Show #10 | Attacking from the Side

- Go Daddy is the reason the last show has a decimal point (9.1)
- Known Chrome/Wikipedia bug; multi-threaded race condition  http://tinyurl.com/3jlse84
- Sam tries release handles to a hard drive after backing up. Using process explorer failed
- NETBUS sucks, sub7 has more features came later    ohrlly http://en.wikipedia.org/wiki/Sub7 YA RLLY!
- Sam’s epic guide http://tinyurl.com/6gt4vsf
- Old school games >>  url of ecco, fuck my life, i hate my life!
http://www.youtube.com/watch?v=jJCjJDLvCsg (must watch at least like 4 or 5 of them to get a sense of how pissed this dude is, and how hard this game is).
- (Greatest WOW freak out ever!!) http://www.youtube.com/watch?v=YersIyzsOpc
- Side channel attacks  (http://en.wikipedia.org/wiki/Side_channel_attack)
- Audio Attack on keyboard: http://tinyurl.com/6jdqy8o
- What if, sound based keyboard!?
- Optical Time-Domain Eavesdropping attack on CRT Displays
http://portal.acm.org/citation.cfm?id=830537
- Packet size of VBR (skype) audio to detect spoken sentences http://tinyurl.com/3rh3gyn
- Cold boot attack on RAM
- Firewire/Thunderbolt can to dump RAM
- USB adapter for Colemak… adapt a hardware keylogger for this purpose?
- Colemak correction, re: the prehistory of qwerty: http://tinyurl.com/5s6jkc7
- Ben is starting Colemak.  How browser switched in middle of sentence.  Win7 says to press alt+shift, but the hotkey is really ctrl+shift http://dl.dropbox.com/u/825637/win7-language-fail.png
- Batch OCRing with Adobe Acrobat X.
- Recaptcha, and books, and things,
http://www.google.com/recaptcha/learnmore
- Peerblock list management resource:
http://www.iblocklist.com/lists.php
Possible to use peerblock to prevent fake a/v apps? YES!

Download MP3, Attacking from the Side

 
  • This is my favorite podcast, dude. Programming talk, Tech Snap talk, linux talk, hacking talk, hardware talk, and even electronics talk! I really like any mention of electrical engineering and electronics, i’d really love to hear more topics like that. Also I’m also excitied to hear about more in-depth programming talk. Dude talking about oscilloscope was badass! Dude my friend has all these old oscilloscopes in his room and the power went out during a storm & when lightning struck and quickly lit the room, the crt on the scopes lit up green for awhile!

    Have you heard of Van Eck phreaking? Maybe this is exactly what you were talking about. But this HAS been used to detect LCD screens. First I heard of Van Eck was on Numb3rs.

    Dude, I used to use Ctrl+Shift+Left, a lot. But know I just use: Ctrl+Backspace.

    Side note- I love uTorrent and I know you guys love it too but it also one of those applications you have to right-click on the taskbar just to show it!

    • Antonio, thanks for the kind words! We cover the topics that we find really interesting. I’m glad that you have good taste in technology as well! Well since you asked so nicely I’ll try and put together some topics on basic electrical engineering. I do have a BS which was focused half on computer science and half on electrical engineering.

      That’s a really cool story about the CRT o-scopes. That reminds me of a funny story my dad used to tell me: His dormitory at his college was equipped with an elevator with capacitive touch buttons to select each floor. He figured out that if he shuffled his feet to build a static electric charge he could shock the housing and light up the buttons for each floor!! ahahaha must have been super annoying to people in a rush :)

      I have only seen a few shows of Numb3rs but i really enjoyed it. I have not heard of Van Eck Phreaking, but it is very similar to what I was describing. The cool part about Van Eck is that it works against LCD monitors like you said! I will go in-depth about the differences on the next show. (By the way we are taking a week off, sorry about that)

      Thanks for the note about Ctrl+Backspace. I can’t get this to work on Mac or Windows, so I’m assuming this a desktop linux thing. This shortcut sounds much simpler than Ctrl+Shift+Left .. Damn! another reason to switch to Linux

      In windows 7 you can choose custom behavior per icon. Do this by right clicking on the “show” up arrow, or on the clock and choosing “Customize notification icons”. In here you can set a default show or hide behavior, and also customize per icon. I wonder if icons can override the settings in this menu on their own?

      Every post you make here encourages us to keep the show amazing. Thanks for the great feedback!

      • For the electrical side I’d also like to hear a bit more – maybe on something like the Arduino?
        http://arduino.cc/
        That then allows you to tie it back in to computing/programming/hardware. Maybe use an Arduino to switch on the fly between Colemak and Qwerty?

  • Tech Support* talk

    Damn Freudian slips!

  • Another great podcast guys, thanks! I am getting a bit worried about your obsession with keyboards though… I was almost tempted to give Colemak a go but installed it on Windows 7 and it only had American keyboard layouts. One of the benefits of Colemak is that keys you do not use much stay where they are in Qwerty – but the UK/US layout change moves them anyway… There were scripts to manually re map keys but it was no longer as simple as installing and changing the keyboard layout.
    Shadow copy of files has been a life saver for several people I work with. It is in Windows server 2003 as well which is where we store most of our company files and can be accessed from XP desktops fine. It seems to backup files at a set time each day, not every time the file changes, so saving a text file, changing and saving again will not give you any restore points. Watch out though it can use up a lot of space on your hdd if you are changing big files a lot.
    Sam: Good intro into UltraVNC SC – it can take a while to figure out how to get it going. When I used it I had the names of our support people in it as each connection – it seemed to be better asking people to open the program then “double click on my name”. Nice idea with the script too. Have you experienced the UAC issue yet? That was the main reason I switched away to a commercial alternative.
    Finally I just wanted to share the mental image I had of you trying to explain to a cop what you were doing after someone saw you installing a “keylogger” behind a public computer… Not sure trying to explain the benefits of Colemak would help much. :)

    • Neal! Thanks again & glad you enjoyed it! Ben & I had a laugh when we discussed your comment re our obsession with keyboards, we hear ya loud & clear and we’re thinking of covering mice in the upcoming show! I’m interested to hear more about the UK vs US Colemak switch too, or at least what makes it less approachable. Funny you should mention Shadow Copy/VSS, this has come in handy for me numerous times; just this morning I had to talk my dad through a windows restore after he accidentally his whole laptop. Anyways, drive fast & take chances.

  • Oh forgot to mention another side channel attack – some early dialup modems just connected the send/receive straight to the TX/RX lights. I read somewhere ages ago (sorry – tried to find it with no luck) about someone who used those lights to “read” the traffic being sent over the modem. Fairly sure this was back in the 14.4 kb/s days so probably not possible on anything from the last decade anyway. Oh and before you start thinking of a countermeasure: duck tape over the LED’s. :)

    • Neal. Another great and informative post. I also heard about this attack some years ago. I found this page with an overview of the exploit. Very interesting stuff: http://news.cnet.com/2100-1001-854946.html

      Your right about this attack being limited to dialup modems, however the paper mentions that 56K modems were vulnerable too. DSL and broadband modems don’t seem to be affected. Also it specifically says that not a single network card was susceptible to this attack.

      Thanks for bringing up this epic side channel!

  • love the podcast! i’m still going through all of the back catalog — came over from CoderRadio with Michael / Chris on JupiterBroadcasting network.

    anyways, i wanted to add that with the Recaptcha audio — they purposefully obfuscate the sound so that it’s harder for a “bot” to pick up the letters and enter them.

    Also, i’ve used peerblock forever! its amazing, super happy to see you guys talking about it. I use the standard lists, but also add in china, and a few other select countries. it’s crazy to see how many people are trying to track your torrent… instantly pops up tons of ip’s that are being blocked… nuts!

    Keep up the good work guys!

    • Great! Thank you for appreciating our Back Catalog. Also welcome all JB fans! We are happy to serve up sweet podcast bytes to your ears!

      Ya PeerBlock is a MUST. I was also extremely surprised at how many ips are on the blacklist. It blows my mind how “dirty” torrents are. Oh well good thing I only use torrents to download Linux ISOs.

Leave a Reply

Your email address will never be published or given out. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>