Entries Tagged "hacking"
Page 60 of 72
Brazilian Logging Firms Hire Hackers to Modify Logging Limits
Some Brazilian states used a computerised allocation system to levy how much timber can be logged in each area. However, logging firms attempted to subvert these controls by hiring hackers to break systems and increase the companies’ allocations.
Greenpeace reckons these types of computer swindles were responsible for the excess export of 1.7 million cubic metres of timber (or enough for 780 Olympic-sized swimming pools, as the group helpfully points out) before police broke up the scam last year. Brazilian authorities are suing logging firms for 2 billion reais (US$833m).
Remote-Controlled Thermostats
People just don’t understand security:
Mr. Somsel, in an interview Thursday, said he had done further research and was concerned that the radio signal—or the Internet instructions that would be sent, in an emergency, from utilities’ central control stations to the broadcasters sending the FM signal—could be hacked into.
That is not possible, said Nicole Tam, a spokeswoman for P.G.& E. who works with the pilot program in Stockton. Radio pages “are encrypted and encoded,” Ms. Tam said.
I wonder what she’ll think when someone hacks the system?
Hacking a Teleprompter
EDITED TO ADD (12/4): Consensus is that it’s faked.
Victoria's Secret Competition Gets Hacked
Colleges aren’t assigning enough homework these days.
In seriousness, it’s hard to prevent ballot stuffing in online polls.
WPA Cracked
EDITED TO ADD (11/11): A really good article, and the actual paper.
Speeding up WiFi Hacking with Hardware Accelerators
Elcomsoft is claiming that the WPA protocol is dead, just because they can speed up brute-force cracking by 100 times using a hardware accelerator. Why exactly is this news? Yes, weak passwords are weak—we already know that. And strong WPA passwords are still strong. This seems like yet another blatant attempt to grab some press attention with a half-baked cryptanalytic result.
How to Clone and Modify E-Passports
The Hackers Choice has released a tool allowing people to clone and modify electronic passports.
The problem is self-signed certificates.
A CA is not a great solution:
Using a Certification Authority (CA) could solve the attack but at the same time introduces a new set of attack vectors:
- The CA becomes a single point of failure. It becomes the juicy/high-value target for the attacker. Single point of failures are not good. Attractive targets are not good.
Any person with access to the CA key can undetectably fake passports. Direct attacks, virus, misplacing the key by accident (the UK government is good at this!) or bribery are just a few ways of getting the CA key.
- The single CA would need to be trusted by all governments. This is not practical as this means that passports would no longer be a national matter.
- Multiple CA’s would not work either. Any country could use its own CA to create a valid passport of any other country. Read this sentence again: Country A can create a passport data set of Country B and sign it with Country A’s CA key. The terminal will validate and display the information as data from Country B.This option also multiplies the number of ‘juicy’ targets. It makes it also more likely for a CA key to leak.
Revocation lists for certificates only work when a leak/loss is detected. In most cases it will not be detected.
So what’s the solution? We know that humans are good at Border Control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job ‘assessing’ the person and not just the passport. Take the human part away and passport security falls apart.
EDITED TO ADD (10/13): More information.
Sidebar photo of Bruce Schneier by Joe MacInnis.