The Glider

Article about the case from Wired is here.

Actual text of the decision is here (note: PDF).

Note that the decision here is about cell site location information (CSLI) and not wiretaps of the actual calls.

Thoughts?

Working on a presentation for a few events, all of which are to privacy policy people. They understand compliance, but not security, and certainly not the technical aspect.

I'm trying to run through some of the things that are obvious threats to people like us but are often misunderstood or completely unknown to the general public.

I've so far got:
Dect Phones
Metadata (FOCA)
Wireless networks (Public hotspots)
Photocopier and PDA storage recovery

Any ideas on things you've run across that people are poorly informed about?

So conversations about doing wireless training at an upcoming, un-named west coast conference had me thinking.

Is there still a market for wireless security training? Or has it jumped the shark and the market is exhausted?

I'm talking about the WEP/WPA cracking, detection, etc. There will always be a market for the late breaking stuff, but at what price?

Thoughts?

CFP is open. (http://www.shmoocon.org/?page=57)

Also, new venue, moving south down Connecticut Ave to the Washington Hilton.

So during our Black Hat training this summer, one of my students passed me a lock that he'd purchased at a local retailer not long before. It was a Master Lock combination dial piece (the ubiquitous "gym locker" type lock) which we would normally just shim open.

This lock, however, featured a note on the package stating that it came with "anti-shim" features. I'd heard of this, and was curious to see how it functioned. We looked at the mechanism and were able to instantly tell two things...

1. This lock did indeed have features designed to make it resistant to shimming attacks

2. This lock could still be vulnerable to a skilled shimming attack

We gave it a shot and got it open on the first attempt. Now, some of that i chalk up to luck... but it is possible. In the video that i just uploaded (see URL above) you can get a better look at the mechanism and see how Master Lock has modified the padlock's internals to resist typical shimming attacks.

I say "typical" because the technique we normally suggest (insert down on the outside of the shackle, pinch, and rotate around to the inside) will not work against these locks. However, a slightly varied technique (shown in my poorly-shot video) will fare quite better.

These locks don't have super-duper market penetration yet, but if you come across one and are interested i encourage you to pick it up and give it a shot. Heck, for $5 you're not really gambling much... and you might just impress yourself! :biggrin:

So... what have we learned? These locks are still well-suited to keeping non-valuables "safe" if you are interested in storing a pair of stinky sneakers or drab workout clothes somewhere and you don't want young hooligans throwing them in the pool or some such. For anything of greater worth (wallet, phone, keys, gun, etc) i would go with something that is totally shim-proof (like a double-ball mechanism found in modern ASSA/Abloy products or even just "Pro Series" locks by companies like Master and Schlage.

Of course, there's also the new "Speed Dial"* padlock which i have shown off in the Lockpick Villages here and there because i think it's pretty decent. As i and others have shown, this is a lock that is totally resistant to shimming, but still comes in a simple, affordable package and doesn't rely on a physical token to operate. Not bad for $9.99. :wink:

If i ever were to go to a gym, maybe that's what i'd be using. Ah, who are we kidding... i don't think i'll be hitting the gym anytime soon. :neutral:

Stay safe out there.


* ugh, sorry for that awful marketing drivel video... it was simply the best one i could find that showcases the way the lock works.

Just a quick note, in case anyone ever encounters this. We all noticed Thorn's note recently about an associate who had a data loss and recovery situation they were facing. I had a small affair of my own to tackle in that vein today.

I keep my whole home directory on a TrueCrypt volume. i don't back it up nightly because of its size and how much that would hammer the disk array (and result in some downtime when i cannot access the data) so when i tried to mount the drive today and saw corrupt file system error i wasn't pleased. Having to skip back to a Sunday image of that drive wouldn't have killed me, but it surely did remind me that when we use crypto, we take on an extra layer of complexity and risk with regard to data integrity.

I could mount the volume, but couldn't browse the drive. It was like a semi-borked hard disk. The thing is, the O/S environment couldn't access the volume properly to perform any check disk functions, etc.

Just when i thought that i would have to do a roll back, i started poking around the TrueCrypt interface. The authors have happily included a variety of check and repair tools that will run on such volumes. All my file system errors were restored in moments, with loss of only a handful of small files (most of which still appeared as fragments that i could have toyed with if i wanted to)

So hopefully you'll never have to face this situation yourself, but if you do... in a moment of panic... don't resort to deleting your borked TrueCrypt volume and restoring if you don't have to. It pays to muck about with the built-in maintenance functions, as they are well made and do work.

Does anyone on the forums have a recommendation for a data recovery firm that can retrieve data from a crashed, non-spinning HD? A nonprofit organization in my town has had their only PC’s hard drive die, and it is (of course) the sole source of their payroll and other accounting records. When an inquiry was made about backups I received a blank look as if I was speaking some little known dialect of Chinese.

The nonprofit has been told that data retrieval is costly, but they’d still like to have it sent out for an estimate. Any recommendations for a data recovery firm that you’ve dealt with would be greatly appreciated.

I found in my path yesterday a CD. Labeled, NCR self Service Terminals Recovery CD-ROM for MCSFT Windows XP PRO for Embedded Systems.
Wachovia Edition 2.03 - R06 PELE 2 CD#1. For use with NCR 56XX,58XX,and 66XX Terminals with a PELE 2 Core. After contacting the bank and NCR, I decided to peruse throught it a lil. What I found out was interesting. NCR is a world leader in ATM machine software. This CD contained .dll and .exe with all kinds of things to update an ATM teller machine. Under rule of Title 18 I had to contact and make an attempt to return the lost property. Which will be done around 9:30AM today. It had DipCardReader files, SwipeCardReader files, TrayDispenser files BarCodeReader and the like. So if anyone ever wanted to know, the ATM's at least most made by NCR that are of an XFS Aptra style uses Windows as a core OS alongside Pele 2. I personally would've thought they would be Linux. The CD even comes with files to setup and run the video camera. So security is indeed very tight. NCR claims they are pretty much inpenetrable from outside hackers, and from what i saw they are indeed SECURE as hell. They (NCR) claim to even be able to detect added video cameras used to watch people take money out. They claim that they can detect anyone trying to hack into the ATM via software, and further auto notify the bank and law enforcement. The internal IP addresses the ATM uses had NO DHCP as a setup, and yes they have encryption (TRIPLE DES) I cannot copy this CD as much as I would love too because of copyright laws but I will say for the sake of security talk, YOUR NOT GETTING INTO AN ATM. The protocol seemed to be of RS232 for a few connections. I couldnt run any executables since i am not using XP PRO. According to NCR online documentation their is no way of obtaining these XFS dll without paying.
As of 10:45AM the CD was returned to the financial institution and no FEDS have been spotted. The ATM whitepaper via MCSFT can be obtained from
hxxp://download.microsoft.com/download/c/d/4/cd498d66-4df1-4c88-a2b8-6040f47436e5/Windows_Embedded-kiosk_ATM.doc
And various CEN XFS WFS commands like WFSGetInfo WFSAsyncGetInfo WFSIsBlocking WFSLock WFSAsyncLock WFSOpen can be looked up. Not that it makes a hill of beans difference wihout being a Financial company or having the software installed.

Heh, i've been going through all of my old photos and whatnot since i'm migrating everything to Gallery instead of manually creating thumbnails and such for all my images on my site. in the process, i found really old video from certain cons. One clip features Russ and Roamer from ages ago, announcing the winners of the "slogan contest"

http://www.youtube.com/watch?v=48n9-7LuF6A

i don't even know if that contest runs anymore, does it? ah, history. remember the days of the Alexis Park and the huge tents on the roof and in the side parking lot? we've come quite a long way, no? :wink:

still, i miss things like the drunken pool parties a great deal. hopefully that sort of fun will return when we make the move to the Rio.

Does anyone know who the gentleman is that ran the Retro Computer museum? I have some museum quality old computers that I'd like to go to a good home.

Thanks!