Mykonos’s motto is two-fold.
When you think of protecting a website from hackers, the first thing that comes to mind is probably blocking them out. But what if you just let them on a wild-goose chase, feeding them nuggets of false information and leading them down dead-ends until they get fed up and go do something else?
That’s the strategy behind Mykonos Software‘s security program, which takes a “step right in, let me fetch you a cup of tea and bore you to tears” approach to protection. The tool identifies individuals who are running common searches for security weaknesses on a site, logs their information, and continues to play them for suckers by dribbling out a breadcrumb trail that appears to yield passwords and other tasty vulnerabilities, but ultimately leads nowhere. CEO David Koretz explained to Tom Simonite at Tech Review the various ways in which the software plays with attackers:
A scan that might usually take five hours could take 30, Koretz says. Other tactics include offering up dummy password files, which can help track an attacker when he or she tries to use them. “We’ll let them break the encryption and present a false login page. We have the ability to hack the hacker,” says Koretz.
The next generation of video game control is upon us with the release of Microsoft’s Kinect–which allows users to control special XBOX 360 games with their entire body.
Hackers have been eagerly digging into the device, especially since Microsoft’s Shannon Loftis told Science Friday’s Ira Flatow that no hackers would get in trouble for finding alternate uses for the Kinect:
“I’m very excited to see that people are so inspired that it was less than a week after the Kinect came out before they had started creating and thinking about what they could do.”
Here’s a list of some of our favorite, jaw-dropping hacks: Invisibility without the cloak, 3D video, Minority Report-style computing, real-life Star Wars, and the best shadow puppets you’ve ever seen.
5. Makes the best shadow puppets EVER:
Built in a day by Theo Watson and Emily Gobeille, this little hack replaces your hand and arm with a movable bird puppet. You can control the bird, and even make it squawk.
Video: Vimeo/Theo Watson
4. Real-time light-saber action:
YouTube user yankayan hacked his Kinect to transform a normal wooden stick into a light-saber in real-time, with real light-saber whooshing sounds!
Although money may not grow on trees, it can spew from an ATM–at least if you’re computer security expert Barnaby Jack. He demonstrated recently at a security conference in Las Vegas how to get an ATM to spit money for minutes on end. Jack purchased the ATMs online, and says the tools required to hack them cost less than $100, according to Technology Review:
“After studying four different companies’ models, he said, “every ATM I’ve looked at, I’ve found a ‘game over’ vulnerability that allowed me to get cash from the machine.” He’s even identified an Internet-based attack that requires no physical access.”
Look, it’s a recession, and you gotta do whatever you can to get your name out there. Ashley Towns, the 21-year-old Australian student who crafted the first iPhone worm, used the notoriety to land a job building iPhone apps with the Australian developer Mogeneration.
Though this might seem an odd way to land a new gig, Towns is just the latest in a long line of hackers turned legit. And his worm was tame by comparison to its followers: Towns’ code simply rickrolled “jailbroken” iPhones—those hacked by their owners—by changing the phone’s wallpaper to a glamor shot of singer Rick Astley. Some subsequent iPhone worms are far from harmless pranks; one steals banking information.
Despite the relative harmlessness of Towns’ rickroll, the idea of rewarding bad behavior doesn’t sit well with some developers. Wired.com reports:
Graham Cluley, senior technology consultant for Sophos, said the move sends the wrong message to hackers.
“What disheartens me is that Towns has shown no regret for what he did,” Cluley told TechWorld. “Now his utterly irresponsible behavior appears to have been rewarded. There are plenty of young coders out there who would not have acted so stupidly, and are just as worthy of an opportunity inside a software development company, and are actually quite likely to be better coders than Towns who made a series of blunders with his code.”
80beats: iPhone Worms Move from Harmless (Rickroll) to Nasty (Stolen Bank Info)
80beats: Sorry, Australian iPhone Users: You’ve Been Rickrolled
Discoblog: Weird iPhone Apps
Image: flickr / William Hook
Seriously, shouldn’t government officials who are involved in clandestine activities be forced to sit through Computer Security 101?
According to a new report, a Syrian official displayed remarkable ignorance of best security practices while staying in a posh London hotel in 2006. The official was being watched by the Israeli intelligence agency, the Mossad, on suspicion that he knew something about a secret nuclear reactor in the Syrian desert at a site called the Al Kibar complex. When the Syrian stepped out of his hotel room and left his laptop behind, the Israeli agents got the opening they needed.
From Der Spiegel‘s excellent investigative report:
Israeli agents took the opportunity to install a so-called “Trojan horse” program, which can be used to secretly steal data, onto the Syrian’s laptop.
The hard drive contained construction plans, letters and hundreds of photos. The photos, which were particularly revealing, showed the Al Kibar complex at various stages in its development. At the beginning — probably in 2002, although the material was undated — the construction site looked like a treehouse on stilts, complete with suspicious-looking pipes leading to a pumping station at the Euphrates. Later photos show concrete piers and roofs, which apparently had only one function: to modify the building so that it would look unsuspicious from above.
Based on the laptop data and other evidence, Der Spiegel‘s report claims, Israeli planes bombed the alleged nuclear site in 2007.
The hard drive also had a snapshot of the head of Syria’s Atomic Energy Commission standing next to one of the leading members of the North Korean nuclear program, an engineer who is believed to be the mastermind behind North Korea’s plutonium reactor. Which leads to rule #2: when violating international treaties, aim for black ops, not photo ops.
80beats: The Mystery of the Missing Xenon: Fishy Data From N Korea’s Nuke Test
DISCOVER: Return of Nuclear Winter