Hack a Day

HOPE 2008: YouTomb, A free culture hack

Eliot Phillips — 2008-07-25T14:10:00+00:00

Filed under: cons, news

YouTomb is a research project designed by the MIT Free Culture group to track video take downs on YouTube. To succeed, the team needed to track every single video on YouTube... which is close to impossible. Instead, they built several "explorer" scripts to track what videos were interesting. One explorer tracks all of YouTube's lists: recommended, featured, most active, and more. Another explorer picks up every video submitted to YouTube, and a third crawls Technorati.

The explorers just find the videos; a separate group of scanner scripts checks the current status of videos. It checks both the new videos and ones that have been killed to see if they return. YouTomb archives every video it finds. They display the thumbnail of the video under fair use, but they're still determining whether they can display each video in full.

YouTomb is tracking a little more than 282,000 videos right now and maintain a public MySQL snapshot for anyone that wants to build their own tools. The code is also open source. They've been archiving all their historical data too, all 70 million rows of it.

They've started trending country censorship. Germany, Poland, and France all have hate speech bans, so any video with a swastika can't be viewed there. Thailand blocks anything that impugns the king. Crank That is blocked in 200+ countries.

YouTomb got a lot of press when it was initially released. The team feels that this is the result of a clear interface. They encourage others to take the time to present data clearly. As a final note, they pointed out that you can always file a DMCA counterclaim to get your videos restored.

Read | Permalink | Email this | Linking Blogs | Comments

HOPE 2008: Methods of Copying High Security Keys

Eliot Phillips — 2008-07-24T14:15:00+00:00

Filed under: cons, security hacks

[Barry Wels] is well known for his lockpicking talks, but this year he wanted to talk about how he copies high security keys. If a key blank is available, you could make a copy just by viewing the original. High security keys generally have profiles with more side cuts, which means you can guess at how deep a specific pin is by observing how many cuts it crosses. He also showed that you could imprint your arm with the key and use that as a guide. If a blank isn't available, you could fill a similar key with solder and file that down.

[Barry] showed two different kits for casting keys. The first used soft clay in a clam shell to make an imprint of the original key. The form is then filled with a low melting point alloy (probably Wood's metal) to create the new key. A second style uses a metal form and two part silicone to create the mold. This method works for most high security keys, but will not work on keys with active elements like sliders or magnets.

Finally, [Barry] talked about his favorite method: impressioning. Unlike picking a lock, when you're done impressioning you have a funtional key. You start with key blank and file off the top layer. Place the blank in the lock and turn it till it jams. Then, you rock the key up and down. Observing the key under light you'll see a small mark where each pin is. File a bit where the marks appear and repeat the process. You can't use too much force or you might break the blank. This also works on dimple keys and as this video shows, laser cut keys. [Barry] highly recommends the impressioning book by [Oliver Diederichsen].

[photo: Rija 2.0]

Permalink | Email this | Linking Blogs | Comments

Hacking At Random 2009

Eliot Phillips — 2008-07-22T21:00:00+00:00

Filed under: cons, news

Hacking At Random 2009 has recently been announced. It's brought to you by the same people who held the outdoor hacking event What The Hack, which we covered in 2005. Date, location, and many other details are still up in the air. They're looking to host 3000 attendees and we're guessing it will be similar in nature to last Fall's incredible Chaos Communication Camp near Berlin. 2009 will also feature the beta run of outdoor hacker event ToorCamp near Seattle. Two great events we're certainly looking forward to.

[photo: mark]

Read | Permalink | Email this | Linking Blogs | Comments

The Next HOPE announced

Eliot Phillips — 2008-07-20T22:00:00+00:00

Filed under: cons, news

Against all previous indications-including being called The Last HOPE-the conference will not only be returning in 2010, it will be at the Hotel Pennsylvania. We're looking forward to The Next HOPE, which will probably followed by The Last HYPE, which in turn will be followed by: We're Super Serious This Is The Last HOPE.

Read | Permalink | Email this | Linking Blogs | Comments

HOPE 2008: Community Fabrication

Eliot Phillips — 2008-07-19T17:10:00+00:00

Filed under: misc hacks, cons

Today at The Last HOPE, [Far McKon] from Philadelphia's Hacktory presented on community fabrication. Over the last few years we've seen a lot of different accessible rapid prototyping machines created. There's the RepRap, a fabrication machine that has achieved self replication; our friends at Metalab have gotten their own version of the machine running too. The Hacktory has recently acquired a Fab@home machine. Fab@home hopes to make manufacturing using multiple materials accessible to home users. Multiple materials means people have constructed objects that vary from embedded circuits to hors d'oeuvres. We can't talk about edible prototyping without bringing up the CandyFab machine, which fuses sugar. The Hacktory has enjoyed their machine so far, but have found the learning curve fairly difficult. While it's great to see the cost of rapid prototyping dropping, we'll be much happier when the ease of use improves.

Permalink | Email this | Linking Blogs | Comments

HOPE 2008: Wikiscanner 2.0

Eliot Phillips — 2008-07-18T19:50:00+00:00

Filed under: cons, news

[Virgil] presented the next version of Wikiscanner at The Last HOPE today. To build the original, he scanned the monthly database dump of anonymous edits and compared that against a purchased list of known company IP addresses. The 34.5 million edits account for nearly 21% of all edits. The idea was to unearth businesses and groups white washing critical pages. This only handles anonymous edits though. Users could log in to avoid having their IP reversed.

In the new version, [Virgil]'s team developed a "Poor Man's CheckUser". If you spend too much time editing a talk page, your session could end and when you hit save it attaches your IP. Most regular users will then log in and remove their IP. They found 13,000 username/IP address pairs by searching for IPs being removed and replaced with usernames. These are some of the most active users. Using this list, they could potentially uncover sockpuppets or potential collusion by top editors.
Another update to the Wikiscanner is based on the trademark database. In 2.0, companies are now associated with edits to their respective products. Link distance is also taken into account. So, pages that link to a corporation page are also tracked.

As part of a joke, [Virgil] compared a list of IP addresses that were specific to each MIT building. You can see exactly which building was editing the "tentacle rape" page. No, really, that's a real example.

Finally, [Virgil] showed some wiki tools that others have built: a tool for building graphs from arbitrary data, a tool that shows the age of text for credibility, and another that does an overview of all page edits.

Read | Permalink | Email this | Linking Blogs | Comments

HOPE 2008: Cold boot attack tools released

Eliot Phillips — 2008-07-18T18:45:00+00:00

Filed under: cons, security hacks

The team from Princeton has released their cold boot attack tools at The Last HOPE. Earlier this year they showed how to recover crypto keys from the memory of a machine that had been powered off. Now they've provided the tools necessary to acquire and play around with your own memory dumps. The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There's also efi_memimage which implements the BSD TCP/IP stack in EFI, but it can be problematic. aeskeyfind can recover 128 and 256bit AES keys from the memory dumps and rsakeyfind does the same for RSA. They've also provided aesfix to correct up to 15% of a key. In testing, they only ever saw 0.1% error in there memory dumps and 0.01% if they cooled the chips first.
We saw another interesting tool today: coreinfo is a library for the custom BIOS coreboot. Using it you can examine the memory directly without any damage.

The Q&A session at the end of [Jacob Appelbaum]'s talk included a discussion of possible countermeasures. We're convinced that this won't be solved until there's a fundamental change to RAM design. One of the interesting suggestions we heard was building a "RAM condom". It would be a riser card that the RAM plugs into. When the case intrusion system triggered it would blank the RAM. It's an interesting idea; anyone want to build it?

Read | Permalink | Email this | Linking Blogs | Comments

The trackable Last HOPE conference badge

Will O'Brien — 2008-07-18T17:48:00+00:00

Filed under: cons

While Defcon badges have taken on the habit of being hackable electronics, The Last Hope badge is taking a new shape this year. It's dubbed the Attendee Meta-Data project (AMD for short). Aside from the tombstonian dimensions, it features a trackable RFID tag that's going to be used to create a different sort of conference experience.

Sure, the creators might use the badges to make sure they meet all the lovely ladies in attendance, but the idea is to use the data to improve the conference experience for everyone. Attendees have the ability to add tags indicating their interests. Combine that data with actual location tracking and people can now network and interact based on what and who they're looking for. It's social networking coming full circle to include actual socializing.

Read | Permalink | Email this | Linking Blogs | Comments

HOPE 2008: The impossibility of hardware obfuscation

Eliot Phillips — 2008-07-18T14:20:00+00:00

Filed under: misc hacks, cons

The Last HOPE is off and running in NYC. [Karsten Nohl] started the day by presenting The (Im)possibility of Hardware Obfuscation. [Karsten] is well versed in this subject having worked on a team that the broke the MiFare crypto1 RFID chip. The algorithm used is proprietary so part of their investigation was looking directly at the hardware. As [bunnie] mentioned in his Toorcon silicon hacking talk, silicon is hard to design even before considering security, it must obey the laws of physics (everything the hardware does has to be physically built), and in the manufacturing process the chip is reverse engineered to verify it. All of these elements make it very interesting for hackers. For the MiFare crack, they shaved off layers of silicon and photographed them. Using Matlab they visually identified the various gates and looked for crypto like parts. If you're interested in what these logic cells look like, [Karsten] has assembled The Silicon Zoo. The Zoo has pictures of standard cells like inverters, buffers, latches, flip-flops, etc. Have a look at [Chris Tarnovsky]'s work to learn about how he processes smart cards or [nico]'s guide to exposing standard chips we covered earlier in the week.

Permalink | Email this | Linking Blogs | Comments

Toool picksets at The Last HOPE

Benjamin Eckel — 2008-07-12T18:00:00+00:00

Filed under: misc hacks, cons

Speaking of laser engraving, the blackbag blog announced that Toool has designed 2 unique picksets for The Last HOPE this year. First is the credit card sized snap-off set seen above. They have named this one The Last HOPE emergency pickset. The other pickset is a new version of the 'double sided pick' series. This set consists of picks with the same tool on either end, but they are sized differently. This set will contain 8 picks with promised improvements. If you are interested in more complex picks, check out the centipede.

Read | Permalink | Email this | Linking Blogs | Comments

Black Hat hackers face off in Iron Chef style competition

Juan Aguilar — 2008-07-07T19:40:00+00:00

Filed under: cons, news

Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month's Black Hat USA conference, where two experienced ~~hackers~~ security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]'s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won't see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don't have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.

Read | Permalink | Email this | Linking Blogs | Comments

Recon 2008 recap

Juan Aguilar — 2008-07-03T20:50:00+00:00

Filed under: cons, news

[Tiller Beauchamp] gave a presentation on applied reverse engineering in OS X at this year's REcon, but he also attended many of the other talks and gives his take on the highlights of REcon 2008 in a guest post on the ZDNet blog, Zero Day.

One of the highlights for him was Neohapsis's [Chris Smith] discussing virtual machines implementing code obfuscation. The method uses custom instructions and runtime interpreter, which can help make the task of reverse engineering markedly more difficult if implemented properly.

On the opposite end of the spectrum, [Beauchamp] noted [Gerardo Richarte]'s software reverse engineering tools that decompile and recompile software in iterative portions. This allows the recompiled software to be tested piece by piece. Be sure to read his post and see what you missed.

Read | Permalink | Email this | Linking Blogs | Comments

25th Chaos Communications Congress

Eliot Phillips — 2008-07-02T04:15:00+00:00

Filed under: cons

The 25th annual Chaos Communications Congress is happening December 27-30th in Berlin, Germany. They've just published their official call for papers. Last year's 24C3 was incredible and we'll take any chance we get to attend an event held by the fine folks in the CCC. We hope to see you there!

[via BoingBoing]

Read | Permalink | Email this | Linking Blogs | Comments

The Last Hope schedule finalized, preregister now

Eliot Phillips — 2008-06-30T17:50:00+00:00

Filed under: cons

The schedule for this year's The Last Hope conference in New York City has been finalized, and there's still time to preregister. Today is the last chance for overseas attendants to preregister, and the rest of you have until July 6th. A/V volunteers are still needed, so step up if you have the desire and skills.

The three-day conference will feature three tracks of scheduled talks, plus one track for unscheduled talks by registered attendees. You can view the full schedule interactively, in wiki format, or in conventional format. It takes place between July 18th and July 20th; hurry up and snag your tickets now. We're interested in all the talks, but [Chris Seidel]'s talk on biohacking, NYC Resistor's presentation about collaborative hardware hacking, and [Ray]'s demonstration on escaping high security handcuffs have us waiting in rapt anticipation. So who's going? What are you looking forward to? Let us know in the comments.

Read | Permalink | Email this | Linking Blogs | Comments

Defcon 16 schedule finalized

Eliot Phillips — 2008-06-28T01:05:00+00:00

Filed under: cons, news

If you were waiting to finalize you travel plans, now's the time; Defcon has published the final speaking schedule. The conference starts Friday August 8th in Las Vegas, NV and continues through Sunday with four separate speaking tracks. There's quite a few talks we're looking forward to: Silicon guru [Christopher Tarnovsky] from Flylogic will be hosting a breakout session on smartcard security. [Gadi Evron] will talk about the security implications of biological implants in the future. [Thomas Wilhelm] is going to cover building a mobile hacker space and the vehicle related hacks it requires.

Read | Permalink | Email this | Linking Blogs | Comments

Defcon badge hacking contest

Eliot Phillips — 2008-06-25T22:20:00+00:00

Filed under: contests, cons

[Joe Grand] is designing the Defcon badges for the third year in a row. Just like the previous years, they'll be hosting a badge hacking contest. This time around though, they're going to start leaking clues in advance. Earlier contests were often frustrating because of the specialized equipment needed to talk to the microcontroller. Hopefully this year it will be a lot more accesible. The specs for the badge have not been released yet, but after last year's 95 LED scrolling marque, we can't wait to see what this year will bring. [Joe] has posted info on the previous two badge designs and resulting contests.

Read | Permalink | Email this | Linking Blogs | Comments

Hacker conference videos

Eliot Phillips — 2008-06-25T21:20:00+00:00

Filed under: cons

Almost every security conference we've attended in the last year has uploaded videos from their speaker tracks. Explore the archives below, and you're bound to find an interesting talk.

[thanks, Dan]
[photo: ario_j]

Permalink | Email this | Linking Blogs | Comments

DefconBots sentry gun competition

Eliot Phillips — 2008-06-24T18:30:00+00:00

Filed under: robots hacks, cons

DefconBots is returning again this year with their shooting gallery robot competition for Defcon 16. They've decided to leave the rules unchanged from last year. It's a head to head competition between fully autonomous guns. The first gun to shoot all the targets on their side of the board wins. The rules aren't very strict on design; as long as you use nonlethal nonmessy amunition and include a safety switch you're pretty much good to go. The DefconBots site has a reference design to put you on the fast track to competing. Defcon 16 is August 8-10, 2008 in Las Vegas.

Related: [Aaron Rasmussen]'s sentry gun we covered back in 2005

[photo: Bre Pettis]

Read | Permalink | Email this | Linking Blogs | Comments

Pwnie awards 2008, nominations open

Eliot Phillips — 2008-06-24T05:00:00+00:00

Filed under: cons

Nominations for the 2008 Pwnie Awards have opened. The annual event, in its second year, is accepting nominations in nine categories ranging from Mass 0wnage to Best Song. The awards will be presented at the Black Hat in Las Vegas in August. Linux.com covered last year's awards ceremony.

[photo: GNUCITIZEN]
[via trailofbits]

Read | Permalink | Email this | Linking Blogs | Comments

The Last HOPE full speaker list released

Eliot Phillips — 2008-06-19T18:20:00+00:00

Filed under: cons

The Last HOPE has just released a list of all the schedule talks at the conference. 97 different talks will be divided over three tracks during the course of the three day conference. It looks like a lot of interesting events will be going down. The Cold Boot encryption attack tools will be released. Representatives from Graffiti Research Lab will be showing The Complete First Season and unveiling their One Laser Tag Per Child system. Virgil Griffith from WikiScanner will be mining even deeper into the wretched hive of scum and villainy. Karsten Nohl will present why hardware obfuscation is an impossibility and how they defeated the MiFare crypto. The Last HOPE will be in New York City July 18-20, 2008

Read | Permalink | Email this | Linking Blogs | Comments