暗行御史

앞으로 진단해야할 가까운 미래(?)에 진단 대상입니다. My Car~ >ㅁ<;;

--------------------------------------------------------

Forget your car keys? Soon it won’t make a difference, as long as you have your laptop. An interesting viral Web video (see below) making the rounds since the Black Hat cybersecurity conference earlier this month depicts two researchers from iSEC Partners (a San Francisco-based security firm) breaking into a 1998 Subaru Outback via their PC. In less than 60 seconds, they wirelessly find the car’s security system module, bypass it and start the engine remotely.

iSEC researchers Don Bailey​ and Mat Solnik claim to be able to hack their way into a securely locked car because its alarm relies on a cell phone or satellite network that can receive commands via text messaging. Devices connecting via a cellular or satellite network are assigned the equivalent of a phone number or Web address. If hackers can figure out the number or address for a particular car, they could use a PC to send commands via text messages that instruct the car to disarm, unlock and start.

One of the reasons this text-messaging approach is disconcerting is that text messages aren’t so easy to block, unless you don’t want to receive any texts (either to your car or phone). Google Voice, iBlacklist and a few others (including wireless carriers AT&T and Verizon) do offer some tools for filtering unwanted text messages.

The researchers acknowledge that stealing a particular car would be difficult because you would have to know that car’s number or address, neither of which are easy to find. What bothers them more is that wireless-enabled systems are showing up not just in cars but also in Supervisory Control and Data Acquisition  (SCADA) systems that control and secure power plants, water-treatment facilities and other components of the nation’s critical infrastructure, they told CNET.

iSEC isn’t the only research team to have caught on to the dangers of ubiquitous networking. As Scientific American reported in April, researchers from the University of California, San Diego (UCSD), and the University of Washington in Seattle likewise claimed that a hacker could insert malicious software onto a car’s computer system using the vehicle’s Bluetooth and cell phone connections, allowing someone to use a mobile phone to unlock the car’s doors and start its engine remotely. UCSD computer science professor Stefan Savage​ and Washington assistant computer science and engineering professor Tadayoshi Kohno had also previously demonstrated the ability to use a computer plugged into a car’s On-Board Diagnostic system (OBD–II) port to take control of the electronic control units to (among other things) disable the brakes, selectively brake individual wheels on demand, and stop the engine—all independent of the driver’s actions (pdf). This was not done wirelessly but did highlight vulnerabilities that car-makers might want to investigate as they continue to open up their vehicles to outside communications.

Image courtesy of webphotographeer, via iStockphoto.com

 

[출처]

http://blogs.scientificamerican.com/observations/2011/08/19/hacked-in-60-seconds-thieves-could-steal-cars-via-text-messages/

AnDOSid the DOS tool for Android

A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners.

Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.

AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.


What's in this version:

• Requires Internet access to send the http post data
• Requires phone state to access the IMEI (one of the two identifiers sent with each post)

AnDOSid can be downloaded from the Android Market place and costs just £1 or Rs.74.58/-Only.

Anonymous Hacker Hack Orange.Fr and upload the database and Site source code backup on file sharing site. Data leaked on twitter. Orange is the brand used by France Télécom for its mobile network operator and Internet service provider subsidiaries. It is the fifth largest telecom operator in the world, with 210 million customers as of 2010. The brand was created in 1994 for Hutchison Telecom's UK mobile phone network, which was acquired by France Télécom in August 2000. In 2006, the company's ISP operations, previously Wanadoo, were also rebranded Orange. Orange is now the unique commercial façade of almost all France Telecom services. Orange France was incorporated in 2005 and has its headquarters in Arcueil, France.

Today UK Police has Charge another alleged Anonymous member in Hacking Cases. A student has been charged with involvement in cyber attacks by the hacking group Anonymous against companies that withdrew online payment services from WikiLeaks.

AOL’spostmaster.aol.com website was hacked Saturday afternoon by someone who goes by the name “HodLuM.” The site was slightly defaced with a message from the hacker. “AOL S3RV3RZ ROOT3D BY HODLUM LOLZ!,” the message read.

AOL finally discovered the hack, and fixed the page between two and four hours after evidence of the breach was posted to Reddit.com. The various forums where this hack was posted all included various jokes along the lines of, “AOL still exists?!” Ouch…

The AOL Postermaster blog has so far not responded to the hack. The hack of AOL Postmaster comes at the end of a difficult week for AOL. While the hack of a minor AOL web property has nothing to do with the poor performance of its stock, the incident can only serve to worsen the mood at a company that’s struggling to stay upright.