Forgot your password?
typodupeerror
Cellphones

+ - Cellphone interception at Defcon->

Submitted by ChrisPaget
ChrisPaget (229422) writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."
Link to Original Source

+ - AT&T breach worse than initially thought?->

Submitted by ChrisPaget
ChrisPaget (229422) writes "I'm somewhat of an authority on GSM security, having given presentations on it at Shmoocon and CCC (I'm also scheduled to talk about GSM at this year's Defcon). This is my take on the iPad ICCID disclosure — the short version is that (thanks to a bad decision by the US cell companies, not just AT&T) ICCIDs can be trivially converted to IMSIs, and the disclosure of IMSIs leads to some very severe consequences such as name and phone number disclosure, global tower-level tracking, and making live interception a whole lot easier. My recommendation? AT&T have 114,000 SIM cards to replace and some nasty architectural problems to fix."
Link to Original Source
Upgrades

+ - Alienware refusing customers as criminals->

Submitted by
ChrisPaget
ChrisPaget writes "Thinking about buying Alienware? Think again. After buying an almost-new Alienware laptop on eBay, I've spent the last week trying to get hold of a Smart Bay caddy to connect a second hard drive (about $150 for $5 of bent metal). 4 different Alienware teams have refused to even give me a price on this accessory, instead accusing me of stealing the machine since I didn't buy it directly from them. Details here. All I have to do is persuade the seller to add me as an authorized user of *his* Alienware account — they have no concept of "ownership transfer" and instead assume that if you're not in their system, you must be a thief."
Link to Original Source

Comment: Re:Protection (Score 1) 154

by ChrisPaget (#26702343) Attached to: WarCloning, the New WarDriving?

The shield that comes with the passport card is effective, at least as far as my research so far has suggested. It's worth mentioning though that according UW / RSA, the shields supplied with the electronic drivers license in Washington are ineffective at preventing reads (although they do reduce range somewhat) - http://www.rsa.com/rsalabs/node.asp?id=3557

Security

+ - WarCloning - A new hacker sport? (NOTE: Fixed URL)

Submitted by ChrisPaget
ChrisPaget (229422) writes "After my legal skirmishes with HID a while back, The Register has coverage of my latest RFID work — cloning Passport Cards and Electronic Drivers Licenses from a moving vehicle. Full details will be released at Shmoocon this weekend, but in the meantime there's video of the equipment and articles all over the place. Buy me a beer if you see me at the con! :)"
Security

+ - WarCloning - A new hacker sport?

Submitted by ChrisPaget
ChrisPaget (229422) writes "After my legal skirmishes with HID a while back, The Register has coverage of my latest RFID work — cloning Passport Cards and Electronic Drivers Licenses from a moving vehicle. Full details will be released at Shmoocon this weekend, but in the meantime there's video of the equipment and articles all over the place. Buy me a beer if you see me at the con! :)"

"Falling in love makes smoking pot all day look like the ultimate in restraint." -- Dave Sim, author of Cerebrus.

Working...