Government Agency for Cyperspace Identity

The United States Federal Government and a number of entities in the private sector have drafted the "National Strategy for Trusted Identities in Cyberspace". Their goal is to secure cyberspace. This effort is a direct response to the increasing amount of identity theft and online fraud going on each year. Last year there were over 10 million occurrences of identity theft. Ouch.

This proposal recommends creation of an Identity Ecosystem. There should be an authority to authenticate digital identification. Participation is supposed to be mandatory. The new system will be built with interoperability in mind. That means everything works with everything else like ATM systems do with cash. The proposal is for this not to be all done by the government.

People do not seem to have control over their personal info any more. And there are other problem plaguing people which will not be solved by this initiative such as malware. However the president is to designate a government agency to lead this effort. The proposal goes out of its way to clarify that they are not talking about a national ID card. This is a digital problem requiring a digital solution.

Topsites

Like most folks, I have friends that download movies from BitTorrent sites. Personally I don't have much experience getting movies from such sites. However I did read a story about topsites.

Topsites are secret web sites that share pirated stuff like movies and software games. These aren't normal peer to peer sites like Kazaa. These are open to a limited amount of people in the club. You need to be on their list to get access to the sites.

Getting movies and such onto topsites is not easy. They only want the high quality stuff. That requires high tech and expensive hardware to rip movies. But you do get some bragging rights when your stuff is downloaded by everyone.

Spying on Cell Phones

I was reading some interesting blog today. Then I saw some ads on the site. I clicked through one ad to find a big web page on a product that let's you spy on someone else's cell phone usage. The marketing sounded too good to be true. I wondered whether such a hack could actually exist. Perhaps it is some type of blue tooth device hacking. You ever hear of blue snarfing or blue bugging? I seem to have studied this stuff in school a while ago.

Let's get back to the features of this offer. You can listen in on another person's calls. You can read their text messages. You can also track them via GPS. You can view their contact list. And you can see their photos. All of this is supposed to be undetectable. These are alleged features. I am not sure whether I belief them or not.

This functionality is supposedly not limited to cell phones. It works on any blue tooth enables devices like laptops as well. Law enforcement uses these techniques as well. This works on any phone. You do not see evidence of this on the target's phone. You do not see any apps on the target phone. Nor does it consume much memory. All the data collected fits in megabytes, even after a year's worth of recording. There is different software to install on your phone based on your model. Nothing is logged on the target phone. It is an all software solution.

There are some bonuses with this deal such as how to catch cheaters, how to use spy gadgets, and how to get the truth. Those are the names of the bonus products. These products include detailed info on dirty tricks, covert surveillance, spying via web cams, lie detection, and mind games. I almost would go for this deal just for the bonuses if I could trust them. The whole thing costs $99. If I had more cash, I would try going for this. But if something sounds too good to be true, it most likely is. This might be a hack to get my credit card number and leave me with nothing. Still I can dream that such a broad tool set of capability actually exists out there. Anybody want to give this deal a try?

Meet Phiber Optik

This post is going to be something of a history lesson. I just finished reading a book about the hacker gang Masters of Deception. One of the main characters in the book is Mark Abene. In the late 1980's and early 90's he went by the handle Phiber Optik.

Phiber Optik starting computing on a TRS-80 MC-10. This is a little home computer from Radio Shack that was essentially a scaled down version of the TRS-80 Color Computer. I know because I started out on a Color Computer I (CoCo 1), and later graduated to a CoCo 3. Once Phiber Optik got a modem, he was off to the races.

Phiber Optik initially started making claims that he was a part of the hacker gang Legion of Doom (LoD). The thing is that you cannot will yourself into that group. You needed to be voted in. Luckily the members unanimously voted him in due to his skills and exploits. Some of these exploits results in Phiber Optik getting raided by the Secret Service back in 1990. This is weird. I thought the Secret Service just guarded the president.

Phiber Optik was only 17 years old when he first got raided. He was just a junior in high school. This did not end his hacking career. There are different stories of how it happened. But he eventually got kicked out of the Legion of Doom. He then went on to form a new group - the Masters of Deception. It was a play on the LoD. This was the MoD.

All the founding members of the MoD were eventually brought up on charges by the New York grand jury. Mark held out the longest. All the other members pleaded guilty to the charges to avoid too much jail time. One of the members turned on the others and cooperated with the authorities. These guys were so very interesting that I might do some more history reporting and let you know more about them.

The MOD

I finished reading the book Masters of Deception by Michelle Slatalla and Joshua Quittner. The book chronicles the lives of the main members of the hacking group Masters of Deception (MOD). The group's name is actually a play on the Legion of Doom (LOD), which was a rival hacker group.

The book itself was a good read. It was hard to keep all the hackers straight, given that they all go by handles. Some hackers have multiple handles given the system they are on. The thing that annoyed me about the book was that there was no Table of Contents. Well I am going to rectify that. Here is the table of contents I would have created for this book:

Prologue - AT&T Crash
Chapter 1 - Scorpion
Chapter 2 - Phiber Optik
Chapter 3 - Plik
Chapter 4 - New York Telephone
Chapter 5 - MOD
Chapter 6 - Corrupt
Chapter 7 - The Learning Link
Chapter 8 - Raided
Chapter 9 - Alfredo
Chapter 10 - Fifth Amendment
Chapter 11 - Tymet
Chapter 12 - MODNET
Chapter 13 - Parmaster
Chapter 14 - Broker
Chapter 15 - Grand Jury
Chapter 16 - Plea
Afterward - 2600

I recommend you get this book and read it. The thing gives you a good feel for who these people are. I might go over some of the hackers revealed in this book.

Windows Help Center Vuln

Tavis Ormandy discovered an old vuln in Windows Help Center that allows an attacker to run an arbitrary command on your machine. This only applies to older operating systems like Windows 2003 and Windows XP. Tavis alerted Microsoft to the problem. Then he went public with his info.

The real hack here is that people are making a big deal about Tavis being employed by Google. Supposed reported are making it look like Tavis reported the hole to Microsoft and immediately shared the zero day with the world before Microsoft could patch the hole. Imagine that. Reporters are hacking security consultants with their stories. What will they think of next?

You can find a lot of technical details on the original vulnerability from SecLists. They even disassemble the Windows Help Center executable code, and show you how the arbitrary commands can get through the parsing. That is some deep stuff.

Masters of Deception

A buddy of mine bought me the book Master of Deception. It chronicles the exploits of some young hackers from the 1980's. One of them is the famous Phiber Optik. I have heard this name before. And I thought he was some ominous hacker. Indeed he might have been. But the book paints him as a teen that stayed up all night trying to figure out phone systems. That is not the thug I expected him to be.

The book annoyed me a bit. There was no table of contents. That does not help me get a feel for what I am reading in each chapter. When I finish the book, I will come up with my own proposed table of contents for the book and post it here. Okay? For now I really do like the insight into the lives of the kids that cracked the phone system, as well as the authorities that pursued them.

Plane Protection

Here is a smart idea I have read about. Suppose you need to fly, and want to transport something of value. Sure you can carry it on board and keep it close. But maybe you want to check it in. How do you make sure it has the best chance of making it to your destination? You pack it with a gun.

This is the scoop. You need to declare that you are checking in a package with a gun. Then you sign some forms. The package then gets priority handling and storage during the flight. That is understandable. Who at the airline wants to be responsible for a gun checked in disappearing? I like this idea. Except you need to carry a gun and bring it to the airport.

The more sensible approach might just be to Fed Ex your item and insure it. That way the shipping company has a financial incentive to make sure you package arrives without being tampered. It is a little more hassle than checking a package. However it may give you more peace of mind that bringing the gun along on the flight.