Dragos Ruiu
Dragos Ruiu
1 hour ago
iPGmail - PGP for IOS, about time
https://goo.gl/zzmdWO

iPGMail
goo.gl
1
Yves-Alexis Perez Would you trust your iPhone with your private keys ?
Dragos Ruiu
1 day ago
PWN2OWN MOBILE: the first casualty of the Wassenaar agreement changes.

So we have the first bona fide casualty of the Wassenaar Agreement. HP and counsel are concerned over Japanese implementation of it and any resutant complications getting the bugs back into the US, so they will not be involved with Pwn2Own Mobile in Japan. However, I still like hacker circuses, and have ordered up my own RF isolation cage, and am interested in other folks to be involved int he competition which will go ahead with rules to be announced shortly(so contact me if you are interested in participating or offering bounties on anything related to mobile to get bugs back). My new plan is to hand over the bugs directly to local representatives in Japan, without the ZDI need to feed the bugs back to the US first - and make like the internet and route around the issues with export.

In related matters some folks complained about getting us mail for the PacSec CFP while I was at CCC Camp, and some office renovations yanked a cable and reinforced my belief that VLAN tagging is still bunk to be eliminated. So we'll be accepting proposals until the end of the week, just to make sure you get your mail to us (secwest16@pacsec.jp), all networks firing on all cylinders here now. Boo Yah.
Dragos Ruiu
6 days ago
Interesting android malware info.

Taking root
goo.gl
4
2
Mario Tello Interesting that apps were not installed by manufacturer nor end user, but apparently by small shops trying to make the device attractive by loading it with as many apps as they can. Reminds me of the old days of gray-box PC's loaded with tons of pirated software. 
Dragos Ruiu
1 week ago

google/binnavi
goo.gl
Dragos Ruiu
2 weeks ago

Five things about Canada’s ‘space elevator’ (and what you might pass while going to the top)
goo.gl
Dragos Ruiu
1 month ago
bettercap - portable MITM meter cap replacement http://goo.gl/Dte8hd

bettercap - a complete, modular, portable and easily extensible MITM framework.
goo.gl
Dragos Ruiu
1 month ago
analyzing uncommon firmware http://goo.gl/0EiueB

Positive Research Center: Best Reverser Write-Up: Analyzing Uncommon Firmware
goo.gl
3
1
Estella Madl Yeee! IDA!!! )))
Dragos Ruiu
2 months ago
Happy Canada Day. (Or what's left of it and our rights after our current governing party get done with it.)
In other news the newest 801.11n WiFi standard has some seriously broken bits in the standard. They introduced a new packet coalescing and aggregation protocol that leaves the chipsets vulnerable to Packet-in-Packet injection. I.e. You can abuse the protocol to include spoofed low level MAC packets in HTTP frames from any web server and other similar fun. An attacker can leverage this technique to deauthenticate clients, inject malicious beacon frames, perform host and port scans, bypass firewall rules, and conduct Address Resolution Protocol (ARP) spoofing. So, not so good, especially since this is a chipset level issue and the chipsets are just behaving as the ill-conceived standard specifies for Aggregated-MAC Protocol Data Units (A-MPDU) handling. Being hardware/firmware, it's not easily changed.
Paper and PoC at link below.

aggr-inject/ampdu_inj_wisec2015.pdf at master · rpp0/aggr-inject · GitHub
goo.gl
7
1
Bill Beers Was your image for this post laced with aggr-inject frames? :-)
15
6
Bert Knabe +Howard C. Shaw III I think the problem is that some providers are running traffic across both IPv4 and IPv6 simultaneously. When that happens, you're vulnerable.
Dragos Ruiu
2 months ago
Seems to me that lot of fun could be had with a little pattern of small "donuts" that makes a document unprintable and uncopyable. But I've always had a weird sense of "fun." http://goo.gl/FjWi37

The secret codes of British banknotes
goo.gl
4
3
Elias Pinto I'm in the US, I need to find me some cash to check this out. Hey anyone willing to make a copy for me? :D
Dragos Ruiu
2 months ago
5 axis CNC less than 5k http://goo.gl/NBc31q 

A 5 Axis CNC Mill For Under $5,000
goo.gl
Dragos Ruiu
2 months ago

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
goo.gl
15
2
wilson benoit M

More posts