Windows
Mobile Security Software Fails the Test
From http://www.windowsfordevices.com, "The thrust
of the paper is that far too many software vendors are careless about
how they store their customers' sensitive information. In many cases,
passwords are simply stored as plain text. Even when encryption is used,
the algorithms are often either trivial or flawed, according to Fogie,
who offers numerous detailed examples."
(IN)SECURE
Magazine: Writing an enterprise handheld security policy
(IN)SECURE
Magazine: PDA attacks, part 2: airborne viruses - evolution of the latest
threats
(IN)SECURE
Magazine: PDA attacks: palm sized devices - PC sized threats
Embedded
Reverse Engineering: Cracking Mobile Binaries
Windows CE is the operating system of choice for most
pocket PC devices. As such, it is important to understand the basics
of how this operating system works to become proficient at reverse engineering
on the PPC platform. This segment of the paper will outline the particulars
of Windows CE, and what it means to you when researching the characteristics
of a program.
XSS,
Cookies, and Session ID Authentication – Three Ingredients for
a Successful Hack
Cross site scripting (XSS) errors are generally considered
nothing more than a nuisance — most people do not realize the
inherent danger these types of bugs create. In this article Seth Fogie
looks at a real life XSS attack and how it was used to bypass the authentication
scheme of an online web application, leading to "shell" access
to the web server.
Nikon
Coolpix P1 Wifi Camera: Exposed and Abused
The digital camera has completely revolutionized the
photographic industry. Most families own one, if not two or three of
these devices, yet few people know how they work. In this article, Seth
Fogie exposes the internal mysteries of the digital camera for your
viewing pleasure. However, this isn’t just an ordinary digital
camera — Seth picked one that has built-in wireless connectivity,
which he examines from both a hardware and software perspective. Unfortunately,
he also learned that adding wireless abilities to a camera could leave
you quite exposed.
Airpwn:
Owning the Airwaves
There is no shortage of wireless exploits: cracking
WEP and WPA, man in the middle attacks, rogue access points, etc. In
this article Seth Fogie deals with a method that is not widely discussed:
data traffic injection.
Xbox
360 Exposed
We know many people are just dying to get their hands
on Microsoft's latest next-gen console. Informit's own Seth Fogie, however,
was dying to get his hands in one. On November 22 at 12:01 AM he headed
home with his brand new hardware. But instead of going straight to his
couch, he went straight to his toolbench to crack open one of the first
Xbox 360s to see what's under the hood. See what's inside and learn
how to take it apart in 5 minutes or less with this article and video.
Score
List Hacking: Lessons Learned by Cheating Your Way to Number One
If you like to spend your lunch hour playing online
browser-based games, you're probably familiar with score list hackers
and their cheating ways. However, what you may not realize is that these
vulnerable lists can expose you to a lot more than a sore ego. In this
two-part series, Seth Fogie explains how score lists are exploited,
and more importantly, how these lists can be used to exploit innocent
gamers who are only trying to be number one.
Adding
an External Wi-Fi Antenna to Your PSP
Not content with the factory-installed Wi-Fi adapter
in his PSP, Seth Fogie added an external antenna to boost his signal
strength and improve his signal-to-noise ratio. Here he shows how you
can do it, too. If you own a PSP, this is one of many articles related
to this handheld device that you will find of interest at InformIT.com!
Securing
Your Wireless PDA Connection
There are times a Pocket PC owner might need to use
a public hotspot to check email or surf the Internet. The problem is
that most wireless hotspots are vulnerable to sniffer based attacks.
Seth Fogie and Cyrus Peikari provide a step by step guide that you can
use to securely communicate with almost any online service.
Cracking
Wi-Fi Protected Access (WPA)
In this two-part series, Seth Fogie examines the internals
of WPA and demonstrates how this wireless protection method can be cracked
with only four packets of data. Part 1 outlines the details of WPA as
compared to WEP and builds the foundation for Part 2, in which he describes
in detail how WPA-PSK can be cracked.
Reverse-Engineering
the First Pocket PC Trojan
In this article, we present a detailed two-part analysis
of the Brador Trojan horse for the Windows Mobile operating system.
Details
Emerge on the First Windows Mobile Virus
This three-part series discusses the development of
viruses for the Windows Mobile platform.
Summer
Brings Mosquito-born Malware
This three-part series discusses the menace of viruses
for handheld devices.
Dallas
Business Journal - Stand Up to the BSA
Lost
Interview with the Deceptive Duo
Close
Encounters of the Hacker Kind: A Story from the Front Lines, Part I.
From a warez server to a powerful hacker crew, this
article describes a real life experience of a network admin's worst
nightmare.
Close
Encounters of the Hacker Kind: A Story from the Front Lines, Part II
In part II, the author undergoes a bizarre, yet edifying,
journey of self-exploration and discovery. Or rather, gets owned.
SQL
Server Attacks: Hacking, Cracking, and Protection Techniques
SQL Server attacks strike right at the heart of a business.
Fortunately, you can secure a database server by implementing proper
coding practices and ensuring that the SQL server is configured properly.
Seth Fogie and Dr. Cyrus Peikari uncover two main methods for hacking
SQL servers - and show how you can guard against them.
The
Ingredients to ARP Poison
If you think the only thing between you and the Internet
is a bunch of networking equipment, think again! Using ARP spoofing
attacks, a hacker can see everything you send and receive from your
computer. Cyrus Peikari and Seth Fogie discuss the theory of ARP spoofing
and demonstrate how this type of attack is accomplished.>
Going
on the Defensive: Intrusion-Detection Systems
Tighten your defenses against IDS attacks by learning
about the inherent weaknesses in intrusion-detection systems. Cyrus
Peikari and Seth Fogie show you how to more safely implement this technology
by first showing you how to attack it.
Cracking
WEP
What are the dangers of WEP? After reading this article,
you will understand what a weak IV is, and how RC4, the KSA, PRGA, and
XOR are exploited to crack WEP.
Raw
Sockets Revisited: What Happened to the End of the Internet?
Could a hacker really crash the Internet? Could Windows
XP be turned into a tool of mass destruction? Take a closer look at
the startling alert that predicted the end of the Internet. In this
article, Seth Fogie revisits the prophecy of doom surrounding the subject
of Raw Sockets.
Warez
All That Pirated Software Coming From?
Seth Fogie traces the history of the "Golden Age" of
warez.
Back to Top of Page
