•June 17, 2009 • Leave a Comment

Keykeriki is the first open source 27Mhz wireless keyboard sniffer.


Analysis of the Green Dam Censorware System

•June 16, 2009 • Leave a Comment

Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.”


Passport hacking

•September 29, 2008 • Leave a Comment

“THC has discovered weaknesses in the system to (by)pass the security checks. The detection of fake passport chips does not work. Test setups do not raise alerts when a modified chip is used. This enables an attacker to create a Passport with an altered Picture, Name, DoB, Nationality and other credentials.The manipulated information is displayed without any alarms going off.The exploitation of this loophole is trivial and can be verified using thc-epassport”


Tools released at Defcon 16

•August 22, 2008 • Leave a Comment

Just a quick link to a Blog that lists tools that were released at this years Defcon.


•July 18, 2008 • Leave a Comment

Snoop is a GNU/Linux file descriptor monitoring tool inspired by FreeBSD’s ‘watch’. It goes beyond simple TTY snooping by allowing the interception of any file descriptor. You can attach on the fly to regular files, TTYs, named pipes, character devices, and pretty much anything that is represented by a file descriptor and addressable in the standard name space.

Stupid smartcards

•June 25, 2008 • Leave a Comment

“Dutch security researchers rode the London Underground free for a day after easily using an ordinary laptop to clone the “smartcards” commuters use to pay fares, a hack that highlights a serious security flaw because similar cards provide access to thousands of government offices, hospitals and schools.
Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.”


Debian OpenSSL Fuckup

•May 16, 2008 • Leave a Comment

“A flaw in the way that OpenSSL is implemented in the Ubuntu and Debian distributions of Linux have earned the software an unenviable adjective in the world of encryption: Predictable.

On Tuesday, the team behind the popular Ubuntu distribution of Linux announced that it had issued a patch to fix a flaw inadvertently added to the OpenSSL code which dramatically reduced the number of possible keys generated by the software. While the flaw is in OpenSSL, the same code is used to generate keys for a number of other popular programs, including OpenSSH, OpenVPN and SSL certificates.

“All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied,”
Source: SecurityFocus

More on Packetstorm and Metasploit