In a law left vague enough for ridiculous exploitation, the German government has just passed Paragraph 202C, which states that it’s illegal to possess, produce, use or distribute a “hacker tool”.
Make points out that the law could easily encompass network monitoring systems, and that since the ban, Kismac WiFi detection software has shut down. Here is the note left on Kismac’s site:
With the introduction of §202c German politicians proved their complete incompetence. Law in Germany: possession of child pornography – two years imprisonment. Distribution of security software is half as bad. Even worse politicians still believe in the successful ban of digital information, obviously not reckoning globalization.
We are heading straight to a country I do not want to be living in.
There are legitimate threats that this bill will stop. But my guess is the government will create more defiant computer users as a result.
More information [make and Kismac]
Windows only: Login Recovery is a password retrieval application that requires physical access to the computer.
You burn Login Recovery to a CD as a bootable disc image, and after restarting the computer and booting into the disc image, Login Recovery will do its thing and write your encrypted username and password to a text file on the CD.
You then need to jump on a computer with internet access and upload the text file to Login Recovery’s website.
After 48 hours you can view the decrypted username and password for free, or you can pay about $40 to retrieve the information immediately.
You can also retrieve Windows passwords using Ophcrack for free, but if that doesn’t work out, and you’ve been pulling your hair out trying to get at a Windows account, give Login Recovery a try before scrapping the entire installation.
LoginRecovery.com
Lunsford ingeniero en sistemas de seguridad de IBM, se ofreció a hackear una central nuclear, los propietarios dijeron tajantemente que esto sería directamente imposible.
Asusta la facilidad con la que se introdujo dentro del sistema, “El primer día, ya había penetrado en la red. En una semana estabamos controlando la central nuclear. Pensé, cielos, esto es un problemón”.
También es verdad que la seguridad de la planta no habría permitido un desastre nuclear, pero si sabotear la red eléctrica y dejar muchos hogares sin suministro eléctrico.
El sistema de la central estaba basado en SCADA, al igual que la mayoría de los sistemas que controlan las infraestructuras en EEUU, y tras este incidente muchos de los que controlan dichas infraestructuras deberán plantearse hasta que punto están seguros o necesitan una ligera revisión de su sistema.
Más información [ADSLNet]
ISRAELI and Belgian boffins have discovered that the algorithm used in anti-theft digital key systems cars made by Honda, Ford, General Motors, Mercedes Benz and Jaguar are flawed.
According to Wired, it took the boffins an hour of remote access to the digital key of one car made by a manufacturer, to crack the code for that key. From there it was a doddle to work out the code for all the digital keys made by that manufacturer.
According to one of the boffins, Orr Dunkelman, a researcher from the University of Leuven in Belgium there is a master key from which is derived the key for each car a company makes.
The code, known as KeeLoq, was leaked to a Russian hacking web site last year and this enabled the boffins to look at the system for vulnerabilities.
The boffins attacked a digital key wirelessly by sending 65,000 challenge/response queries to it. After 65,000 responses, or an hour’s worth of connection, they use software they designed to decipher that key’s unique code in a day.
The hack gives the attacker the 36 bits of information that are common to all of the keys for one model of car after that it only takes only a few seconds to crack the rest.
According to Wired, a hacker could get the rest of the key in a few seconds by sniffing the communication between the digital key and the car when an owner opens it.
More information [Wired]
