There will be a new national register of mobile phone users in Mexico.

Under a new law published on Monday and due to be in force in April, mobile phone companies will have a year to build up a database of their clients, complete with fingerprints. The idea would be to match calls and messages to the phones’ owners.

(underlining added)

Mexico has a very strong culture of using prepaid phones.

There is an interesting article about NetBSD becoming the new os on the tmobile sidekick. While NetBSD can run on just about any kind of relevant hardware, running NetBSD on the sidekick and painting a nice GUI (with the help of Danger probably) should be lots of fun. As an end result, could this not rank as the most secure mobile device if nothing else?

What started off nicely in 1992 and promised the much needed privacy to cordless communication at home, has been brought into a halt a few days ago with the practical approach to eavesdropping on DECT communication.

DECT or Digital Enhanced Cordless Telecommunication is a widely used standard for cordless devices, mainly phones, but not limited to it, several POS or Point of Sale devices as well use the standard to communicate in a cheap and secure manner.

The DECT standard itself was not broken, but rather using a cheap off-the-shelf device that is able to receive (not yet transmit) DECT based data, the researchers have been able to prove that eavesdropping on the communication channel is possible.

Most interesting to me as a reader of the paper is that what stopped people from ‘breaking’ it till now, was the lack of hardware, or moreover the lack of cheap hardware, to experiment with, now with the availability (it has been around for a while) of COM-ON-AIR device and its character device (or raw software driver) things have been made a lot easier.

You can read more on this at deDECTed.org

Did you vote in the last election? If not, you should have. If so, did it really count? I mean, literally, besides the aspect of consideration, did your ballot reach the total counter?

Many people who are part of a democracy and have this magical ‘right to vote’ (There is no amendment or part of the US constitution that directly states that Americans have the right to vote; only that you cannot be discriminated against via race or sex, and you must be at least 18 years of age. Look it up and you’ll see that it is only indirectly implied) probably question where their votes really go each and every time they leave the polls.

Furthermore, the most important question should be this: If election fraud is part of our elections, and we all know at least some part of it is, how can we prevent it? The simple answer is, we can’t. Electronic voting machines are a joke. Really, the security on these machines are inferior to the most common lock and key at the dollar store. Security on these ‘secure’ election devices is comparable a Windows 98 (SE!) box running ZoneAlarm (pro!).

Wouldn’t it be nice and convenient to be able to vote via the Internet, without ever having to leave your home? Sure it would be. Safe though? Not in this century. If you have Netflix or any other movie service, you should add this to your queue: Hacking Democracy. Watch it, learn it, believe it. Do not hesitate at all to think its real. ITS BEEN PROVEN! Not a believer? Just wait around our next big election — we’ll see who wins.

Xyberpix posted his challenge without giving us any advance notice, but being the ego-driven macho man that I am, even with mediocre writing skills, I can’t not accept it.

So here’s a random thought for the day. AppleTV is a useless brick unless hacked to run something like boxee or another front-end player for custom movie files. It’s safe to say most AppleTV users use it to play content outside iTunes.

The latest AppleTV update (version 2.3) has two interesting qualities.

One, it fixes several vulnerabilities involving playing malformed movie files (kuddos for ZDI for the finds). It shouldn’t be difficult to compare 2.3 to 2.2 and find where the problems are exactly. Some reverse-assembly requires, but definitely doable.

Two, it breaks many of the hacks like mounting external USB drives, and creates problems for applications like boxee.

From problem #2, I’m willing to guess many (most?) of the ATV users that hacked the machine haven’t upgraded. From problem #1 I know that those who haven’t upgraded are vulnerable. They will remain vulnerable for some time, until the hacks improve and find a way around this infamous update.

So will we see an attack targeting AppleTV any time soon? It’s a cute little linux-based device that sits in the network with a connection to the local home LAN. All it takes is the right AVI on the piratebay (or youtube?) to create a little AppleTV zombie net.

Time to share information about three vulnerabilities reported in Apple iPhone recently.

There is a phishing vulnerability and a spamming vulnerability, which Aviv Raff has reported this month.

The phishing flaw exist in iPhone’s Mail application. With a specially drafted link it’s possible to convince the victim that the link is trusted. Including the address bar, naturally – see Raff’s screenshot here [.jpg].

The second problem is that downloading remote images is not disabled in Mail, i.e. the Web Bug flaw exists in the application and there is no ways to disable that “feature”.
The third one is a SMS security issue found by the son of blogger Karl Kraft, described below:

Those settings block the display of incoming text messages and show an alert saying “New Text Message” if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.

And then:

“Thus all I need to do to intercept the messages from his girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message,” Kraft writes.

That was reported (yes, by his father) in iPhone version 2.1 (5F136) – the most recent version too.

I have never understood news articles using terms like ‘claims’ and ‘rumors’ when reporting about several vulnerabilities reported in Nokia Series 40 (S40) phones.

Adam Gowdiak from Poland is a well known researcher, man behind Windows RPC issue MS03-026 etc.

Sun has confirmed that older versions of Java 2 Platform Micro Edition (J2ME) are affected (this was on 15h Aug already) and Nokia confirmed these issues today (let’s say, at last).

It is not known if Sun Microsystems or Nokia Corp. paid €20 000 to Gowdiak, last week or possible later.

Some references:

Security Explorations: J2ME security vulnerabilities 2008
MIDP’s and MIDlets put tens of millions Nokia S40 phones in danger

Update 22nd Aug: From IDG.no:

“Gowdiak would not disclose if he was paid, but said that only reputable, vetted companies that pay would get the full research, which amounted to 180 pages and 14,000 lines of proof-of-concept code.

Nokia has a complete copy of Gowdiak’s research, said Mark Durrant of Nokia’s corporate communications.”

A few media sources seem to be picking up a press release from the University of Michigan.

http://www.ns.umich.edu/htdocs/releases/story.php?id=6666

This reports on “CloudAV,” a project and series of papers about having antivirus  etection run “in the cloud” rather than on the PC.

http://www.eecs.umich.edu/fjgroup/cloudav/

As usual, there seems to be some misunderstanding about what is going on here.   CloudAV is not really a new approach, it is simply the use of multiple scanners, which the  AV research community has advocated for years.  It’s like having a bunch of scanners installed on your desktop, or a system like Virustotal, with the exception that the scanners run on different computers so you get a bit of performance advantage (absent the bandwidth lag/drain for submitting files to multiple systems).

I’m a dinosaur.  I freely admit it.  I use computers for far too long.  I use programs for even longer.

My word processor of choice is WordPerfect.  Version 4.2.  It does what I need, since most of what I do in terms of writing has to do with actual writing.  In other words, words.  Text.  I don’t care much about graphics, desktop publishing (does anyone even know what that means anymore), or mindmaps.  I’ve been using WordPerfect since 1985, although I admit I’ve moved up from 4.1 to 4.2 in the early days.  My wife uses a much more advanced version: she uses 5.1, since she does more with actually printing stuff out.
Over the years I’ve had to learn a few tricks to get WordPerfect to run, and print, with various versions of MS Windows.  (I’ve actually got a copy of WordPerfect Office 8 for Windows around, but it really was kind of a step backwards, so we’ve never really used it.)  Recently the (very old) HP LaserJet 4L that we’ve been using (for quite some time) started printing messy pages.  It was the advice of people in the printer biz that it would be cheaper to buy a new printer than to have the old one cleaned.  Since a new HP LaserJet P1005 was slightly less than $60 (getting a USB cable for it cost almost half again as much, and getting a new cartridge for the thing is even more) this seemed to be the case.

So, my Scottish soul bemoaning the fact that I was sending an almost-perfectly-good printer to the recycling centre, I got a new printer, and installed it.  The print quality is fine (slightly better than the old machine) and it even prints faster.  Under Windows, it’s just fine.

As I said, I’ve had to learn a few tricks over the years to keep the old proggie printing, so I knew about “net use lpt1:.”  DOS programs want to use the old parallel and serial ports, and desktop printers don’t come with those ports anymore: they all use USB.  So you have to install the printer, and then fake DOS out by redirecting the LPT1: output to the installed printer.  Set it up, fired up WordPerfect for a test, and tried a page.  Nothing.

Opened up the print queue and watched.  Job went to the print queue all right, stayed for about a minute, disappeared without an error–and nothing came out of the printer.  “Net use” is obviously working, but the printer isn’t.
Asked for help from HP.  Got back a message saying to turn on Microsoft Loopback Adapter.  Even had detailed instructions on how to do it.

Trouble is, MLA is only useful if you haven’t got any kind of a network.  The “net use” stuff won’t work if you haven’t got a network, so using MLA kinda pretends you’ve got a network, so the redirection stuff works perfectly happily.  (Is it just me, or is there something wrong with a technology that requires you to hack your own system to use basic and normal functions?)  Since everybody who has a high speed connection to the Internet these days (and that is a pretty large majority) has a “local” network, MLA is pretty much unnecessary.  So I replied back to HP thanking them and explaining
why their workaround didn’t help much.  Got back a snarky reply saying that they were just trying to help, and telling me to do it again.  No help from HP, then.

Turned to friends.  (Probably where I should have started in the first place, right?)  Got some suggestions to use PRN2FILE (old and free), DOS2PRN (newer and shareware), and Printfil (newer and very commercial).  All of these basically do the same thing as the “net use” command, so they didn’t help very much.

Another friend looked to the online documentation at HP.  (You don’t get any documentation with printers anymore.  Not even for the installation.  If I hadn’t installed an HP combo scanner a few years back I wouldn’t even have known that you have to install the software and start the setup running before you connect the printer.  HP doesn’t even include a sheet telling you that anymore.)  As far as he was concerned it should work, since the printer I had did support the HP PCL.  Unfortunately, the documentation isn’t very good on versioning.  You see, there is not only an HP LaserJet P1005, there is also an HP LaserJet 1005, as well as an HP LaserJet 1500 series.  The HP LaserJet P1005 doesn’t have PCL.  I’d bought a (*&^@#+”~ Winprinter.

OK, that’s it. right?  Game over.  You can’t make a Winprinter, which basically expects a bitmap from MS Windows, to print anything else.

Not quite.

Enter yet another friend with a pointer to http://www.columbia.edu/~em36/wpdos/winprint.html#usbprint.  Good old Columbia U.  (Good people at Columbia.  They brought us Kermit.  You’ve never heard of Kermit?  Kids these days …)  Starting there, I eventually found http://www.columbia.edu/~em36/wpdos/v5macroanyprinter.html.  I mean, how particular do you need to get?  Not only is it specifically for WordPerfect version 5.1, it even has a Ghostscript printer driver, and the macros to make it all happen with one keystroke.  Beauty job, guys.

I should also mention the Ghostscript and Ghostgum people.  I’ve actually been aware of those programs for some time.   I used to use them for reading PDFs, since it was generally quicker and more useful to use them than the Adobe reader products.  (I haven’t been able to turn WordPerfect docs into PDFs just yet: something odd with the GSviewer macro, but at least I know it’s possible.)

There’s always more than one way to skin a computerized cat …

I recently added a contact to my BlackBerry PIN network. The contact was informed of this via an email, and then went on to reply (accept) to this email based invitation.

The response sent from his blackberry was not visible in his “sent” folder, nor was it visible in my “inbox” as apparently BlackBerry has the ability to secretly delete emails as soon as they are processed – thus making it do things a bit “under the radar”.

It’s not yet clear to me how difficult it is to do this manually – adding of a contact to your BlackBerry PIN list – but here are some clues on the email mechanism. Apparently, you need to include in the subject and in the beginning of the message body (subject works in most cases – html appears to behave differently) the following string:

< $RemoveOnDelivery,SuppressSaveInSentItems>

You can combine the above in the subject line with confirm, which will cause BlackBerry to send back a delivery confirmation, combined with the deletion and suppression of saving the item:

< $confirm, RemoveOnDelivery,SuppressSaveInSentItems>

2007 was the brazilian Christmas for laptops, definitely. Finally the prices are reasonable in retail stores, now one can buy a basic laptop for about R$1.600,00 (about US$950). That’s expensive for a 256MB / 512MB Celeron PC, but hey, that’s much better than feeding the parallel market of “contrabando”.

As a side effect, more Muni Wi-Fi and similar initiatives are emerging in the last few months. The last one came to my attention yesterday: Wi-Fi in Copacabana beach.

Sounds cool, huh? Caipirinhas, lots of hot girls in fio dental, and Wi-Fi (you geek!). Don’t do it, man.

Burglars in Brazil are smart, so be a ninja with your laptop in Brazil. Let your Targus bag at home, it looks like “hey I have a laptop, please steal it from me Mr. Bag Guy”. Be a ninja with other gadgets like iPods, digital cameras and cell phones too. Nothing in your belt too, Mr. Batman.

Wi-Fi in malls is relatively safe, just take care when you’re leaving the place, looking back is always good. Airports are safer, but take care in your way to the hotel, when you’re waiting for a taxi. Recently a gang was arrested, they were specialized in laptops. You know, it’s easy to know you have a laptop because people help burglars a lot: suits and backpacks (specially Targus and other mainstream brands) don’t mix.
Another tip: the vast majority of hotspots in Brazil are associated to Vex, so purchasing some credits before you leave your country in a safe network would be interesting. Another tip, actually a homework before you leave your country: backup your data, protect your HD with a password if available, encrypt the file system, have your VPN set.

Via: Praia de Copacabana deve ter rede Wi-Fi até junho (FolhaOnline 01/02/2007)

This report of F-Secure’s Mika Ståhlberg states that MicroVault USM-F fingerprint reader software shipped with that Sony USB stick installs a driver that is hiding a directory under C:\Windows.

And – reportedly the guys of FS research laboratory

also tested the latest software version available from Sony at www.sony.net/Products/Media/Microvault/ and this version also contains the same hiding functionality. [added a hyperlink]

Hmmm – time to wear my white T-shirt with text familiar to many readers – “Most people don’t even know what a rootkit is, so why should they care about it?”

i’d expect this from new software companies, maybe. but the big ones seem to keep doing this.

default passwords, especially in widely distributed devices, are bad. no, really. enough with these already.

iphone root password cracked
we managed to obtain and crack the hashs of the user passwords for the iphone os. more information could be found at our development wiki here (link removed).

edit: cause you digg people broke the poor wiki:

the password for root is “alpine”
the “mobile” user accounts password is “dottie”

is it sick to have root pasword to all iphones worldwide? well not really, there is no terminal yet to login :p

http://www.hackint0sh.org/forum/showthread.php?t=1323

gadi evron,
ge@beyondsecurity.com.

Saar Drimer and Steven Murdoch, members of Security Research Team of University of Cambridge Computer Laboratory have introduced their detailed analysis entitled “Chip & PIN (EMV) relay attacks”.

Link to the very interesting blog posting is here. Picture of the credit card, ‘fake terminal’ and their device included.

These researchers are the guys behind the Chip & PIN terminal playing Tetris too, YouTube video (49secs) here.

in the public hacking world, so far we have mostly seen usb technology from security vendors… not the attackers side.

a few years ago we had discussions on pen-test, and later bugtraq and fd on these risks, following an article in 2600 and a post from me on the risks digest. on pen-test, harlan carvey and others also followed up.
since then there have been multiple threads everywhere. this was not new back then, either, imo.

back then i mainly addressed the risk of driver attacks (now more acknowledged since blackhat 2005 and blackhat 2006 presentations on the subject appeared), and didn’t get much attention. hackers did not know usb technology that well and most did not see what the heck drivers had to do with it.

what did come up were the risks of autorun technology (which is a simple solution to making usb devices execute code). these were not as easy as they first appeared, and did not work if windows xp’s screen saver was active. still, things were interesting and my fav quote of: the janitor is the richest person in the organization, got some interest.

today, with several usb buffer overflow discovered (mostly in the linux kernel) and driver attacks getting more attention, i came across the following blog entry by xavier ashe.

in his blog he discusses a usb autorun technology which is actually an hacking tool, (more…)

The cute device Knows Your Name Elmo, has been recently hacked to say bad things as ELMO EAT WHALE AND SEAL.

I am sure this isn’t a sesame street approved sentence

For now the the hacking of the device is pretty crude, and many details on its inner workings are still missing, but with time the customization options on this device are bound to become available.

I am waiting for a coffe making device that will do my bidding, but a Elmo coffe making device will be also great

More details at this link.