Monthly Archives: October 2012

Final Report on DigiNotar Hack: Really Badly Owned

DigiNotar was a Dutch certificate authority, one of the hundreds of firms issuing SSL certificates for websites. They aren’t anymore, as the Dutch government took them over after they got badly hacked. Now we have a final report to show just how badly hacked they were… a) All 8 CA servers were pwned. b) The […]

Analysis of ExploitShield

ExploitShield has been floating around for a little while, advertised as a cure-all for Windows vulnerabilities. Finally we have an analysis of how it works, and therefore whether it does. Sadly, ExploitShield’s not quite as great as it says on the tin. Roughly, it modifies Windows functions commonly used to drop and execute code, in […]

Bugged Retail Card Readers on a Mass Scale

Rather nasty: a gang of crooks went around bugging just one card reader at scores of different stores in a national chain. The challenge is figuring out just who they were and how they did it. A physical compromise appears likely, but did they have help from employees? Did they tamper with the devices in-situ, […]

A Firmware Flaw in Smartphones, Tablets, and a Car (also, telecom transparency)

Sending your smartphone to sleep with the fishes is evidently not enough — here’s a vulnerability that affects both phones and tablets, no matter what the OS. A low-level chipset used by older HTCs, iPhone/iPads, Samsungs, and the Ford Edge (just to name a few) is vulnerable to a remote DoS attack. It might also […]

Indian Govt Putting Cameras in Politicians’ Homes and Offices

Right, so I’m a big fan of privacy. You tell me about governments installing CCTV in people’s homes and offices, I’m not going to be very amused. But… An Indian chief minister (head of government at the state level) has ordered the installation of CCTV surveillance at the homes and officers of all 48 ministers […]

Brute Forcing Hardware Keyloggers: Travel Tip

Travel tip: For the Orwellian take on this, go by Berlin’s S-Nordbahnhof. They have (translated mostly into English as well) a wonderful exhibition on the Stasi’s implementation of the philosophy I articulated in the last paragraph of my writeup, with respect to reverse-engineering both successful and unsuccessful escapes from East Berlin.

Brute Forcing Hardware Keyloggers

A hardware keylogger is discovered on a computer, security expert gets to figure out as much as possible about it. Unfortunately, the keylogger won’t spit out its logs until someone types the right password on the keyboard. How do you brute-force the password? Use a microcrontroller emulating the keyboard on the “input” USB port. Article […]