Malte Spitz made an excellent talk on TED in June explaining the greater consequences of the EU data retention directive. Everybody that has a mobile phone should watch this video. Also, check out the excellent (and scary) visualization of the data from his cell phone over six months by the German newspaper Zeit.
Posts By: Carsten
Links to tools demonstrated at OWASP NY/NJ chapter meeting
I spoke at the OWASP NY/NJ chapter meeting yesterday, and it was great fun. The presentation is available here. Some people asked me after the presentation for links to the tools I demonstrated, so here goes: Teensy – Can be bought at pjrc.com for $16 Social Engineering Toolkit – created by ReL1K and downloadable here Inception –… Read more »
Video of Google Data Center physical and logical security
This video shows how Google provides physical and logical security for their data center customers. Quite interesting, and I especially enjoy the 80′s music in the background.
Speaking session at OWASP NYC Chapter
I’ll speak at the OWASP NYC Chapter at Bank of New York Mellon this Thursday, check the link for getting on the waiting list (at the time of writing, the meeting is fully booked). I’ll speak about hardware hacks (not lock picking, but rather how to use hardware to attack software), and present my tool Inception… Read more »
A Metasploit module for Snort vulnerability CVE-2006-5276
I’ve recently had some time on my hands (knee injury), so I decided to implement a couple of Metasploit modules. This first module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write… Read more »
How to install execstack on Ubuntu Hardy
Execstack is great for exploit development tutorials and training on Linux operating systems, as it marks the stack as executable. To install it on Ubuntu 8.04 Hardy, issue the following command in a terminal: sudo apt-get install prelink
Best SPAM ever?
/via Reddit
iPad 3 vs The New iPad: What Apple has learned from Don Draper
WSJ ran a rather lengthy article yesterday about Apples newest tablet, the iPad 3. One of the things that struck me was the paragraph treating the new name of the iPad: Apple didn’t provide much explanation for its decision not to use a specific name—such as the much-rumored iPad 3 handle–which some branding experts said… Read more »
Fix VMware Workstation 8.0.2 on BackTrack 5 R2
Even though the official release date is not until March 1st, I upgraded BackTrack 5 to R2 today following this excellent guide. But after the full upgrade I found that VMware Workstation was not working. Ah, the fun of being an early adopter. Time to patch and recompile the sources (thanks to Weltall for providing… Read more »
Video – Hacking OS X FileVault2 over Thunderbolt with Inception
I’ve created a short video showing how to attack OS X Lion with FileVault2 enabled using my tool, Inception. In the video, I attack a fully patched Mac OS X Lion machine with full-disk encryption enabled (FileVault2), while the machine is powered on and a user is logged in. Using Inception, I am able to dump… Read more »