Return visit to Hart Attack to talk about hacking!

This was even more of a meandering discussion then last time.  We started with the election hacking scandal and branched out to cover all manner of terrifying technology.   Episode 123 airs on Christmas evening 8pm PST.  Downloads available sometime after here or podcast.  Here is a link:

Hart Attack Home

Hart and I have worked together for some time.  He is a mogul of all things horrific.  Now he takes on the horror of the modern day with a political/news podcast.  He is also struggling under the enormous weight of the medical care for his wife.  I encourage anyone with extra funds this holiday season to contribute here.

Just participated in my first podcast for Hart Attack!

It was fun, we talked about technology, hacking, and corporate oppression.  Unfortunately, there wasn’t time for hope.  I’ll have to come back on to explain that it’s not all doom and gloom.   Episode 117 airs on Saturday evening.  Downloads available sometime after here.  Here is a link to more shows:

Hart Attack Home

Hart and I have worked together for some time.  He is a mogul of all things horrific.  Now he takes on the horror of the modern day with a political/news podcast.

Defcon 2016 photos and videos

Close ups of my much coveted badge.  Some hardware and base stations of the wifi village.  Both Information Society and Berlin played on Saturday night!  Shot a video of an amazing demo from the Car Hacking Village.  A car modified to play games instead of driving.  Also, the best of my flight home.  Some great pictures of Hoover dam and some of the solar farms and mesas as we few home.

defcon 2016 badge closedefcon 2016 badge chipdefcon 2016 wifi villagedefcon 2016 wifi village 2 
Continue reading “Defcon 2016 photos and videos”

iOS 5.1.1 Jailbreak released at Hack in The Box Conference! Untethered with iPad 3 Support!

The Dream Team did it again! With Absinthe 2.0.1 2.0.4, Chronic Dev & iPhone Dev Team have piled amazing exploits into a very easy tool. Official Press Release. Get your download here. Wish i was in Amsterdam with all of you having a blast. Thanks for all your work. I missed you Cydia, VLC, SBSettings, now if only i had Safari downloader!

More Certificate Authority Problems!

In the mist of  #antisec and on the heels of the Vegas Hacker/Security conferences, another CA (DigiNotar) was hacked.  This time the hackers got Google’s security certificates.   With that criminals could use a technique known as a Man in the Middle attack to impersonate google and nothing can stop them.  Personally i have heard @ioerror rant about the fundamental flaws of our present SSL system.  Perhaps this will help bring about a change more quickly but for now we can blacklist the offending certificates.  here is how (on a mac)

To protect Safari, the solution is, apparently, to run Applications/Utilities/Keychain Access, click on “System Root” on the upper-left, and “All items” on the lower-left, then type “DigiNotar” into the upper-right searchbox, then doubleclick on all the certs that show up (you may only have one), open the “Trust” detail area, and change “When using this certificate” to “Never Trust”, then close the dialog box.

For Firefox users, go to Firefox’s Preferences, click on Advanced, then the Encryption tab, then click on “View Certificates”, click on the “Authorities” tab, scroll down to DigiNotar, click on “DigiNotar Root or CA”, then click on “Delete…” or “Delete or Distrust…” below (depends on your version).

Read more here:
http://www.computerworld.com/s/article/9219606/Hackers_stole_Google_SSL_certificate_Dutch_firm_admits?taxonomyId=85

JailbreakMe.com is back! This time iPad 2 can play!

Despite numerous problems and unrelenting deadlines @comex has come through yet again with another fantastic jailbreak! When an unfinished beta of the latest iPad2 jailbreak was leaked, we all new that the window for this exploit was rapidly closing. Apple simply cannot allow userland exploits to exist (for obvious reasons). I am delighted that all the iPhone-dev guys got their act together and released. What are you waiting for JailbreakMe.com.

And the lulz keep coming!

LulzSec is back at it.  Actually they never stopped, but this time they released 26,000 emails and passwords from a pile of porn sites.  Again we are reminded of the ills of password reuse as email, facebook, and twitter accounts fall.  This is going to reverberate across the net for a while as troublemakers make trouble for some poor porn subscribers.  I almost feel bad for them.  This is one way to educate the populous.  Facebook was quick to block the listed emails, but if email is also compromised, it doesn’t help for long.

Update 11-27-15 (now dead link):
http://lulzsecurity.com/releases/pronz.txt