Engadget

WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat

Amar Toor — Sat, 06 Aug 2011 17:07:00 EST

It's been a rough Black Hat conference for Google. First, FusionX used the company's homepage to pry into a host of SCADA systems, and now, a pair of experts have discovered a way to hack into Chrome OS. According to WhiteHat security researchers Matt Johansen and Kyle Osborn, one major issue is Google's vet-free app approval process, which leaves its Chrome Web Store susceptible to malicious extensions. But there are also vulnerabilities within native extensions, like ScratchPad -- a note-taking extension that stores data in Google Docs. Using a cross-site scripting injection, Johansen and Osborn were able to steal a user's contacts and cookies, which could give hackers access to other accounts, including Gmail. Big G quickly patched the hole after WhiteHat uncovered it earlier this year, but researchers told Black Hat's attendees that they've discovered similar vulnerabilities in other extensions, as well. In a statement, a Google spokesperson said, "This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels." The company went on to say that its laptops can ward off attacks better than most, thanks to "a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced."

WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat originally appeared on Engadget on Sat, 06 Aug 2011 17:07:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers

Terrence O'Brien — Fri, 05 Aug 2011 17:17:00 EST

Here's some more fun out of Vegas, this time involving Jack Dorsey's Square and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.

Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers originally appeared on Engadget on Fri, 05 Aug 2011 17:17:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Microsoft offers 'mad loot' Bluehat prize to entice security developers (video)

Sean Buckley — Fri, 05 Aug 2011 09:22:00 EST

Mere numbers aren't enough to describe cash prizes for Microsoft, it seems. The firm's inaugural Bluehat security competition's introduction video opted for a clearer term: "mad loot, lots of it." The big M hopes the hefty first prize of $200,000 will inspire the creation of the next generation of defensive computer security technology. The most innovative "novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities" (phew!) will take home the aforesaid mad loot, while second and third places will receive $50,000 and an MSDN Universal subscription, respectively. The winner won't be announced until Blackhat 2012, of course, and applicants have until April to submit their prototypes and technical descriptions. Hit the break for the official announcement video, complete with CG backgrounds and prize euphemisms.

Continue reading Microsoft offers 'mad loot' Bluehat prize to entice security developers (video)

Microsoft offers 'mad loot' Bluehat prize to entice security developers (video) originally appeared on Engadget on Fri, 05 Aug 2011 09:22:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Hackers break into Subaru Outback via text message

Christopher Trout — Thu, 04 Aug 2011 17:17:00 EST

We've already seen SCADA systems controlled by Google Search, and now the Black Hat Technical Security Conference is offering up yet another slice of cringe-inducing hacker pie. A pair of pros from iSec Partners security firm was able to unlock and start the engine of a Subaru Outback using an Android phone and a process they call war texting. By setting up their own GSM network, they were able to snatch up password authentication messages being sent from server to car, allowing them the option to ride off in a brand new crossover. Apparently, your car isn't the only thing in danger of a war-texting takeover, however, as the team says there are a slew of devices and systems, accessible over telephone networks, that are vulnerable to similar attacks, including A-GPS tracking devices, 3G security cameras, SCADA sensors -- and thus the power grid and water supply -- home automation, and urban traffic control systems. Somehow this group of otherwise innocent looking New York texters appears a whole lot more sinister now.

Hackers break into Subaru Outback via text message originally appeared on Engadget on Thu, 04 Aug 2011 17:17:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Google search opens SCADA systems to doomsday scenarios

Joseph Volpe — Thu, 04 Aug 2011 05:26:00 EST

Google, the service so great it became a verb, can now add security risk to its roster of unintended results. The search site played inadvertent host to remotely accessed Supervisory Control and Data Acquisition (SCADA) systems in a Black Hat conference demo led by FusionX's Tom Parker. The security company CTO walked attendees through the steps required to gain control of worldwide utility infrastructure -- power plants, for one -- but stopped short of actually engaging the vulnerable networks. Using a string of code, unique to a Programmable Logic Controller (the computers behind amusement park rides and assembly lines) Parker was able to pull up a water treatment facility's RTU pump, and even found its disaster-welcoming "1234" password -- all through a Google search. Shaking your head in disbelief? We agree, but Parker reassured the crowd these types of outside attacks require a substantial amount of effort and coordination, and "would be extremely challenging to pull off." Panic attack worn off yet? Good, now redirect those fears to the imminent day of robot-helmed reckoning.

Google search opens SCADA systems to doomsday scenarios originally appeared on Engadget on Thu, 04 Aug 2011 05:26:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun

Joe Pollicino — Fri, 22 Jul 2011 23:59:00 EST

Those batteries have probably met a worse fate than the white MacBook line they came from. According to Forbes, Charlie Miller's managed to render seven of them useless after gaining total access to their micro-controllers' firmware via a security hole. Evidently, the Li-ion packs for the line of lappies -- including Airs and Pros -- are accessible with two passwords he dug up from an '09 software update. Chuck mentions that someone could "use them to do something really bad," including faulting charge-levels and thermal read-outs to possibly even making them explode. He also thinks hard-to-spot malware could be installed directly within the battery, repeatedly infecting a computer unless removed. Come August, he'll reportedly be detailing the vulnerability at the Black Hat security conference along with a fix he's dubbed Caulkgun, which only has the mild side-effect of locking-out updates by Apple. Worth being safe these days, though. Right? Full story in the links below.

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun originally appeared on Engadget on Fri, 22 Jul 2011 23:59:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Hackers disguise phone as keyboard, use it to attack PCs via USB

Michael Gorman — Sun, 23 Jan 2011 02:02:00 EST

We've seen hackers use keyboards to deliver malicious code to computers, and we've seen smartphones used as remote controls for cars and TV -- but we've never seen a smartphone disguised as a keyboard used to control a computer, until now. A couple folks at this year's Black Hat DC conference have devised a clever bit of code that allows a rooted smartphone -- connected to a PC through USB -- to pose as a keyboard or mouse in order to attack and control the computer. The hack takes advantage of USB's inability to authenticate connected devices coupled with operating systems' inability to filter USB packets, which would enable users to thwart such an attack. While utilizing a digital costume to hack a computer is a nifty idea, it doesn't pose much additional risk to users because the method still requires physical access to a USB port to work -- and most of us would probably notice someone plugging a smartphone into our laptop while we're using it.

[Image Credit: Angelos Stavrou / CNET]

Hackers disguise phone as keyboard, use it to attack PCs via USB originally appeared on Engadget on Sun, 23 Jan 2011 02:02:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Some Windows CE-based ATMs especially generous (and vulnerable to hackers)

Joseph L. Flatley — Thu, 29 Jul 2010 12:02:00 EST

Speaking at the Black Hat conference in Las Vegas, a fellow named Barnaby Jack (really!) used custom software to hack Windows CE-based ATMs on stage. After using an industry standard key to gain entry to the machines (apparently many ATM owners are too lazy to install new locks) Jack was able to load a rootkit on the device using a USB thumb drive. From that point, it was just a matter of running another program that caused all the cash therein to shoot out in a comical manner. The machines used in the presentation were manufactured by Trannax and Triton, both of which have have had a chance to send a security patch to customers prior to the demonstration. However, there are four different machines in common use that are still vulnerable. And no, he won't tell us which ones.

Some Windows CE-based ATMs especially generous (and vulnerable to hackers) originally appeared on Engadget on Thu, 29 Jul 2010 12:02:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Lookout's App Genome Project warns about sketchy apps you may have already downloaded

Tim Stevens — Thu, 29 Jul 2010 08:15:00 EST

If you're an iPhone user, the only privacy notice you'll see from an app regards your current location -- as much a warning about the associated battery hit from the GPS pinging as anything. If you're an Android user, however, things are different, with a tap-through dialog showing you exactly what each app will access on your phone. But, do you read them? You should, with Lookout running a sort of survey across 300,000 apps on those two platforms, finding that many access personal information even though they seemingly don't need to. One particularly scary instance, an app called Jackeey Wallpaper on Android, aggregates your ~~browsing history, text messages~~, could get your voicemail password, and even your SIM ID and beams it all to a server in China. That this app has been downloaded ~~millions~~ thousands of times is a little disconcerting, but it's not just Android users that have to fear, as even more iPhone than Android apps take a look through your contact infos. What to do? Well, be careful what you download to start, on Android read those privacy warnings... and we're sure Lookout wouldn't mind if you took this opportunity to download its security app.

Update: We received a note from Jussi Nieminen, who indicated the data fields being retrieved, as reported by VentureBeat, are incorrect. Texting and browser history are apparently not retrieved, but your phone number, phone ID, and voicemail fields are. And, since it's not unheard of for voicemail entries to include a password when setup on a phone, it's possible they could wind up with that too. Also, the popularity of the app was apparently misstated, with actual downloads somewhere south of 250,000.

Update 2: Kevin, one of the Black Hat speakers from Lookout, wrote us to let us know that the full details on the wallpaper apps have been posted here, if you'd like to read. Meanwhile, estimations of just how many people have downloaded this particular wallpaper app are all over the place, ranging from as low as 50,000 to over four million.

Lookout's App Genome Project warns about sketchy apps you may have already downloaded originally appeared on Engadget on Thu, 29 Jul 2010 08:15:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Researcher will enable hackers to take over millions of home routers

Sean Hollister — Wed, 21 Jul 2010 06:33:00 EST

Cisco and company, you've got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic's Craig Heffner claims he's got a tool that can hack "millions" of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He's already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply -- for the love of Mitnick, change your default password! -- but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.

Researcher will enable hackers to take over millions of home routers originally appeared on Engadget on Wed, 21 Jul 2010 06:33:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Christopher Tarnovsky hacks Infineon's 'unhackable' chip, we prepare for false-advertising litigation

Tim Stevens — Fri, 12 Feb 2010 10:31:00 EST

As it turns out, Infineon may have been a little bit... optimistic when it said its SLE66 CL PE was "unhackable" -- but only a little. The company should have put an asterisk next to the word, pointing to a disclaimer indicating something to the effect of: "Unless you have an electron microscope, small conductive needles to intercept the chip's internal circuitry, and the acid necessary to expose it." Those are some of the tools available to researcher Christopher Tarnovsky, who perpetrated the hack and presented his findings at the Black Hat DC Conference earlier this month. Initially, Infineon claimed what he'd done was impossible, but now has taken a step back and said "the risk is manageable, and you are just attacking one computer." We would tend to agree in this case, but Tarnovsky still deserves serious respect for this one. Nice work, Big Gun.

Christopher Tarnovsky hacks Infineon's 'unhackable' chip, we prepare for false-advertising litigation originally appeared on Engadget on Fri, 12 Feb 2010 10:31:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Apple keyboard gets hacked like a ripe papaya, perp caught on video

Vlad Savov — Tue, 04 Aug 2009 21:34:00 EST

As far as Apple is concerned, the Black Hat 2009 hackers conference didn't end soon enough. Having promptly patched the iPhone vulnerability, Cupertino is facing another security hole, this time in its keyboards. A hacker going by the pseudonym of K. Chen has come up with a way, using HIDFirmwareUpdaterTool, to inject malicious code into the keyboard's firmware. While it's not yet possible to perform this hack remotely, the fact it occurs at the firmware level means no amount of OS cleanser or anti-virals will remedy it -- which might be a bit of a bother to MacBook owners who can't simply swap to an uninfected keyboard. Panic is hardly advisable, as Chen is collaborating with Apple on a fix, but if you want to be freaked out by his simple keylogger in action, hit up the video after the break.

Continue reading Apple keyboard gets hacked like a ripe papaya, perp caught on video

Filed under: Peripherals

Apple keyboard gets hacked like a ripe papaya, perp caught on video originally appeared on Engadget on Tue, 04 Aug 2009 21:34:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

SMS vulnerability on iPhone to be revealed today, still isn't patched

Chris Ziegler — Thu, 30 Jul 2009 03:29:00 EST

Remember that alleged SMS-based security hole on the iPhone allowing evil-doers to execute arbitrary code and do all sorts of nasty crap like create an army of mobile zombies ready and willing to execute a DoS attack? The guy who found it, security expert Charlie Miller, said that he'd reveal the details of it at Black Hat -- and Black Hat's this week. Sure enough, Miller and his cohorts plan to unleash details of the hack today, and while they claim they informed Apple of the problem over a month ago, Cupertino's yet to make a move. We'd stop short of suggesting iPhone owners all turn off their handsets and take themselves firmly off the grid and into a completely disconnected underground bunker the moment the attack becomes public, but if it's as serious as Miller claims, it definitely bumps up the pressure on Apple to get a fix out on the double -- preferably before 3.1 drops.

Filed under: Cellphones, Handhelds

SMS vulnerability on iPhone to be revealed today, still isn't patched originally appeared on Engadget on Thu, 30 Jul 2009 03:29:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

SMS vulnerability on iPhone to be revealed today, still isn't patched

Chris Ziegler — Thu, 30 Jul 2009 03:29:00 EST

Filed under: Software, Apple, iPhone OS

SMS vulnerability on iPhone to be revealed today, still isn't patched originally appeared on Engadget on Thu, 30 Jul 2009 03:29:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Apple patching nasty iPhone SMS vulnerability

Darren Murph — Thu, 02 Jul 2009 13:01:00 EST

Given the hype surrounding Apple's iPhone, we're actually surprised that we haven't seen more holes to plug over the years. In fact, the last major iPhone exploit to take the world by storm happened right around this time two years ago, and now -- thanks to OS X security expert Charlie Miller -- we're seeing yet another come to light. Over at the SyScan conference in Singapore, Mr. Miller disclosed a hole that would let attackers "run software code on the phone that is sent by SMS over a mobile operator's network in order to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet." Charlie's planning to detail the vulnerability in full at the upcoming Black Hat conference, but Apple's hoping to have it all patched up by the end of this month.

[Via HotHardware]

Filed under: Handsets, GSM, EDGE, HSDPA, Apple, iPhone OS

Apple patching nasty iPhone SMS vulnerability originally appeared on Engadget on Thu, 02 Jul 2009 13:01:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Apple patching nasty iPhone SMS vulnerability

Darren Murph — Thu, 02 Jul 2009 13:01:00 EST

Filed under: Cellphones

Apple patching nasty iPhone SMS vulnerability originally appeared on Engadget on Thu, 02 Jul 2009 13:01:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

MBTA affirms that vulnerabilities exist, judge lifts gag order on MIT students

Darren Murph — Wed, 20 Aug 2008 11:22:00 EST

No surprise here, but the kids from MIT were (presumably) right all along. The three students who were muffled just before presenting their case at Defcon have finally been freed; the now-revoked gag order had prevented them from exposing insecurities in the Massachusetts Bay Transportation Authority ticket system, but during the same court setting, the MBTA fessed up and admitted that its current system was indeed vulnerable. Of note, it only confessed that its CharlieTicket system was susceptible to fraud, while simply not acknowledging any flaws in the more popular CharlieCard option. Pish posh -- who here believes it doesn't have dutiful employees working up a fix as we speak?

Filed under: Transportation, Wireless

MBTA affirms that vulnerabilities exist, judge lifts gag order on MIT students originally appeared on Engadget on Wed, 20 Aug 2008 11:22:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Defcon duo: how-to shut off a pacemaker, almost get free rides on the T

Darren Murph — Sun, 10 Aug 2008 21:38:00 EST

Defcon already delivered by exposing California's FasTrak toll system for the security hole that it is, but that's not nearly all that's emerging from the Las Vegas exploitation conference. For starters, a plethora of medical device security researchers have purportedly figured out a way to wirelessly control pacemakers, theoretically allowing those with the proper equipment to "induce the test mode, drain the device battery and turn off therapies." Of course, it's not (quite) as simple as just buzzing a remote and putting someone six feet under, but it's a threat worth paying attention to. In related news, a trio of MIT students who were scheduled to give a speech on how to hack CharlieCards to get free rides on Boston's T subway were stifled by a temporary restraining order that the Massachusetts Bay Transit Authority snagged just before the expo. Don't lie, you're intrigued -- hit up the links below for all the nitty-gritty.

Update: MIT published the Defcon presentation in a PDF.

Read - Pacemaker hack
Read - Massachusetts Bay Transit Authority sues MIT hackers
Read - Restraining order on said hackers

Filed under: Misc. Gadgets, Transportation, Wireless

Defcon duo: how-to shut off a pacemaker, almost get free rides on the T originally appeared on Engadget on Sun, 10 Aug 2008 21:38:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

FasTrak toll system exposed, could use a serious dose of security

Darren Murph — Thu, 07 Aug 2008 06:39:00 EST

Ah, Black Hat. How we adore you. Each year there's always one speaker who shows up and completely undermines something that most people assume is rock solid. This year, our pals at Hack-A-Day were in attendance to hear Nate Lawson expose California's FasTrak toll system for the security hole that it is. Essentially, toll transponders that are purchased and slapped onto vehicles offer up exactly no authentication, meaning that anyone with an ill will and an RFID reader could wander through a parking lot and lift all sorts of useful information. Think it can't get worse? The transponders reportedly support "unauthenticated over the air upgrading," which means that each tag could be forced to take on a new ID if the right equipment was present. We don't have to spell out "potential disaster" for you, now do we?

[Image courtesy of Mindfully]

Filed under: Transportation

FasTrak toll system exposed, could use a serious dose of security originally appeared on Engadget on Thu, 07 Aug 2008 06:39:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Safari exploit gives hackers full control over iPhones and possibly PCs and Macs

Thomas Ricker — Mon, 23 Jul 2007 03:05:00 EST

Oops, researchers just unveiled a pretty serious security vulnerability in the iPhone. More specifically, it's Apple's Safari web browser which exhibits the vulnerability. Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more -- we're talking full access to your phone. Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn't very reassuring) and "may or may not be exploitable" from Mac and PC versions of Safari -- the same vulnerability exists only they haven't written the proof-of-concept exploit to test it yet. Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That's how you report a bug. Check the exploit in video form after the break.

[Via MacRumors]

Continue reading Safari exploit gives hackers full control over iPhones and possibly PCs and Macs

Filed under: Handsets, Apple

Safari exploit gives hackers full control over iPhones and possibly PCs and Macs originally appeared on Engadget on Mon, 23 Jul 2007 03:05:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Safari exploit gives hackers full control over iPhones and possibly PCs and Macs

Thomas Ricker — Mon, 23 Jul 2007 03:05:00 EST

Continue reading Safari exploit gives hackers full control over iPhones and possibly PCs and Macs

Filed under: Cellphones, Desktops, Laptops, Portable Audio, Portable Video

Safari exploit gives hackers full control over iPhones and possibly PCs and Macs originally appeared on Engadget on Mon, 23 Jul 2007 03:05:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Infamous MacBook WiFi hack demonstrated, dubious code to go public

Darren Murph — Fri, 02 Mar 2007 01:58:00 EST

This on-again / off-again storyline surrounding the infamous MacBook WiFi hack has us all in a bit of a whirlwind, but it looks like the responsible party is finally coming clean. David Maynor, who is now the CTO at Errata Security, broke the silence regarding the questionable WiFi vulnerability that he claimed existed in Apple's MacBook by actually demonstrating his findings in front of the crowds at the Black Hat DC event. The meddlesome duo elicited all sorts of backlash from Apple after the story surfaced, and a showing at the ToorCon hacker convention in San Diego was actually axed after Cupertino threatened to sue Maynor's now-former employer, SecureWorks. Yesterday, however, Maynor streamed rogue code from a Toshiba laptop while his MacBook (running OS X 10.4.6) scanned for wireless networks; sure enough, the laptop crashed, and he insinuated that the code could actually be used to do far worse things, such as control functions of the computer -- but interestingly enough, it wasn't noted whether the MacBook's WiFi adapter was Apple's own or of the third-party variety. The angst still felt by Maynor primarily stems from Apple's outright denial of his claims, only to provide an elusive patch that fixed the issue in OS X 10.4.8, essentially making its operating system more secure without giving David his due credit. Mr. Maynor also said that he would no longer attempt to work with Apple and wouldn't report any further findings to them, and while most Macs have certainly done their duty and upgraded to the latest version of OS X, users can reportedly expect a public release of the rogue code to hit the web soon.

Filed under: Laptops, Wireless, Networking

Infamous MacBook WiFi hack demonstrated, dubious code to go public originally appeared on Engadget on Fri, 02 Mar 2007 01:58:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Janus Project PC can scan 300 WiFi networks at once

Cyrus Farivar — Thu, 31 Aug 2006 07:31:00 EST

You've heard of black hat hackers and white hat hackers, but what about leather hat hackers? Meet the first: Kyle Williams. This creative genius has built the ultimate network hacking PC, the "Janus Project," which can focus its eight WiFi cards to break your standard WEP encryption in under five minutes. Beyond that, it can sniff 300 WiFi networks simultaneously, store and continuously encrypt all the data with AES 256-bit keys. In addition, the Janus Project has an instant off switch, which requires a USB key that has a 2000-bit passkey and a separate password to regain access. What's under the hood? Williams packed an Ubuntu Linux machine running on a 1.5GHz VIA C7 processor with an Acer 17-inch screen into that snazzy little rugged yellow box. Oh, and the closed case is waterproof too, in case you need to transport Janus Project on a whitewater raft to your next hacking hotspot. We don't doubt someone will.

[Via The Raw Feed]

Filed under: Laptops, Wireless, Networking

Janus Project PC can scan 300 WiFi networks at once originally appeared on Engadget on Thu, 31 Aug 2006 07:31:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

HP dons white hat to hack customers' servers

Evan Blass — Thu, 06 Jul 2006 13:41:00 EST

Usually the term "hacking" has some rather negative connotations, so it almost seems counterintuitive to pay someone good money for breaking into your system, but that's exactly what HP is offering to do for its corporate customers with a new service called HP Active Countermeasures, or HPAC. As you'd imagine, HP's hackers won't do anything malicious once they break into a client's server -- propagating a worm, for instance, would seem to be bad for business -- but they will use a combination of buffer, heap, and stack overflows to exploit a system in much the same way that black hatters cause Internet terror on a daily basis. Specifically, the company will employ one of its own servers to launch attacks using eight to ten scanning clients for every 250,000 devices that are part of the program, and offer customers a temporary patch until they're able to hire a dedicated security firm for shoring up any vulnerabilities. Pricing is promised to be "aggressive," with firms using less than 20,000 IP addresses expected to pay only a few dollars per user per year for the privilege of learning how shoddy their security really is.

[Via The Inquirer]

Filed under: Misc. Gadgets, Networking

HP dons white hat to hack customers' servers originally appeared on Engadget on Thu, 06 Jul 2006 13:41:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments