©атсн²² (in)sесuяitу » Strange

Peter Kleissner on TV Total (revised)

ChrisJohnRiley — Sun, 10 Jan 2010 17:15:32 +0000

After 2 months, I’ve finally had a few minutes to complete a translation of Peter Kleissner’s TV-Total interview I posted about back in November. I’ve posted the text of the interview below, and tried to work it into a Closed Caption for YouTube (see link below). It’s rough, but you get the idea.

If the susbtitles are a little large and don’t fit the screen, please click the video and view it directly on YouTube’s site.

TV-Total
09 November 2009
Stefan Raab (Host/SR): Now we have a young man with us that, How should I say, some people may see him as a criminal, but he’s a hacker. He’s a very very sincere hacker. He was the youngest hacker to speak before Microsoft and CIA experts at the worldwide hacker conference in Las Vegas. please welcome, Mr Peter Kleissner.

SR: Hello Peter, you’re 18 years old ?

Peter Kleissner (PK): Yes that’s right.

SR: So how criminal are the things you do ?

PK: Half criminal

SR: Not criminal at all ?

PK: Half criminal

SR: Oh, half criminal ! Have you already had problems with the authorities ?

PK: Partially, but nothing really serious

SR: Why what have you done ?

PK: Because I haven’t done anything very criminal such as hacking into bank accounts…

SR: But you could when you wanted ?

PK: Theoretically

SR: Theoretically ?

PK: Yes

SR: Na na na <roughly translates to tsk tsk, naughty>

SR: So how endangered are normal computer users without much awareness ?

PK: Well I’ve also hacked your website. Yesterday.

SR: You’ve hacked our website ? What have you hacked ? what can you do with it ?

PK: Well when you go on my blog, or on twitter, there’s a link to the TV Total website that says that the program is cancelled.

SR: You can do things like that ?

PK: Yep. The people read that

SR: And then ?

PK: Then they think the program’s cancelled.

SR: Oh ok. You can do that of thing. Very interesting. Do you already know how long you have to spend in jail for that ? or …

PK: Ui

SR: .. hasn’t it arrived in the post yet ?

PK: It’s on its way

SR: Can you only do that kind of thing on websites, or could you get access to the private… the private email account of… “Angela Merkel”

PK: Yes, with enough equipment and time

SR: Really ?

PK: It happens all the time that famous people have their accounts hacked and their emails made public. It happens a lot.

SR: What do you have to take care of if you’re a normal computer user ?

PK: When you get an email from me, I wouldn’t open the attachment.

SR: So that means you have to open the email ?

PK: Yes thats the vulnerability.

SR: So if you don’t open up the email from unknown senders then nothing can happen ?

PK: Yes

SR: or is it enough when I’m just online ?

PK: It depends. There are various possibilities.

SR: So you sit in a car with an antenna looking for wireless networks to hack into, so that you can see which porn sites the other people are looking at currently ?

PK: Yes

SR: You could do that ?

PK: Yes. But I don’t

SR: Do people think that you don’t do it ?

PK: No

SR: This opens up loads of possibilities. How did you get into it ? what did you have to learn to be able to do it ? Was it hard to learn ? you’re only 18 after all. How long have been look into this subject ?

PK: I started about 2 years ago, I worked for an Anti-virus company and I learnt everything about viruses there.

SR: You have recently done a presentation at the world-wide hacker conference in Las Vegas, and spoken there with Microsoft and CIA experts. Can they learn something from you ?

PK: definitely !

SR: So they can learn something from me, I can tell you how I got into your website and how to prevent it.. as long as you give me money. Is that your business model ?

PK: My business model is that I tell software developers how to secure their systems.

SR: That’s what I said.

PK: Yeah well, kinda.

SR: So you first find a potential customer and show them the failures in their software. In cases where it might happen again you can sell them a system/process to prevent it ?

PK: Exactly

SR: Isn’t that blackmail ?

PK: No. Only the way you say it.

SR: So it’s a business model…

PK: Yes

SR: .. you would say

PK: definitely

SR: Is that how you want to earn money in the future ?

PK: Yes, I already do like this. It works well

SR: Putting all this aside, the hacking of a website is already a criminal act !

PK: Yes

PK: That’s right.

SR: What kind of fines would you have to pay if you got caught ?

SR: If you hack a site like TV-Total and write that the programs cancelled for example !

PK: But normally nobody is interested in that

SR: If nobody goes to court, then there’s no crime !

PK: There’s still foreign countries I can escape too

SR: Ok, but then you’re never allowed back !

PK:

SR: That’s not so… Ah yes, you have to go back to Austria. Austrians look forward to going home !

SR: So what does the future hold for you ? You’re still in school correct ? You’re doing your A-Levels ?

PK: Yes

SR: And then ?

PK: I want to go to University. To study Computer Science (Informatik)

SR: I thought you already knew everything ?

PK: Not everything, there’s still something to learn.

SR: Ok

PK: … and to brag !

SR: To brag ?

PK: Yes. I have to spend my time somehow.

SR: Do you need some special equipment for what you’re doing ?

PK: No a normal notebook is enough.

SR: A normal notebook ? and then the right knowledge.

PK: Exactly.

SR: Understood. So I wish you, at the very least with your legal activities, every success… and keep your fingers away from illegal stuff. Promise me that ?

PK: Yes

SR: Peter Kleissner ladies and gentlemen.

>

26C3: Sleep Hacking

ChrisJohnRiley — Sun, 27 Dec 2009 20:19:00 +0000

Well it’s the first day at #26C3 and purely by chance I stuck my head into the lightening talks to see Paula (@p4ula) talking about sleep hacking. This has been something that’s interested me for a while, as I’m sure it has many hackers before me. After all, we all want to fit more hours into the day, and I know more than my fair share of people that seem to never sleep at all.

There’s only so much information you can fit into a 4 minute lightening talk, luckily enough Paula had arranged a breakout room for Q&A after the talk, and it was packed. Seems like it’s not just me and Benny (@security4all) interested in this topic.

If you want to find out more information about Paula’s talk, and Polyphasic sleep in general check out the following links .:

http://twitter.com/p4ula
http://en.wikipedia.org/wiki/Polyphasic_sleep
http://barcampcologne.mixxt.de/networks/wiki/index._sleephacking
http://hackaday.com/2005/10/16/hacking-sleep/
http://www.explosiveapps.com/ (iPhone app)
http://easywakeup.net/ (iPhoone app)
….

Peter Kleissner on TV Total

ChrisJohnRiley — Tue, 10 Nov 2009 21:31:50 +0000

Even I had to double check when I saw Peter Kleissner (from Stoned Bootkit fame) talking about appearing on TV Total in Austria. It’s not often that Security Researchers get TV time over here in Austria, and I’m sad to say, I doubt this interview is going to help that situation much.

Rough translation – “We’ll see who disses who”

I’ve met Peter a couple of times now, as I’ve seen him present over in Las Vegas, as well as at HAR2009 in the Netherlands. He also did a presentation of the Stoned Bootkit at one of the CERT.AT meetings in Vienna. I didn’t really talk that much with him at these events, but he seemed an ok guy. A little young and idealistic, but that’s not a bad things most of the time.

I didn’t manage to catch the segment live, although a couple of colleagues watched. The reviews they gave were not particularly shining. So after getting back from work today I decided to take a few minutes to search YouTube for a link and see what was discussed. There’s a lot I could say about the interview, but I wont. Right now there isn’t an English translation, and I’ve not really got the time to make one. I’d much rather leave people to form their own opinions before I give mine.

For those interested here is the YouTube version of the TV Total interview (6:28) in the original German. If anybody out there wants to do a German/English translation, please let me know. It might be a while before I can get round to writing one up.

The caption on the video roughly translates to “When I grow up, I’ll be a hacker”

EDIT: Youtube video fixed.

Number of the beast

ChrisJohnRiley — Sun, 18 Oct 2009 00:21:17 +0000

Well I’ve finally hit the milestone I’m sure everybody on Twitter aims for at one point or another. I’ve managed to brain-wash 666 people into following my inane ramblings and random comments on Twitter. I’m sure I’d have hit this milestone a lot quicker if I didn’t have a horrible tendency to block anybody who looks remotely like a bot (there are a lot more than you’d think), and of course n3td3v, I blocked him too to stop him retweeting anything (who’d want to be associated with that kind of thing ???). Sorry if you weren’t a bot, thems the breaks

In celebration of this milestone I’ll make sure to bite the head off a bat at the next available opportunity. Next up 1337, at which point I hope to release a stunningly uninteresting XSS zero-day exploit in an application nobody uses or cares about. Keep an eye out for that one…

3 Months stats – twittercounter.com

Strange twitterings from the BBC

ChrisJohnRiley — Fri, 16 Oct 2009 12:02:40 +0000

Earlier today I was catching up on some tidbits of world news from various sources when I stumbled across something that caught my eye. BBC World News offer a twitter feed of their latest headlines. I sometimes browse the list to see whats going on in the world and to reaffirm my opinion that we’re all doomed. Today however a specific article in the list caught my eye.

“It’s Time To Legalize Cannabis.”

This snippet of news, and the associated link didn’t really fit with the other news. For starters the capitalisation and use of the American spelling of legalize (legalise). There was also the fact that a majority of other news snippets started off with BBC Business News, whereas this didn’t. By using Twitters search function I could also see that the exact same tweet had been sent out on a regular basis for at least 10 days (possibly longer). The last thing that made me think this wasn’t really a tweet from BBC_News_World was the from label under the tweet

Whereas all other tweets come from Twitterfeed, these are the only ones that report to come from twitRobot. Very strange.

By pulling up the link on a test system the bit.ly link took me to a Facebook cause with the same title at the tweets posted through the BBC Twitter feed “It’s Time To Legalize Cannabis”.

By pulling up the bit.ly statistics I could see that this link had been actively used since the end of September and had been clicked over 665 times. It also showed the original creator of the link as a user called therealtwitter. This appears to be the name used when Twitter automatically shortens a URL in a post for the user. So no tracking information there unfortunately.

More detailed information can be found on the bit.ly info page for this link. Including breakdown of clicks by country and clicks by referrer. By looking at the referrer stats it’s evident that this bit.ly link is also being sent out through email and IM.

Although the Facebook cause at the end of the link appears benign at first appearance, it certainly warrants further investigation into why this link is spreading through the BBC Twitter feed (possibly without their knowledge). This cause could be something as simple as a person trying to drum up members for their cause. Then again it could just as easily be a phishing site designed to steal logon credentials, or perform attacks against the users browser. Further work is needed to see exactly whats behind this.

If I receive response regarding this I’ll certainly post a followup. Until then, watch out just incase.

Results of a Security Assessment of Common Implementation Strategies of the TCP and IP Protocols

ChrisJohnRiley — Sat, 15 Aug 2009 19:13:21 +0000

Information and slides for the presentation are available on the HAR2009 Wiki.

PDF’s are available that provide details on the Security Assessment of the Internet Protocol and Transmission Control Protocol that were carried out on behalf of the UK CPNI (United Kingdom’s Centre for the Protection of National Infrastructure).

Fernando Gont unfortunately didn’t turnup to do the talk. At the moment we’re unsure why, and wouldn’t like to speculate (things just happen sometimes). Hopefully he’ll get rescheduled for sometime later tonight/tomorrow.

Drama at HAR2009

ChrisJohnRiley — Thu, 13 Aug 2009 21:20:18 +0000

I was just informed of a small security (no, not that kind of security) incident at one of the talks. Below is the official press release from HAR (which came out very quickly).

Press release: on Thursday, August 13, during the lecture The Complex Ethics of Piracy by Peter Eckersley, a HAR2009 visitor jumped to the stage, took the microphone and tried to express his believes to the audience. When HAR2009 people tried to stop him, he became agressive and was escorted off the terrain. During subsequent actions, the police has apprehended the man who is now in custody.

Seems like somebody got a little over excited and will be missing the remainder of HAR (and most probably the next one as well if he’s on the bad boy list). I’m sure there will be some pictures at somepoint… there always is when police are involved

Remember, the speakers are stressed enough. It’s not any easy job at the best of times to stand infront of a jury of your peers and present a new idea, theory, or idea. This kind of thing should never happen.

EC-Council Courses certified by the NSA !!!

ChrisJohnRiley — Sat, 06 Jun 2009 11:21:59 +0000

Yes, this isn’t a mistake, and I’ve not been drinking. I received a nice email from the people at EC-Council letting me know that the “EC-Council Courseware certified to have met the CNSS Standards by the United States National Security Agency (NSA) and the Committee on National Security Systems (CNSS)”. The press release goes on to detail the EC-Council courses (including CEH, ECSA and LPT) that have been been certified to meet the training requirements for information security professionals in federal government.

My first reaction was that this must be come kind of scam. I was waiting for the part where they ask me for my credit-card number so I can receive a new certificate and security level. Alas, this was not to be. Those who’ve read my blog or my articles know that my view on EC-Council and in particular their CEH, ECSA/LPT track isn’t a good one. I’ve been through the training and to this date (maybe for not much longer) I’m still certified as a CEH and ECSA. I’ve refused to pay the $500 a year required to be an LPT however, as, well, it’s a farce. Still, back to the point. I’m not sure what changes EC-Council have made since my experiences with version 5 of the CEH course, but from what I’ve heard and read, they’ve only increased the size of the course and done nothing to improve the low quality of the training and material.

I’m not sure what the thinking behind this certification was, however I’d love to hear your opinions. Does this change your view on the quality of CEH candidates ? or has it just lowered your opinion of the technical competence of the NSA. I know where my feelings on the matter lie.

EC-Council Press Release –> HERE

ATM Thefts – A How-to guide ???

ChrisJohnRiley — Thu, 05 Feb 2009 09:38:26 +0000

Sometimes, no matter how hard you try to do something good, you end up doing something stupid. No, I’m not talking about my friend Bob this time This time it’s the creator of a (over)helpful user awareness email doing the rounds.

I was lucky enough to find a copy of this sitting in my email-box this morning, and thought it was something worth commenting on.

The PowerPoint presentation walks a user through how ATM thief’s can steal your card and PIN number using simple social engineering attack and a small piece of x-ray film. The message is a good one, and the creators (as it doesn’t appear to be an official bank creation) have their hearts in the right place. Helping poor the defenceless public is always a good thing. With that said, this PowerPoint also reads like a step by step guide for your average scumbag thief to begin running this scam on your local ATM.

Sometimes a little too much information is a bad thing. This awareness campaign would have been just as effective without all the fine detail on placing the x-ray film to catch the card. At least let the bad-guys do their own experimentation instead of handing them a proven and tested recipe.

Take a look and tell me what you think. –> DOWNLOAD

How to unbrick an EeePC

ChrisJohnRiley — Thu, 08 Jan 2009 20:49:31 +0000

Yes you read that right… Before we get to the easy part (I use that term loosely), let me tell you a little story.

There was a guy called Bob (no, not the same Bob from the Pauldotcom show) who had a brand new 1000HG eeepc. It was happy running Ubuntu (and XP, but that’s a problem for another time), but Bob craved for OSX. After spending a few hours fighting to get iDeneb’s version of OSX running on the little machine, he realised that the problem lay with the BIOS. Yes, you can see where this is going. So after looking all over for a modded (OSX ready) BIOS version for the 1000HG, he settled on one for the 1000H. After all the 1000HG is only a 1000H with added 3G support (or so he thought). After following the instructions to reflash the BIOS (renaming the 1000H.rom to 1000HG.rom, putting it on a USB stick, and then booting while pressing fn+F2), the flash program balked and complained about the wrong ROMID. Of course, it’s elementary my dear Bob. ASUS has wisely set the ROMID differently between the versions of BIOS to stop fools from flashing with the wrong version. 5 minutes later and the rom file was open in AMI’s editing tool and the ROMID was changed to the correct number for the 1000HG. If you can’t see where this is going now, then all hope for you is already lost. Anyway, starting up again, the flash utility took the new rom file without so much as a wimper, and flashed without a single complaint. Reboot, and wondrous blackness. No BIOS, no flashing error lights, no error message, no beeps, no power to the USB key I used to flash… OMG Bob you fool, what have you done.

So begins the journey for a fix. Bob tried everything possible. Removing the battery, power cable and pressing the reset point under the eeepc for 30 seconds (and also holding the power for 30 seconds). He tried booting with the correct 1000HG.rom file (from the original CD) on a USB and holding fn+F2 till his fingers bled (ok, maybe not, but you get the idea right). All seemed lost, and the hunt for a fiy seemed to have come up dry. Then, finally in the back of a deep dark eeepc forum he saw a shiny shiny light. FN+CTRL+HOME, Yes, this could be it. After all, 3 buttons are hands down better than 2 (just think of the 3-finger salute, CTRL+ALT+DEL), and FN+F2 wasn’t cutting it as a solution.

There was only one problem with this proposed solution… timing. As they say, timing is everything. So it began. I’ll leave out the part about frustration, having to hold the power down for 3 or 4 seconds to get it to turn off before retrying, and the general annoyance level caused, and move straight to the part involving happy. We rejoin Bob later (about 30 minutes later) having already completed more than 35 nerve racking reboots. However this time around luck was on Bob’s side at last. There was life in the eee pc yet… the flashing tool blinked up onto the previously lifeless screen of eee-death, and as luck would have it (ok it was planned, honest) the USB key with the original BIOS was in the machine’s USB slot. Never before had the text of a BIOS flashing tool shined like the words of *insert name of suitable deity here*. YES, yes, yes… (no not the scene from “when Harry met Sally”) but the sound of eee-resurrection.

One reboot later and Bob had his 1000HG working again. It was then that he swore never to edit BIOS rom files for his systems ever again (until next time) after all, he knew how to unbrick it now

The moral of this story…. always use FN+CTRL+HOME to unbrick your eeepc, because 3 keys are better than 2 any day of the week.

* The names have been changed to protect the innocent (and dumb)