After looking at the new features listed for Windows 8, one in particular caught my attention: The Picture Password Login.
It is a very refreshing approach to authentication!

You are presented with a photo at log in and instead of entering a password, you have to touch the image according to the “allowed” touch sequence you registered your user with. In some respect it is similar to the existing gesture based authentication mechanisms you can find on some smartphones (anyone remember that feature on the Palm V?!), but I think it is taken to the next step.
Microsoft is maybe trying to do to passwords what Apple did to the Walkman.

By providing you with a photo of your choice (i.e.: your own family picture), and a restricted number of gestures (point, draw a line and circle) it is easier to remember a sequence, more natural and more personal. For exemple, you would circle the head of your best friend, touch the feet of your child and stroke your dog&...
>>[READ MORE]

There is a new vulnerability with iOS5 powered device with a SIM card. I have tried it and it works.
You need to know the number of your victim and by combining a missed called, removing the SIM card, putting it back in and swiping the missed call alert it is possible to bypass the lock screen and access the phone.

Look at the video from the weirdly named group called iPhoneIslam, you need to get the timing right!

YouTube Direkt

The BBC has recently ran an article about a hacker who has published details on how to hack a certain type of webcam. This story is interesting for several reasons.

First, it further highlights how fragile our privacy has become since we live in a digital world with details of our life being kept on the internet: personal blogs, twitter feeds, Facebook or Government/Health records, etc. All this data is available online if you have the right access to the system it is held on. But it is not just still photos or lines of texts, it can also be live pictures through personal webcams or state surveillance cameras. Again, that data is available if you have the right credentials. In this case, hundreds of Trendnet webcam users thought/thinks their live video feed was protected through the use of a userid and password, but a bug in its firmware allows anyone to access it by...
>>[READ MORE]

By websites, I should really have said Web Applications, but the end result is the same: A server which is serving pages on the Internet could see its CPU usage increasing to a level making that server unusable for a few minutes or more. All that from a relatively small specially crafted malicious HTTP request.

This vulnerability exists in most languages used to develop web applications: PHP, ASP.Net, Java, Python, Ruby, etc. And it has been known to exist in theory since 2003!

Last week, Alexander Klink and Julian Wilde explained at the 28th Chaos Communication Congress in Germany how exactly the theory became reality and the impact on the different web application languages were affected.

The core of the issue is the way hash lists have been implemented in those languages. By “Hash” they both refer to a specific type of data structure and the cryptographic function. A ...
>>[READ MORE]

Two vulnerabilities in iOS5 have recently been discovered, one is affecting the iPad2 and the other the new iPhone 4S. In both cases it allows anyone to bypass any lock/passcode to gain unauthorised access to the device.

1) iPad 2 + iOS5 + SmartCover = Anyone can unlock your iPAD
This only affects iPad2 with iOS5 and the smart cover set to automatically lock the device.
With a locked iPad2, keep pressing the power button until you see the screen telling you to swipe to turn off, close the smart cover, reopen it and push the CANCEL button.
This will give you access to the latest application that was used. It means that if you were on the application listing screen you will be able to see all the applications installed on the iPad, but you will not be able to open any otherapplications. This is because you are in the “finder”/”Explorer” application.
But it also means that if before you closed your smart cover to lock ...
>>[READ MORE]

Brute force password cracking has been around for a while but in the last few years a new way to use your brand new graphic card has emerged which brings high performance attacks against passwords much cheaper and easier.

This is because the “brain” of those graphical card, The Graphical Processing Unit or GPU, is designed to handle mathematical and repetitive tasks very efficiently.

There is a very good article about this topic on the ERRATA SECURITY blog with some interesting facts:

– Although GPU are now found in most electronic devices (i.e.: phones), dedicated PC cards are obviously better

– Radeon is better than GeForce

– Although you can use more than one GPU, the benefits are not exponential and most people only need 1 or 2 GPU.

– This is because past 8 Characters, a password become near impossible to brute force....
>>[READ MORE]

I just came accross an interesting attack on the Secure Real Time Protocol (SRTP) using Variable Bit Rate codecs (VBR). That protocol is used to secure voice or IP communication by encrypting the transmitted data.

The attack is described in this draft paper but for the the full details you should take a look at the very comprehensive white paper here which dates back to 2008.

It usesthe phoneticpronunciation of words to identify patterns in the VBR encoding which can be used to bypass encryption and identify phrases as well as the language spoken. So this attack does not target individual words, but phrases or sentences.

Although the paper claims in some cases a success rate of 90% it has an average of 50% success, which is already good enough! What is ...
>>[READ MORE]

The video below would be a really great hack, but it seems toonly be a hoax for a couple of reasons:

– It is unlikelysuch hacker would be showing his face so willingly.
– Apparently to hack those wireless billboard you would attack first the central “billboard broadcasting computer”.

Now… if the wireless communications to those billboard was unsecured, then it could be a different story :)

YouTube Direkt

Below is a very good article describing the recent battle between the Anonymous Hacking group and the HBGary company.

In a nutshell, a security company, “HBGary”, who is also working for the US government was about to release what they think were the identity of a hacking group called “Anonymous” who conducted some high profile hacks against large organisations who were against the wikileaks website. The hacking group response was swift and brutal, they hacked the HBGary websites, defaced them, hacked into the owner’s email account and grabbed lot of user personal information from one of the company’s related website, rootkit.com

It provides a good example of the old adage “do what I say not what I do” but this time in the world of IT Security. Of course you can almost never get IT Security 100% right, but in that case it would seem some of the security weaknesses that were exploited should have never been...
>>[READ MORE]