Archive for December, 2006

HD-DVD AACS hacked

Thursday, December 28th, 2006

Good news for HD-DVD owners - a tool has been released that will decrypt AACS protected movies, allowing owners to make and play backup copies.

It was bound to happen sooner or later ...

It's funny really, despite all of Sony's attempts to make Blu-ray the format of the future by pushing it with the PS3, hackers might have just determined which format will win (although both HD-DVD and Blu-ray use AACS).

Multiprocessor CD-ROM chess table

Thursday, December 28th, 2006

Something to do with those old CDs and Pentium CPUs - build a chess table!

CD/CPU chess table 

via Make:

How Windows Live Messenger works

Thursday, December 28th, 2006

MSBlog takes a look at how Windows Live Messenger works. 

Most of the time your message will be sent at least twice around the world, in the space of 2 seconds. Not bad eh?

Pretty impressive!

Top threat for 2007 – Botnets

Wednesday, December 27th, 2006

According to Microsoft, the top threat for 2007 is the growing number of botnets out there that criminals can leverage:

If there's one thing that Aaron Kornblum would like to quash, it's the botnet armies.

These are the remote-controlled PCs that have been taken over without their user's knowledge. Symantec Corp. counted more than 4.5 million of them during the first six months of the year, and according to Kornblum, they are the backbone of today's cybercrime.

"Botnets are really where it's at for serious cyber criminals, because of their concentrated power," said Kornblum, a senior attorney with Microsoft Corp.'s Internet Safety Enforcement team. "That power can be used for all sorts of malicious conduct on the Internet."

There's a huge market out there for anti-malware software.  So many PC's out there don't even have the most basic anti-virus and anti-spyware protection.  Really, they shouldn't be connected to the net.

Chip and PIN terminal does Tetris

Wednesday, December 27th, 2006

So much for tamper-resistance:

Many discussions over the security of Chip & PIN have focused on the tamper-resistance of terminals (for example in the aftermath of the Shell Chip & PIN fraud). It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.

Steven Murdoch and myself took the chassis of a real terminal and replaced much of the internal electronics such that it allows us to control the screen, keypad and card-reader. Steven suggested that in order to show that it is completely under our control, we should make it play Tetris (similarly to the guys who made a voting machine play chess). We recorded a short video showing our Tetris playing terminal in action.

It's easy to fool people into thinking that "technology = security".  Nothing could be further from the truth.