You are currently browsing the category archive for the 'Uncategorized' category.
More on the story here:
This report concerns the theoretical and practical issues with automatically populating mobile devices with reference test data for use as reference materials in validation of forensic tools.
It describes an application and data set developed to populate identity modules and highlights subtleties involved in the process. Intriguing results attained by recent versions of commonly-used forensic tools when used to recover the populated data are also discussed. The results indicate that reference materials can be used to identify a variety of inaccuracies that exist in present-day forensic tools.
The Paper can be downloaded in PDF format from here:
http://csrc.nist.gov/publications/nistir/ir7617/nistir-7617.pdf
More on the paper here:
http://www.testandmeasurement.com/article.mvc/NIST-Develops-Experimental-Validation-Tool-0001?VNETCOOKIE=NO
The tool itself can be downloaded from here:
http://csrc.nist.gov/groups/SNS/mobile_security/mobile_forensics_software.html
The tool is called SIMfill, and it’s a java application that populates Subscriber Identity Modules (SIMs) with reference data and can be used to assess the data recovery capabilities of forensic SIM tools. The package includes an initial set of reference data for use with SIMfill, the source and compiled code, a readme file, a user’s guide, and a video demonstration. It can be downloaded free from:
http://csrc.nist.gov/groups/SNS/mobile_security/mobile_forensics_software.html
For more information please visit:
http://www.marcotempest.com/
Created by Chris O’Shea for the BBC. The billboard is called “Hand from Above”. It is an augmented reality billboard that pokes, lifts, and squeezes bystanders.
Hand from Above from Chris O'Shea on Vimeo.
For the official website, go here:
http://www.chrisoshea.org/projects/hand-from-above/
More on Augmented reality here:
http://thomaskcarpenter.com/
http://augmented-reality.alltop.com/
CNN Coverage:
Georgia Institute of Technology Video:
More information and Paper:
http://www.cc.gatech.edu/cpl/projects/augearth/
The report features attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members. Two risks dwarf all others, but organizations fail to mitigate them. The full report is found in the link below:
Palm is going to release a new mobile phone in addition to the WebOS Platform based Palm Pre. The new mobile phone will be smaller and in candy bar form as opposed to the Pre’s slider form. For complete coverage and list of differences and similarities between the Palm Pre and the Pixi, please visit The Unofficial Palm Pixi Blog:
There is little research done on the forensics for Google’s Android mobile phone platform. This presentation by Andrew Hoog covers some background information about the platform and some history of how it came about. It also provides some technical aspects of the platform. The presentation focused on the rootable RC29 firmware and manual updates of it. Their technique involves using dd or cat to perform the forensic acquisition.
The paper also mentions the forensic software that support or plan to support Android in the future and some theoretical approaches to acquire android based devices.
ViaForensics has performed extensive research and development and will soon release a book on Android Forensics. Here is the paper:
For more information, please contact Via Forensics:
http://viaforensics.com
A new tools evaluation paper is out from Via Forensics. The paper examines and rates commercial tools as well as Jonathan Zdziarski’s technique. The paper is written by Andrew Hoog and Kyle Gaffaney.
Tools covered are:
- WOLF
- Cellbrite
- Device Seizure
- MacLock Pick
- MDBackup Extract
- .XRY
- CellDEK
The paper concludes that each vendor has a unique place in the market. It also concluded that Zdziarski’s technique is the only one poviding bit-wise copy of the user data and gave it the highest score.
http://viaforensics.com/wpinstall/wp-content/uploads/2009/03/iPhone-Forensics-2009.pdf
1- Astrid: a to do list app
2- SnapPhoto Free: a camera app
3- ACast: podcast client
4-Toggle Widgets: A widget app that has five separate one-square widgets that simply turn Wi-Fi, Bluetooth, GPS, and your phone ringer on or off, and change your screen brightness with every tap.
5- Sherpa: GPS based, find what’s “Around Me” kind of app
6- Sound Manager: manages volume of sounds on your android. you can set schedules for different levels of sound. pretty neat.
7- PdaNet: tethering for the android
8- Amazon: take a picture of an item, it is mailed to Amazon and an email is sent to you back from amazon with more details on the price of the item or a similar one.
9- Astro File Manager: a serious file browser, one that can download (nearly) any file you find a URL for, pass files on your SD card along to the Gmail client for attaching, find the files that your music or movie player can’t seem to find on their own.
10- Retro Defense: a Tower-Defense-like action game with Tron-style graphics.
Link for more information from Life Hacker:
http://lifehacker.com/5331710/ten-more-neat-and-productive-android-apps/
We have successfully registered the domain name iPhoneForensic.com for future use. We will keep you posted on any developments with it.
oFono is a Linux-based mobile OS for GSM handsets. The project combines people from both Intel’s Moblin initiative and Nokia’s Maemo project. It sounds like something big is in the works 
Poken is a hardware device that connects the web 2.0 social networking virtual world to your real world contacts and people you meet in conferences, coffee shops and elsewhere.
How does it work and when was it released?
It was released in March as far as I could tell. Here is how it works
Here are more links on it:
http://technology.timesonline.co.uk/tol/news/tech_and_web/article5987575.ece
http://www.guardian.co.uk/media/pda/2009/mar/17/sxswi-startups1
http://blogs.telegraph.co.uk/dan_monsieurle/blog/2009/03/30/who_am_i__a_panda_or_a_chimp
If you want to buy a poken, then use the following coupon code for a 10% discount:
PUTUPYPAJFAZTSD3PEHM
Watch the 46 minute long Google TechTalk about Poken here:
http://www.pokenpokes.com/2009/03/08/poken-extending-online-social-networking-into-the-real-world/
The hardware details are here:
http://ameblo.jp/hfo/entry-10224130228.html
and here:
http://ameblo.jp/hfo/theme-10011686327.html
A blog about pokens:
http://www.pokenpokes.com/
Blog post about the release in Japan:
http://nthambazale.com/2009/03/tokyo-cgm-night-episode-poken-launched-in-japan/
Let me know if you have any questions about Pokens
We acquired the domain names AndroidForensics.com and AndroidHack.com . Both domain names should take you to MySecured.com for now. We might dedicate the Android Forensics domain in the future to a website catering specifically to the Forensics of Android-Based Cellular Phones. The Android Hack domain name will be probably dedicated to the Hacks and Mods for the Android Based mobile phones and other devices such as netbooks and laptops.
Try the domain names now:
http://www.androidforensics.com
http://www.androidhack.com
An interesting article about pedophilia and ’sexting’ in the mobile age. Sexting means sending nude or semi-nude pictures of oneself on mobile phones to others. Two cases are discussed in the article.
In my opinion, lawmakers should consider the changes in technology and evolve the laws to deal with the new issues emerging from the proliferation of cell phones in our societies and changes to the ways mobile phones are used.
A new site dedicated to the Palm Pre Mobile Phone and its WebOS operating system and Application Catalog. Visit it at:
http://www.PreMobilePhone.com
Watch in on Fora.tv to see the whole transcript as in the Pouge video in the previous post.
Attached with and armband, it is a portable and multi-purpose tool:
http://www.gizmodo.com.au/2008/12/the_us_armys_secret_weapon_the_ipod_touch-2.html
Cellphone Gun:
Pen Gun:
Yes you can Watch this:
Get your gadgets coated with this micro polymer here:
http://www.golden-shellback.com/
for more information go here:
http://www.electronics-au.com.au/blog/computers/apple-iphone-underwater/
A man in the United States used his mobile phone and the social networking service Twitter to inform the world even as he was trying to escape a burning 737. Read or hear more from the ABC:
http://www.abc.net.au/am/content/2008/s2453641.htm
I have previously heard of a case where a man used the twitter service to let people know he was arrested by Egyption authorities:
http://www.cnn.com/2008/TECH/04/25/twitter.buck/index.html
Both stories might be looked at as extreme uses of the twitter service or other micro-blogging and social services. As mobile phones become more location-aware, social networking services such as twitter are tapping into this capability of mobile phones making them even more usable in distress situations or even to report crime. Coupled with cameras, these services in addition to location-aware devices can become effective crime fighting tools.
For more information on the harmless totally-reversable hack, go to:
http://www.engadget.com/2008/12/10/video-android-rocking-on-the-htc-touch/
Get the hack and instructions directly from xda developers here:
http://forum.xda-developers.com/showthread.php?t=382265
GadgetTrack software was used to track and arrest a thief in Anchorage, Alaska. For more details visit the site below:
http://www.usbhacks.com/2008/11/24/mobile-phone-thief-captured-with-tracking-software/
You can pre-order the Kogan Android phone AKA The “KOGAN AGORA” and “KOGAN AGORA PRO” for 299 and 399 respectively. The pro model has added features such as GPS, Camera and Wi-Fi.
SPECIFICATIONS:
Operating System
Android™
Google Mobile Functions
Google Search™, Gmail™, YouTube™, Google Maps™, Google Talk™, Google Calendar™.
Display
2.5-inch TFT-LCD flat touch-sensitive screen with 262K QVGA (320 X 240 pixel) resolution
Device Control
Central Navigation Key
Keyboard
QWERTY keyboard
Keyboard backlighting
GPS
GPS navigation capability (included with Kogan Agora Pro)
Connectivity
Bluetooth® 2.0 with Enhanced Data Rate
Wi-Fi®: IEEE 802.11b/g (included with Kogan Agora Pro)
Camera
2.0 megapixel colour camera (included with Kogan Agora Pro)
Audio
Built-in microphone and speaker
Headphone jack
Ring tone formats:
· MIDI, MP3, WMA, AAC, WAV, PCM
Video
Video formats supported:
· MPEG2 H263, H264, MPEG4, AVI
Mail attachment support
Viewable document types:
· JPEG, GIF, WBMP, MIDI, AMR, MP3, WAV
Dimensions (HxWxD)
108 mm x 64 mm x 14.8 mm
Weight
130g
Battery
Rechargeable Lithium-ion battery
Capacity: 1300 mAh
Talk Time
Up to approximately 400 minutes
Standby Time
Up to approximately 300 hours
Processor MHz
624 MHz
Memory
ROM:
256 MB
RAM:
128 MB
microSD™ card expansion slot
Network
UMTS/HSDPA (850, 1900, 2100 MHz)
GSM/EDGE (850, 900, 1800, 1900 MHz)
The official site is Here.
The iPhone user manual and user guide for the iPhone 3G and 2G is now available in Arabic as the iPhone is introduced in Egypt and will be introduced in other Arabic countries such as Qatar.
Here is the link to the pdf file:
http://manuals.info.apple.com/ar_EG/iPhone_User_Guide_ARA.pdf
As far as I know, this is the first Chinese made Android based phone apart from T-Mobile G1. There is an Australian company that is planning to release their own Android Based mobile phone by xmas. The link for that is here.
It does not have a physical keyboard!
The official site:
http://mysciphone.com/G2Specia.asp
I found a phone on ebay.
According to Gartner, Through 2010, 40% of application failures will be usability-related, rather than functionality-related.Join Sybase iAnywhere’s usability and human factors expert for a complimentary webcast designed to help you conquer usability issues with building mobile applications. The webcast will provide tips and techniques to help ensure your mobile application supports and impresses your end users.
Date: Thursday, December 4, 2008
Time: 2 p.m. EST
Register now to learn how to make your mobile applications more usable. There is no cost to attend these webcasts, but registration is required.
Enterprise Mobile Applications: A Study of Strategies and Adoption Trends - Webcast.
AKA Ben Stein vs. The Man on the Street:
Geography:
It’s the two hottest touch-screen phones duking it out. Can the new kid on the block take down the champ?
Want to learn how to upgrade your Android to RC30 and get root access on it? get a step-by-step guide here:
http://modmygphone.com/wiki/index.php/Main_Page
Just watch
A Friend of mine asked me for this as he has an X SIM II Unlocked and Jailbroken iPhone and didn’t want to risk loosing the space or jailbroken apps on his phone or un-activate his phone. He has 2.0.2 and wanted to upgrade to 2.1.
For him and for all of you out there, here is the guide:
Sleepers.net
Mobile Virtualization Platform (MVP) will enable Enterprise users who pick a phone with embedded support for virtualization to run multiple operating systems or multiple profiles — for example, one for personal use and one for work use — on the same phone.
The IT department will able to set up one profile that follows all the policies necessary to keep the enterprise secure, but at the same time end users can run anything they like on their personal profile, according to Sjöstedt.
Users will also be able to more easily move personal data and files — including applications, pictures, videos, music and e-mail — to a new device, making the upgrade to a new phone less painful.
Read More Here:
Even though Android OS is open source, it does not allow root access. Without full access to the phone’s software and hardware, a lot isn’t possible, notably video recording: “there’s no way in hell you could do video compression fully in software fully on dalvik” according to Jay Freeman the guy who jailbroke the G1 and installed Debian on it. This modification will also allow users to theme and skin the OS and Applications on it.
For more information and complete instructions and links to required downloads, please visit:
http://modmygphone.com/forums/showthread.php?t=5191
We have secured the domain name Securify.Me and we are in the process of forwarding it to MySecured.com. MySecured.com has been getting positive feedback from visitors and the financial gain from Google Ads is great. So, we are investing the money form the advertisements into buying cool domain names! Our overhead for the website is very low, so getting traffic through clever web domains has served us well so far
If the domain name sounds familiar, it is because of two parts of the domain:
- Securify: Packet Storm Security’s domain name used to be http://packetstorm.securify.com . Takes you back ages ago doesn’t it!
In fact, this is how it used to look like from 1999-2001:
http://web.archive.org/web/*/http://packetstorm.securify.com
Thanks to the Way Back Machine
- Me: It is the new Top Level domain name. It is also a previous version of Windows: Windows Me. More recently, Apple Computers used it for the replacement of the .MAC Cloud Computing service. It is now known as MobileMe or Mobile Me.
Keep visiting the websites and keep those suggestions coming Visit our sponsors while you are at it… it is what keeps us going after all….
contribute (at) My Secured DOt Com!
BTW: If you are interested in ANY of our domains, let us know… We might just sell it to you for the right price 
The people behind modmyi.com have an Android Forum but it doesn’t seem to have as much interest as the iPhone:
http://www.modmygphone.com/forums/index.php
I won’t judge the Android Platform yet though, I’ll give it six months 
I’ve had my iPhone 3G with MobileMe for a while now but it didn’t seem like the push service from mobile me was working at all. This changed starting from yesterday though It is working now and I am happy with it so far.
The features include: live rss feeds, live TV streaming channels, TV guide while watching TV, credit card and transport card functions on the phone, biometric fingerprint reader, 3+Mbps speed 3g data speeds… etc.
Even though the iPhone doesn’t officially support Arabic yet, Google Translator includes it in 24 languages it supports for the web based software. You can use it by pointing the iPhone browser to: http://translate.google.com.
UPDATED LIST IS FOUND HERE: http://www.mysecured.com/?p=221
Sources for downloading iPhone third party apps. Here is a list:
Community Sources:
BigBoss: thebigboss.org/repo.xml
Conceited Software: http://www.macminicolo.net/conceited/iphone/cache.plist
ModMyiFone.com: modmyifone.com/installer.xml
Ste Packaging:http://repo.smxy.org/iphone-apps/ (make sure you include the last /)
iPod Touch Fans: www.touchrepo.com/repo.xml
Other Sources:
aka.Repository: akamatsu.org/repo.xml
AlliPodHax Source: ihacks.us/index.xml or allipodhax.3host.biz/index.xml
AlohaSoft 1.0.2 - homepage.mac.com/reinholdpenner/102.xml
AlohaSoft 1.1.1: homepage.mac.com/reinholdpenner/111.xml
AlohaSoft 1.1.2: homepage.mac.com/reinholdpenner/112.xml
Apple (not really Apple): applerepo.com
AppTapp Official: repository.apptapp.com
Apogee LTD: apogeeltd.com
Blaze Official: blazecompany.googlepages.com/
BigBoss Beta: sleepers.net/iphonerepobeta
BlackWolf: m8an.de/ownrisk.xml (Extended Preferences)
Byooi Digicide: byooi.com/iphone/digicide.plist (Jiggy Apps)
CedSoft (iSnake/Bounce): prog.cedsoft.free.fr
Chris Miles Repository (iSolitare): iphone.rustyredwagon.com/repo
Conceited Software Beta: http://conceitedsoftware.com/iphone/beta/
CopyCoders: homepage.mac.com/hartsteins/copycoders/copycoders.xml (Network Apps)
dajavax: dajavax.googlepages.com/repo.xml
databinge: repo.databinge.com
Death to Design: iphone.deathtodesign.com
Digital Agua: repo.digitalagua.com
Dlubbat’s Apps: www.dlubbat.com/iphone.xml
Fight Club: dezign999.com/repo
FreeMyiPhone: pxl.freemyiphone.com/
Gogosoft Source: www.blackblack.org/gogobeta.plist
GravyTrain ’s Vault: iiispace.com/installer2.xml (Includes user submitted themes)
hitoriblog Experimental Pack: hpcgi3.nifty.com/moyashi/ipodtouch/repository.cgi
HighTymes: hightymes.org/iphone/plist/index.xml
iApp-a-Day: iappaday.com/install
Imagine09: home.twcny.rr.com/imagine09/Imagine09.xml
iBlackjack: iphonefanclub.com/native
iClarified: installer.iclarified.com
iPhone Cake: iphonecake.com/src/all
iPhoneDevDocs: idevdocs.com/install
iPhone For Taiwan (SummberBoard Themes): iphone4.tw/showme
i.Marine Software (Caissa): caissa.us
imimux Repository (Real Artist): imimux.com
iPhoneIslam: apps.iphoneislam.com
iPod Touched: ipodtouched.net/repo.xml
iPod-Touch-Themes.de: www.ipod-touch-themes.de/installer/repo.xml
iSpazio: http://repo.ispazio.net
iSwitcher (old): web.mac.com/iswitcher2/list.xml
iSwitcher (new) = MeachWare: meachware.com/list.xml
Jeremie Engel: rep.visuaweb.com
Jiggy Main Repository (Jiggy): jiggyapp.com/i
lazyasada: lazyasada.xeterdesign.com/repo.xml
Limited Edition iPhone: limitededitioniphone.com/lei.xml
Loring Studios: loringstudios.com/iPhone-schnapps/index.xml
MarcoGiorgini.com: marcogiorgini.com/iPhone/plist.xml
Makayama Software (CameraPro): tinyurl.com/2t8cax
MaomaLand: maomaland.com/iphone/repo.xml
Mateo (BeatPhone): bblk.net/iphone
McCarron’s Repo: patrickmccarron.com/irepo
MeachWare (new iSwitcher): www.meachware.com/list.xml
Mobile Stacks: mobilestack.googlecode.com/svn/repository/internal.plist
ModMyApple.it (iBirthday): www.serverasp.net/chiafa/MMA/repo.xml
Moyashi: hpcgi3.nifty.com/moyashi/ipodtouch/repository.cgi
MTL Repository: home.mike.tl/iphone
MyApple.pl: i.myapple.pl
newATTiPhone.com: newattiphone.com/repo.xml
NPike.net: http://apps.npike.net/repo.xml
Nuclear Design: nucleardesign.net/repository
Polar Bear Farm: www.polarbearfarm.com/repo/
Polleo Limited: source.polleo.no
Private Indistury: brandonsgames.com/chriss/index.xml
Pyrofer’s Projects: pyrofersprojects.com/repos/repos.xml
R4m0n (iPhysics): iphone.r4m0n.net/repos
RiP Dev (Caterpillar): http://repository.ripdev.com/
Robota Softwarehouse: iphone.robota.nl
Sanoodi Repository: sanoodi.com/iphone
Saurik’s Coding Toolbox (Cydia): apptapp.saurik.com
ScoresPro: www.scorespro.com/iphone/repo.xml
scummVM: urbanfanatics.com/scummvm.xml
sendowski.de (MobileChat)sendowski.de/iphone
Shai’s Apps: ride4.org/shai.xml
Simek’s Graphic: simek.ddl2.pl
Skrew: i.danstaface.net
Slezak’s Stuff: www.spencerslezak.com
Soneso Repository: soneso.com/iphone
SOS iPhone (ContactFlow): rep.sosiphone.com
Spiffyware: spiffyware.net/iphone
Studded: studded.net/installer/index.xml
Surge: iphonesurge.com/iphonesurge.xml
Swell: lyndellwiggins.com/installer/Swell
Swirlyspace: swirlyspace.com/SwirlySpace.xml
Touchmod Team: touchmods.net/rep.xml
Trejan: trejan.com/irepo
Trivialware: mazinger.cs.yale.edu/iphone-apps/index.xml
Unlock.no: i.unlock.no
weiPhone (weTools/weDict): app.weiphone.com/installer
Wizdom on Wheels (Common Website Links): iphoneapps.wizdomonwheels.com
ZodTTD.com Releases: zodttd.com/repo
Language Sources:
Arabic: apps.iphoneislam.com
Chinese: iphone.org.hk/repository.plist
Danish: iphone.vildmedmac.dk/install
French: rep.sosiphone.com
FrenchIphone: rep.frenchiphone.com
German: sendowski.de/iphone
German aXP: lostsoul.aeroxp.org/iphone/index.xml
Greek: www.greek-iphone.com/grloc
Hebrew ?????: ihebrew.net
Hungarian: ifhone.hu/install.xml
Norwegian - iFon: install.ifon.no
Polish - iPolish: krzak.net/iphone
Polish - iPolish(1.1.2): wakoman.ovh.org/iphone
Português-Brasil(1.1.2): iphonemod.com.br/forum/repo/installer.xml
Russian iPhone.RU: iphones.ru/r
Russian iPhone ??-??????: russianiphone.ru/beta
Russian Tools (in English): russianiphone.ru/beta/en
Spanish Phyros iPhone-ES: iphone.frickr.es/index.xml
Swedish iFun.se: ifun.se/swe
Taiwanese: iphone4.tw/unlock
Thai: pradt.net/iphone
Turkish: niffob.com/triphone.xml
Vietnamese: iphone.billydragon.net
More Sources here:
http://www.ipodtouchfans.com/wiki/index.php?title=IPod_touch_Installer_source_list
Gear Live has a cool gallery of pictures of the new additions to the iPhone interface in its 1.1.3 release. The most impressive feature for me was the locate-me feature for the google maps application. Other features include dragging and dropping icons on the springboard and bookmarks icon on the springboard. Another much-needed feature is the multiple-people SMS capability.
To see some screen shots of the changes please follow the link below:
All you have to do is place a font file in the direcotry:
system/library/fonts/cache
It can be downloaded from here:
http://rapidshare.com/files/70430782/arialuni.ttf.html
And your safari browser will be able to ready arabic in the correct direction this time! As shown below
Credit for this one goes to Mishary.
Thanks
Boise State University is working on research to power a D-size battery by walking motion. Here are the details:
http://www.news.com/8301-11128_3-9818487-54.html?tag=nefd.top
This is a stand-alone hard disk wiper! No computer needed. Wiebetech’s pocket-sized eRazer erases at a rate of 35MB/s, effectively wiping a 250GB hard drive in under two hours. The eRazer meets the DoD erasing standerds and sells in two versions one for $99 and the Pro which supports SATA and Multi-pass sells for $150… Cheap!
It is finally here Now you can safely update your 1.0.2 to the new 1.1.1 and have it work like a charm Make sure you know what you’re doing though
Here are the detailed instructions:
http://www.tuaw.com/2007/10/29/instant-jailbreak-for-iphone-and-ipod-touch/
Remember, if you brick your iPhone, don’t blame us!
Read about it at Engadget then follow the easy instructions here: http://iphone.unlock.no/
Easy!
http://www.iphonealley.com/news/anysim-released-free-gui-iphone-unlock
This time it is by the iPhone Dev team iPhone is finally free from its AT&T ball and chain!
For more information and to download the needed files, head to Gizmodo. Instructions are not out yet. So, if you are one of those people that never RTFM, then download it and wing it!
Thanks again for EVERYONE on the Hackint0sh forums for all their efforts and all the good times we had with the iPhone
Otherwise, (if you’ve got money to burn) then go for the commercial unlock software found here:
http://www.iphonesimfree.com/cgi-bin/iphonesimfree/engine.pl?page=buy
Got questions? We got answers! Don’t be hatin’ start participatin’! Head to Hackint0sh.org!
Image above is from: http://blog.scifi.com/
A simple idea that resulted in big fireworks! Just take the IP address information from wiki posts and cross it with DNS information from IP range owners and walla!
Still don’t know what this means? It means you can now find out if someone is editing their own wiki information (like deleting the bad stuff!… For shame!).
Good on you Virgil Griffith. I hope that you don’t edit your own wiki entry either
Here are the links:
- An MP3 interview with Virgil: http://www.abc.net.au/melbourne/stories/s2017196.htm?backyard
- http://virgil.gr/ his website
- WikiScanner http://wikiscanner.virgil.gr/
This tool answers the question: who really edits wikis? Now you know!
Here is something to get your appetite going. WIRED Magazine’s list of salacious edits:
According to WIRED Magazine:
http://www.wired.com/gadgets/wireless/news/2007/08/iphone_forensics
It quotes an expert from Paraben and Blackbag saying that it is a challange.
It is STILL NOT a software hack! This one revolves around something called TurboSIM. It supports all kinds of SIMs not just V1 SIMs. For more information go to:
http://www.iphonestalk.com/iphone-unlocked-for-all-use-any-sim-card-in-your-iphone/
and here is how to do it:
http://www.hackint0sh.org/forum/showthread.php?t=2619
or
http://www.jasonmadigan.com/2007/08/13/turbo-sim-iphone-unlock-confirmed-working/
Enjoy and this time, no need for SIM card programmer devices or Silvercards!
For more information go to the MSN Video:
http://ninemsn.video.msn.com/v/en-au/v.htm?g=7386e8dd-6f00-4c67-931b-cea66739a91e&f=&fg=copy
If you don’t already have this one, please download and read this Computer Security Division NIST Interagency Report (IR). It was published in March 2007:
- http://csrc.nist.gov/publications/nistir/nistir-7387.pdf
- Zipped version of the pdf: http://csrc.nist.gov/publications/nistir/nistir-7387-pdf.zip
It is an update and complement to NIST Reports:
- Guidelines on Cell Phone Forensics (Special Publication 800-101):
- Cell Phone Forensic Tools: An Overview and Analysis (NISTIR 7250):
If you have just bought yourself a Windows Mobile 5 or Windows Mobile 6 device and wanted to abuse it right away, then you came to the right place! As you know, nowadays these devices come with wi-fi, bluetooth, hsdpa… etc… Unfortunately though, they do not come bundled with security toys to use these facilities! So, I went searching for you and I found this site that has exactly what you need “Top 10 (free) Security Tools for Windows Mobile”:
http://www.justinclarke.com/archives/2007/04/top_10_free_sec.html
Note the following though:
1. Cain: No matter how fast you think your Pocket PC is, cracking hashes on it is not a good idea
2. btCrawler: You need to change tow registry values (at least) to be able to use the snarfing and bluetab exploits. See: http://msmobiles.com/news.php/5507.html
3. VxUtil: The program creates a directory called “Communications” under the “Programs” directory.
4. WiFiFoFum: Careful! You could drain the battery quickly if you use the bluetooth GPS and the Aggressive mode of scanning.
5. Spybot: It’s good to be prepared!
6. NetCat: Make sure you download the windows and linux versions and keep them on your storage card netcat tutorials.
7. NbtstatCE: unzip on your pc then copy the exe file to your PPC and run it with the file explorer.
- PocketPutty: Must have of course
Thanks Justin!
Picture from MobileFanatic
The article below discusses issues that law enforcement agencies have with intercepting VOIP calls on Mobile phone networks and whether traces are left on the devices about the phone calls taking place.
Link: The Australian Newspaper.
Visit the google-translated Japanese website below to see the Internet from a Japanese prespective. http://64.233.179.104/translate_c?hl=en&u=http://internet.watch.impress.co.jp/&prev=/search%3Fq%3Dmarwan%2Bal-zarouni%26start%3D40%26hl%3Den%26rls%3DGGLJ,GGLJ:2006-50,GGLJ:en%26sa%3DN
The agent files are installed in the root of a USB mass storage devices, such as a USB flash drives, digital cameras and iPods. The agent prompts the user to “install USB Device Driver” which is social engineering the thief into running the agent’s IP tracking and sending code! For more details visit their how it works section on:
Yet another clever use of The pop-up window of USB devices. Best of all, the basic service is currently free
What’s this:
- A USB Memory stick.
- A solar powered device.
- An MP3 Player.
- A VoIP device.
- All of the above
- 1,2, and 4 only.
For the answer, go to:
http://www.engadget.com/2006/11/29/a-datas-solar-disk-and-voip-disk/
Need we say more? My only comment is that I have seen many ATMs with telephone cables in plain sight just begging for a bugging device!
The question of the day is: When will banks understand the importance of ATM device security? (please don’t answer ).
Many thanks to Times Online for the story.
Please read it in full by visiting:
http://www.timesonline.co.uk/article/0,,29389-2453590,00.html
The forum is organized by the Dubai School of Government, in partnership with the Ash Institute for Democratic Governance and Innovation, at the Kennedy School of Government - Harvard University. The objective is to facilitate the development of capacity for innovation in the Arab public sector, creating a knowledge base of innovations, and establishing a network of Arab innovators. The purpose of the Forum is to bring together ‘theory’ and ‘practice’ and to create a meeting space for policy makers, governance innovators, academics, social activists, representatives of the media, and all those concerned with improving governance.
Link:
http://www.dsg.ae/iig/conference.htm
Thanks Dr. Bigdeli
At least for now, FireFox 2 is vulnerability free. More on IE7 flaw here:
It is only a matter of time until someone finds the bugs in the new Firefox. People are already blogging about IE7 vs FF2. Here are some links for you:
http://www.chron.com/disp/story.mpl/headline/biz/4282263.html
http://www.webpronews.com/blogtalk/blogtalk/wpn-58-20061019IE7vsFirefoxIE7havingtroublewithGooglesites.html
http://www.chron.com/disp/story.mpl/headline/biz/4282263.html
More information on IE7 on Fahad.com:
http://www.fahad.com/2006/10/microsoft-releases-windows-internet.html
You can download IE7 From here:
http://www.microsoft.com/windows/ie/downloads/default.mspx
and FireFox 2 from here:
http://www.getfirefox.com
Bruce Schneier is a happy man today and so is BT
Read why here:
http://www.btplc.com/News/Articles/Showarticle.cfm?ArticleID=386c1b2f-0860-4afc-8f4a-26a066c12d10
Two weeks ago I have been in Cambridge at XI ICCRP symposium were we had a speech on network centric principles and world cargo security. With Barbara Torell, who is an expert on advanced risk management, we wrote a paper on network centric principles and world cago security. Paper and presentation on the web site are not updated but are useful to have a clue of what we did. The title of the document is misleading, because the paper got an unexpect direction ending up to exposures of maritime supply chain but also on how complex adaptive systems manage their inner force (you can find more useful the presentation on this topic) and reasons for which law agencies at all levels (from upper military down to city bodies) should improve efforts for information sharing .
The good news for all aussie friends is that the best paper was the one written by Celina Pascoe and Irena Ali from DSTO “Network Centric Warfare and the New Command and Control: An Australian Perspective”.
All papers are available at CCRP web site in the Events section.
It was also my pleasure to meet Dr. Alberts - CCRP director, Dr. E. Smith (author of the EBO book on which I loosed more than one night to prepare exams on information warfare) with which we talked about boundaries and complexity, Dr. Hayes from EBR and Anne-Marie Grisogono still form DTSO author of very interesting papers I read during the research.
Well, all in all it was a very intersting conference and a great opportunity to meet some of best minds arounds.
I wish once again thank ECU professor Mr. Bill Hutchinson (my previous lecturer when I was a Perth student) who gave some interesting hints on which we worked during the writing.
See you next year in Newport, Rhode Island.
I haven’t been to Defcon for a while now (2001) and I miss all the show and tell part of it. I was browsing thesecure.net today and I found a link to this article:
http://www.tgdaily.com/2006/08/30/defcon2006_janus_project/
It has 8 cards and it can sniff data from up to 300 networks at one time. It can also crack WEP, WPA, and WPA2 keys quickly. Best of all, the off switch stops everything instantly, and the hard disk is AES 256 bit encrypted! To start the computer back up again a USB key with a 2000-bit passkey and a password must be entered…. Respect!
This kind of stuff you just don’t see in the corner of your friend’s apartment (at least not my friends)… You need to go all the way to Las Vegas to see it.
MySecure.com is undergoing major changes. The categories will be revamped, links will be renewed and RSS feeds will be added. Bear with us as these changes will take time but they are for the good of the site and its visitors… see you back soon
How far would you go to use a mobile phone in a prison cell. Apparently pretty far! Literally. Four guys in a maximum security prison in El Salvador hid their mobiles and a charger into their rectums far enough to reach their intestines. Ouch!
Link:
http://blogs.reuters.com/2006/09/07/pssst-amigo-answer-my-phone-and-say-im-not-here/
If you thought that “Snakes on a Plane” was scary, then read this:
Australia’s national carrier Qantas has announced that from 2007, passengers will be able to use their mobile phones to make voice calls send text messages and even email on some of its domestic flights. Users will need to have roaming enabled though and pricing was not announced yet. The trial is expected to last for three months.
The question is, what are the security issues that are involved here. What about safety issues, like mobile phone signal interference with flight instruments.
Link:
http://networks.silicon.com/mobile/0,39024665,39161877,00.htm
I first heard about this on Off The Hook:
http://www.2600.com/oth-broadband.xml
I looked it up on the Internet and I found the following readings for your enjoyment:
http://delineneo.com/2006/08/14/big-brother-is-watching-your-garbage-bins/
http://www.northerndistricttimes.com.au/article/2006/08/09/560_news.html
http://www.pc.gov.au/inquiry/waste/subs/subdr176.pdf#search=%22microchip%20garbage%20bin%22
Does anyone see how this could be abused?
Bit Torrent technology together with IPTV results in P2PTV . It is basically Bit Torrent based TV streams. Applications include but are not limited to:
Take into consideration that not all applications can be free, some might have two versions, a free version and a paid one.
Fun Fact: During the 2006 Football World Cup, thousands of people watched it on their PC rather than their TV. Sites like: http://www.project2046.com/ provided people with match details and where to watch them on a PC.
Other Links:
My post on TVU Player on marwan.com:
http://www.marwan.com/2006/06/tvu-player.php
P2P TV Guide:
http://www.p2ptvguide.co.nr/
In this case the profit is in knowledge! So what is place shifting television?
It basically means that you connect the output from your TV into a media streamer that puts it on the Internet. Then you can watch your TV channels from virtually anywhere that has Internet access. You can Even change the channel. Slingbox is a prime example of that: Watch the Interactive Video for a demonstration.
Universal Music announced that it will offer all of its music for download on an Internet site for free. The catch is that revenues will be generated by means of targeted advertising.
The questions of the day are:
- How will Apple’s eTunes react to this?
- How will Napster and Yahoo react?
- How will music pirates react to this?
- How will this effect advertising on the Internet?
- How will the artists get/calculate their share of revenues?
- Last but not least, how will the average consumer react to this? Will people still download music illegally?
We have from now till December to find out.
Link:
News Article
If you get over the annoying beginning of the show, the rest of it is pretty good.
Topics include:
- The Kevin Mitnick hack
- Bruce Scheiner’s 2600 article
- Defeating fingerprint scanner with ballistics gel (40:00)
- Penetration Testing
- Jay Beale’s Bastille Linux for Mac OS X: http://www.bastille-linux.org/jay/dc14.pdf
- Etc…
Link:
http://www.pauldotcom.com/2006/08/25/pauldotcom_security_weekly_epi_42.html
The Interview with Ivan Arce from CORE is available here:
Also check out this link:
http://marc2.theaimsgroup.com/?t=114617845500002&r=1&w=2
It doesn’t take a genious to figure that one out. Look at it this way: If you have diabeties and you carry your glucometer with you all the time and you carry your mobile with you all the time as well… The thought of merging the two must have crossed your mind at some point, right? Well it did for HealthPia and LG and they came up with this device. It is basically a hardware device that attaches to an LG mobile phone (called Glucopack) and some software that needs to be installed on the LG phone. There… Now you have yourself a “GlucoPhone”. I wonder what the smartphone will merge with next. Here is the list of things we already merged with mobile phones:
- Digital Cameras.
- Polaroid Cameras.
- Image and video editing software
- Other productivity and business related software. (including word processing, spread sheet and presentation tools)
- Personal Digital Assistants (PDA)
- Global Positioning Systems (GPS)
- Wallets, signatures and keys (Digital wallets, encryption keys and signatures)
- Glucometer
- Biometric readers (fingerprint and voice recognition at least)
- Web browsers
- Email clients and push email
- Services (such as check-in hotels and ordering stuff from ringtones to pizzas)
- Other connectivity related devices (Wi-Fi, bluetooth and infra-red)
- TV and radio including terrestrial, satellite and Internet based
- Media recorders and players (Music and video)
- Data storage devices
- Video Games (Engage and Java games to name a few)
- Sex related hardware, software and content (yes they are out there!)
- Etc…
If you can think of anything more, or if you know of a link to some of the above, let me know by commenting or emailing me.
Link:
http://www.gizmodo.com/gadgets/health/glucophone-a-cellphone-for-diabetics-194711.php
This magazine has been published in seven different languages for a long time. Finally, an English version will be available through book stores in Spetember.
hakin9 is a bimonthly technical magazine about IT security and hacking. It offers an in-depth look at both attack and defence techniques and concentrates on difficult technical issues. hakin9 is useful for all of those interested in securing network infrastructure and systems - both professionals and hobbyists.
If you missed out on any day, here is a link to Wikipedia’s version of the day-to-day events :
http://en.wikipedia.org/wiki/Timeline_of_the_2006_Israel-Lebanon_conflict
Keep in mind that: “The neutrality of this article is disputed.” as the site clearly states!
OK, here is the scenario:
- An SMS is sent to mobile phones that lures the victims to visit a web dating site.
- After they visit the specially crafted website address, another message thanks the recipient for subscribing to a dating service, which is fictitious, and states the subscription fee of $2.00 per day will be automatically charged to their cellular phone bill until their subscription is canceled at the online site.
- Recipients visiting the site to cancel their subscription are redirected to a screen where they are prompted to enter their mobile phone number to unsubscribe, then given the option to run a program which is supposed to remove their subscription to the dating service.
- When they run the executable file, it adds several files to the host and changes registry settings to open a backdoor port and lower Windows security settings. The host file is modified to prevent the victim from browsing to popular anti-virus Web sites. The executable also turns the infected computer into a “zombie” network, which can be remotely controlled by the hackers.
So, how do you classify this attack? phishing (notice that no emails were sent), mobile virus, computer malware , Trojan, “no patch for stupidity” or “all of the above”?
Note: notice that bank sites always warn their customers not to trust emails… But they say nothing about SMS! Even the banks that provide services such as mobile banking.
Links:
http://www.zone-h.org/content/view/13889/31/
http://www.ic3.gov/media/2006/060628.htm
I saw the following footage on Google Videos and it has footage from eye witnesses that report hearing repeated explosions after the first airplane hit and afterwards. This footage was put together to prove a point: Controlled demolitions they say:
http://video.google.com/videoplay?docid=3249714675910247150
Make your own mind about it. or don’t! Here are some links as always:
http://www.freepressinternational.com/911.html (videos)
http://www.rinf.com/conspiracies/9-11.html (videos)
http://www.911truth.org/
http://en.wikipedia.org/wiki/9/11_conspiracy_theories
http://www.popularmechanics.com/science/defense/1227842.html
http://www.thenewamerican.com/artman/publish/article_1253.shtml
and finally, the 911 Commission Report:
http://www.9-11commission.gov/report/911Report.pdf
Zazz is the Australian version of Woot!… It sells one item per day. I bought some stuff from them like the USB-on-the-go device called the Copy Box for under AU$20 including shipping! We played around with it at SCISSA and we found that it works with copying fat16 folders and disks but it failed to copy files and drives when it comes to Linux partitions. We also found out that it puts files that are copied into a folder named “Copy001″ on the destination drive. So, we created folders on the destination drive from 001 to 255 and the device just hanged!
Link:
http://www.zazz.com.au/
I really don’t know what to think of current world events. It seems though that people will always look at things as a reflection of themselves. You have the optimist, the realist and of course the over dramatic!
Here are some links:
http://www.threeworldwars.com/world-war-3/ww3.htm
http://en.wikipedia.org/wiki/World_War_III
and some videos on WWIII:
http://www.cnn.com/video/player/player.html?url=/video/moos/2006/07/21/moos.world.war.three.cnn
http://www.youtube.com/watch?v=pLKFKbQCqa8
Remember the stolen laptop incident? “Which one?” you might ask! Well, there have been many of them lately. Search google news for “laptop stolen” and you are sure to find some news:
http://news.google.com.au/news?q=laptop+stolen
The question of the day is: If there are many protection machinisms against laptop and mobile device theft, then why isn’t anybody using them?
Some links:
Articles on the issue:
http://www.networkworld.com/news/2006/071706-mobile-users-security.html
http://www.dermatologytimes.com/dermatologytimes/article/articleDetail.jsp?id=100055
Hardware encryption option for laptops:
http://www.securesystems.com.au/pages/02_technology/01.htm
Tracking options for laptops:
http://mylaptopgps.com/
http://www.lojackforlaptops.com/
http://www.ztrace.com/
http://www.xtool.com/
No comment! Just read the article:
http://blogs.reuters.com/2006/07/22/high-tech-cloning/
All you have to do is get some of that dental mold stuff and take an impression of the finger you want to fake and then just fill the mold with Play Doh and you got yourself a finger print. No need to sever any fingers!
Links:
http://www.yubanet.com/cgi-bin/artman/exec/view.cgi/8/28878
http://www.therawfeed.com/index.html
I remember Phil telling me something about voice encryption a long time ago… I think it was in Techno-Security 2001! I guess this is the final product of that. Well, it is still in Beta.
I love how Phil approached the VOIP encryption problem. With Zfone, he uses a new protocol called ZRTP, which differs from other approaches that rely on PKI, key certification, trust models, certificate authorities, or key management. It is NOT a server based solution and it does perform its key agreements and key management in a pure peer-to-peer manner.
This has been a long time coming project for Phil and I wish him all the best with it.
CCCure.Org made an exclusive distribution agreement with Shon Harris to sell the package at this price. Offer ends 7th of August 2006. Usually this is sold on Amazon.com for…
http://www.amazon.com/gp/product/B0000WUQRA/002-3789827-8844832?v=glance&n=130
I Have previously recommended Shon Harris’ CISSP Book as you might have read on MySecured.com.
Link:
http://www.cccure.org/modules.php?name=News&file=article&sid=527
The Generic Access Network (GAN) was formerly known as Unlicensed Mobile Access (UMA), until it was adopted by the 3GPP in April 2005. It describes a telecommunication system allowing seamless roaming and handover between local area networks and wide area networks using the same dual-mode mobile phone.
The local network could be based on private unlicensed spectrum technologies like Bluetooth or 802.11. The wide network is alternatively GSM/GPRS or UMTS mobile services.
It lets mobile operators deliver voice, data and IMS/SIP (IP Multimedia Subsystem/Session Initiation Protocol) applications to mobile phones on local networks. Its ultimate goal is the convergence of mobile, fixed and Internet telephony (Fixed Mobile Convergence).
On the cellular network, the mobile handset is communicating over the air with a base station, through a base station controller, to servers in the core network of the carrier. Under the GAN system, when the handset detects a LAN, it establishes a secure IP connection through a gateway to a server called a GAN Controller (GANC) on the carrier’s network. The GANC translates the signals coming from the handset to make it appear to be coming from another base station. Thus, when a mobile moves from a GSM to a Wifi network, it appears to the core network as if it is simply on a different base station.
GAN was developed as UMA by the Unlicensed Mobile Access Consortium (UMAC) and is now part of the 3rd Generation Partnership Project (3GPP) specification TS 43.318 (Source: http://en.wikipedia.org/wiki/Unlicensed_Mobile_Access).
It is a broadcasting system for sending multimedia (mainly radio, TV and data) to devices such as smart phones. It can operate via satellite (S-DMB) or terrestrial (T-DMB) transmission. South Korea started selling DMB capable systems in 2005. As of April 2006, S-DMB service there consists of 7 TV channels and 20 radio channels. Around one million receivers have been sold as of June 2006. Receivers are integrated in car navigation systems, mobile phones, personal video players, laptop computers and personal digital cameras (Source: http://en.wikipedia.org/wiki/Digital_Multimedia_Broadcasting).
I’m not surprised. I’ve been asking people about their mobile’s model number for my research and all I hear from them is “I don’t know”. So, I don’t even bother asking them what OS version it is running. What surprises me though is people often know what their model is NOT!… Here is a typical scenario:
Me: Hey, what model number is your mobile phone?
Them: I don’t know…. Some crappy model!
Me: Is it the N90?
Them: No….. I wish it was! This is a crappier older one. I don’t know the exact model number though.
And that marks the end of the conversation… No point asking them what Symbian version they are running…
One of the problems in my openion is that some phone manufacturers produce model numbes with a difference of one digit like 6600 and 6610 ans so on. Or something like SPX240 and SPX240i or something… Confusing ay?
Link to article on the study:
http://www.engadgetmobile.com/2006/07/18/study-many-dont-know-the-model-of-their-phone/
A site called “Mobile Gadget News” has pretty nice articles, notable ones include:
Important Dates: Conference: 25-26 July 2006 • Exhibition: 24-26 July 2006
The conference is co-organised by National ICT Security and Emergency Response Centre (NISER). The list of speakers includes John Meakin, Group Head of Information Security, Standard Chartered Bank, UK; Steve Orlowski, ex-Chair, APEC e-Security Task Group, Former Special Adviser IT Security Policy, Information and Security Law Division, Attorney-General’s Department, Australia. In addition to some (ISC)2 board members such as Howard Schmidt, Former Cyber-Security Advisor to the President of the USA and Professor Corey D. Schou, PhD, University Professor of Informatics & Information Systems, Associate Dean, College of Business, Idaho State University.
Registration for (ISC)2 members is US$380 and US$420 for others.
Download it here. Features added include syncing favorites, notes and files. It supports both pocket PCs and smartphones of course
In a world full of information, where you find what you need? How get the flower you are looking for in a world wide garden? And how you can defend your point of view against so much opposed controversial positions?
We would like start a project to investigate about
- the possibility that in such Land of i-Plenty, anybody could write a decent paper even on hard topics and not just playing on common sense
- in organizations, the change of hierarchy from pyramidal to short-cylindrical is due mainly because lowest segments of the command-control chain are more leterate and can access more information in shortest time than before
- new challenge for organizations to leverage and exploit higher sensemaking capabilities in more agyle structure (doing more with less human resources at middle management level)
- opportunity of inplacement (as opposit to outplacement) of people at middle management level
To start the project, we are looking for people that would help to write papers or to manage writers with some basic hints. Would you like to help? Do you have any topic could be of interest?
For more info, please post.
In warfare nowadays , when a campaign is won with little or no efforts and without physical confrontation, do you think the winner could feel greater the need to inflict body injuries to loosers just to perceive better and depeer the victory?
Would you like to be part of interesting project? Are you able to write in perl or php or a LAMP skilled programmer? Are you willing to work as volunteer on our idea and then share results with us? Can you be directly referenced by one of us (me or Marwan)?
If so, please contact us. ASAP.
The blog is an information sharing portal maintained by Marwan Al-Zarouni and Salvatore Fiorillo. The blog will cover a verity of subjects related to information security, computer security, information warfare and information operations. The blog will also provide Marwan with an outlet to discuss issues related to his Doctoral research in smart mobile phone forensics.
