Security Visualization Portal

I launched a new portal that deals with visualization of log files:

http://secviz.org/

The portal can only survive if people- you – take an active part in contributing content.

There are multiple resources available where community input is most welcome:

* Graph Exchange: The idea is that people can submit their graphs, explain why they think the graphs are useful, and how they generated them.
* Parser Exchange: To generate graphs, you need to parse your data. This is a place where you can submit your parsers.
* Links: A whole bunch of links around data analysis and visualization.
* Discussions: A free forum where you can start discussions around the topics of log visualization and analysis.

Let me know what you think and most importantly, submit your graphs: http://secviz.org/?q=image/tid/1

This is from Raffael Marty, from ArcSight (which I'll forgive him for… just once 🙂 ), on the LogAnalysis mailing list.  For my customers and others that are dealing with security log analysis, this website may prove useful.

Advertisements

NMap Online

For all Nmap fans, our group have implemented Nmap Online service.

Its address is http://nmap-online.com/. The interface allows you to perform custom

Nmap scans from our server with only a few limitations in the syntax.

The service is free and can be used immediately, no registration is required.

From Fr33d0m.net.

PS1P Alpha 1 Released – Playstation One Emulator for PSP

After the disapointing PS1 Emulator release by Sony which requires you to have a PS3 heres some better news.



Tonight Finally is the release time of PS1P the PlayStation Emulator for the PSP – AN Exclusive for the PSP News site at DCEmu.
Its been a long wait but our friend Anonymous Coder has now agreed to
release the first Alpha of his Playstation Emulator for the PSP.

This release was to be a Single Game release but AC
contacted me today and changed his mind so thats great for you all,
heres what he emailed me

The wait is worth it. I'm releasing a version that will run anything. ISO, BIN, Z and ZNX

The rest you know. scph1001.bin and images in the __SCE__ps1p directory

This version has some compatibility problems which I plan to fix soon,
for example the FF7 intro movie doesn't run. You can play the game
though, just get past the intro using a standard PC emulator (PCSX,
ePSXe, …) and copy over the memory card file ( mcd001.mcr or
mcd002.mcr).

Use L+R+ up/down to tweak the CPU timing.

I think L2 and R2 aren't working at the moment too.

–A.C.

P.S.: to make things clear. This emulator has nothing to do with PCSX,
psx4all or any other emulator already released. The only thing I did
was use for the game selection screen, the same font code that psx4all
uses–it's from some GP2X demo/app.

From PSP News.

Audio from Xbox hacker's USC talk

The audio from Andrew “bunnie” Huang's free talk at USC last night is
online, thanks to students Mike Jones and Andy Sternberg. Bunnie came
to fame for breaking the crypto on the Xbox, enabling the creation of
Xbox Linux, and is now working with the startup he founded, Chumby, which makes an open media-player/device.

Bunnie's talk was a fantastic exegesis on the mind of a
reverse-engineer, the perils and promise of hardware hacking, and the
pursuit of business models that encourage smart customers to get the
most out of their devices.

Next week's speaker is EFF Staff Technologist Seth Schoen, whose many claims to fame include authoring the DeCSS Haiku, his sharp critiques of trusted computing, his role in uncovering the color printer secret codes, and many other seminal technical achievements. He also maintains the Bootable Business Card distribution of Linux. Seth speaks at 7PM on Tuesday, Nov 28, at the USC Annenberg School, room 207.
Link, MP3 Link

From Boing Boing.

A Challenge from Isreal Torres

- click to download -

Here begins a series of challenges! Can you find the secret in #0001?
md5 : 354CC60C4486F842C347C8742D2905BC

update : [11/06/2006] : I am adding hints to incoming questions to ensure progress.

Hint 1 : The challenge is not to see who does not run the unknown executable (good try though!)
I will say that it is benign in every way; however caution should
always be taken in using a non-production machine and non-admin mode.
Hint 2 : The MD5 hash is only that of the executable and nothing more.
Hint 3 : In testing this on other machines I’ve unexpectedly found part of the solution so if you are lucky you will to. (If you do find it you can quickly build a tool to discover more… but now perhaps I’ve said too much!)
Hint 4 : No crypto is involved in any scripting.

Click here to download the Challenge.

MP3 player used to tap ATM conversations

A FRAUDSTER outwitted sophisticated banking security systems by using an ordinary MP3 music player to bug cash machines and steal customers’ credit card secrets.

Maxwell Parsons, 41, was the central figure in a gang who went on to steal goods worth hundreds of thousands of pounds in high street stores across Britain.

Parsons or other gang members would use MP3 portable music players
to record data transmitted from free-standing ATM cash machines. The
data was then converted to readable numbers using a separate computer
programme.

The phone line running from the machine to an ordinary BT
white socket was unplugged and a two-way adaptor inserted. The MP3
player was then placed between the ATM machine’s output cable and the
phone socket.

The player would record the tones, which resemble the kind of sound emitted by a fax machine.

These were then interpreted using a modem line tap, or MLT,
acquired from Canada, or passed through a computer software program
bought illicitly in Ukraine.

Read the full article on The Times Online.

Zune Hacked! How To Bypass The Zune's WiFi Sharing DRM

We knew it would be done sooner or later, and now that we have the mod to use your Zune as a portable hard drive, a method to bypass the Zune's WiFi sharing DRM is finally here.

First, you need to enable hard drive mode using the instructions we posted before.
Then, rename whatever files—MP3s, movies, programs—to have the
extension “.jpg” in order to fool the Zune into thinking its an image.
This hack works because Zune doesn't apply DRM to images!

Then what?

Now, take your Zune and send the folder
containing these files to your buddy along with a real photo. If you
only send a fake photo, an error is thrown. The last step is to have
your friend sync the Zune with their computer, open the “containing
folder” where the files were downloaded, and rename the files back to
their correct extension.

We tried doing this before with just the Zune software, without the
storage hack, and Zune threw an error because it resizes the images
down in order to conserve space, and our file wasn't a real image.

Transferring Movie, .zip and .pdf files with 3 tutorials. [Zune Scene]

From Gizmoto.