Is Blackdragon doing the notes this week? if not, I'll get it started...
Stories for Discussion
How do you know your code is secure? - [Joe] - Wait until someone pwns it, of course! I like these quotes: "The more complicated the program is, the harder it is to get it right. It's really hard to tell the difference between a program that works and one that just appears to work"
"bugging" coins with RFID - [Joe] - "Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence. Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology." [Larry] - Holy crap! Besides the potential tracking and provacy issues, I want one! Any Canadians care to send me one?
We are controlling transmission - [Larry] - This hack is old, but very neat. Chicago, Novermber 22, 1987, Chicago land viewers for to see Max Headroom and a naked butt on the TV instead of Dr. Who. Apparently someone was able to inject their own data in to a licensed microwave transmission array. Alegedly, the equipment could have been rented for about 25K, or built by hand. Either way, it was illegal to operate - just because it is illegal or expensive, doesn't mean hackers won't do it
Apple's Bug Fix tool...is Buggy! - [Joe] - "Vulnerability researchers behind the "Month of Apple Bugs" project, which aims to publish one flaw per day throughout January in software used on Apple platforms, announced on Monday that they have found a vulnerability in a tool that is used by a group involved in finding fixes for the flaws. APE is a third-party piece of software, written by Unsanity, designed to "enhance and redefine" the behavior of applications running on Apple platforms. APE loads plug-ins containing executable code into active applications. Month of Apple Fixes uses the software to apply run-time patches to the flaws found by the Month of Apple Bugs project. The patches insert themselves into applications when they run, find the vulnerable code and apply themselves."
SPAM decline? - [Larry] - Spam rose to unbelievable levels before the Holidays, now where did it all go? Rumor has it that a large botnet went all pear-shape. If the bot-nerder owns it, who does?
How to catch a mole - [Larry] - More MOAB craziness. Release an "exploit" earlier to those trolling the site before releases. PWN3D!
Where's Nick? - [Larry] - Lindend labs release the code to the second life client - Open Source.
More Raul - [Larry] - More of Raul's great article on wireless forensics.
Irongeek's HP Printer hackin' - [Larry] - Updated to include the FTP exploits a few shows ago. Adrian, Please drop Joe a note.
Just a Little Old Fashioned Hotel Proxy'n - [Joe] - My boss showed me this little blog story. This might be old news, but it strikes me as one of those buyer beware situations- even though you're paying money to use the internet, it doesn't mean the hotel is looking out for you and your security/privacy