my Acer Aspire One 110L arrived

Got my Acer Aspire One 110L yesterday and just upgraded the Ram from 512 MB to 1,5GB, which is a real pain compared to other Notebooks with a dedicated access bay to the SO-DIMM slot. 0-Day warranty destruction is a must 😉

Here is a video documenting the Ram upgrade

The display quality is really amazing regarding the size of the Netbook. Very clear and sharp but it might take me some time to geht used to the glossy display type.

Overall the build quality is very good although the shiny cover will have your fingerprints all over the place 😀

I was having quite a hard time with the operating system – i simply hate yum because the performance sucks pretty bad when installing applications. The user interface is OK i guess – the Xandros Desktop on the Eee PC is far better (and its Debian powered 🙂 )

I will be going for Ubuntu – either the Netbook remix or the new Ubuntu UME.

Some more footage will follow…

Archive.org launches HUGE NASA Image Archive

http://www.archive.org/iathreads/post-view.php?id=201294 

WASHINGTON — NASA and Internet Archive, a non-profit digital library based in San Francisco, made available the most comprehensive compilation ever of NASA’s vast collection of photographs, historic film and video Thursday. Located at www.nasaimages.org, the Internet site combines for the first time 21 major NASA imagery collections into a single, searchable online resource. A link to the Web site will appear on the

Check it out at http://www.nasaimages.org/ – a very awesome image collection!

Source code for cold boot crypto key attack released

You may remember the paper released by a princeton research group regarding cold boot attacks on notebook computers in order to recover crypto keys. click to view old blog entry

The princeton research group has now released the sourcecode of a tool which will be able to recover the key, providing that the key is still stored in the DRAM. This can be achieved by severly cooling down the DRAMS temperature.

Project Overview

Link to Research Paper

some Media on the project

Turning off pxe or overall network boot may get you some valuable time, but its probably best too look out for ninjas who are carrying major cooling devices. Apparently they look something like this:

Pimp my Shell

Want some color in your shell logins?

There is a package for Ubuntu and Debian (and i suppose for the other Distros) which will automatically generate a color system logo for your shell.

You can install the package using:

apt-get install linuxlogo

Next, write the logo to your motd or issue file using the command

/usr/bin/linux_logo > /etc/motd

Voila

debianlogo.jpg

ubuntu-nb.jpg

Note: This may not work will all types of terminals

ICMP4: First Lecture Schedule is up

The small version of the Chaos Communication Camp, the ICMP4 aka. Intergalaktische Club Mate Party is less than one month away. The first lectures are popping up on the schedule, including mine

I will be holding a presentation which is a mix between a hacking and a social track about criminalization of computer security and computer analysis tools using wireshark as an example.

Why a packet sniffer?

  • can be used to analyze security breaches and penetration test of ones own  principal network design regarding wiretapping
  • can be used to analyze common network interconnectivity problems
  • can be used to learn and understand how network communication actually works
  • can also be used to gather personal information on people and their communication (eavesdropping) which is the actual contrary of this tool set, after all if there was no malicious content, no one would give a rats ass about it. This is not what my lecture will be about…

Why Wireshark?

  • its open source and available for multiple platforms
  • its currently one of the most developed packet sniffers out there with very cool additional features
  • captured packet output format is compatible with tcpdump so the actual sniffing part does not even require wireshark nor a desktop environment

Presentation will be up about one or two days before the event, I might also upload an English version in case someone is interested.

DNS Cache poisoning flaw

In order to check your ISPs DNS for vulnerabilites, Dan Kaminski has posted an online tool on his website to check the vulnerability status.

Until the vulnerability has been fully disclosed, you will have to stick with the check on http://doxpara.com

VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Dan actually appeared on a youtube video discussing this issue:

Dan & Sarah on DNS