Basically SCADA systems are so poorly secured you can find their logins on Google. In a protest that people are uncovering vulnerabilities but the suppliers aren’t fixing the problem but rather trying to silence the exploiters entirely, this twitter account is posting links to loads of SCADA systems. So if you want to play with [...]

How to Crack a Wi-Fi Network’s WPA Password with Reaver.

The CCC has published all the talks from the 28th Annual Chaos Communications Congress. Watch all of the freshly published talks from 28c3 – Hack a Day.

Due to poor implementation a brute force attack can be mounted which only has to guess the first half of the pin. This means there are only 11000 combinations to guess in total and each guess takes around 1.3 seconds. There is no mechanism in routers to disconnect a user after so many failed login [...]

Karsten Nohl / Luca Melette explained how it works at the Chaos Computer Club Communication Camp 2011. Camp 2011: GPRS Intercept. A simpler tutorial can be found here – Download sources into ~/gprs_sniffer git clone git://git.osmocom.org/osmocom-bb.git git clone git://git.osmocom.org/libosmocore.git git clone git://git.srlabs.de/gprsdecode.git wget http://srlabs.de/dl/gprs_multi.patch – Download ARM cross compiler wget http://gnuarm.com/bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 tar xf bu-2.15_gcc-3.4.3-c-c++-java_nl-1.12.0_gi-6.1.tar.bz2 – [...]

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the [...]

Sneaky Command-Line Fu: Reset the Password with the System Rescue CD If you need access to the operating system itself, the Linux-based System Rescue CD is a good option for breaking in. You’ll need to do a bit of command line work, but as long as you follow the instructions closely you should be fine. [...]

using a smartphone accelerometer—the internal device that detects when and how the phone is tilted—to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy via GT | Newsroom – Georgia Tech Turns iPhone Into spiPhone.

Exclusive: Computer Virus Hits U.S. Drone Fleet | Danger Room | Wired.com.

“BEAST is different than most published attacks against HTTPS,” Duong wrote in an email. “While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.” via Hackers break SSL encryption used by millions of [...]

with the plastic PIN pad, it was even possible to determine from the heat signatures not only the numbers pressed but also the number order. via Stealing ATM PINs with thermal cameras | Naked Security.

Android app logs keystrokes using phone movements • The Register.

respawn_redux.

Bitcoin is not inherently anonymous. It may be possible to conduct transactions is such a way so as to obscure your identity, but, in many cases, users and their transactions can be identified. We have performed an analysis of anonymity in the Bitcoin system and published our results in a preprint on arXiv. via An [...]

Security researcher Charlie Miller has announced that he has found a way to hack the chips that control the batteries in Apple’s MacBook, MacBook Pro, and MacBook Air. Using these chips, he was able to brick (or ruin) batteries, or even install persistent malware that would survive a physical hard drive change. via Charlie Miller [...]

DVD Player and Blu-ray Player region codes – VideoHelp.com.

KinectNUI is a Natural User Interface for Windows, built on the Kinect SDK. If you have a Kinect and a modern Windows PC, you should be able to get it to work. via KinectNUI: Kinect SDK NUI Hack.

Groovedown – Grooveshark.com Downloader.

This is done with an R4 chip: buy one: http://www.ts-shops.eu/nintendo-dsi-xl/flash-cards There’s a difference between the r4 and r4i You then put a kernel on the chip: http://www.r4i-sdhc.com/downloade.asp Instructions for formatting your r4 card http://www.r4dscards.com/R4i-DS-Card/ Download games to put on: http://www.dgemu.com/

On June 16, 2011, LulzSec released over 62,000 accounts containing emails and passwords in cleartext obtained from random sources. LulzSec announced the release in a Twitter post at https://twitter.com/#!/LulzSec/status/81327464156119040. The table below is the list of these accounts. Passwords have been partially masked to protect the users from further attacks. LulzSec cleartext passwords.

“The following new elements [should include] penalisation of the production and making available of tools eg, malicious software designed to create ‘botnets’ or unrightfully obtained computer passwords for committing the offences [of attacks against computer systems],” the Council of Ministers said in a statement pages 18-19 of 38-page/176KB PDF. The real problem with this, is [...]

1234, 0000, 2580, 1111, 5555, 5683 (spells LOVE), 0852, 2222, 1212, 1998 via These Are the Most Common Lockscreen PINs – Lifehacker.

gpedit.msc isn’t available for windows home versions. Because it’s basically just a frontend for the registry, you can download an excel spreadsheet with the gpedit settings next to the correct registry entry from Microsoft. Download details: Group Policy Settings Reference for Windows and Windows Server.

This looks like an easy to install, comprehesive and easy to use frontend for your snort logs based on Ruby on Rails. Snorby – All About Simplicity.

Internet probe can track you down to within 690 metres – tech – 05 April 2011 – New Scientist.