AEL (Association Electronique Libre) - planet and surrounding

Armed with exploits, ATM hacker hits the jackpot

by Dan Goodin

At the Black Hat security conference in Las Vegas, Barnaby Jack, a security researcher with IOActive, demonstrated attacks against two unpatched models from two of the world’s biggest ATM makers. One exploited software that uses the internet or phone lines to remotely administer a machine made by Tranax Technologies. Once Jack was in, he was able to install a rootkit that allowed him to view administrative passwords and account PINs and to force the machine to spit out a steady stream of dollar bills, something the researcher called “jackpotting.”

See full article here

Cell phone eavesdropping enters script-kiddie phase

by Dan Goodin

Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world’s most widely deployed mobile technology. “The whole topic of GSM hacking now enters the script-kiddie stage, similar to Wi-Fi hacking a couple years ago, where people started cracking the neighbor’s Wi-Fi,” said Karsten Nohl, a cryptographer with the Security Research Labs in Berlin who helped spearhead the project.
The suite of applications now includes Kraken, software being released at the Black Hat security conference on Thursday that can deduce the secret key encrypting SMS messages and voice conversations in as little as 30 seconds. It has been designed to work seamlessly with 1.7TB worth of rainbow tables that are used to crack A5/1, a decades-old encryption algorithm used to protect cell phone communications using GSM, which is used by about 80 percent of the world’s mobile operators.
[...] The GSM Alliance pooh poohed the universal snooping plan by characterizing the attack as theoretical and saying encryption wasn’t the only protection preventing eavesdropping on real-time communications. That’s where another tool, called AirProbe, comes in. An updated version of the program, also to be distributed Thursday, works with USRP radios to record digital signals as they pass from an operator’s base station to a GSM handset. Combined with refinements in the open-source GNU radio, it works by pulling down voluminous amounts of data in real time as it travels to the targeted cell phone and storing only those packets that are needed to snoop on a call.

See full article here

Smart meters pose hacker kill-switch risk, warn boffins

by John Leyden

Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, warns that the move to smart metering introduces a “strategic vulnerability” that hackers might conceivable be exploit to remotely switch off elements on the gas or electricity supply grid.
[...] US security researchers at IOActive have also looked at the potential for hacking into smart meters, reaching similar conclusions as the Cambridge team. IOActive researcher highlighted flaws in poor authentication, lack of encryption and inadequate authorization in smart meter rollouts.

See full article here

Signed Malware Used Valid Realtek Certificate

by Lucian Constantin

Security researchers have confirmed that the newly discovered malware, which spreads by exploiting an unpatched Windows vulnerability, was signed using a valid Realtek Semiconductor signature.
[...] Secondly, its payload, two rootkit components that get installed as system drivers, were digitally signed. Finnish antivirus vendor F-Secure, confirmed today that a valid key from Realtek Semiconductor Corp., a manufacturer of networking, peripheral and multimedia chipsets, was used to sign them.
[...] There are several advantages for malware authors to sign malicious code. For exemple, 32-bit version of Windows Vista and 7 will display a warning when installing a driver is not properly signed, while in 64-versions non-signed drivers are not even accepted. Therefore, signing a rootkit driver would make the infection process much more straight-forward and silent. A second advantage is that antivirus products can be tricked by properly-signed binaries. This is because signed malware is so rare that tagging a signed file as malicious will almost always generate a false positive.

See full article here and similar case occuring a few days after here: New Stuxnet-Related Malware Signed Using Certificate from JMicron

SCADA System’s Hard-Coded Password Circulated Online for Years

by Kim Zetter

A sophisticated new piece of malware that targets command-and-control software installed in critical infrastructures uses a known default password that the software maker hard-coded into its system. The password protects the database used in Siemens’ Simatic WinCC SCADA system, which runs on Windows operating systems. SCADA, short for “supervisory control and data acquisition,” systems are programs installed in utilities and manufacturing facilities to manage the operations.

See full article here

Wi-Fi WPA2 Vulnerability Found

wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named ‘Hole 196′ by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTigh

See full article here

Open Source GSM Cracking Software Released

The GSM technology used by the majority of the world’s mobile phones will get some scrutiny at next week’s Black Hat security conference. An open source effort to develop GSM-cracking software has released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before

See full article here

Pirate Party starts its own ISP

by Cory Doctorow

The Swedish Pirate Party has founded its own ISP, built on the principle of maximum privacy and minimum control. That means no logging. The tech management comes from the folks who run the IPREDator proxy

See full article here

TrueCrypt 7.0 Gets Intel Hardware Acceleration and Better Automatic Mounting

Windows/Mac/Linux: TrueCrypt, the smart and secure way to encrypt your data, has shipped a seventh version that can encrypt faster on select Intel hardware, as well as configure your encrypted volumes or drives to automatically mount with specific preferences.
The hardware acceleration is implemented through Intel’s AES-NI instructions, which are usually present in processors sold as Core i5, Core i7, and so forth. Using such a processor with the strong AES algorithm, and enabling acceleration in TrueCrypt’s settings, should give you faster on-the-fly access to encrypted data.

See full article here

Tetris wall

Dear wife,

I agree to have the decoration you want everywhere in our new home. You can have all the furniture and appliances you want in the kitchen. I’m OK if all the shelves with my computer books are in the basement. OK too if you don’t want to see the file server in the living room. Agreed: I’ll put back Windows on your laptop. But …

But I absolutely want one wall painted like these:

Tetris wall 1

Tetris wall 2

Jean-Etienne ;-)

Photos found on Olybop.info (without original credit). Other walls with Tetris can be found on Flickr.