[randy] from F.A.T. tested the theory that infrared LEDs can actually hide you from the prying eyes of surveillance cameras. We've previously covered camouflage, IR, and other suggestions for eluding the cameras, but haven't taken to sewing stuff onto our clothes yet. [randy] lined his hoodie with high-intensity infrared LEDs, hoping to create a halo effect that would hide his head, and tested his results. Unfortunately, his efforts were unsuccessful. He tested many many different combinations and we're confident in his conclusion that it would be very hard to make this work.

IBM's X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Black Hat has published the media from Dan Kaminsky's infamous DNS vulnerability talk. You can get the full video (101MB) or just the audio.

The full archive of slides and white papers from this year has been posted too.

[Zach Barth] has released Ruckingenur II, the game of reverse engineering. The latest in his Games for Engineers series, it is a full game with multiple levels and live action cut scenes. Set with a military theme, the goal is to reverse engineer enemy items. Pictured above is a lock to a weapons cache.

The pixelized style is consistent throughout. Even the cut scenes have the effect. The reverse engineering is fun enough to keep you interested while you learn. There is an in game help system that keeps you on track as well. Our only suggestion is that he get some better costumes next time!

Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we're also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It's not graceful, but it works. The card values aren't encrypted and there isn't an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare's manufacturer, that tipped off the MBTA on the actual presentation.

After a week of wondering, Red Hat has confirmed that someone broke in and compromised their security. Although It doesn't appear the attacker was able to retrieve the passphrase used to sign Fedora packages, the team is switching to new keys. In a separate intrusion the attacker tampered with and signed OpenSSH packages for RHEL. While it's good to get the full story, no one is happy how long it took Red Hat to release these details.

[via Zero Day]

[photo: afsilva]

The Polytechnic Institute of NYU is hosting an interesting embedded systems contest. They've constructed a solid state cryptographic device that uses a 128-bit private key. Contestants will be tasked with designing and implementing several trojans into the system that will undermine the security. The system is built on a Digilent BASYS Spartan-3 FPGA board. The trojans could do a wide variety of things: transmitting unencrypted, storing and transmitting previously entered plain text, or just shutting down the system entirely. The modified devices still need to pass the factory testing procedure though, which will measure power consumption, code size, and function. After a qualification round, participants will be given the necessary hardware to compete.

[via NYC Resistor (Happy Birthday!)]

Picture this scenario: it's 2 AM, you're stuck somewhere you'd rather not be, and you've lost your car keys. If you can't call the Auto Club, what do you do? Hotwire your own car, of course. Wired.com has a wiki article detailing all the things you need to do to get that car running: how to identify which wires to connect, potential pitfalls of newer cars that require an RFID chip in the key, and so on. Of course, hotwiring a car that doesn't belong to you is illegal, but this is one of those skills-like lockpicking-which just might come in handy in an emergency.

[Photo: D.B. Blas]

Many computer users rely on antivirus software from McAfee and Symantec to protect their computers from malware, worms, and viruses. Since the creation of viruses outpaces the protection abilities of the software, antivirus protection lags behind and may not be as secure as you think. [Gary Warner] provides some examples of current malware making the rounds that continue to be unaddressed by anti-virus vendors, including the recent "CNN Alerts: Breaking News" spam, which morphed into MSNBC alert spoofs. Our advice? Keep your antivirus software updated, but don't believe that it will catch everything for you. Only open files from sources you know and trust.

[via Waxy]

A federal grand jury in Boston has charged eleven people with the theft of more than 41 million credit and debit card numbers from retail stores. What makes this case interesting is that, although the defendants stole the data from retail establishments, they did so without ever having to leave their cars; they stole the numbers while wardriving. While the report doesn't make it clear whether the targeted networks used weak encryption or were simply unsecured, it's obvious that the security of your data is still not a top priority for many companies.

[photo: Mujitra]

In the same vein as our recent Defcon article on biometric cloning, White Wolf Security has released this article about turning a biometric door lock into a trojan. They note that there are many common ways to break into one, from harvesting fingerprints to using gummy bears to fake a finger. This hack involves having full access to the unit so you can disassemble it.

The unit has a system built-in where you can touch a 9-volt battery to some connectors on the bottom to power it in case of a building power failure. The researchers simply routed some wires from the motorized lock to the plates used for the 9-volt and then reassembled the lock. The door can then be opened at any time without verification, even if the software on the unit is reset.

[Thanks, dwight]

One of the more novel talks we saw at Defcon was [Zac Franken] presenting on access control systems. He covered several different types, but the real fun was his live demo of bypassing a hand geometry scanners like the one pictured above. With the help of two assistants, 4 pounds of chromatic dental alginate, and 5 liters of water, he made a mold of his hand. The box he placed his hand in had markings to show where the pegs on the scanner are located. After 2 minutes he could remove his hand from the cavity. They then filled the mold with vinylpolysiloxane, making sure to remove all bubbles. 20 minutes later the hand was solid and passed the scanner's test. This may not be a completely practical attack, but it does defeat the overall idea of biometrics; biometrics are built on the assumption that every person is unique and can't have their features reproduced.

[Zac] also showed an interesting magnetic card spoofer that emulated all three tracks using coils of magnet wire. We hope to see more about that in the future.

[photo: morgan.davis]

While Black Hat and Defcon have both concluded, we're going to post a few more talks that we think deserve attention. [Sherri Sparks] and [Shawn Embleton] from Clear Hat presented Deeper Door, exploiting the NIC chipset. Windows machines use NDIS, the Network Driver Interface Specification, to communicate between the OS and the actual NIC. NDIS is an API that lets programmers talk to network hardware in a general fashion. Most firewalls and intrusion detection systems monitor packets at the NDIS level. The team took a novel approach to bypassing machine security by hooking directly to the network card, below the NDIS level.

The team targeted the Intel 8255x chipset because of its open documentation and availability of compatible cards like the Intel PRO/100B. They found that sending data was very easy: Write a UDP packet to a specific memory address, check to make sure the card is idle, and then tell it to send. The receive side was slightly more difficult, because you have to intercept all inbound traffic and filter out the replies you want from the legitimate packets. Even though they were writing low level chipset specific code, they said it was much easier to implement than writing an NDIS driver. While a certainly a clever way to implement a covert channel, it will only bypass an IDS or firewall on the same host and not one on the network.

[photo: Big Fat Rat]

While we're sure that just about everyone has heard about the conflict between Russia and Georgia, few have probably heard about the role of cyber attacks in the conflict. Shortly before Russia's armed response, Georgian state web servers were attacked by individuals assumed to be Russian hackers. This attack almost completely obliterated Georgia's online presence by shutting down the website for the Ministry of Defense, and the Central Government's main site. The Russian attackers seem to be using some form of sustained DDoS to keep many Georgian sites offline. In an effort to preserve some web presence, the Georgian Government transferred [President Mikheil Saakashvili]'s site to a US hosting provider in Atlanta. The Ministry of Foreign Affairs even created a BlogSpot page after their website initially went down. While politically motivated DDoS attacks have not been rare in past months, this seems to be the first time where the attacking party can be clearly identified. This seems to be the start of a trend where the unconventional methods of cyber warfare are used to gain an advantage over the enemy.

[photo: somefool]