Posted Jul 3rd 2008 8:50PM by Juan Aguilar
Filed under: cons, news
[Tiller Beauchamp] gave a presentation on
applied reverse engineering in OS X at
this year's REcon, but he also attended many of the other talks and gives his take on the highlights of REcon 2008 in a guest post on the ZDNet blog, Zero Day.
One of the highlights for him was Neohapsis's [Chris Smith] discussing
virtual machines implementing code obfuscation. The method uses custom instructions and runtime interpreter, which can help make the task of reverse engineering markedly more difficult if implemented properly.
On the opposite end of the spectrum, [Beauchamp] noted [Gerardo Richarte]'s software reverse engineering tools that decompile and recompile software in iterative portions. This allows the recompiled software to be tested piece by piece. Be sure to read his post and see what you missed.
Posted Jul 1st 2008 10:20PM by Juan Aguilar
Filed under: news
Tom's Hardware has been running some tests to challenge the common assumption that SSD hard drives use power more efficiently than magnetic plate drives. Their results were quite definitive: not only are they not as energy efficient,
SSDs actually use more power than conventional hard drives.
What they found is that most plate drives are at peak consumption (up to 4W) when accessing files fragmented across the media, which causes the actuator to move back and forth across the media several times. However, this is almost never sustained for extended periods of time; the actuator usually doesn't move much when reading unfragmented data, and most plate drives are also capable of going idle when they are not in use.
Most SSDs on the other hand, only have two states: on and off. This means that when they are on, they are always at peak energy consumption. Though this number hovers around 2W for most of the SSDs they tested, over prolonged periods this can mean a great deal more power consumption than is immediately apparent, which can have short and long term effects on the battery life of a laptop. See the Tom's Hardware article for benchmarks of specific products and more in-depth data.
Posted Jun 29th 2008 12:30AM by Juan Aguilar
Filed under: news
P2P networks have long been a legal gray area, used for various spam schemes, illegal filesharing, and lots and lots of adware. Last year, though,
the first botnet created by a worm distributed via P2P software surfaced, the work of 19-year-old [Jason Michael Milmont] of Cheyenne, Wyoming, who distributed his Nugache Worm by offering free downloads of the P2P app Limewire with the worm embedded. He later began distributing it using bogus MySpace and Photobucket links shared via chats on AOL Instant Messenger. The strategy proved effective, as the botnet peaked with around 15,000 bots. [Milmont] has plead guilty to the charges against him. Per his plea agreement, he will pay $73,000 in restitution and may serve up to five years in prison.
Posted Jun 28th 2008 3:20AM by Eliot Phillips
Filed under: news
[Daniel Dove], administrator of the site EliteTorrents.org, has been convicted of conspiracy and felony copyright infringement. Running a bittorrent tracker isn't in itself illegal, but [Dove] apparently recruited seeders and distributed the initial illegal copies to them from his own server.
From the press release, it seems the Justice Department is quite tickled with finally getting a conviction in a P2P case after a jury trial.
[photo:
nrkbeta]
Posted Jun 26th 2008 11:55PM by Juan Aguilar
Filed under: news
The six people
arrested by British authorities for uploading files to the OiNK torrent network, all out on bail, have had
the period of their bail extended. Charged with conspiracy to defraud the music industry, the woman and five men as well as OiNK operator [Alan Ellis] have been ordered to report to the police on July 1st, where their bail will be formally extended for another 27 days. According to TorrentFreak, sources close to the case believe that the police are still building their criminal case, which accounts for the bail extensions. They could have civil charges levied against them, but current British Law cannot prosecute individuals for illegal filesharing unless it is done for profit.
Posted Jun 26th 2008 10:40PM by Juan Aguilar
Filed under: news
Those of us who have been eagerly waiting to get their mitts on an MSI Wind can see some light at the end of the tunnel, as it is
currently under review for domestic sale by the FCC. The Wind is MSI's answer to Asus's game-changing ultraportable, the Eee PC, and has slightly better specs. It features an Intel Atom 1.6GHz CPU, 1GB of RAM. It also has built in bluetooth and webcam. Check out a few shots of the Wind's internal parts at jkkmobile or
grab them all from the FCC's site.
Posted Jun 26th 2008 10:30PM by Juan Aguilar
Filed under: news
Plenty of USB storage keys are on the market, but Ironkey is
the first to use military level encryption. Sold in 1GB, 2GB, and 4GB sizes, the key features a processor called the Cryptochip, which uses Public Key Cryptography ciphers linked to an online account to create encryption keys on the hardware. A Federal Information Processing standard 140-2 compliant true random number generator on the Cryptochip ensure that encryption keys are extremely secure and totally random.
Ironkeys come in different sizes, but there are also three different versions, each with unique features. The basic version has a very James Bond-esque feature to destroy the data on it in case of an emergency. The personal version is loaded with Firefox 3 with various addons that make browsing encrypted and anonymous. The enterprise version is made to order with no specific price on the IronKey site, just a form to order one built to your specifications. All of them support Windows, OS X, and a large amount of Linux distros, and they all come in tamper proof and water resistant cases with a brushed metal finish. We tend to think this level of security is overkill for the average person, but people can't seem to get with our freewheeling approach to security; remember,
we leave our WLAN open.
[via
LinuxDevices]
Posted Jun 26th 2008 4:20PM by Juan Aguilar
Filed under: xbox hacks, news
In an unexpected development, [Neil Stanley Higgs], aka Mr. Modchips,
was cleared of his previous convictions in British courts for selling modchips for the Xbox 360 as well as modded consoles.
Notably, the prosecution did not argue that he infringed copyrights, but merely facilitated copyright infringement by selling modchips that circumvent the Xbox's ETM. Since the copyright infringement argument was not made, existing law continues to hold sellers of pirated games and owners of modded consoles responsible for infringing the copyrights of game developers, as they are the ones who illegally copy the software. Pirated game sellers' violation of the law is plain to see, but owners are still held responsible the moment they place the pirated disc into the loading tray and boot it up. The infringement in these cases occurs exactly when any part of the pirated game is loaded onto the console's RAM, as this is considered another illegal copy.
[Higgs]'s charges hinged on whether the Xbox's piracy prevention methods were intended to completely prevent pirated games from being played or merely act as a hindrance. The court felt it was the latter, and so they reversed the charges.
[via
Xbox-Scene via
Team Xecuter]
[photo:
Raybdbomb]
Posted Jun 25th 2008 6:40PM by Eliot Phillips
Filed under: news
Ubuntu MID edition has been released for handheld Mobile Internet Devices. It's targeting devices based on Intel's A100/110 and the new Centrino Atom platforms. Successors to the UMPC, MIDs are usually small formfactor and have a touchscreen, plus a physical keyboard. UMPC portal has a examples of
devices that are currently supported by this release, inluding plamtops like the Kohjinsha SH6. This release is only for x86 devices, so don't expect it to be ported to the ARM based Nokia N800/810. The user interface is based on the
Hildon framework and we're glad people are attempting to think beyond a standard UI. We hope they plan on punching up the use of the color brown in the final though; it just wouldn't be an Ubuntu release without it.
[via
Linux Devices]
Posted Jun 25th 2008 5:50PM by Eliot Phillips
Filed under: news
Charter Communications has announced that it will no longer be attempting to target advertising
based on user actions. The original strategy would have involved inspecting the contents of every packet sent or received by the customer. This usage pattern is associated with a specific IP and relevant ads are
displayed on sites using NebuAd when that IP visits. NebuAd doesn't directly share the IP, but we've seen in the past, even with obfuscation, a user's search patterns alone have been known to
give away their identity. The majority of all internet traffic is plaintext, but endusers have an expectation of privacy. User backlash is what eventually caused Charter to back down, but that doesn't mean companies like NebuAd are going to be any less common.
[via
EFF]
[photo:
mattdork]
Posted Jun 25th 2008 12:45AM by Eliot Phillips
Filed under: news, security hacks
StopBadware.org has released their
May 2008 Infected Sites Report(PDF). They took their current list of 213K active badware websites and resolved the IP addresses. These addresses were used to determine the network block owner and country. The results could be skewed to networks Google scans more often, but they should give a decent overall picture. China hosts 52% of all the badware sites while the U.S. has 21%. There weren't any other countries maintaining over 4% of the total. They also calculated the number of infected sites per capita, which China also led. Last year's report resulted in several AS block maintainers cleaning up to the point that they don't even make the top 250 this year.
Posted Jun 24th 2008 10:50PM by Eliot Phillips
Filed under: news
For the last few months, the FBI have been investigating a breach of Citibank's ATM transaction processing servers. We've seen credit card numbers get stolen before, but these compromised servers were used to collect card numbers and PINs as transactions took place. The group responsible hired people to write new cards and use them to make ATM withdrawals. The card makers would keep a percentage and launder the rest. This is just a very small part of story and the extent of the breach isn't fully realised yet. Threat Level's [Kevin Poulson] has the
whole story on this disturbing situation.
[photo:
Bryan Derballa]
Next Page >
hack a day serves up a fresh hack each day, every day from around the web and a special how-to hack each week.
send us your hacks
have a hack you'd like to see here? tell us about it
Most Commented On (60 days)
Recent Comments
