Posted on

Source code for cold boot crypto key attack released

You may remember the paper released by a princeton research group regarding cold boot attacks on notebook computers in order to recover crypto keys. click to view old blog entry

The princeton research group has now released the sourcecode of a tool which will be able to recover the key, providing that the key is still stored in the DRAM. This can be achieved by severly cooling down the DRAMS temperature.

Project Overview

Link to Research Paper

some Media on the project

Turning off pxe or overall network boot may get you some valuable time, but its probably best too look out for ninjas who are carrying major cooling devices. Apparently they look something like this:

Posted on

Pimp my Shell

Want some color in your shell logins?

There is a package for Ubuntu and Debian (and i suppose for the other Distros) which will automatically generate a color system logo for your shell.

You can install the package using:

apt-get install linuxlogo

Next, write the logo to your motd or issue file using the command

/usr/bin/linux_logo > /etc/motd

Voila

debianlogo.jpg

ubuntu-nb.jpg

Note: This may not work will all types of terminals

Posted on

ICMP4: First Lecture Schedule is up

The small version of the Chaos Communication Camp, the ICMP4 aka. Intergalaktische Club Mate Party is less than one month away. The first lectures are popping up on the schedule, including mine

I will be holding a presentation which is a mix between a hacking and a social track about criminalization of computer security and computer analysis tools using wireshark as an example.

Why a packet sniffer?

  • can be used to analyze security breaches and penetration test of ones own  principal network design regarding wiretapping
  • can be used to analyze common network interconnectivity problems
  • can be used to learn and understand how network communication actually works
  • can also be used to gather personal information on people and their communication (eavesdropping) which is the actual contrary of this tool set, after all if there was no malicious content, no one would give a rats ass about it. This is not what my lecture will be about…

Why Wireshark?

  • its open source and available for multiple platforms
  • its currently one of the most developed packet sniffers out there with very cool additional features
  • captured packet output format is compatible with tcpdump so the actual sniffing part does not even require wireshark nor a desktop environment

Presentation will be up about one or two days before the event, I might also upload an English version in case someone is interested.

Posted on

2600 Magazine Best Of about to be released

HOPE is coming up and Emmanuel Goldstein is releasing the best of 2600

from Amazon:

In The Best of 2600, Emmanuel Goldstein collects some of the strongest, most interesting, and often controversial articles, chronicling milestone events and technology changes that have occurred during the last 24 years – all from the hacker perspective. Examples:

  • The creation of the infamous tone dialer “red box” that drove Radio Shack and the phone companies crazy. It was in the pages of 2600 that this simple conversion was first brought to light. By modifying an inexpensive Radio Shack touch tone dialer with a readily available crystal, free phone calls could easily be made from all of the nation’s payphones.
  • An historical chronology of events in the hacker world that led to the founding of the Electronic Frontier Foundation.
  • A close looks at the insecurity of modern locks through an article entitled “An Illusion of Security” that debunked the value of Simplex pushbutton locks, used on everything from schools to homes to FedEx boxes.
  • The stories of famed hackers Kevin Mitnick, Bernie S., and Phiber Optik as they unfolded. Through 2600, the world heard these controversial tales despite the efforts of authorities and the mass media.

Here are the Preorder Links:

Amazon.com

Amazon Germany

This will truly be the almanac in American hacker culture…

The Chaos Computer Club has a similar compilation named Hackerbibel 1 & 2 (hacker Bible)

Posted on

Backtrack 3 goes final

Backtrack, a security and penetration testing oriented Live Boot Linux Distribution has reached Final Stage in the current verison 3.

The Download consists of CD Images, USB bootable Version (which i am booting off a SD Card on my EEE PC) and vmware Images and contains more than 300 tools used by white hats and black hats as well and will give you an introduction on real world attack methodologies on your IT infrastructure.

http://www.remote-exploit.org/backtrack.html

Posted on

Hardy in 3360×1050… yay

Finally replaced my secondary 19 Inch Display with a second 22 Inch and now running 1680×1050 in twin view.

desktop.png

In case you have problem setting up Twin view with 3d acceleration i highly recommend installing EnvyNG which will download drivers and setup most of the configuration for you.

The final step is to tweak your configuration using nvidia-settings.

In case you have problems with full screen applications (such as games) running centered on both screens you can bind the application to a screen using the meta mode function in your xorg.conf


Option "metamodes" "CRT-0: nvidia-auto-select +0+0, CRT-1: nvidia-auto-select +1680+0; CRT-0: NULL, CRT-1: nvidia-auto-select +0+0"

Adding a NULL value to your option will make sure the application only launches on one screen.