Forgot your password?
typodupeerror

+ - Sniff and decrypt BLE with Ubertooth->

Submitted by mpeg4codec
mpeg4codec (581587) writes "Hot on the heels of Omri Iluz's BLE-sniffer-on-the-cheap, I decided to write up the BLE (Bluetooth Smart) sniffer I built on Ubertooth. My sniffer is highly robust, can capture data from connections, and is 100% open source.

I also discovered a major flaw in BLE's crypto that allows an attacker to crack its encryption key and decrypt data, 100% passively. I wrote a tool called crackle that will automatically decrypt encrypted BLE data captured by Ubertooth."

Link to Original Source

Comment: Classified. You keep using that word. (Score 1) 243

by Da w00t (#45390293) Attached to: Apple Developing Curve Screen iPhones and Improved Sensors
I do not think it means what you think it means. Classified documents originate from a classification authority. There is no classification authority within Apple. Classification authorities are within the state and federal government. While Apple is large (and last I heard had more money than the federal reserve), that doesn't mean they can classify documents :)

Now, there can be trade secrets, that's an entirely different thing. :)

Comment: So, that KORUS treaty is still a problem, I think. (Score 4, Interesting) 378

by Da w00t (#44882411) Attached to: Obama Asks FCC To Make Carriers Unlock All Mobile Devices

Comment: Go with Linode. (Score 1) 375

by Da w00t (#38481512) Attached to: Ask Slashdot: Best Inexpensive VPS Provider?
I've been a customer for what feels like 10 years now. Their support is great, they have knowledgable people and yes, you do get root. You can have console access, just not graphical console access. (Who would want X running on a colocated server anyway?)

Here's their faq: http://www.linode.com/faq.cfm - They've got a great community, go pop on IRC on irc.oftc.net and join #linode. Ask your questions there if there's something you want to know that isn't in the FAQ.

Here's a referral link - you don't really need to use it, but if you do I'll get some free service as a thank you for referring you.

http://www.linode.com/?r=8304c52b0c2b67372d5dcbe998ee4e04271275d6

Comment: This explains why I still have a job. (Score 1) 388

by Da w00t (#38288104) Attached to: IT Pros Can't Resist Peeking At Privileged Info
I used to do sysadmin work professionally, and I still do it personally (I have a Linode VPS) where I host my personal e-mail, website, jabber server, and personal e-mail of family members. It's just one of those things that as a geek a lot of us end up doing.

One of the unspoken golden rules of trust was this: don't fucking read other people's e-mail. Period.

Now I do information security, where I keep my employer's network safe. This includes both external, and internal threats - such as domain admins going rogue, and abusing their powers (I've seen it happen, and wrote up the incident). It really bothers me that 1 out of 4 "IT Professionals" are unprofessional enough to violate the trust that has been granted them.

Comment: Valve != iD I suppose (Score 2, Informative) 520

by Da w00t (#33339682) Attached to: Steam Not Coming To Linux
iD software has historically produced Linux versions of their games; I remember fondly playing the quake(s), and doom 3 under Linux. While there have been lots and lots of reports over the years showing there is a Linux gaming market, it isn't a large enough market share for these game developers to put serious effort into it. I bet some of them actually see developing for Linux as a hindrance, even though most big game dev companies essentially abstract-out the bits between PS3, XBOX, Wii, PC, etc that are different.

Comment: Re:Well... (Score 1) 546

by Da w00t (#32039780) Attached to: Sony Sued Over PS3 "Other OS" Removal
One for me please. I want to know how to join too. In the mean time I'm boycotting everything that is sony. Which is hard, because they've already got thousands of dollars of my cash. But I won't be doing any of the following:
  • Going to the movie theatre (sony pictures)
  • Listening to sony music (I havn't bought RIAA music in years, so this isn't hard)
  • Purchasing sony hardware (AV equipment, etc)
  • Purchasing any video games

Comment: Things to do to lose me as a customer (Score 5, Informative) 373

by Da w00t (#31882184) Attached to: Media Industry Wants Mandated Spyware and More
Disable all analog outputs on my high definition devices (such as blu-ray players) - this is coming up in a couple years.
  • This makes a feature I paid for on my $1000 USD receiver for "multiple zones" absolutely useless. That very same feature is also crippled by default by Sony such that *only analog* video and audio can be piped to the other zones.

Charging extra for "digital download" for content I have already purchased a license for

  • I've intentionally not purchased many blu-ray discs because of the absurd crypto on them preventing me from watching that content on something besides a severely locked down combination of HDCP compliant players and display sets. When blu-ray's crypto is 100% broken like CSS for DVDs, then I'll start purchasing all my favorite shows in high definition on blu-ray. Until then, I'm downloading shows that I watch on TV in the US via BitTorrent.

Cable Companies that set the CCI bytes such that TV shows can't be transferred from one DVR to another

  • http://www.zatznotfunny.com/2009-09/tivo-and-the-cci-byte/ Cox Communications (my cable TV and cablemodem internet provider until I get Verizon FiOS) sets the CCI bit to prevent me from moving content off my TiVo. FiOS doesn't set these CCI bytes, and permits "multi room viewing" on both TiVo DVRs and their own FiOS DVRs. I've been working approximately a 66 hour work week for the past month and a half, and I can't be sure that when I have time between work and sleep to watch a TV show that it will be present on my DVR because other programs have been recorded and replaced it. So, back to BitTorrent.

MPAA/RIAA/friends suing their consumers instead of getting with the program and adopting the new world that they find themselves in

  • I stopped buying CDs entirely. I stopped buying music entirely. I now find music that I enjoy much more than the cookie cutter "formula" stuff I hear on the radio that artists put on their own website available for free. And you know what? I paypal them money as a thank you for producing the music. Direct cash to the artist. If you like ambient/chillout electronica, go to http://www.scene.org/ and look up the artist Xerxes.

Take away features with a software update

  • Yep, I'm pissed that instead of Sony fixing a software problem with a patch, they remove a feature all together. When was the last time that Microsoft told you that they were retroactivly removing support for Mice and all pointing devices in Microsoft Windows because of a Click-Jacking vulnerability? Fix the hardware or software bug you made and don't negativly impact your consumers, or live with the fact that users will get what they want out of what they purchased. Licenses be damned, I'll take a soldering iron to my Sony PS3 if I damn please.

Comment: Be weary of upgrades if your /boot is small (Score 1) 236

by Da w00t (#29828667) Attached to: Fedora 12 Beta Released
I was bit by the preupgrade CLOSED NOTABUG "bug" where preupgrade requires a sizeable chunk of (temporary) disk space in /boot during an upgrade from Fedora 10 to Fedora 11. I ended up with a system that was unbootable, but repairable. No CDROM made things .. interesting, to say the least. I use pxeboot and kickstart to do all my installs because I hate having to swap CDs/burn DVDs

I don't recall exactly what I did to work around the huge file "needing" to be in /boot, but I think I had a local copy of the install medium on disk, and softlinked the big file from /boot to where it actually resided. Then preupgrade went smoothly.

A holding company is a thing where you hand an accomplice the goods while the policeman searches you.

Working...