dc414’s badge program project.

The badge program project is a little game for hackers, crackers, and phreaks. The goal is to facilitate learning in a fun and interesting way. Each badge has a list of achievements you must obtain to be eligible to get the badge. Some achievements will be as easy as clicking a like button for FB, another might be as hard as having to try and social engineer a password out of a random person. Every time you get a badge you also get a mystery prize!!

The badges them selves are still under development so expect future posts about them as we finish them up. For a list of the badges and their achievements go here. So get started and get your 1337 badge now!

December meeting recap

Decembers meeting was awesome! Vlad gave a great in depth wi-spy demo. He showed us what a Bluetooth file transfer looks like, what microwaves look like and access points looks like, and gave good detail of just what exactly was going on. Before the meeting he asked people to bring in any wireless devices to see what they looked like in wi-spy while operating. dw5304 came packing with a some directional wireless access points, one so powerful it completely took over the entire spectrum that wi-spy displays.

Then i gave my presentation on using sql injections to bypass logins to sites and admin areas. I showed what should be sent to the sql server, how it looks in php and how to identify exploits. Then showed what a sql injection looks like when passed to the server. I didn’t stop there, we broke into gmtoday.com to take a look at the news paper, then used a google dork to pwn a few more logins. I also talked about dc414’s new badge program project, more on this later, and announced dc414’s new year eve party! More on this later as well.

dw5304 finished off the presentations with a killer demonstration of just how weak time warners security is. He showed us how to take complete control of one of their cable modems with just a few requests, even how to build your own private proxy network made out of time warner modems! Then to top it off demoed a never ending DoS on a modem, kicking this client off line for as long as he wished!

Other then the normal junk i bring to give away, ngharo donated a portable dvd player for cars and F4r4d4y donated a arduino “thanx guys”. All of which went to a good home. Here are some pics cmoney took at the meeting “thanx cmoney”, and a big congrats to Castor for winning the anti-M$ poster and pantsme on snagging the arduino!

Castor and his winnings:

rootkit hidden in millions of cellphones

Another email just surfaced …

rootkit hidden in millions of cellphones

Rootkit found in Android, Symbian, BlackBerry, webOS and even iOS handsets …. but not windows phone’s

The rootkit belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust.

The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart.

Here’s a video showing how everything, including text messages and encrypted web searches, are being logged. It’s truly horrifying.

NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset.

According to Carrier IQ the company is ‘not recording keystrokes or providing tracking tools.’ The video above seems to suggest otherwise.

When Eckhart initially labeled the software as a rootkit, Carrier IQ threatened him with legal action. Only when the Electronic Frontier Foundation stepped in did the company back off from this threat.

“Every button you press in the dialer before you call,” Eckhart says on the video, “it already gets sent off to the IQ application.”

Like I said earlier, there’s a version of Carrier IQ on Apple’s iOS, but it doesn’t seem to be quite the same and doesn’t seem to access as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning off Diagnostics and Usage under Settings seems to be enough.

You might have noticed that I didn’t list Windows Phone 7 OS earlier. That’s because it seems that Windows Phone handsets don’t have Carrier IQ installed.

Here’s a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQ’s vice president of marketing explaining how the company sees this as being completely legal.

 

[UPDATE: According to a statement from Apple to AllThingsD, Apple stopped supporting Carrier IQ with iOS 5.0:

“We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”

When begs the question … what’s collecting all the information on the iPhone? Is this a mechanism developed by Apple for Apple?]

Bit shocked that your iPhone has that Carrier IQ logging feature built into the OS? You can switch it off … in fact, I’ve shown you how to do this before!

Here’s how!

Buried in the Settings menu is an option to choose not to send what Apple calls ‘diagnostic and usage data.’ This option is buried real deep:

Settings > General About Diagnostics & Usage

Here’s the screen you’re looking for:

Set this to Don’t Send and you can stop worrying about where your data is going and who’s looking at it.

Note that this feature is only present on handsets running iOS 5.0 or later (so the iPhone 4S and upgraded iPhone 4 and 3GS handsets.

dc414 November meeting’s awesomeness

Well Novembers meeting was one of our best for sure! Many thanks to James and Bucketworks for putting the safe opening event together and letting us play with your locks and junk, you are the best! It all started with everyone just fucking off enjoying some snacks, cold beers, and some tunes. Then Klaiviel and James got the party started.

Klaiviel gave us a little intro to the safe, its lock, and some of the history all the while James was playing the roll of Geraldo all too well and dropping the lulz like no one. Once the safe was open there was a mad dash to see what was inside!! Lots of brooms, paper and some beta tapes suspected to be vintage pron. Cmoney took lots of pictures and video “below” of the safe opening.

After the party died down a little bit we talked about a issue one of our members is having with china and how to resolve them. Then ngharo and I gave a small demo on physical security and some of the tools one might use. We focused on Switchblade and an Arduino USB keyboard emulator “this is a post for another day” to pwn the shit out of windows, man that was fun. Ok thats it, peace.

F4r4d4y jr won an IE6 admin pack
Winner of free dc414 junk

The following videos are just og the safe opening and viewing of the contents:
pt1

pt2

Full video of the party
http://www.ustream.tv/recorded/18313140

 

October meeting recap.

October’s meeting was awesome as always and we had a few new faces which is always a good thing! We all hacked away at Windows Server 8 for a bit and found a few bugs, but unfortunately for the n00bs the meeting didn’t really get popping until after they let :/

ngharo gave us all a great talk on the wall of sheep. How he coded it, what he coded it in, what other software was used, and all the challenges that came up along the way. Dark Wind brought a toy remote controlled helicopter that uses IR for control, we found out my IR copy toy could be used to copy codes from the remote and take control of the helicopter 🙂 I was excited to finally get to use my 1337 IR copy toy on something!!

After all the IR fun there was a little talk about making a arduino based safe cracker to get into the safe at Bucketworks, that should be a cool project once its all done. Then I showed everyone how to make their own resisters with little more the a piece of paper and a pencil. The DIY fun didn’t stop there, I also demo’ed how to make capacitors using just tin foil, cling wrap, tap and some wire! Then while trying to make the home made capacitor blow up we did found out that if you expose it to high voltage, like the kind coming out of a wall outlet, it will start buzzing and expanding 🙂

A congrats to Dark Wind on winning the dc414 free junk give away, he got Red Hat Linux 6.1 enterprise with the extended support package 😛 Here is some pictures courtesy of cmoney “tyvm cmoney”, I didn’t get a pic of Dark Wind with his winning because, idk, I failed. Ok thats it see you next time.

BarCamp – Post Conference Report

DC414 got a lot of exposure at BarCamp.  We were the only peeps that setup in “the commons” where most everyone would pass through while entering the building.  This was also the area that lightning talks, introductions, and closing events took place.

Wall of Sheep
The wall was a great success for the most part.  Initially, we had to manually sniff and enter sheep onto the wall.  This was becoming a pain in the ass.  We finally got it automated by taking a log from ettercap and piping it into a ruby script which would post to simple webservice.  The source can be found here.  In the afternoon we started getting flooded with fake logins to gmail.com from a user on the network.  Some nerd had scripted this to create chaos upon us!  Unfortunately, we were tapped onto the network at such a point were we would not see local IPs for the source of traffic.  I lol’d and set dw5304 on the hunt to track the user down.  We knew he was using ruby as that’s what the user-agent string was.  dw5304 quickly found him and we all had a laugh.  The scripter gave a lightning talk on his mischief later in the evening.  We’d like to expand on the current scripts and tweak our filters to automate even more types of insecure communications.

The overall atmosphere was very, very hacker friendly.  I had fun listening in to Klaiviel, Vlad, and darkwind troll some unfortunate hotel workers on their radios.  We also did a bit of urban exploration in Bucketwork’s basement … with a 1w laser 😉  Klaiviel did an awesome job presenting on lock picking/etc.  It was funny how Klaiviel showed up with like 5x as many locks and equipment as the guy who was hosting the lockpicking session.  There is safe at Bucketworks that they need assistance opening … Klaiviel did a bunch of research and came to the conclusion that he will need to brute force it.  I’m hoping dc414 can come together and make this happen.  dw5304 dropped a lot of knowledge to people coming by our setup.  Much thanks to all the equipment and dedication he brought to BarCamp.

Some very smart folks were creeping around and while I personally did not see many presentations, I still learned a lot.  We gave out a ton of stickers, flyers, window clings (thanks cmoney and Anarchy).  With that we should see new peeps start showing up to meetings.

dc414 @ barcamp mke

We are proud to announce that dc414 will have a little area at barcamp mke this year! We will be selling stickers, taking orders for shirts, handing out fliers, showcasing some of our past projects and running a DEFCON style wall of sheep “with a dc414 twist”!! Should be lots of fun so come check out our area and barcamp!

To keep up to date with dc414’s activities at barcamp mke you can follow us on our mailing list, facebook, and twitter. Hope to see you there.

My little hackers

I have a house full of little n00bs who have been “hacking” each other in the house lately. See we have one laptop in the house that the kids share in the living room and form time to time one kid will get up and not log out of the sites he/she were using and one of the others will sit down, see the sites open and leave little messages like “hacked by so and so”.

It all started when my oldest boy (19) liked a bunch of dick related stuff on my youngest boys (14) face book account. lol. They have even got cmoney a few times! Now normally i would yell at them for things like this but no one got hurt and they are learning a valuable lesson in technology that is normally learned at much greater coast. Plus it might spark an interest in security for them as well, at the very lest they are more aware of it.

So all in all i think its a good thing they jest in this manner, i just hope they keep it as such. One thing i know for sure is i will be scanning that laptop for key loggers on the regular now 😛

September’s meeting was great!!

The last meeting was awesome as always! My SQLi presentation went well and i even got to do a little demo of iPillage, i took my IR Copy toy but didnt really get to play with it. dw5304, wowed all showing his remote boot system hes working on that needs only a NIC, and gave a little tut on surface soldering! It doesn’t stop there, Klaiviel schooled us all a little in HAM radio, how to track someone with it and how to get your message across the world! He also did a little lock pick demo and GAVE EVERYONE A FREE LOCK! Thanks bro! 🙂 I only took a few pictures this week and here they are.

Everyone got a free dc414 sticker for showing up as well as “Things to know if the FBI show up” cards from DEFCON19 and UCLA. We also got to use our new free junk give away random picker, thanks to ngharo for coding that up, and gave away a few LAN taps, and as always our free junk! Congrats go to Meg again for winning The NORTON Essentials for Mac or more of the crap i don’t want anymore 😛

Meg showing off her free dc414 junk