You are currently browsing the category archive for the 'Hacking' category.
A presentation and paper on Reverse engineering JTAG at the 26th Chaos Communication Congress is now available to download here:
http://events.ccc.de/congress/2009/Fahrplan/track/Hacking/3670.en.html
Other Hacking and reverse engineering papers and talks from the conference can be found here:
http://events.ccc.de/congress/2009/Fahrplan/index.en.html
The hacking track is here:
http://events.ccc.de/congress/2009/Fahrplan/track/Hacking/index.en.html
Hackers claim to have stolen all T-Mobile US’s corporate data, customer accounts and network infrastructure. More information from the Register can be found below:
Three individuals who allegedly hacked into telephone systems in the United States and abroad and sold information about the compromised telephone systems to Pakistani nationals residing in Italy. Italian law enforcement arrested the financiers of the hacking activity. Those financiers allegedly used the information to transmit over 12 million minutes of telephone calls valued at more than $55 million over the hacked networks of victim corporations in the United States alone. Read more below:
http://www.net-security.org/secworld.php?id=7645
Here is an article about the security of the newly released iPhone 3.0 software for both iPhone 3G and iPhone 3G S:
http://www.net-security.org/secworld.php?id=7647
Having a rooted phone means you can do tricks like setting up a 3g/wifi bridge. The process starts by using a rooting app to revert the phone to the rc29 build. then using the “android stupidly executes everything you type” exploit to launch telnetd and upgrade the bootloader. After that, the upgrade process is fairly easy. Just flash a new baseband and build. once you’ve got your new custom firmware, you can do future updates using an app from the android market.
Read More here:
The video talks about a couple of people who’s lives are ruled by harrasing calls and threats. They claim that their phones are tapped with special software.
Rick Mislan talks about the software and how easy it is to be placed on mobile phones.
Software such as:
- http://www.mobile-spy.com/
- http://www.world-tracker.com/
- http://www.flexispy.com/
- http://www.e-stealth.com/
- http://www.fonefunshop.co.uk/spyphone/
- http://www.thespyphone.com/allinone.html
Link to Video on YouTube:
http://www.youtube.com/watch?v=uCyKcoDaofg
It looks and functions like a Blackberry 8830 but it sure is NOT a regular Blackberry. It is locked down by NSA. I am not really sure if it is a good idea at all. NSA is installing the SecurVoice software on it for both voice and messaging as one of the ways to secure the phone. I am sure that there is a whole infrastructure that is required to run his handset services. Even considering all that, I Still believe that a mobile-phone-carrying president opens so many doors for hackers.
Can NSA and Obama get away with using a (persumably) secure mobile phone service and handset? That is the question of the day!
Read more here:
http://blog.wired.com/gadgets/2009/04/obama-to-get-ba.html
It is persumed that the phones can be modified and used in receiving SMS verification codes sent from banks:
criminals have already collected thousands of login details for online bank accounts in countries such as Germany and Holland where banks send a transaction authentication number (TAN) code by SMS to a person’s mobile phone in order to complete transactions.
Read the original post byUltraScan here:
http://www.ultrascan.nl/html/press_room.html#25.000%20Euro%20for%20your%208%20years%20old%20Nokia%201100
Read more about it here:
http://www.arabianbusiness.com/553344-hackers-pay-top-dollar-for-old-nokia-1100-handsets
and here:
http://www.dialaphone.co.uk/blog/?p=2922
It might not be because they are secure, but simply because the ROI is just a mere phone handset! Add to that the device, OS, and carrier variations.
Read more here:
http://mobile.slashdot.org/article.pl?sid=09/03/25/1238246&from=rss
and here:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Mobile+and+Wireless&articleId=9130346&taxonomyId=15&pageNumber=1
We acquired the domain names AndroidForensics.com and AndroidHack.com . Both domain names should take you to MySecured.com for now. We might dedicate the Android Forensics domain in the future to a website catering specifically to the Forensics of Android-Based Cellular Phones. The Android Hack domain name will be probably dedicated to the Hacks and Mods for the Android Based mobile phones and other devices such as netbooks and laptops.
Try the domain names now:
http://www.androidforensics.com
http://www.androidhack.com
I don’t know if this is true or not yet but here it goes! There seems to be a vulnerability that affects Nokia Series 60 phones, including N95 and N73 handsets that blocks all SMS and MMS from reaching the phone, hense the name “Curse of Silence”. attacker in this case sends a specially designed SMS message to the target phone. What’s worrying is that the recipient will receive no indication that they got the message.
The only way to get the target phone to recieve messages again is to factory reset it. Even after the factory recet, the phone still remains vulnerable to future silent curses. The attack will only work on phones running version 2.6, 2.8, 3.0 or 3.1 of Symbian S60.
It can be done!
Watch in on Fora.tv to see the whole transcript as in the Pouge video in the previous post.
Modding Education for iPhone users AKA ModEdiPhone.com is a new website for all iPhone users who would like to jailbreak their iPhones or SIM unlock them whether they are using a first generation iPhone or the 3G iPhone. It provides guides and step-by-step videos and advice on how to do each hack or mod without any complications. It includes software, firmware, and hardware mods and hacks. It also contains the last five posts from the most popular iPhone blogs and news sites. It is a must visit and subscribe-to website so make sure you add it to your favourites 
Here is the link:
http://www.modediphone.com/
As predicted, it did take a long time to unlock the 3G version of the iPhone as compared to the 1st generation iPhone. It is never the less a great achievement for the Dev-Team. So, if you are still using a SIM proxy to unlock you iPhone 3G, then this unlock is for you. For all others, this makes no difference at all 
For those who do require the SIM unlock I give you this warning: never upgrade you phone to 2.2 as it will unpgrade your modem software making it impossible to unlock with the SIM unlocking solution from the dev-team.
So: NEVER UPGRADE OR RESTORE YOUR IPHONE IN ITUNES
For more information, please visit the dev-team’s website at:
http://blog.iphone-dev.org/
For more information on the harmless totally-reversable hack, go to:
http://www.engadget.com/2008/12/10/video-android-rocking-on-the-htc-touch/
Get the hack and instructions directly from xda developers here:
http://forum.xda-developers.com/showthread.php?t=382265
A good start is Google’s own documentation page:
http://code.google.com/android/documentation.html
Books are another good source for step-by-step development. One Andoid book that I read is:
ANDROID A PROGRAMMERS GUIDE (Paperback)
It guides you through installing Eclipse, Android SDK and all the different steps that lead you into developing a “Friend Finder” application.
Other books of interest that i found on Amazon include:
The founders of google missing around with the Android and writing their own applications for it. This includes an application that uses the hardware sensors on the phone. This is an invite to all geeks to hack their Android phones. It’s not like you needed an invite or anything… but it is a good thing to have nevertheless.
Fun Fact: Notice that one of them calls “Android Market” the “App Store”…! I guess one of them was using the iPhone too much 
Get more information about this application and much more on Android’s Developer blog.
Also, visit Google Code Pages for Android.
Google Marketplace is where developers can easily publish and distribute their applications directly to users of Android-compatible phones including the T-Mobile G1.
As you might know, the iPhone 3G comes either on a contract which means that it is locked to the provider or Unlocked via iTunes on pre-paid plans or through a special arrangement with the service provider for a small fee. Locked phones however can be unlocked via hardware SIM attacments such as TurboSIM (discussed in detail in my paper) or other cheaper alternatives such as Universial SIM. What you might not know is that some sellers sell iPhones as if they are officially or leagally unlocked but in actuallity they are unlocked with alternative SIM attachments as shown in the pictures below:
SIM insertion slot showing extension wires
The actual Universal SIM attachment
To find out if the iPhone you are buying is unlockable by its carrier or not, ask the seller for the phone’s serial number and then visit:
http://support.apple.com/kb/HT1937
Buying a fake-unlocked iPhone could mean that your phone might be illegal to use in some countries because it violates usage laws. Also, it means a degration and sometimes the denial of service when it comes to data services and the quality of phone calls.
Pictures and Story from the Arabic source iPhone Islam. The only source for Arabisation of iPhone.
The LayerOne 2008 talk by David Hulton titled: Intercepting Mobile Phone/GSM
Visit the GSM Hakcing WIKI at:
http://wiki.thc.org/gsm
The USRP is available at: http://www.ettus.com
Learn more about the GNU RADIO project at: http://www.gnu.org/software/gnuradio
David is the Chairman of Toorcon
An interesting news article about the work of BT (formerly British Telecom), Glamorgan University, Australia’s Edith Cowan University and Sim Lifecycle Services where researchers recovered data from handsets from mobile phone recycling companies:
Mobile phones can never be totally wiped clean of data
To get more information on the research at Edith Cowan University and its upcoming conferences please visit SECAU Security Research Centre’s website:
Here are some published refereed journal and conference papers to give you an idea of what to expect for the Edith Cowan University conferences in December:
- Valli, C. and A. Jones (2008). A study of 2nd Hand Blackberry for sale - World class security foiled by humans. Proceedings of the 2008 World Congress in Computer Science, Computer Engineering, and Applied Computing - SAM 2008 - The 2008 International Conference on Security & Management., Las Vegas, USA.
- Al-Zarouni, M. (2007, 3rd December, 2007). Introduction to Mobile Phone Flasher Devices and Considerations for their Use in Mobile Phone Forensics. Paper presented at the The 5th Australian Digital Forensics Conference, Edith Cowan University, Mount Lawley Campus, Western Australia.
- Yap, L. F., & Jones, A. (2007, 3rd December, 2007). Profiling Through a Digital Mobile Device. Paper presented at the The 5th Australian Digital Forensics Conference, Edith Cowan University, Mount Lawley Campus, Western Australia.
- Yap, L. F., & Jones, A. (2007). Deleted Mobile Device’s Evidence Recovery:. Paper presented at the Media and Information-War Conference 2007, Kaula Lumpur, Malaysia.
You can register to attend Edith Cowan University’s conferences here:
http://conferences.scis.ecu.edu.au/
Hope to see you there
Ideally the emergency dial screen should allow ONLY EMERGENCY NUMBERS to be dialed out on a passcode locked phone. The iPhone however allows for ANY NUMBER to be dialed when it is passcode locked! This bug is not new, it was present in iPhone 2.0.2 as well!
Here is a video demonstrating the issue:
I discovered this bug in 2.0.2 just a couple of days before 2.1 came out. So, it was too late for me to give a heads up to Apple. So, I waited for 2.1 to come along to see if it was fixed. I did that today and found out that it wasn’t fixed.
This of course could be an Auatralia-only issue or even an Optus-only issue. Nevertheless it is a security issue with the iPhone and should be addressed.
UPDATE 18 Sep 08:
There is some debate on whether it is a bug or feature! Look at the following link for some more information on the issue:
http://www.macrumors.com/iphone/2008/09/17/iphone-2-1-emergency-call-anyone-bug-or-feature/
–
About the author:
Marwan Al-Zarouni CISSP is currently pursuing a Doctor of Information Technology award at Edith Cowan University. He is a member of the Security Research Centre at Edith Cowan University in Perth, Western Australia.
PwnageTool 2.0 MACOSX version is released.
For more details, please visit:
rlslog.net
also see:
UPDATE: Don’t have a Mac? You can do it in Windows as well. For instractions, go here:
Step-by-Step Guide to Pwn first generation iPhone running firmware 2.0 using Windows
According to Jonathan Zdziarski:
A detective from the Oregon State Police notified me this afternoon that an out-of-the-box refurbished iPhone he purchased contained recoverable personal data including email, personal photos, and even financial information which he was able to recover using my forensic toolkit.
So, if you have to return your iPhone to an Apple or AT&T store and they offer to replace it with a new one, make sure that you wipe your data properly first. A proper bit level wipe is needed here and NOT a system restore!
Instructions in Arabic can be found here:
http://www.iphoneislam.com/?p=62
Instructions and download in English can be found here:
If you get error “The application failed to initialize properly (0xc0000135)” you need to install .NET Framework 2.0. The executable unzips the GUI executable to “Program Files\ziphone”
Now you can unlock new iphones that are OTB 1.1.2 and 1.1.3 (bootloader version 4.6) with just software and no need for special microchips that go behind your SIM card. Here is a link to the guide:
http://iphone.unlock.no/OTB112unlock.htm
To see it in action, check out this youtube video:
All you have to do is place a font file in the direcotry:
system/library/fonts/cache
It can be downloaded from here:
http://rapidshare.com/files/70430782/arialuni.ttf.html
And your safari browser will be able to ready arabic in the correct direction this time! As shown below
Credit for this one goes to Mishary.
Thanks
Finally, someone did something for the iPhone and the iPod touch that enables users to get full disk level access with read/write prevliges on the iPhone’s disk via AFP. The AppleTalk Filing Protocol makes the iPhone show up on the Mac desktop as a disk with full read/write access. For more from the “Core” click the link:
For dates, times and availability information on the workshops in UAE and Qatar visit link below:
http://www.oissg.org/certification-training-new-/index.php
http://www.oissg.org/certification-training-new-/index.php
Download the official brochure for the Dubai workshops here:
These certification workshops fund the Open Information Systems Security Group (OISSG) research and development of the ISSAF.
You can also download ISSAF for free! (9.59MB, 1264 pages)
The following new features are available for all enterprise and individual customers:
- Performance on flash drives is improved.
- MojoPac can be used on a host with limited mode login with MojoPac Usher (Beta) installed on the host.
- MojoPac can be installed to a directory on the host computer.
- For our Enterprise customers, MojoPac 1.8 has many enhanced management, provisioning and deployment capabilities.
- Active Directory authentication is now available.
- Image creation and deployment have been made easier.
- New configuration options are available to enforce data protection and security policies.
- MojoPac can perform a security check on host computers.
If you are an IT administrator, please contact sales-at-ringcube dot com for updated documentation and management tools.
If you have automatic updates enabled, your MojoPac will update in the next few days.
If you are not using MojoPac, please download it. MojoPac Freedom is *free* for non-commercial personal use.
For more information and to download Mojopac, please visit them at:
It is finally here Now you can safely update your 1.0.2 to the new 1.1.1 and have it work like a charm Make sure you know what you’re doing though
Here are the detailed instructions:
http://www.tuaw.com/2007/10/29/instant-jailbreak-for-iphone-and-ipod-touch/
Remember, if you brick your iPhone, don’t blame us!
Do you live in the United Arab Emirates? Are you a hacker? Then this site is made for you! Get the latest hacking news, exploits, links, pod casts and more through this easy to use website.
Feel like you want to contribute to the site? Then drop us a line at: (hackers) at {marwan} dot [com].
برنامج لقراءة الرسائل العربية على الـ آيفون
For more information please visit:
http://mem9.net/iphone/
Thanks also for the following people who contibuted to bringing us one step closer to an Arabic iPhone
From Intel! crack the clues and win!
you could win a fortnight for two in San Francisco (including a trip to Alcatraz), or a host of other great prizes.
As you play, you’ll learn how we’ve boosted PC security at the hardware level with Intel® vPro™ and Intel® Centrino® Pro processor technologies. Now go ahead and flex those security muscles!
Metasploit for hacking iPhones:
http://www.pcworld.com/article/id,137741-c,iphone/article.html
Apple releases an update to Patch 10 flaws with the iPhone:
http://www.news.com/8301-10784_3-9786507-7.html?tag=nefd.blgs
The patch also Bricks unlocked iPhones
Read about it at Engadget then follow the easy instructions here: http://iphone.unlock.no/
Easy!
http://www.iphonealley.com/news/anysim-released-free-gui-iphone-unlock
Here are two guides to SIM unlock your iPhone for free:
Here is a simple guide to install Arabic fonts on your iPhone. You still can not connect the Arabic letters but at least this one is right to left
Thanks to Nawaf Alsabhan for the guide. Any help in this area is greatly appreciated. So, if you know anything about Arabic font support for OSX or iPhone please contribute
Also, look at:
For instructions in Arabic
This time it is by the iPhone Dev team iPhone is finally free from its AT&T ball and chain!
For more information and to download the needed files, head to Gizmodo. Instructions are not out yet. So, if you are one of those people that never RTFM, then download it and wing it!
Thanks again for EVERYONE on the Hackint0sh forums for all their efforts and all the good times we had with the iPhone
Otherwise, (if you’ve got money to burn) then go for the commercial unlock software found here:
http://www.iphonesimfree.com/cgi-bin/iphonesimfree/engine.pl?page=buy
Got questions? We got answers! Don’t be hatin’ start participatin’! Head to Hackint0sh.org!
Image above is from: http://blog.scifi.com/
After the Super SIM and Turbo SIM methods, we have a hardware unlock method. Follow the links below for more details:
- http://www.reghardware.co.uk/2007/08/24/iphone_unlocked/ Contains the video
- http://iphonejtag.blogspot.com/ The instructions site
- http://www.tech.co.uk/gadgets/phones/mobile-phones/news/new-instructions-for-iphone-hardware-unlock?articleid=1348296214
- http://blogs.pcworld.com/staffblog/archives/005210.html
I would not try this at home… Super Sim simply works and it is CHEAP! Why bother with anything else, it is simply not worth the time or effort. Not to mention the risk of damaging the phone!
Whould you attempt this on your phone?
It is STILL NOT a software hack! This one revolves around something called TurboSIM. It supports all kinds of SIMs not just V1 SIMs. For more information go to:
http://www.iphonestalk.com/iphone-unlocked-for-all-use-any-sim-card-in-your-iphone/
and here is how to do it:
http://www.hackint0sh.org/forum/showthread.php?t=2619
or
http://www.jasonmadigan.com/2007/08/13/turbo-sim-iphone-unlock-confirmed-working/
Enjoy and this time, no need for SIM card programmer devices or Silvercards!
At least this is a SIM fabrication hack that works. For instructions, please follow one of the links below:
http://www.hackint0sh.org/forum/showthread.php?t=2215
or
http://www.myitablet.com/iphone-unlocked-for-european-use-061341.php
Enjoy your new unlocked iPhone Now, if only they can come up with the software hack before the 45 day deadline
Update: Rumor has it that the unlocked iPhones are already being sold in Hong Kong!
http://www.gearfuse.com/hong-kong-is-selling-fully-unlocked-iphones-now/
Take the poll on marwan.com:
http://www.marwan.com/2007/08/will-iphone-be-unlocked-within-45-days.php
I Predicted 45 days for the iPhone to work with other than AT&T! Have your say at marwan.com
Here are the details on How to do it (according to the hacker) :
1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com
This is not a true unlock. It is a hack that enables you to make calls with the iphone but does not enable you to recieve calls or use Telstra’s network to browse the Internet. At least not yet
Links:
http://www.smh.com.au/news/phones–pdas/iphone-hacked-for-australia/2007/07/30/1185647803146.html
I’ve been searching for iPhone unlocking sites and so far I found the sites below. I would like to emphasize that it is only a matter of time until a workaround can be found to use the iPhone with other providers other than AT&T. So, here are the two sites:
- The following blog post claims that it will send you an email with information about unlocking the iPhone once it is available for a small fee:
- The following company mentioned in this “the register” article claims that it is close to unlocking the iPhone and that once it is able to do that, it will provide iPhone users with a $50 software that will unlock their phones for them:
It is also worth noting that unlocking phones was ruled to be legal by the US copyright office last year.
Here are two of them:
Duke University’s Wi-Fi network has a problem — the iPhone. Built-in Internet wireless adapters on AAPLthe new iPhone are crashing Wi-Fi access points by sending 18,000 data requests per second. Although other “smart phones” have similar capabilities, only the iPhone has shown to be able to overwhelm the campus’ network. Neither Duke, Cisco nor Apple know why it’s happening, but the school said if it occurs in the fall when students return, it would be a disaster. Source: http://money.cnn.com/news/newsfeeds/articles/newstex/IBD-0001-18205063.htm
The second problem is:
The iPhone’s web dialer is vaulnrable to exploits! to find out more, go to: http://www.tgdaily.com/content/view/32936/108/
If you were wondering if there are any hacks for the iPhone, well here are two of them for you:
- The Activation Hack: http://nanocr.eu/2007/07/03/iphone-without-att/
This lets you access features of the iPhone without activiting it with your service provider.
This provices shell access the the iPhone. Here is a command list:
http://iphone.fiveforty.net/geohot/cmdlist.txt
Enjoy! If you’ve got more hacks, please let us know by commenting on this post
I have received many visits to this site searching for “Nokia Hidden Codes”. So, I decided to include some more Here is a list of codes and some links to get some more codes:
*#06# Gets you the Serial Number/IMEI.
*#0000# Gives you the software version (e.g. V 5.27.0 / 28-06-04 / NHL-10) The NHL-10 is important and makes your life easier when you try to use flashers!
*#2820# Gives you the Bluetooth device address
xx# - Quick contact access (xx = location number, e.g. : 17#)
*#62209526# Gives you the MAC address of the WLAN adapter, this information is only available on the new models (S60 3rd edition) which have wireless connectivity.
To get some more codes (some of which can do damage to your phone and/or data residing on it, approach the codes on these sites with caution:
- N-Gage codes: http://www.gamefaqs.com/portable/ngage/code/915353.html
- In polish (Patryk, please translate!): http://www.eplay.yoyo.pl/viewpage.php?page_id=79
- From GSM-Hacks: http://www.gsmhacks.com/forums/mobile-technologies/1429-codes-s60.html
Again, please exercise caution.
Some of the topics discussed in the site might not be legal in some places! So, you’ve been warned. It has tips and tricks for mobile phones of all makes and models with a community supported hacks and forum discussions:
Read what Prof. Rick Mislan said about the use of Phone Flasher Technologies and their role in the acquisition stage of mobile phone forensics and their use by students in digital forensics courses at Purdue University in the US.
News, exploits, papers, views, and releases from information security enthusiasts. Has links to major hacker related security events as well. http://www.thc.org/
The project is looking for smart people (like you) to join in the fun. They are trying to build a cheap GSM scanner/receiver by using an ettus hardware board and the gnu-radio software. The reason the project got started is because GSM scanners cost a heap of money and that the builders of the site believe that the price is exaggerated and they could build a scanner/receiver for under a $1000 USD. This project’s aim is to help researchers learn more about GSM traffic or at least we hope so!
Need more info? Go here:
The project is looking for smart people (like you) to join in the fun. They are trying to build a cheap GSM scanner/receiver by using an ettus hardware board and the gnu-radio software. The reason the project got started is because GSM scanners cost a heap of money and that the builders of the site believe that the price is exaggerated and they could build a scanner/receiver for under a $1000 USD. This project’s aim is to help researchers learn more about GSM traffic or at least we hope so!
Need more info? Go here:
http://scratchpad.wikia.com/wiki/Gsm
Check it out:
http://www.wireshark.org/
Same developers, same code, different name. Reason: copyright issues I guess!
Venue: Sheraton by the Creek,Dubai, UAE.
Duration: 2-5 April 2007
Details:
Date: 2nd April 2007
Time: 0900 - 1800
Item: 4-tracks Hands-On Technical Training (Day 1)
Date: 3rd April 2007
Time: 0900 - 1800
Item: 4-tracks Hands-On Technical Training (Day 2)
Date: 4th April 2007
Time: 0800 - 1600
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 1)
Date: 5th April 2007
Time: 0800 - 1600
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 2)
Hands-On Technical Training
TECH TRAINING 1 - Advanced Web Application & Services Hacking
Trainer: Shreeraj Shah (Director, Net-Square)
TECH TRAINING 2 - Tactical VoIP : Applied VoIPhreaking
Trainer: The Grugq (Independent Network Security Researcher)
TECH TRAINING 3 -Structured Network Threat Analysis and Forensics
Trainer: Meling Mudin (spoonfork) and Lee Chin Shing (geek00l)
TECH TRAINING 4 - Packetmastering the Monkey Way
Trainers: Dr. Jose Nazario (Senior Software Engineer, Arbor Networks)
Keynote Speakers
1.) Mikko Hypponen (Chief Research Officer, F-Secure Corp)
2.) Lance Spitzner (Founder, Honeynet Project.)
Invited Speakers (alphabetical order)
1.) Anthony Zboralski (Founder, HERT & PT. Bellua Asia Pacific)
2.) Emmanuel Gadaix (Founder, Telecom Security Task Force, TSTF)
3.) Fabrice Marie (Manager, FMA-RMS Singapore/Malaysia)
4.) Jim Geovedi (Member of HERT & Security Consultant, PT Bellua Asia Pacific)
5.) Dr. Jose Nazario (Senior Software Engineer, Arbor Networks)
6.) Raoul Chiesa (Board of Directors Member@ Mediaservice.net ISECOM Group & TSTF)
7.) Roberto Preatoni (Founder, Zone-H Defacement Mirror)
8.) Shreeraj Shah (Director, Net-Square)
9.) The Grugq (Independent Network Security Researcher)
10.) Window Snyder (Chief Security Something-or-Other, Mozilla Foundation)
Links:
http://conference.hitb.org/hitbsecconf2007dubai/
http://conference.hackinthebox.org/hitbsecconf2007dubai/?p=56
News Links:
http://star-techcentral.com/tech/story.asp?file=/2007/2/5/corpit/20070205183948&sec=corpit
http://www.itp.net/news/details.php?id=23403&category=
Thanks David for the heads up
Just when you thought mobile phones, USB storage devices, wireless access, and ADSL modems were a threat to your corporate data, here comes a story to make you even more paranoid!
A researcher released a paper describing a way to hide malicious code (rootkits) on graphics and network cards. The paper basically shows how to use Advanced Configuration and Power Interface (ACPI) functions available on almost all motherboards to store and run a rootkit. Sceptical? read the full story and download the PDF here.
Need we say more? My only comment is that I have seen many ATMs with telephone cables in plain sight just begging for a bugging device!
The question of the day is: When will banks understand the importance of ATM device security? (please don’t answer ).
Many thanks to Times Online for the story.
Please read it in full by visiting:
http://www.timesonline.co.uk/article/0,,29389-2453590,00.html
As I said before, it’s about time! Now a proof of concept has been released for this DoS attack. Here is the link:
http://www.darknet.org.uk/2006/10/new-firefox-vulnerability-dos-and-remote-code-execution/
To read the bugtrack entry on this issue, go here:
http://seclists.org/bugtraq/2006/Oct/0523.html
Here are some interesting Japanese security blogs for your reading enjoyment:
