finally something sane. i agree. On Fri, Jun 27, 2008 at 8:50 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Sat, Jun 28, 2008 at 1:38 AM, Ureleet <[EMAIL PROTECTED]> wrote: >> >> u know how old this article is? > > A couple of months old and a prime example of that the intelligence services > don't give a fuck about fire fox, internet explorer, opera and other gay > applications people post application flaws about on Full-Disclosure. > > I want to see things post that actually affect national security and the > government actually give a fuck about. > > Let's move away from stupid computer applications and start focusing on > national security if you want to be an elite hacker, nobody cares about > applications, buffer overflow and the like, its over and done with, its old > skool, nobody gives a fuck anymore. > > If you want to impress the government then start on mobile, radio frequency, > chip / hardware hacks. > > The security community has got to evolve, we can't be sitting here in 2020 > still getting wet and excited about an internet explorer or quick time > flaws, its getting gay, its nearly 2009... > > All the best, > > n3td3v > >> >> >> On Thu, Jun 26, 2008 at 5:45 PM, n3td3v <[EMAIL PROTECTED]> wrote: >> > On Thu, Jun 26, 2008 at 2:08 AM, n3td3v <[EMAIL PROTECTED]> wrote: >> >> I think we've gone beyond the F-Secure has said stage, I think folks >> >> are looking for something more. I think the security space has evolved >> >> already in respect of home user hackers, the security professional >> >> circuit and with the government. >> >> >> >> Infact the government are finding it hard to keep up with what's >> >> possible by the government and what's technologically possible by joe >> >> average in his bedroom. >> >> >> >> A few years ago it was impossible for joe average to shoot the live >> >> scene of a national emergency via his cell phone, email that footage >> >> to a national television station and that to be used as prime time >> >> evidence of the incident, now it is. >> >> >> >> With this I look onto the media, its still using F-Secure press >> >> releases for its news round. >> >> >> >> Your average joe is now able to creep behind the media wall and get >> >> the news before the outlet gets time to read up. >> >> >> >> The fact, the media is becoming less important in the security arena >> >> for bringing us news. >> >> >> >> Your average joe can configure google.com/ig to give them keyword news >> >> thats coming onto the news wires and google.com/alerts can too. >> >> >> >> What used to be a government fundamental for the intelligence >> >> services, is now becoming a challenge for them to know what user is >> >> signed upto what and how much they know. >> >> >> >> Before it was more straight forward, they would know what news sites >> >> were available as civilian intelligence sources but now its becoming >> >> less obvious. >> >> >> >> The intelligence community are having to dig deep into online >> >> community to see what is possibly being plotted and what sources of >> >> information they have and the technique in which its gathered. >> >> >> >> Today the world is changing, what used to be charted water only >> >> reserved for the intelligence services is now also being used by the >> >> civilian population. >> >> >> >> It's scary times, hackers have the best ability to over come the >> >> intelligence services, not the script kids, but the hackers! >> >> >> >> The main focus for the British intelligence service is mobile and >> >> anything to do with radio frequency hacks, including RFID type stuff, >> >> that's high on the British government look out. >> >> >> >> The media are hyping about mobile phone worm, while this hype *is* >> >> unfounded right now, thats not to say its not top on the British >> >> government's watch list of most desirable vulnerability threat vector >> >> against national infrastructure of government and civilian population. >> >> >> >> The hax0r credibility score board from the government's point of view >> >> isn't hacks in safari, fire fox or internet explorer, its >> >> telecommunications and radio frequency hacks right now. >> >> >> >> So while you and your friends might think browser hacks, etc.. think >> >> again, the real stuff that gets the UK government interested in you is >> >> radio, mobile and chip hacks, anything to do with electronics and >> >> communication, they don't actually give a fuck about applications, DNS >> >> hacks, Cisco router hacks and the like. >> >> >> >> While those things like DNS hacks, Cisco router hacks and the like >> >> are internet critical, they aren't national security critical... >> >> >> >> So hackers, if you want the most hax0r credibility points and >> >> attention with the UK government, think national infrastructure, radio >> >> frequency, chip hacks and mobile telecommunication interception. >> >> >> >> If you want head hunted into the UK government cyber defensive, >> >> offensive and research departments go for those vectors... keep away >> >> from silly stuff like web browser hacks, DNS poisoning, Cisco etc. >> >> >> >> How will the UK government contact you? Brute guys will jump out of a >> >> range rover land rover which will have darkened windows and will give >> >> you an offer you can't refuse after abducting you for five minutes >> >> based on your research post on Full-Disclosure. >> >> >> >> All the best, >> >> >> >> n3td3v >> >> >> > >> > ---------- Forwarded message ---------- >> > From: n3td3v <[EMAIL PROTECTED]> >> > Date: Sun, Apr 20, 2008 at 10:42 PM >> > Subject: GSM Researcher stopped at Heathrow Airport by UK government >> > officials >> > To: n3td3v <[EMAIL PROTECTED]> >> > >> > >> > I was leaving today from the United Kingdom/Heathrow airport. I am >> > about to speak at the HITB IT security conference about GSM security >> > and the USRP (gnu-radio project). >> > >> > I was searched by the UK government while waiting at the Gate and >> > reading a newspaper. A UK Government employee flipped his badge and >> > said "Let's talk. Come over here". >> > >> > They detained my USRP (Software Defined Radio), my mobile phone and my >> > personal SIM card. >> > >> > They did their homework. They knew who I am, where i live, which day I >> > speak at the conference and who I work for. >> > >> > I'm involved in the GSM software project where we also developed a new >> > attack against the GSM encryption A51. We published our research in >> > February at the Blackhat security conference in Washington DC. >> > >> > I understand that the government wanted to make sure that I'm not >> > exporting any cryptanalytic device. >> > >> > I did not. I will not. The USRP is a radio. My mobile phone is a >> > normal nokia 3310 phone and my SIM card is a sim card. >> > >> > They said they do not know what the USRP is and that I can not take it >> > until they have checked it in the lab. This can take 14 days (1/2 >> > month). >> > >> > So be it. They have it for 14 days. Guys, enjoy the device! It's fun >> > playing around with it! >> > >> > I'm uneasy that they took my mobile phone and my sim card. Having a >> > pregnant wife at home and not being reachable complicates my >> > situation. >> > >> > Is this common practice? Are they allowed to do this? >> > Any tips how I can get my mobile phone and my sim card back quicker? >> > >> > Our project: http://wiki.thc.org/gsm >> > The USRP is available from http://www.ettus.com >> > The GNU RADIO project: http://www.gnu.org/software/gnuradio >> > >> > >> > stunning, >> > >> > THC >> > --- >> > Appendix: Surprisingly they did not detain my laptop or my paperwork >> > which would be the most likely place to store any information related >> > to cracking A51. They were also not interested in my 160GB harddrive >> > which would have been the obvious place for storing the rainbow >> > tables. Neither were they interested in the high performance FPGA >> > chip. >> > >> > Instead they took all equipment that could have been used for >> > demonstrating that GSM signals can be received with publicly available >> > hardware for 700 USD. >> > >> > It does not appear that they were after cryptanalytic information. >> > >> > I received a yellow paper about my detained goods. They left the field >> > blank that reads >> > "The goods specified below are detained for the following reason:". What >> > reason? >> > >> > They also crossed out the field "Agent" of the officer who was in >> > charge of the operation. >> > >> > --- >> > UPDATE 2008-04-18 >> > Arrived back at Heathrow. Airplane crew announced "All passengers >> > please have your passport ready. There is a passport check while >> > leaving the airplane. Passenger Steve Mueller please make yourself >> > noticeable to the crew. Steve Mueller please." >> > >> > They told me at the gate that I can get my equipment back. I had a >> > chat with them and they answered many of my questions. They did not >> > answer who requested that I should be searched when I left the >> > country. >> > >> > I'm happy that I got my equipment back and I appreciate that they had >> > it checked out quickly. >> > >> > I'm still not sure why they took exactly the radio receiver parts. I >> > had to change my presentation for the conference and was not able to >> > demonstrate the USRP/gnu-radio. >> > >> > >> > http://blog.thc.org/index.php?/archives/1-GSM-Researcher-stopped-at-Heathrow-Airport-by-UK-government-officials.html >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/