar says. Using a straightforward cracking technique, it still would have taken Kamkar’s program 29 minutes to try every possible code. But Kamkar improved his attack by taking out wait periods between code guesses, removing redundant transmissions, and finally using a clever optimization that transmitted overlapped codes, what’s known as a De Bruijn sequence. With all those tweaks, he was able to reduce the attack time from 1,771 seconds to a mere eight seconds. Even so, that eight-second attack only works for a single frequency; Kamkar says he’s found four frequencies different for vulnerable garage doors he’s tested, and OpenSesame can cycle through its brute-force attack on all four frequencies in less than a minute. Kamkar has detailed OpenSesame’s attack on his website, and also published the tool’s code. But he intends it to serve as a warning, not a how-to manual. In fact, he says he’s even disabled the code so that criminals can’t use it, and wouldn’t comment on exactly how he’s crippled his exploit. That’s a rare move for Kamkar, and one that demonstrates how dangerous he believes his garage attack may be. OpenSesame is just the latest in a long string of high-profile hacks from Kamkar, who gained fame in 2007 when he launched a MySpace worm—what came to be known as the Samy worm—that added more than a million friends to his account in an hour. He’s also built a drone designed to seek out and wirelessly hijack other drones, and a 3-D printed robot that can crack Masterlock combination locks in seconds. Anyone with a garage door that still uses a fixed code system should seriously consider upgrading to a more secure rolling code receiver. But Kamkar hints he’s working on another hack that would extend his attack to rolling codes, too, though he’s not yet ready to release any details about it. If that rolling code hack turns out to be effective, there may be no such straightforward answer for garage door security. “It’s a sticky situation. I haven’t even figured out what I’m supposed to do to my own garage,” Kamkar says. “I don’t have a great solution for anyone, including myself.” Source
  11. Intra pe shodan.io scrie "Seagate Central" si incearca exploitul asta pe toate si ti-ai facut rost de shelluri.
  12. Pai din moment ce vorbea cu prietena lui nu cred ca ii trebuia sa cripteze conversatia, poate iubita lui nu era asa "desteapta" pe calculator ca si el, logurile puteau fi luate contactand yahoo/skype or ce shit folosea el, sau dupa ce a fost prins i-a verificat convorbirile edit #1: Poate ca era pe un wifi public si i-a fost interceptat trafficul sau poate avea vrun virus prin pc.
  • Create New...