Jonathan T Rajewski » hacking

ICE takes Cal State student into custody for violating the DMCA

admin — Wed, 05 Aug 2009 13:50:56 +0000

This article describes how Immigration Customs and Enforcement (ICE) arrested Matthew Lloyd Crippen “Monday on federal charges that he illegally modified Xbox, Playstation, Wii and other video game consoles to enable the machines to play pirated video games.”

Crippen was indicted by a federal grand jury on two counts of violating the Digital Millennium Copyright Act.

Weaponizing Web 2.0

admin — Thu, 30 Jul 2009 14:32:15 +0000

In this link Brian Krebs blog, he describes how researchers Nathan Hamiel and Shawn Moyer presented a method to (link to paper – Moyer-Hamiel-DC17-Dynamic-CSRF) automate cross-site request forgery (CSRF) attacks.

Taken from the article “To take the Alice and Bob on the forum example a step further, consider what happens when Alice views a forum posting by Bob that includes a link to an off-site image hosted at a site controlled by Bob. That image, when loaded by Alice’s browser, will automatically send Bob’s site a referrer URL that includes the full token that is unique to Alice’s browser session with that forum. Armed with the referring URL’s token, Bob can then respond to the image request from Alice’s browser with a request to silently take action on that forum in Alice’s name.”

This interesting attack has been around since 2001. The two researchers brought the CSRF concept a bit farther by systematically packaging payloads based on the referring site.. so essentially, they can have attacks ready for particular websites. “We’ve come up with a way to take those tokens and repackage them on a payload-per-domain basis, with different types of payloads based on the referring site,” Hamiel said. “So, if it’s linked off of Twitter, the tool might respond one way, or if it’s linked off of something like LinkedIn, it might respond another way.”

This also gives attackers the ability to scale up attacks in a modular fashion so updates can be made to payloads on fly when referring websites make changes.

Just something to keep your eye on..

Hackers attack Large Hadron Collider

admin — Sat, 13 Sep 2008 01:20:32 +0000

The Large Hadron Collider is a controversial international research/science project. A (group of) hacker(s) decided to hack into the system… The following is a quote from the article..

Scientists working at Cern, the organisation that runs the vast smasher, were worried about what the hackers could do because they were “one step away” from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 metres in length and 15 metres wide/high.

If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, “it is hard enough to make these things work if no one is messing with it.”

Volatile Memory – Hardware attack at Full Disk Encryption Keys

admin — Wed, 12 Mar 2008 20:46:29 +0000

Researchers at Princeton University have made significant progress in the analysis of volatile memory, specifically DRAM.

Whitepaper

Video

FAA: Boeing’s New 787 May Be Vulnerable to Hacker Attack

admin — Mon, 07 Jan 2008 20:05:31 +0000

In this article, Wired’s Kim Zetter reports on how Boeing implemented an open computer network on their new 787… But passengers were on the same network as the flight control systems… which theoretically could be compromised in flight..

”According to the FAA document published in the Federal Register (mirrored at Cryptome.org), the vulnerability exists because the plane’s computer systems connect the passenger network with the flight-safety, control and navigation network. It also connects to the airline’s business and administrative-support network, which communicates maintenance issues to ground crews.”