MetaFilter posts tagged with hacking

Training the hacker underground

Afroblanco — Wed, 23 Dec 2009 16:27:49 -0800

Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. Realistic training missions included!

Hacking the Predator

homunculus — Thu, 17 Dec 2009 08:38:38 -0800

Insurgents Hack U.S. Drones. "Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations." [Via]

Climategate?

mccarty.tim — Wed, 09 Dec 2009 13:07:17 -0800

The public's opinion of the field of climatology has been shaken by the leaked CRU emails. While it's arguable that the messages show any wrongdoing, many pundits have now reached the conclusion that global warming is a hoax, coverup and conspiracy, years in the making with millions of faked datapoints. Sarah Palin has written an editorial saying Obama should boycott the Copenhagen COP15 summit.

Hacking the System

cloeburner — Mon, 09 Nov 2009 11:10:38 -0800

Hacking is a Baltimore phenomenon that allows citizens to get cheap "illegal" rides across town. A hack indicates they want a ride by motioning their pointer finger towards the ground as they walk along the street. Inevitably a driver will stop, the two parties will negotiate a price and a ride will be given. It is both a dangerous and necessary part of the blighted Baltimore economy.

Hacking Perl in nightclubs

yegga — Mon, 09 Nov 2009 10:08:55 -0800

Hacking Perl in nightclubs

Iron Man Jr.

boo_radley — Thu, 27 Aug 2009 17:15:14 -0800

Everitt is a pyro.

Neurosecurity

homunculus — Wed, 08 Jul 2009 20:29:23 -0800

Neurosecurity: security and privacy for neural devices. "An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved—and in some cases entirely new—forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define 'neurosecurity'—a version of computer science security principles and methods applied to neural engineering—and discuss why neurosecurity should be a critical consideration in the design of future neural devices." [Via Mind Hacks]

High Security? Maybe.

ostranenie — Thu, 28 May 2009 12:22:26 -0800

You are Medeco, one of the world's premier lock companies. And you think your super-secure locks are tight. Until, that is, some upstart troublemaker comes along, reverse engineers them and shows the world (via Wired magazine--with video, natch) showing just how (supposedly) insecure they are. Then this same troublemaker releases a book giving all your secrets away. Wired article comes complete with overblown, panic-now headlines (Ultimate Lock Picker Hacks Pentagon) from the Wired writers. You think they had a contest?

The robot will remember it for you

ardgedee — Thu, 14 May 2009 08:24:01 -0800

NPR Backstory is an automated Twitter feed providing helpful links to news items from the past 14 years that might be relevant to current events. For example, when masses of people started googling medical information after a news item about 200,000 patients' medical histories being accidentally exposed, NPRbackstory linked to an April 2008 analysis of the advantages and disadvantages of storing patient records online. " The results, Keith will be the first to tell you, aren’t perfect. He estimated... that about 50 percent of the links aren’t really to archival stories.... Another 15 percent of the results are complete misses. Those are usually caused by search terms that have multiple meanings. And once in a while there’s something way out of left field, like this attempt to tie "plankton" to a memoir by the advice columnist Ask Amy. But the rest of the time, it works really well — plucking a gem from the NPR archives that adds context and depth to some subject in the news. Keith compared it to the way that Fresh Air’s three-decade archive allows it to air something old but newly timely whenever a past interview subject is in the news again." It's a personal project of Keith Hopper, using NPR's news API, Google's Hot Trends list of currently-popular search terms, and a variety of other tools; Hopper's page provides more technical info. [via]

For the lulz!

CrunchyFrog — Wed, 15 Apr 2009 20:37:02 -0800

Voting for the Time 100, Time Magazine's list of the world's most influential people in government, science, technology and the arts, has taken a bizarre turn. Rather than the expected dance-off between Stephen Colbert and Korean pop star Rain, the top spot is currently occupied by moot, the owner and operator of 4chan. Hear Time's own take on it, and then, learn who hacked the vote.

GhostNet

homunculus — Sat, 28 Mar 2009 22:55:33 -0800

Tracking GhostNet: Investigating a Cyber Espionage Network. "A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved." Another report does fault China: The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement

Q. Would you like tea OR coffee? A: Yes.

grumblebee — Fri, 30 Jan 2009 06:47:24 -0800

What real-life bad habits has programming given you? "This has actually really happened to me. I was trying to hang a glass picture frame on the wall and accidentally dropped it. And in the shock of the moment, I loudly yelled 'Control Z!' Then the glass hit the floor and smashed."

Mod chip? I don't need no stinkin' mod chip!

Brodiggitty — Fri, 31 Oct 2008 15:25:35 -0800

The Mother of all Wii Hacks: Early on in the life of the Wii, hackers discovered a bug in "Zelda: Twilight Princess" and exploited it to create the Twilight Hack. From that came the Homebrew Channel, a software browser, and even DVD capability. Now comes the Wii Backup Loader: a way to run "backup" (aka bootlegged) games without physically modding your machine. It still has flaws. Proponents say you can create and play backups while preserving your original discs. Critics say it opens the door wide open for copyright infringement. Be aware: all of this hacking is risky because you run the risk of "bricking" your Wii.

Great Cyber Crimes and Hacks

netbros — Tue, 30 Sep 2008 17:44:22 -0800

The best criminal hacker is the one that isn't caught — or even identified. These are 10 of the most infamous unsolved computer crimes as selected by PC Magazine. However, some do get caught. Here are nine of the most infamous criminal hackers to ever see the inside of a jail cell. PCMag also reached back into the early days of computing and dredged up the most inspiring examples of hacker brilliance they could find. WANK Worm MoD Skynet satellite hacked CDUniverse credit card breach Military source code stolen Anti-DRM Kucinich on CBSNews.com ApplyYourself hack 26,000 site attack Hannaford and Sweetbay credit card breach Comcast.net redirected

palin's yahoo mail hacked ... oh anonymous, what will you do next

yeoz — Wed, 17 Sep 2008 11:05:22 -0800

Sarah Palin's email gets hacked by Anonymous (right, that Anonymous). And given the legal contro versy surrounding her email, one wonders if the fact that her yahoo email accounts are now deleted constitutes destruction of evidence or violations of public-records laws. Its hit Wikileaks too, but, I'm not sure they have more then what's already released (rapidshare).

The Middler

sluglicker — Thu, 28 Aug 2008 10:48:28 -0800

Your Gmail account isn't secure. Announced at Defcon 16, Jay Beale's tool, The Middler (man-in-the-middle) to steal session ID from not only Gmail users, but LinkedIn, LiveJournal, Facebook, and presumably any site that uses a session-based cookie. Enable https permanently. (previously)

Pacemaker vulnerable to remote hacking

spock — Wed, 13 Aug 2008 07:00:18 -0800

Serious as a heart attack: A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. This is a proof of concept, but the real question is: How many other pacemakers and medical devices are similarly vulnerable? (Writers may note a new twist available for the assassination of characters in their novels and screenplays.)

Cyber Command Über Alles

homunculus — Thu, 05 Jun 2008 23:55:24 -0800

Attention Geeks and Hackers: Uncle Sam's Cyber Force Wants You! Welcome to Cyberwar Country, USA

Virtual Virtual Reality

Pope Guilty — Sat, 26 Apr 2008 22:09:29 -0800

Decker isn't quite a roguelike about hacking in the world of Shadowrun with Windows 3.1-era graphics, but it's as close as you're ever gonna come.

DIY Biotech

Kid Charlemagne — Mon, 11 Feb 2008 07:05:31 -0800

Worried about the state of biodiversity? Why not make some of your own? Moore’s law is all over biotechnology right now. Can the hackers be far behind? MIT's Drew Endy doesn’t think so. Ready to get started? You might already have some of the tools that you will need. Plans for others are available on the web. All you need now are some parts.

24c3

kolophon — Thu, 27 Dec 2007 15:16:05 -0800

The 24th Chaos Communication Congress, "the annual four-day conference organized by the Chaos Computer Club is taking place in Berlin right now. The Congress offers lectures and workshops on a multitude of topics and attracts a diverse audience of thousands of hackers, scientists, artists, and utopians from all around the world." Lectures are also being streamed live (Check the CCC Tube) Among other topics: Open Source, a capitalist movement. Free Software, Free Drugs and an ethics of death; Cyborg Feminism, The Arctic Cold War; Absurd Mathematics; Linguistic Hacking, How to know what a text in an unknown language is about? Quantum Cryptography and Possible Attacks; Freifunkerei, And a Do-It-Yourself society against the state; All Tomorrow's Condensation, A steampunk puppet extravaganza by monochrom and friends. At 00:30 CET today you should be able to watch "I can count every star in the heavens above but I have no heart I can't fall in love…". The image of computers in popular music, presented by the Vienna art collective monochrom (linked above). Recordings will also be made available to download in a few days time; here are last years 23c3 lectures.

Make sure to clean your logfiles.

flatluigi — Sun, 23 Dec 2007 22:31:54 -0800

Ever admired those hard-working hackers, toiling away to get you the programs you've always loathed to have? Have you ever dreamt of exploring the innards of someone else's computer but have held back due to those pesky legalities? If you said yes to either of the above questions or just want to play an online hacking simulation, then SlaveHack is the website for you. Protip: Some useful programs and extensions, including a logfile parser, can be found here.

Amazing discoveries in plain-text Tor exit traffic.

Anything — Tue, 04 Dec 2007 18:04:45 -0800

This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes. Egerstad ran exit nodes on the Tor anonymity network, used as links from the network to the rest of the world. He looked at the traffic going through his nodes and found that many users were logging in to sensitive accounts without using end-to-end encryption. From the Sydney Morning Herald article:

After a couple of months sniffing and capturing information, Egerstad was faced with a moral dilemma: what to do with all the intercepted passwords and emails. If he turned his findings over to the Swedish authorities, his experiment might be used by his country's intelligence services to continue monitoring the compromised accounts. That was a little too close to espionage for his liking. So Egerstad set about notifying the affected governments. He approached a few, but the only one to respond was Iran. "They wanted to know everything I knew," he says. "That's the only response I got, except a couple of calls from the Swedish security police, but that was pretty much all the response I got from any authority." Frustrated by the lack of a response, Egerstad's next step caused high anxiety for government staffers - and perhaps intelligence services - across the globe. He posted 100 email log-ins and passwords on his blog, DEranged Security. "I just ended up (saying) 'Screw it, I'm just going to put it online and see what happens'."

He later removed the information from his blog, says the hard drives are "long gone"; also, there don't appear to be any public mirrors of the data. Nonetheless, the incident got him arrested and his hardware confiscated. One curious angle in this story is the question of which of the plain-text logins sniffed by Egerstad were made by unauthorized third party attackers instead of unwitting legitimate users.

However, Egerstad now believes the victims of his experiment may not have been using Tor. It's quite possible he stumbled on an underground intelligence gathering exercise, carried out by parties unknown. "The whole point of the story that has been forgotten, and I haven't said much about it, (is that) many of these accounts had been compromised," he says. "The logins I caught were not legit users but actual hackers who'd been reading these accounts."

Here's Bruce Schneier's commentary on the case. Here's the Tor FAQ, which tells you what it's good for and how to use it properly.

SPLed beans

Blazecock Pileon — Thu, 23 Aug 2007 18:52:13 -0800

"Finding JTAG on the iPhone": a ten-step hardware unlock of the iPhone, allowing it to function with other carriers

I'm in ur address book, callin ur peeps

chuckdarwin — Wed, 13 Jun 2007 06:45:20 -0800

How secure is your password? If you're like some people, it's probably not secure enough. When did you last change yours?