Archive for December, 2011

New Scientist publish about the first hacker revealing security holes in wireless communication technology in 1903. Nevil Maskelyne was first in a long line of hackers who have exposed and exploited security flaws in communication technology from Morse code to the Internet.
The crowd was somewhat amused as the physicist John Ambrose Fleming was adjusting arcane apparatus as he prepared to demonstrate the long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi. Marconi was 300 miles away in Cornwall trying to send the message.
Before the demonstration could begin, the apparatus in the lecture theatre began to tap out a message.It was a poem which accused Marconi of “diddling the public”. Arthur Blok, Fleming’s assistant, worked out that beaming powerful wireless pulses into the theatre were going to be strong enough to interfere with the projector’s electric arc discharge lamp. It started by spelling “Rats” repeatedly and then ripped into the poem.Maskelyn proved that Marconi’s gear was insecure and it was likely that they could eavesdrop on supposedly private messages too.
Maskelyn proved that Marconi’s gear was insecure and it was likely that they could eavesdrop on supposedly private messages too. While Marconi did not wave his arms about the hack, which was unusual for an Italian. Fleming fired off a missive to the Times. He dubbed the hack “scientific hooliganism”, and “an outrage against the traditions of the Royal Institution”. He asked the newspaper’s readers to help him find the hacker.
However Maskelyn, whose family had made a fortune making “spend-a-penny” locks in pay toilets outed himself four days later and justified his actions on the grounds of the security holes it revealed for the public good.

Maskelyne used Morse code in “mind-reading” magic tricks and in 1900, Maskelyne sent wireless messages between a ground station and a balloon 10 miles away. However he was stuffed up by the fact that Marconi had such broad patents on the technology and could not develop it. It turned out that he was hired as a spy for the Eastern Telegraph Company which was worried tht Marconi would stuff up its business.
Maskelyne built a 50-metre radio mast on the cliffs west of Porthcurno to see if he could eavesdrop on messages the Marconi Company was beaming to vessels as part of its highly successful ship-to-shore messaging business. In The Electrician magazine in 1902, Maskelyne pointed out that the security on Marconi’s set up was a doddle to hack.
Fleming blustered for weeks in the newspapers about Maskelyne’s assault being an insult to science but he was snookered by the hack. Maskelyne’s name had been forgotten but now he is in the history books as the world’s patron saint of hackers.

Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin.
Prof. Stefan Katzenbeisser, the man behind this shocking claim made the revelation during his speech at the Chaos Communication Congress hosted by the Berlin. Prof. Katzenbeisser explained that all hell will break lose in case the encryption keys are compromised in the system, used for switching trains from one line to another.
Trains could not crash, but service could be disrupted for quite some time,” Katzenbeisser told Reuters on the sidelines of the convention. “Denial of service” campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic.
Katzenbeisser said GSM-R, a mobile technology used for trains, is more secure than the usual GSM, used in phones, against which security experts showed a new attack at the convention.”Probably we will be safe on that side in coming years. The main problem I see is a process of changing keys. This will be a big issue in the future, how to manage these keys safely,” Katzenbeisser said.
Prof Katzenbeisser believes the system is relatively secure from hackers under normal circumstances. However, the computer science expert from Technische Universitat Darmstadt warns that encryption keys, used to protect the communications, could pose risks. It said the risk would occur if one of them fell into the wrong hands. This could allow hackers to mount a denial of service attack by overwhelming the signals system with traffic, forcing it to shut down.
The technology, on which the professor issued the advisory, is already in use in a number of countries in Europe, Africa as well as Asia. A group of manufacturers decided to switch to a single digital standard and developed GSM-Railway, a more secure version of the 2G wireless standard used by mobile phones.

The Pentagon has approved a version of Android running on Dell hardware to be used by DoD officials, along with the BlackBerry. The approval of Android by the DoD is a major setback for Apple’s iPhone.
The military approval is quite specific. Android can only be used on Dell’s hardware running Android 2.2. Dell is now offering Dell Venue which runs on Android 2.2. So, this is the phone which DoD employees can use.
The Dell Mobile Security for Android platform has been certified by the Defense Information Systems Agency (DISA) for information assurance and use on defence networks. The Dell Android solution will help the military adapt to today’s operating environment with greater mobility and improved, real-time access to information on the ground.
Why the DoD chose Android ? The reason was simple: open source. Starts & Stripes repots, “Android, developed by Google and other companies, is open source software meaning it can be easily configured by uses – including DOD tech whizzes who want to install security measures.” Using Apple’s iPhone or iOS by government officials is a risk, especially when used by non-American officials. Apple tracks your movement through the built-in GPS chips.

Other features include enhanced password protection such as the ability to lock the device down after multiple unsuccessful password entries. Administrators also can remotely control the peripherals and security policy levels on the device, he said. The government-issue Streak 5 also includes DISA-approved security provided by Good Technology’s Mobility Suite.
Although the Streak 5 is no longer available commercially, Dell is supplying it to DOD because the military likes the form factor, Marinho said. However, he added that the same capabilities and service can be delivered to other platforms running on Android.

There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router’s setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF) and reported it to US-CERT.

The problem affects a number of vendors’ products, including D-Link, Netgear, Linksys and Buffalo. “I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide” Viehbock said.
One authentication attempt usually took between 0.5 and 3 seconds to complete. It was observed that the calculation of the Diffie-Hellman Shared Key (needs to be done before generating M3) on the AP took a big part of the authentication time. This can be speeded up by choosing a very small DH Secret Number, thus generating a very small DH Public Key and making Shared Key calculation on the AP’s side easier.,” he says.

When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct. Also, the last digit of the PIN is known because it is a checksum for the PIN. This design greatly reduces the number of attempts needed to brute force the PIN. The number of attempts goes from 108 to 104 + 103 which is 11,000 attempts in total,” the US-CERT advisory says.
Viehbock also developed a Python tool to brute-force the PINs. He hasn’t released the tool yet, but says he may do so once the code is in better shape. None of the affected vendors have released fixes or workarounds for the bug, but Viehbock says in his paper that disabling WPS looks to be the main practical mitigation, Implementing long lock-out times for multiple authentication failures would help as well.

Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.

iPhone “jailbreaking” has been a hot topic since Apple released its smartphone more than two years ago. According to the Latest report posted by BBC that Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple’s phone software & Jailbreakers use Apple crash reports to unlock iPhones.

You may be wondering and hearing alot on “What Is Jailbreaking an Iphone? How do you do that?” Jailbreaking is basically modifying the iPhone’s firmware so that you can get access to the internals of its operating system and install a whole slew of third-party applications on your iPhone that are not otherwise available through official channels.Jailbreaking your iPhone in and of itself doesn’t normally make much difference in your operation of it, but it does allow you to install other third-party applications that are not blessed by Apple.
A collective of hackers known as the iPhone Dev-Team publishes easy-to-use, cross-platform tools that allow you to install third-party apps on your iPhone that Apple won’t admit into its App Store. The latest version of the iPhone’s operating system is proving to be extremely hard to jailbreak fully, according to Joshua Hill, a member of the Chronic Dev hacker team.”Apple is really making it tough for us. The iPhone is now better protected than most nuclear missile facilities,” he says.
Jailbreaking your iOS device also enables you to change your phone’s behavior and even add some nifty extra features. One such feature that Apple prohibited was FaceTime or any demanding data tasks over 3G.
Denial of Service Attack Vulnerability in Windows Phone 7.5

Microsoft’s range of Windows Phones suffer from a denial-of-service attack bug that allows attackers to reboot the device and disable the messaging functionality on a device.

A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub . WinRumors reader Khaled Salameh discovered the flaw and reported it to us on Monday. WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug.

Video Demonstration
Both Apple and Google have suffered from SMS bugs with their iOS and Android devices. Security researcher Charlie Miller discovered a flaw in the iOS 3.0 software that allowed attackers complete control over an iPhone at the time. Android-based phones also suffered in the SMS attack, but attackers could only knock a phone offline rather than gain full access.
Microsoft representatives did not immediately respond to a request for comment, but WinRumors says it is working with the tipster to privately reveal the flaw to Microsoft.