This post is going to briefly discuss RFID (Radio Frequency IDentification) technology and some concerns with it being used in keys. It will start with a quick description of the functional components of RFID, move on to some examples of it being used in keys, continue with a little bit of cryptography talk, and end with saying RFID keys are probably a bad idea.Continue reading
X10 Hacking
This post is inspired a DerbyCon 2011 talk by Rob Simon and Josh Kelly I recently watched called Pentesting Over Power Lines. I’m going to start with a brief overview of the concept of Broadband over Power Lines (BPL). From there I will transition into a description of the X10 protocol itself. The focus will be on the protocol’s vulnerability to hacking.Continue reading
Inventory Management
The SANS Institute lists the top 20 critical security controls at http://www.sans.org/critical-security-controls/. In this post I will concern myself with their number 1 item: inventory of authorized and unauthorized devices. According to SANS, controlling the inventory of authorized and unauthorized devices on a network seeks to “actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.” This article outlines several ways of implementing such control which I will briefly recount.Continue reading
Hacking Back
I’ve had a Roku for about two years now and just finally got around to hooking it up. There are a lot more channels than I was expecting, and some pretty good ones at that; one that I found and have been watching recently is the DerbyCon channel. DerbyCon is a hacker convention in Derby, Kentucky, and they have videos of all the speakers from 2011 and 2012. John Strand is the speaker I’m parroting. In his talk he spoke of “hacking back” as a way of interfering with webcrawlers and directory-scanning bots that I thought was neat.Continue reading