Open Source Investigation

No matter how hard I try, I cannot seem to convince some people just how powerful open source research is. Google is your friend, I say. Unless you’re trying to hide something, of course. But RJMetrics has put together a great demonstration of what you can discover by searching the Internet, and how he did it. It’s very enlightening, and hopefully inspiring enough to get you to solve whatever mystery has been bugged you lately.

Correction: WPA not cracked, merely fraying

In an update to yesterday’s post, it appears the new exploit doesn’t actually allow recovery of TKIP keys, but does allow decryption of shorter packets. Decryption of packets doesn’t sound too useful, but it does still allow injection of small downstream packets. Small downstream packets include… DNS and ARP messages. So while the exploit itself remains pretty much useless, it can provide that little hole to insert the lever of poisoning. The fact remains that users of WPA are vulnerable to attack. More details here.

The root source of the exploit? While WPA2 requires AES, WPA doesn’t require it… meaning DES is still in the standard. Whoops.

WPA Cracked. Film at 11.

Encryption isn’t measured in terms of “secure” or “non-secure,” at least by professional cryptographers. There’s exactly one provably secure cipher, and it’s such a pain to use you’ll rarely see it at all. Everything else is broken in time, either through advances in computing speed (brute force method) or mathematical breakthroughs. WPA has joined the ranks of the mathematically broken ciphers… sort of.

Is Your Keyboard Spying On You?

We’re all (hopefully) familar with the concept of keyloggers, both software and hardware. And you’re probably familiar with TEMPEST (Tiny ElectroMagnetic Particles Emitting Secret Things). It’s relatively easy to build a device to copy the output of a CRT over a moderate distance, allowing you to spy on someone’s computer monitor. But who ever thought of recording and decoding the signals between a wired keyboard and a computer? It turns out not to be that hard at all.

Esquire's ePaper a Fail

I was pretty excited by Esquire’s ePaper cover. The possibilities were limitless, both for where magazines would take this into the future (Playboy?) and for hackers wanting cheap e-paper to play with. It’s been a Fail on both fronts, with the magazine implementation being officially lame, and the paper being very hard to hack. Which isn’t to say there haven’t been some successes in hacking the paper…