А ты игрок?

Foarte interesant… Multe idei, te pune pe ganduri…

Delfini maidanezi in Dambovita (covrigi cu moldoveni) (viral )

Piti despre fotbal (rusa)

Comentariul care rupe: “вроткипер” и “глотарь"

So here we are, summing up 1.5 years of research of “Hacking MFPs Part1″ and opening dawns of “Hacking MFPs Part2″.

This post will present the videos that accompanied the presentations. Source code to follow in the upcoming days.

NOTE: the videos are subtitled - use CC button in the players window to turn them on

Hacking MPFs/printers Part1 - Printer map, geolocation, public-exposure, data-harvesting

Hacking MFPs Part1 - Locally-Initiated PPE (Printing Payload Exploit)

Hacking MPFs Part1 - Remote-Initiated PPE (Printing Payload Exploit)

Hacking MFPs Part2 (soon to come) - Printer code execution - Shell, Memory dumper, Printer connections

Thanks to the great organisers of the conferences where these were presented, as well as big thank for the nice and patient audiences !

Hacking printers MFPs part1 for fun and profit andrei costin #days EuSecWest hack.lu HackCon phNeutral SEC-T SyScan T2

Harvesting Boarding Passes

It’s clear that personal and sensitive data should be protected by all means.
However it’s trully sad to see that people deliberately or unconsciously reveal very sensitive details about them, despite the fact that society is very concerned with “big brother” actions of 3rd-parties in the first place.

Following are just few (ab)use scenarios which I quickly came up with - the sky is the limit (in all it’s meanings !) when playing with someone’s flight…

I am not saying that every everage Joe kind of person will be tracked by these means in “a la” agent 007 style, but imagine an important science person/professor (dealing with sensitive issues, like for example nuclear R & D) being a target of such attack. And yes, I have seen interesting university&academia related boarding passes exposed…

Person identification

- learn sensitive details
- learn (airline) preferences and Frequent Traveller (FT) (to put the importance of this kind of information, let me remind you about WhiteHouse directive leaked thru WikiLeaks suggesting FT data harvesting by US embassies worldwide)
- learn susceptability to “Frequent Traveller Customer Service” impersonation/social engineering attacks
- learn travelling habits (departure hours, taken routes, etc.)

Person (location) tracking

Read more! »

Trenul “PRIETENIA 401″…

…orient expresul vietii mele de student.

E orient-expresul metafizicului si nu al luxului material, deh ca de exemplu ar fi ani lumina de la budele sale metalice de inchisoare (care duhnesc mai ceva ca la festivalele de bere-cu-vin) pana la un veceu cel putin decent, nu mai zic de comod-plauct-si-comfortabil .

Pentru exemple de buda (nota: mi se par incredibil de hilare semnele pentru talpite ) si dusuri avansat-improvizate (nota: vagoanele nu sunt prevazute cu dus din proiectare ), vedeti pozele atasate:

Trenul Prietenia - buda metalica

Read more! »

…mi se pare geniala

Mai ales cand simti mireasma salcamilor care te face nebun de romantism….

Enjoy!

Cum drumul in trenul Prietenia Chisinau-Bucuresti este lung si lin, mereu imi face deosebita placere sa stau pe culoarul stramt, sa ma pierd in ganduri uitandu-ma peste geamul intre-deschis si sa savurez apusul si peisajele mereu impresionante din Moldova - chiar ma bucur uneori ca trenul are o viteza demna de o caruta, altefel s-ar pierde din farmec si din peisaj…

Nu stiu cum vine, dar de obicei ascult rock rusesc pe acea portiune de drum - poate pentru ca este foarte liric sau poate pentru ca are multa filosofie sau chiar ambele… Oricum ar sta lucrurile cu rockul rusesc neclintit in calitate de decenii bune, in Moldova lucrurile stau altfel decat mi-as fi dorit (si altfel decat si-ar fi dorit-o multi altii), desi suntem mult dupa 7 Aprilie 2009.

In amalgamul de emotii, idei si tristete, conturul viziunilor care-mi strabat mintea in acele clipe este dat de DDT, care mi-a fost servit marinimos de shuffle…

Desi au trecut ani de la scrierea lor, sunt atat de actuale in Moldova curenta, incat genialul Shevchuk merita o galaxie si nu doar o stea pe cer…

UPDATED:

ДДТ - Революция - Lyrics

Read more! »

Hybrid++ car concept - fuel, electric and bicycles/dynamos

During a coffee break, this idea came to my mind. Thought to post rather than throw it to brain-garbage.

Here is the concept of a hybrid car concept - fuel, electric and bicycles/dynamos - all in the name of so pushed greener and healthier tomorrow…

Idea is simple - why not having “pluginable” seats for electric cars, where bicycles/dynamo machines can be used with a two-fold purpose - get yourself fit (while husband/wife drives you to work) and at the same time charge your car so that you burn your green electricity later when needed?

Read more! »

Some relaxing tunes after a tiring experience… Enjoy and praise every nice second of your life!

Faithless - A Kind Of Peace

Nouvelle Vague - Dance With Me

It is sad and unbelievable what happens to Japan.

In just 1.5 months (12 Mar 2011 to 26 Apr 2011), it faced several events of huge magnitude on different aspects of their nation, that it seems infinitely impossible to happen in such a short time-span to a single country/nation, even though probabilistically it can happen “one in a million” so to speak.

If I take a look from a very alternative point of view on this (without any proofs, just as mere observer), it seems that there are forces which want Japan down at any price (well some may argue the forces are of a nature, of divine intervention, of other nations, etc.).

I will summarize why I think these events are way too big and on various directions, that their happening may be not just mere random course of events, but may be more like a staged thing.

- Geo-political. Earthquake crisis. Japan suffered a destructive earthquake, classified as “one of the largest earthquakes ever recorded slammed Japan” which also had created “one of the largest tsunami". Many people will say it is not plausible consider that it could be caused humans - my note is that such statement is true only from the perspective that nobody has any court evidence ("constatation matérielle") of existence of such weapons. Now, just to bring another perspective - years back and even nowadays lots of people just don’t believe the existence of various black-box interception solutions used by special/law forces to intercept various signals, though the same people will trust and will be amazed when they hear an intercepted conversation for example (hence unconsciously acknowledging the existence of those devices). I will not make a big case about such weapons, since various sites have speculative proofs (example: search for “ссср тектоническое оружие"). It’s up to you to believe it or not. I believe in existence of such weapons (even if these would be in research/development/alfa-testing versions)

Read more! »

Nice music on unusual computer-devices:

Read more! »

Idling my mind on some out-of-band thoughts, I started realizing that we (as humans, as participants of the virtual social networks, as participants of real-life social networks having a virtual space representation) are in the process of training the most impressive AI yet to come. The technology and the hardware brains are almost there, spreaded around the globe and our orbital space. It lacks the outmust AI.

Just thinking on the meaning of giving a like/dislike on one of the following combination (youtube/facebook/buzz/tweeter/etc)x(video/photo/comment/text/article/etc) is mostly equivalent on training a huge neural network with AI node-weight (one can view the weights as simply 1/-1, or one can view the nodes’ weights as a more complex formula - for example, given a specific user/node, AI calculates the weight of his/her like/dislike voting based on the familiarity of AI with that user, etc.)

The nodes are contextually aware (eg. text which is easily parseable, video/photo which is at least parseable by the means of meta-information and yet content analysis by audio/video level algorithms are growing) and basically the AI is becoming more and more trained not just about social interactions (which it is already and mostly is), but also about our emotions (eg. when these is a comment fight with a lot of slang and cursing and dislikes and likes going around), our way of thinking and taking decision whether we like/dislike a given piece of information in a given context.

Combine that with the HAD (Human Aided Design&Decision taking, which is exactly opposite to CAD) (eg. people aiding the AI by manually correcting wrongly detected and/or recognized faces/objects in photos/videos)…

…and you pick your result.

Just my threaded thought.

Corporatist de succes în zece paşi

• Te naşti într-un sat de pe lângă un oraş mai mare (Brăila sau Galaţi, de preferinţă). Satul vostru are şi o şosea. Tu nu stai la şosea. Acolo stau ăia înstăriţi. Tu nu eşti.

• Creşti auzind-o pe maică-ta spunându-şi cât e de proastă că l-a luat pe tac-tu şi spunându-ţi că dacă nu înveţi ai să ajungi că el.

• La şcoala din sat eşti primul. Maică-ta e mândră, vecinele ¬invi¬dioase, taică-tău bea în cinstea ta.

• Dai la liceu la oraş. Primul şoc cultural. Stai la o mătuşă. Domnişoară la 50 de ani. Pentru tine e zâna cea bună, pentru vecinii ei, „nebuna de la cinci“. Îţi petreci mare
parte la baie. Veceul în casă te fascinează.

Read more! »

Finally got some time to put all the papers in one place.

Papers’ content overlap, but each one has something specific to the given conference, so feel free to explore.

Here is my papers archive.

Feel free to:

• point out errors (and yes, we accept constructive criticism )
• suggest corrections
• suggest improvements

More to come, stay tuned…

Cheers,
zveriu

Tags: Hacking Printers MFPs for fun profit and (anti)warfare Andrei Costin hack.lu syscan eusecwest t2 sec-t

Since I have posted the original “Comprehensive list of security and hackers conferences and conventions 2010″, I have been thinking that maintaining that excel sucks.

So I have created a shared google calendar.

You can has XML RSS or HMTL.

If you need to integrate into your blog/page, here is the code snippet:

Code:

Feel free to:

• share the calendar
• suggest corrections and additions

Cheers,
zveriu

Tags: BlackHat DC, ShmooCon, RFIDsec, NDSS Symposium, RSA Conference, WiSec, CanSecWest, Easterhegg, Security Conference, BlackHat, Notacon, Infosec, HITB HITBSecConf Hack In the Box, SIGINT, CONfidence, LockCon, HAR, FIRST, REcon, H.O.P.E HOPE Hacker On Planet Earth 2600, Secrypt, DEF CON DEFCON, SEC-T, ToorCon, Hack.lu, DeepSec, CCC 27C3, LayerOne, BruCON, Xcon (Xfocus), Kiwicon, mrmcd, ShakaCon, АПроБИТ, list security hacker conferences