Jeff’s Blog

This is NOT my content!! It is content I found interesting in my Google Reader Feeds

Secretary: Part 4

Posted: October 29th, 2008 under syndicated.
Comments: none

Secretary: Part 3

He actually installed each piece in a different car in the lot, then built a new car in the spot from the displaced pieces. It's a confusing maneuver known as the auto-troll shuffle.

Posted: October 28th, 2008 under syndicated.
Comments: none

Secretary: Part 2

Posted: October 27th, 2008 under syndicated.
Comments: none

Actuarial

I started to do the tables for more famous people but it got really depressing and morbid and I had to go outside. Hat guy wins again.

Posted: October 23rd, 2008 under syndicated.
Comments: none

Keyboard “eavesdropping” just got way easier, thanks to electromagnetic emanations

Filed under: Peripherals

We always knew those electromagnetic emanations would amount to no good, and now here they go ruining any shred of privacy we once thought to possess. Some folks from the Security and Cryptography Lab at Switzerland's EPFL have managed to eavesdrop on the electromagnetic radiation shot off by shoddy wired keyboards with every keystroke. They've found four different ways to listen in, including one previously-published general vulnerability, on eleven keyboard models ranging from 2001 to 2008, with PS/2, USB and laptop keyboards all falling to at least one of the four attacks. The attack works through walls, as far as 65 feet away, and analyzes a wide swath of electromagnetic spectrum to get its results. With wireless keyboards already feeling the sting of hackers, it's probably fair to say that no one is safe, and that cave bunkers far, far away from civilization are pretty much our only hope now. Videos of the attacks are after the break.

[Thanks, Dave]

Continue reading Keyboard "eavesdropping" just got way easier, thanks to electromagnetic emanations

Read | Permalink | Email this | Comments

Posted: October 20th, 2008 under syndicated.
Comments: none

Default password network scanning

Midnight Research Labs has just published a new tool. Depant will scan your network and check to see if services are using default passwords. It starts by performing an Nmap scan to discover available services on the network. It organizes these services by speed of response. Using Hydra it does brute force password checking of these services with a default password list. The user can supply an alternate list for the first phase or an additional list to be used in a followup check. Depant has many different options for configuring your scan and will certainly help you find that rogue piece of hardware on your network that someone failed to set up securely.

Posted: October 13th, 2008 under syndicated.
Comments: none

World Bank Under Cybersiege In "Unprecedented Crisis"

JagsLive sends in a Fox News report on large-scale and possibly ongoing security breaches at the World Bank. "The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned. It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July. In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. In a frantic midnight e-mail to colleagues, the bank's senior technology manager referred to the situation as an 'unprecedented crisis.' In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public."

I am Not a Ninja

'The sad thing is that I just wanted to talk about your poor smoke-bomb techniques.'

Posted: October 7th, 2008 under syndicated.
Comments: none

Google's Obfuscated TCP

agl42 writes "Obfuscated TCP attempts to provide a cheap opportunistic encryption scheme for HTTP. Though SSL has been around for years, most sites still don't use it by default. By providing a less secure, but computationally and administratively cheaper, method of encryption, we might be able to increase the depressingly small fraction of encrypted traffic on the Internet. There's an introduction video explaining it."

Inexpensive powerful router based robot

[Andrey Mikhalchuk] Has posted some great instructions on how to build an inexpensive router based robot. Starting with a Linksys WRT54GL, he takes us through the process of disassembling and modifying it to directly control servos. He has put together a custom version of OpenWRT Linux that you can download from his site. After testing to make sure everything is functional, he goes through a quick and dirty chassis build. As you can see from the picture above, there are lot of household items thrown in there such as rubber bands and zip ties. After adding a camera mounted on two servos for x y movement, he fine tunes it and lets it go.

This project looks fairly simple, cheap, and fun. It may look familiar as it is very similar to our Wifi Robot post from August.

[thanks Matt]