DefCon
Latest
Wireless snooping WASP drone knows you want extra jalapeños, no sliced tomato
This fearsome contraption is the handiwork of a couple of amateur DEFCON-types who reckoned that any self-respecting spy plane ought to be able to impersonate cellphone towers. And that's exactly what the Wireless Aerial Surveillance Platform does -- it tricks AT&T and T-Mobile handsets into connecting to it, then re-routes the incoming calls via VOIP so they don't drop, while simultaneously recording all conversations to 32GB of onboard storage. It can also handle a bit of WiFi snooping on the side, thanks to a Linux-based hacking toolkit and a 340 million word dictionary for guessing passwords. What's more, the WASP apparently achieves all of this without breaking a single FCC regulation. So, er, that's fine then. Oh yeah, and we don't want any of that stuffed crust nonsense, you hear?
Defcon Kids event invites hackers to bring their genetic back-up units
Apparently, kids aren't at all put off by the air of misadventure and notoriety that surrounds hacking. In fact, they're so eager to partake in lock-picking workshops, clue-deciphering seminars and social engineering round-tables, that Defcon in August will have a side event totally dedicated to proto-hackers aged 8-16. The focus will be strictly on well-intentioned hacking and cyber-security, so there's little risk that your progeny will be set on a life-path that ends in a lengthy jail term. Nevertheless, the organizers warn that the main adult event will be going on all around the kids' areas, leading to a risk of exposure to bad language, possible nudity and an "assortment of philosophies." And if that doesn't deter them, nothing will.
Introversion credits Steam for company's salvation
In a candid post on Introversion Software's DEFCON forums, company co-founder Mark Morris admits that the Darwinia+ developer was close to closing up shop following disappointing sales of the game's XBLA port. "Internally we knew within about an hour of Darwinia+'s launch that it hadn't done well enough," Morris wrote. "It took us about two weeks to really accept that and the awful realisation that we didn't have enough to continue with the office or the staff. We had a bunch of creditors knocking at the door, but worse than all of that we were absolutely shattered." Having let its staff go, closed it office and retreated to the bedrooms of its three remaining employees, the company made a last-ditch move to generate some income. "We put together a rescue plan involving creating Steam achievements for DEFCON so we could convince Valve to run a promotion with it," explained Morris. Turns out, a seemingly small tweak and some promotion delivered major results, Morris revealed: "The promo exceeded all of our expectations and when combined with our low burn rate (no office or staff now) we had gone from being fearful about paying our mortgages to having a year's operating capital in the bank." Introversion is still running lean, but is back on track to release its "most ambitious project so far," Subversion, in 2011.
Charlie Miller and Kim Jong-Il could pwn the Internet with two years, $100 million
Well there's one thing we can say about Charlie Miller -- he sure is an ambitious rascal. When not busy exposing security holes in OS X, our fave security expert (aside from Angelina Jolie in Hackers, of course) has laid out a shocking expose based on the following premise: if Kim Jong-Il had a budget of $100 million and a timeline of two years could North Korea's de facto leader (and sunglasses model) take down the United States in a cyberwar? It seems that the answer is yes. Using a thousand or so hackers, "ranging from elite computer commandos to basic college trained geeks," according to AFP, the country could target specific elements of a country's infrastructure (including smart grids, banks, and communications) and create "beacheads" by compromising systems up to two years before they pulled the trigger. Speaking at DEFCON this weekend, Miller mentioned that such an attack could be carried out by anyone, although North Korea has a few advantages, including the fact that its infrastructure is so low tech that even destroying the entire Internet would leave it pretty much unscathed. That said, we're not worried in the least bit: if the diminutive despot brings down the entire Internet, how is he ever going to see Twilight: Eclipse?
Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair
In 2009, Chris Paget showed the world the vulnerabilities of RFID by downloading the contents of US passports from the safety of his automobile. This year, he's doing the same for mobile phones. Demonstrating at DefCon 2010, the white hat hacker fooled 17 nearby GSM phones into believing his $1,500 kit (including a laptop and two RF antennas) was a legitimate cell phone base station, and proceeded to intercept and record audience calls. "As far as your cell phones are concerned, I'm now indistinguishable from AT&T," he told the crowd. The purpose of the demonstration was highlight a major flaw in the 2G GSM system, which directs phones to connect to the tower with the strongest signal regardless of origin -- in this case, Paget's phony tower. The hacker did caveat that his system could only intercept outbound calls, and that caller ID could tip off the owner of a handset to what's what, but he says professional IMSI catchers used by law enforcement don't suffer from such flaws and amateur parity would only be a matter of time. "GSM is broken," Paget said, "The primary solution is to turn it off altogether." That's a tall order for a world still very dependent on the technology for mobile connectivity, but we suppose AT&T and T-Mobile could show the way. Then again, we imagine much of that same world is still using WEP and WPA1 to "secure" their WiFi.
ATM scam at DEFCON clearly the work of ironic criminals
The hooligans in this case have a dry sense of humor or are extremely unlucky: Either way, we can't help but get a chuckle out of the fact that someone placed their smart card skimmin' faux ATM at the Riviera Hotel Casino in Las Vegas -- during DEFCON, the world's largest hacker convention. No one can say exactly how long the kiosk was there -- at least the kids were smart enough to place it right outside the security office, one of the few places in the conference center not under surveillance. It was picking up on this last fact that aroused the suspicion of Brian Markus, CEO of Aries Security. When shining a light through the glass panel that should house a camera, he instead found the PC that was set up to skim people's data. He then notified security, who removed the device and once again made the world safe for hackers and their bank accounts.
DEFCON still headed to DS (if someone publishes it)
Remember Introversion's plans to port DEFCON to handhelds? Yeah, we didn't either, because that was like two years ago. It turns out that that a DS version of the stylized strategy game was actually completed in conjunction with Pinnacle Software, who ran into some ... trouble, of the all-too-familiar financial variety.Introversion has reacquired the rights to the DS game and now hopes to find a publishing partner, in order to get it out worldwide in the third quarter of this year. "With the DSi flying off the shelves recently," Introversion's Mark Morris said, "we believe that there will be particular interest in a finished DS product with such a great track record, especially as the RTS/Strategy sector is so poorly served on the platform."
MBTA affirms that vulnerabilities exist, judge lifts gag order on MIT students
No surprise here, but the kids from MIT were (presumably) right all along. The three students who were muffled just before presenting their case at Defcon have finally been freed; the now-revoked gag order had prevented them from exposing insecurities in the Massachusetts Bay Transportation Authority ticket system, but during the same court setting, the MBTA fessed up and admitted that its current system was indeed vulnerable. Of note, it only confessed that its CharlieTicket system was susceptible to fraud, while simply not acknowledging any flaws in the more popular CharlieCard option. Pish posh -- who here believes it doesn't have dutiful employees working up a fix as we speak?
Defcon duo: how-to shut off a pacemaker, almost get free rides on the T
Defcon already delivered by exposing California's FasTrak toll system for the security hole that it is, but that's not nearly all that's emerging from the Las Vegas exploitation conference. For starters, a plethora of medical device security researchers have purportedly figured out a way to wirelessly control pacemakers, theoretically allowing those with the proper equipment to "induce the test mode, drain the device battery and turn off therapies." Of course, it's not (quite) as simple as just buzzing a remote and putting someone six feet under, but it's a threat worth paying attention to. In related news, a trio of MIT students who were scheduled to give a speech on how to hack CharlieCards to get free rides on Boston's T subway were stifled by a temporary restraining order that the Massachusetts Bay Transit Authority snagged just before the expo. Don't lie, you're intrigued -- hit up the links below for all the nitty-gritty.Update: MIT published the Defcon presentation in a PDF.Read - Pacemaker hackRead - Massachusetts Bay Transit Authority sues MIT hackersRead - Restraining order on said hackers
Ambrosia's Uplink goes universal
Who among us didn't want to start a career in illegal computer hacking after watching the movie Wargames (and who actually did)? You can fulfill your cyber crime fantasies with Uplink, Ambrosia Software's corporate hacking game. You play as a covert agent hired to gain information from rival companies' computers. As you go, you earn money to upgrade your own equipment, gain deeper access and more. I only played briefly, but I had fun. Ambrosia released verison 1.6.0 earlier this week, which is a Universal Binary. Other changes include Updated game content Toggle fullscreen and change resolutions in-game without restarting Uplink Various bug fixes and enhancements If you like DEFCON, another Ambrosia title (we took a look at DEFCON here), you'll probably enjoy Uplink. A single license costs $25US. Uplink requires Mac OS X 10.3.9 or later.
Autonomous sentry gun looks to mow down Defcon
Hand crafted autonomous turrets aren't anything unusual, but rather than piecing together a masterful creation with pre-fab parts, the folks over at Burnt Popcorn managed to take things one step further. After finding that cheaper AirSoft guns lacked the accuracy they craved, they decided to "make their own mechanism to fire BBs." The goal of the project was to enter the Defcon Bots competition and craft a machine that could "shoot down all the targets before the other person does." Of course, the actual programming involved in building this eagle-eyed shooter is a bit more extensive than can be covered here, but if you're looking for a pretty thorough guide complete with video demonstrations, be sure and give the read link a minute of your time.[Via MAKE]
Shall we play a game?
Earlier today, Ambrosia Software released an update to DEFCON, the online, global thermonuclear war simulator (we first posted about DEFCON in April). It's quite fun - think of a high-tech game of "Risk." You must defend your territory and conquer even more. Changes to version 1.4.3 include: Improvements when creating games on a LAN Other game play bugs squashed Defon costs $25US, is universal and requires Mac OS 10.3.9 or later. A free demo is available for download.[Via MacMinute]*I'd like to note that I got the quote in the title correct this time. Thanks, adam.
Hackers crash e-passport readers -- stage set for exploits
Lukas Grunwald -- last seen cloning Germany's RFID passports -- is back with more "white hat" hackery on the world's new e-passport systems. This time, however, he's crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports. After all, "If you're able to crash something you are most likely able to exploit it," says Grunwald. Lukas was able to crash two passport readers made by different vendors by first cloning a passport's chip and then modding the JPEG2000 image file stored within the chip to create a buffer overflow condition -- the same vulnerabilities which make so many devices (the original Xbox, anyone?) so easily exploitable. Lukas contends that all airport readers are likely vulnerable to such an exploit as they would be using off-the-shelf libraries for decoding JPEG images. Lukas will be demonstrating his latest hack this weekend at DefCon in Vegas. Hmmm, with CES moving to RFID badges this year, we have a funny feeling that attendance is going to be way up. [Via BoingBoing]
DEFCON in your pocket
According to CVG, indie studio Introversion (Uplink, Darwinia) is looking for developers to help create a portable version of its "everybody dies" disaster game, DEFCON. With simple visuals, an emphasis on multiplayer carnage, and highly addictive gameplay, DEFCON is an ideal candidate for cell phones, the PSP, or DS. The project is still in very early stages, so no details or platforms have been announced.Earlier we reported that Introversion co-founder Mark Morris was looking to bring a few games to the home console market via digital distribution. DEFCON on your computer, on your TV, and in your pocket? Time to take the "everybody dies" slogan a bit more literally.[Via PSP Fanboy]
DEFCON goes mobile; PSP intended target?
Introversion recently started looking for new developers for a mobile version of DEFCON, according to CVG. The original DEFON was a cult success, heralded by many for its unique apocalyptic premise: players are engaged in a deadly endgame, where the world's superpowers are launching their nuclear weapons. Players must kill as many people as possible through strategic use of their country's nuclear cache.The game's simplistic graphics would make it an ideal candidate for all handhelds, including cell phones, PSP and DS. Although the awkwardly-worded job ad mentions no specific platform, CVG speculates that it will most likely head to PSP. We're not exactly sure why they'd assume that, but we really hope they're right.
Autonomous, laser-guided turret takes aim
The homegrown home security options out there just keep getting sweeter and sweeter, as yet another go-getter has conjured up an autonomous turret to hold down the fort while the owners are away buying more capacitors and Fruit by the Foot. The programmable weapon relies on an 8 servo serial controller and a s666n High Torque servo motor, not to mention a good bit of programming to get things in working order. What started out as a curious ambition has now developed into quite a serious project, as the creator is hoping to "develop a weapons platform for the Defcon Bots competition," and judging by what we see here, things are lookin' up. The robotic sentry can apparently take out targets on its own or follow a simple laser to targets and fire away, but alas, what good would a made from scratch robotic piece of artillery be without a video to demonstrate? Click on through to see the firepower.
Would you like to play a game?
Who among us hasn't seen the geeky "Wargames" from 1983? More to the point, who didn't want to play Global Thermonuclear War with Joshua, the lovable hunk of circuitry that teaches us that, "The only winning move is not to play." So true, Joshua. So true.To learn the lesson for yourself, check out Defcon. It's an online, multiplayer game (you can play solo if you wish as well) that challenges you to outwit your opponents and blow them all to smithereens. After all, what's a little mutually assured destruction among friends?Defon costs $25US and is available from Ambrosia's website.
Defcon dev announces new game: Subversion
Introversion, creator of indie darlings Darwinia and DEFCON, have announced their next project will be called Subversion. Company co-founder Chris Delay made the announcement earlier last week, noting that the project is early in production and the development will be blogged.Understanding that many developers fall into the trap where hype leads to disappointment, Delay assures that he will make no promises as to final features and game play details. As another point, Delay points out that the attached images, including the one to the right, is not a representation of the game and anyone who treats the screenshots as such are mistaken. You've been warned.[Via videogames blogger]
