My fellow Americans: tomorrow’s the big day, Election Day, wherein we are able to exercise our right to wait in line all day at a fire house or elementary school, rubbing shoulders with “neighbors” and trading pleasantries about what we think about that Obama fellow. It should be fun.

Yet, our voting system stinks. Not only that, but our voting system could be vulnerable to fraud, and not that theoretical ACORN nonsense. We’re talking about rigging electronic voting machines to affect the tally, much like what Homer Simpson experienced.

A compsci professor at Princetown has warned that electronic voting machines can be hacked in as little as six or seven minutes. (His name is Edward Felten, and he was on the D.L. Hughley show on CNN last night showing how the vote could be rigged.) The affected machines are made by Sequoia Voting Systems, which has threatened to sue the professor for besmirching their machines, violating license agreements, etc. That’s good—silence a whistleblower.

Expect allegations of fraud all around in the next few days.

Dear school administrators,

What’s the best way to ensure that your computer network remains riddled with security vulnerabilities that leave you, your personnel and [someone think of the] schoolchildren in danger? Why, to demonize the student who discovered the vulnerability and alerted you to it, of course. Have him charged with a felony while you’re at it.

A student in a Saratoga County (New York) school alerted his principal to a computer security vulnerability that could expose the names, social security numbers and addresses of school employees. While the student tried to do it anonymously, he was eventually tracked down. Then the school threw the book at him.

The student is now being charged with three felonies for his unauthorized use of the computer network. The best is this quote from a state trooper:

The kid committed an intentional criminal act. He deceitfully used someone else’s name and password so he would not get caught and was looking to profit from his criminal act.

The only thing we can take away from this is, even if you discover a security vulnerability, it’s completely in your best interest to keep it to yourself, otherwise you’ll be branded a criminal terrorist when you were merely trying to do a good deed. Or, if you insist on doing the right then, use Wikileaks.

The wizards at the iPhone-Dev Team have just about cracked the iPhone baseband which means carrier unlock is almost upon us. What does this mean? Sadly, not much. The iPhone is still physically – at least in theory – locked to purchase and activation at AT&T and Apple stores so those heady days of buying an iPhone to crack at home are long gone. It is my suspicion that lots of 3Gs will soon be falling off the back of trucks around the world, especially in Russia and Asia, as folks dedicated to one G.S.M. carrier or the other decide they don’t want to switch.

Baseband unlocks essentially cede control of the phone’s telecomm portions to hacked code. Usually it’s impossible to run hacked baseband code but the iPhone Dev folks have patched the baseband without alerting the phone itself, resulting in the Great iPhone Unlocking of 2007 and the future iPhone unlocking of 2008/2009.

Two doctoral students have produced what is probably the most fascinating hack (or whatever you want to call it) of the year. Using custom equipment and software, Messrs Martin Vuagnoux and Sylvain Pasini of the Swiss Ecole Polytechnique Federale de Lausanne are able to detect shifts in the magnetic field surrounding keyboards. By measuring and interpreting these shifts, the students are able to figure out what has been typed. There’s four such “attacks,” once of which can work from as far as 20 meters (65 feet).

While we’ll no doubt have to put up with ignorant “keyboard sniffers on the loose!” stories on your CNNs and whatnot, it’s important to understand what exactly this is. That is, research. These aren’t script kiddies looking to wreak havoc at a Starbucks or whatever, but scholars trying to figure out how things work.

via BBC News

Whoops. Fox News is reporting that the World Bank is smack-dab in the middle of what “may be the worst security breach ever at a global financial institution.” It’s not really clear what exactly has happened but it is clear that this isn’t the first time that the bank has had problems with its cyber security and that some of the more serious past intrusions have come from IP addresses inside China.

Read More

Yes, that evil “hacker” who broke into Sarah Palin’s e-mail account was indicted yesterday. Politics aside, it was a pretty dumb thing to do, especially posting the e-mails online after the fact.

To that end, here’s renowned computer security consultant (and former HACKEROMG) Kevin Mitnick giving his opinion on the whole matter on G4’s Attack of the Show. Mitnick says he doesn’t think the kid should have his life ruined for what amounted to a harmless prank. That’s my opinion, the harmless prank part. You know, maybe spend a couple of weeks doing community service, picking up trash along the side of the road or something.

The host, Kevin Pereira, brings up another good point: why haven’t we seen more “cyber attacks” on politicians this election year?

Hey script kiddies, next time you steal some unsuspecting person’s password, you’d better be prepared to do five years in prison. That’s what the kid who “hacked” Sarah Palin’s Yahoo e-mail account faces, now that he’s been indicted by a federal grand jury.

The kid, now identified as David Kernell, a 20-year-old student at the University of Tennessee, has been accused of accessing Palin’s e-mail account without her authorization.

The kid is screwed, in other words.

If convicted, the kid faces five years in prison, a $250,000 and three years of “supervised release.” No Facebook for him, I’m guessing.

So, kids, let this be a warning to you: don’t try to impress your friends by reading powerful people’s e-mails. To quote Denzel Washington from Training Day, this kid is federally f*cked now.

The dream of a short — and I mean really short — boot cycle is getting closer to reality. As it stands, though, even these experienced IT guys had to chop quite a lot off from already lean systems in order to hit their goal of CPU and drives idle after only 5 seconds. And on an Eee PC, no less.

I’m not the most informed guy on Linux boot processes, but it sounds like they really didn’t cut anything truly critical (that’s manifest of course because the system boots), and you’d be surprised how much time can be saved by customizing the boot process based on what the machine does and doesn’t use. Not running licensed drivers? Don’t need the license verification tool — 2.5 seconds saved. Only using web mail? Don’t need sendmail — 2 seconds saved. Then with more optimization (including a lot of hacking of the X Windows System) and a lot of elbow grease, they had it at a hair less than 5 seconds. The boot graphs are interesting and the article is informative even if you have interest in optimizing your Windows or OS X system, so check it out.

The following is the first entry in my BAFTA-winning series, “Privacy, piracy and the dark side of the Internet.” It’ll be slightly above average.

Beauty queen turned vice-presidenial nominee Sarah Palin had her Yahoo! e-mail account broken into last week. (Who uses Yahoo! e-mail?) It was a heinous crime, right up there with the Lindburg baby, and one that exposed her horribly boring personal life to the world. It was a political non-event: no saucy tidbits, no porno site passwords, no that-moose-deserved-its. But the likes of Fox News and Drudge used the opportunity to scare the pants off normal folks: “hackers!” “evil!” “danger!” And so on.

As a well-known security expert, I’m more than happy to offer a few tips and tricks to help prevent you from ending up like Palin over there.

Read More

Three French journalists were kicked out of the Black Hat security conference in Las Vegas yesterday. They were caught sniffing the press room’s Wi-Fi network.

The journalists were from the magazine Global Security, and said they’re hacking was merely a “joke.” They were able to obtain login information from several journalists, including one from eWeek.

I only mention this because it is so, so easy to steal information over a Wi-Fi network, secured or not. (Don’t bother using WEP, since it can be cracked in about 10 minutes with the proper tools. WPA is still somewhat of a pain to crack) Any kid can compile a copy of ettercap—before you know it, he’s reading your Facebook messages, your Gmail (SSL, what’s that?), and can do legitimate damage to your good name if he were so inclined.

That the French journalists didn’t think that sending a bunch of ARP requests over the network wouldn’t be noticed at a security conference borders on the ridiculous. Any IT guy worth a damn would notice it right away.

Oh, AFP

That DNS flaw that we mentioned a few days ago has been discovered by “hackers,” and is currently being “weaponized,” says a top Internet security expert.

The attack makes use of cache poisoning to re-direct traffic. Worst case scenario, you try going to yourbank.com, but instead are taken to a hacker’s phishing site. You put in your account details and bam, they now have your info. It’s potentially pretty serious.

Says the concerned security dude:

We are in a lot of trouble…. Everyone needs this patch, please. This is a big deal.

You can check to see if your ISP has applied the patch here, and if they haven’t—mine here in Spain hasn’t—you may want to use OpenDNS, which is safe as can be.

The process to copy the Oyster smartcards used by transit systems in London and other cities can be published, said a Dutch court. The card was hacked by a team at Radboud University, Nijmegen.

The hack revolves around the MiFare chip found in the smartcard. The researchers were prevented from publishing but, as Bruce Schneier, security expert, notes:

“As bad as the damage is from publishing – and there probably will be some – the damage is much, much worse by not disclosing.”

If a university doesn’t reveal the exploit, ensuring the company will fix it someone else will find it and then no one will be able to stop the exploit or others like it. As Schneier notes: “Assume organised crime knows about this, assume they will be selling it anyway.”

There seems to be a slight flaw in the way DNS works, leaving it vulnerable to cache poisoning. Such attacks aren’t new, but mention the words “Internet” and “hacking” and everyone freaks out.

The attack would let hackers re-direct traffic to whatever nefarious Web site they choose. For example, you type www.cnn.com but instead get re-directed to a site that looks like CNN, but is really just a phishing site. That’s the theoretical worst case scenario, but the odds of that actually happening are pretty small. Any competent sysadmin monitoring traffic should notice the irregular activity, and configure his firewall accordingly.

The fact is, though, that the vulnerability exists, but is being patched as we speak. Microsoft, Cisco and other such companies have been working on a patch for some time.

So yeah, it’s a problem, but not something you should be freaking out over.

In order to build up a nest egg for a start-up project, French programmer Steve Rigano began selling HP, SAP, and Windows 0day vulnerabilities online for substantial sums of money. The kicker? Rigano was an HP security consultant and on the HP payroll.

The 0day trade is considered by security experts to be something akin to arms dealing. Stockpile enough 0day exploits – exploits that are completely unknown even to the companies they affect and, most importantly, have not been patched – and you have a collection of cyberwar tools unmatched in the industry.

Adam Penenberg at FastCompany interviewed Rigano and his story actually spurred HP to fire Rigano. This just goes to show you that even behemoths don’t know what’s going on in the back offices and that we should all be finding 0days to fund our start-ups.

UPDATE – Rigano writes:

I was never HP employee (but employee in an HP partner company). I never find / discover or sell any HP products bugs, neither HP partner’s bug (as SAP). I have taken legal action action against Fast Company for libelous things.
Moreover I stopped trading vulnerabilities since one year now (so before to work with HP)”

At least, so they say. Of course, I was skeptical of Psystar and their thing worked like a charm.

The EFiX site is dying right now from traffic, but today was the planned release for the EFiX USB dongle, which supposedly allows you to install OS X on your Intel-based PC with no muss, no fuss, and no BIOS flashing. You just plug the thing in and go like hell. The site’s been updated somewhat but I get the feeling their servers are half-melted at this point and it’s difficult to tell what else has been added other than a few features under the expanded view for the dongle.

There’s more details and video of an alleged install using the EFiX if you click below. [via Gizmodo]

Read More