boogy

Motorola's C123 budget mobile phone, which was introduced in 2006, can be turned into a GSM transmitter station using available open source solutions and a bit of custom software. Belgian hacker Sylvain Munaut presented a proof of concept at the 29th Chaos Communication Congress (29C3) in Hamburg on Saturday. The developer managed to get the budget mobile (connected to a laptop for additional computations) to transmit the signals bursts that are usually broadcast by a base station. Using the Wireshark sniffer, Munaut demonstrated that a couple of mobile phones in the lecture hall had already logged into the cell he established, and that an SMS text message had already been sent through it. The hack is based on known vulnerabilities in the GSM network and on previous research such as that from OsmocomBB, a project whose team members include Munaut. The functionality that is required to implement a GSM base station and appropriate control unit has been available in the free OpenBTS and OpenBSC software solutions for some time. The OsmocomBB team made use of the fact that GSM transmissions require no mutual authentication between phone and network, which also opens up the possibility to locate subscribers and implement bugging measures via IMSI catchers. Furthermore, the system's encryption algorithms are weak and relatively easy to bypass, as demonstrated by Munaut and Berlin-based security researcher Karsten Nohl at the 27C3 hacker conference in 2010. The Osmocom hackers had already identified a suitable baseband processor that runs the GMS protocol on a mobile phone. The team chose a TI Calypso module because this module's protocol stack and documentation were already available. The component was used in phones such as Motorola's C123, which can now be bought at online auctions for a few Pounds. Two years ago, the experts had already managed to use it to establish channels to a network, send arbitrary control messages, scan cell information and simulate fake location data. Munaut continued to develop the project and turned the Motorola phone's Calypso platform into a full-fledged transmitting and receiving station. To do so, the developer said that he had to make "some changes" to the mobile's general signal processing and to the appropriate channel encoding and implementation. At the 29C3 conference, Munaut explained that a base station continuously broadcasts signals to enable mobile phones to log into the established cell, and that a mobile phone, which is intended as a receiving device, isn't originally designed to do this. According to the hacker, timing the signal broadcasts in a way that is appropriate for GSM presented a further challenge. Munaut said that he noticed that the mobile phone's clock generator can be tethered to that of a conventional commercial wireless cell and he added that he also exploited various flaws in the phone's signal processor. For example, the researcher explained that he managed to use new start addresses in the boot process and other trickery to customise the signal processor code and manipulate the phone's modulation. This allowed the team to furnish the mobile phone with new capabilities to broadcast sequences that consisted of several signals and to transmit the burst types that are normally only available in base stations. The researcher added that the phase information data was sent to the connected laptop for demodulation. For his practical test, Munaut first used the computer to install new firmware on the Motorola mobile, installed OpenBTS and selected a reference mobile cell; in this case, he used the custom GSM network that was set up for the duration of the congress. The next step was to select a mobile radio frequency, which, the researcher pointed out, requires a valid licence. After opening OpenBTS, it was possible to launch the transmitter and receiver features, synchronise the networks and start transmitting. Munaut said that the code for the hack will be released "in early 2013", as it is yet undocumented. The project is directed at "developers and GSM enthusiasts", he explained, adding that anyone who can operate Osmocom and OpenBTS should be able to run the "not quite standards-conformant" base station software once the required test licence has been acquired. However, the developer pointed out that a certain amount of common sense is required when doing so because GSM is sometimes used for "critical applications". The future plans of the project partners are to implement OpenBSC, increase the program's reliability and develop a solution that uses multiple mobile phones. This will probably also mean that a voice transmission channel can be provided, noted Munaut, and that the simulated base station's sniffer functionality can be extended. See also: Building a GSM network with open source, a feature on The H. The open GSM future arrives, a feature on The H. Soursa 29C3: Budget mobile turns into GSM base station - The H Security: News and Features

USB memory sticks are thought to be among the less exciting hardware components – simple storage media that have many uses and function the same way in almost any hardware environment. That this isn't actually true was demonstrated by Pwnie-winning hacker Travis Goodspeed at the 29th Chaos Communication Congress (29C3) in Hamburg. "We think of USB memory sticks as block devices, but in reality they are computers that use a network to talk to a host", said Goodspeed. "These devices can send any data they want." Once this perspective is adopted, whole new fields of application become possible, explained the researcher. For example, Goodspeed noted that USB device drivers are often poorly programmed and offer many access points, and that it is possible to modify files while a USB memory stick is connected. Security researcher Collin Mulliner exploited the misplaced trust in these USB devices to install an unauthorised extension on a Samsung smart TV that allowed him to gain full access to the TV's system because the TV initially checks for authorised extensions on the USB memory stick. For the check, Mulliner presented the TV with an allegedly authorised plug-in. However, during the actual installation process, the researcher planted a totally different file in the system and used it to obtain telnet access. This allowed him to make arbitrary firmware changes, for instance in order to record content from a premium TV channel. Apparently, this hack is only the beginning. Goodspeed has developed a board called Facedancer11 that can emulate arbitrary USB devices. "This is a development tool", emphasised the researcher. Goodspeed explained that it is, for example, possible to pretend that a smartphone has established a connection to the computer in order to initiate a firmware update. According to the researcher, the data that can be intercepted this way enables potential attackers to find out how exactly the update process works and allows them to save a firmware image for further analysis. Using the board to examine a computer's communications, an attacker can then build USB devices that target specific vulnerabilities in the host computer. However, emulating a USB memory stick opens up other new possibilities. Through fingerprinting, the USB memory stick can quickly establish what kind of device is trying to communicate with it. For example, Windows PCs access the USB memory stick's MBR a total of nine times, while Linux distributions can be differentiated by their automounters. USB memory sticks can register such behavioural patterns and use them to return the data that the owner wishes to disclose. "When the MBR is read nine times, it's probably not my laptop", said Goodspeed. With the necessary programming, a USB memory stick can, therefore, return different content to a Windows PC than it does to a Linux computer. Goodspeed says that he can also analyse the accessing user's intention. For example, the researcher explained that, when detecting a USB memory stick, Windows PCs write the access date to the storage device by default. However, if a PC neglects to do this, it is likely that the user is trying to duplicate the USB stick for forensic purposes – leaving a storage device unmodified is one of the top priorities when collecting evidence. Goodspeed said that he can program his USB memory stick in such a way that it will self-destruct when someone tries to create a copy for forensic purposes. "As long as a forensics expert doesn't know that he's dealing with a special USB memory stick, you've won", said the researcher. Soursa 29C3: When USB memory sticks lie - The H Security: News and Features

Un an nou fericit tuturor si multa sanatate

Bine ai venit pe RST.

Mai raspund ica o data ....

Salut! Si bin ai venit

Attackers can read data with little effort even with self-encrypting drives (SED). At the Chaos Computer Club's 29th hacker conference, 29C3, IT expert Tilo Müller demonstrated on Friday how hardware encryption for desktop computers and laptops can be attacked. Computer companies like to claim that integrated hard drive encryption prevents third parties from accessing private data or internal corporate information, especially after the loss or theft of a laptop. Müller, who conducts research at the University of Erlangen in Germany, laid out various scenarios in which an encrypted hard drive in standby mode can be connected to an attacker's computer and allows its data to be read. The researcher calls these situations "warm replug attacks", since the disk's SATA connection is replugged while the disk is running and without cutting power. Since the hard drive is not locked in this case, encryption can be bypassed. Only three of the twelve tested computers recognised that the hard drive was unplugged while in standby mode, Müller said. This kind of attack, however, requires that the attacker have physical access to a system that is running or, at least, in standby mode. Along with the warm replug attacks, the IT expert and two of his colleagues also tested hard drive security against well known attacks on hard drive encryption, such as cold boot attacks, DMA/FireWire attacks and "evil maid" attacks, which he says are even successful against SEDs in many practical scenarios. The researchers therefore feel that the security of encrypting hard drives is about the same as that of software-based systems like Truecrypt and Bitlocker. Only a few SEDs offered more protection, while some were even easier to attack. Soursa 29C3: successful attack on encrypting hard drives - The H Security: News and Features Demos http://www1.cs.fau.de/sed

Foarte interesant. Mersi.

While analysing a compromised web page, security experts from FireEye discovered malware that exploits a previously unknown security hole in Internet Explorer. The hole allows attackers to inject malicious code into the Internet Explorer user's system when a specially crafted web page is visited. All versions up to and including IE version 8 are vulnerable; currently available information suggests that later versions are not affected. The researchers from FireEye report that the attackers first used a Flash applet to deploy shell code in RAM by means of heap spraying, and that they then managed to execute the code via the zero-day hole in IE. The hole involves a use-after-free issue with CDwnBindInfo within IE. The security hole the researchers found was exploited to inject a DLL into the system but they have yet to comment on the library's purpose. The report states that the incident involves a "watering hole" attack: During such targeted cyber attacks, the attackers compromise web pages that are visited by their intended victims and deploy malicious code this way. The experts found the exploit on the web page of the Council on Foreign Relations (Council on Foreign Relations), a US think tank that includes around 4,500 influential political and business personalities. The attackers used a few lines of JavaScript code to ensure that the exploit is only executed if the visitor's system language is set to US English, Chinese, Japanese, Korean or Russian. Talking to security blogger Brian Krebs, Microsoft confirmed the vulnerability and said that only versions 6 to 8 of Internet Explorer are affected. Since that confirmation, a metaploit module has been published and US CERT has released a vulnerability note on the issue. With details of the problem in circulation, it will be very likely that attackers will have added or be adding the exploit into their arsenal of malware; users should look at moving to IE9 or later where they can. Update: Microsoft has also published its own official advisory and instructions on how to mitigate attacks and detect failing attacks on IE9 and IE10. Soursa Critical zero-day hole in Internet Explorer - Update - The H Security: News and Features

De ce ?

Au scos deja o noua versiune care corijaza vulnerabilitatea: WordPress plugin W3 Total Cache critical Vulnerability disclosed - Hacker News , Security updates Quote: WordPress plugin W3 Total Cache updated to version 0.9.2.5 with fix for above vulnerability.

Aici este si script-ul cu care poti ataca : https://rstforums.com/forum/62396-wordpress-w3-total-cache-data-disclosure.rst?highlight=WordPress

Pe acasa si prin oras ... Super nasol in cluburi de revelion.

OK. Mersi pentru raspuns. Am reusit

Eu cind incerc sa ma inregistrez primesc ca mesaj ca blocheaza adresele ip din tara in care sunt !?!?! Cineva are vreo ideie dece blochaza ip-urile in functie de tara ?

Frumos tutorial si folositor. Mersi.

Mersi

Bine ai venit

Salut, bine ai venit pe RST.

Mersi mult pentru tutorial

Tot nu au inteles definitia unui hacker !!

Cum nu traiesc in Romania, nu cunosc preturile si nici valoarea leului.

Cool. Mersi mult.