The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for January, 2007

After – A new Short Film from Digitribe Productions

Posted by Xavier Ashe on January 31, 2007

I am very happy to announce a new short filmed released by Digitribe Productions, AfterFor the first time, see the zombie outbreak through the eyes of the undead.  I worked on the film as an associate producer.  You can see the full film online.  This was lot of fun to make.  After was written by and produced from the same people who brought you Geekin'.  Please let us know what you think.  We have started work on our new film, but I cannot discuss the details until it gets further along.


Posted in Personal Note | Leave a Comment »


Posted by Xavier Ashe on January 30, 2007

Posted in Random Pics | Leave a Comment »

Nero's Qality Team

Posted by Xavier Ashe on January 30, 2007

I posted a new photo to RandomPics.  I was trying to burn an ISO with Nero.  It crashed and gave me a nice
alert.  Their system is going to send an alert to the Nero qality team.  Good stuff.

Posted in Main Page | Leave a Comment »

PSP v3.03 Downgrader Released!

Posted by Xavier Ashe on January 29, 2007

After much work over the past few days, we finally succeeded – we have an easy-to-use
downgrader for v3.03 PSPs!

Some ground-rules:

  • This downgrader is for v3.03 firmware only. But
    if you have v2.81 – v3.02, no problem – you can just upgrade
    to v3.03 to use the downgrader.
  • You need a copy of the unpatched GTA:Liberty City Stories UMD.
    No ISOs, no patched UMDs, not Vice City Stories. See here for
    some info on how to check if your version is patched. The most reliable way : the unpatched
    disks have the v2.0 firmware update on them.
  • This downgrader is intended to enable homebrew. Homebrew is NOT the same as piracy.
    Don't be a thieving loser – buy the games you play.
  • The downgrader will work on all current PSP hardware (TA-079 – TA-086). Patching of
    TA-082+ is automatic in the downgrader.
  • You downgrade at your own risk. There is always a chance of bricking,
    although we have done everything we can think of to make this process safe.

Full instructions for downgrading are included in the Downgrader_HOWTO.txt file in the
ZIP file. Read them carefully! You will need:

Enjoy! You can get support for any problems at the PSPUpdates forum.

Remember to check out the PSP Homebrew Database for information on
homebrew that can be run on your newly-downgraded PSP!

After downgrading from 3.03 to 1.5, there are some remnants of 3.03 left in flash.
If you later try to re-upgrade to 3.03 and repeat the downgrade, things will break.
At some later point, we will work on a cleaner that will remove these extra files. Until then, enjoy! (Don't worry,
upgrading to 3.03 OE firmwares still works fine).

From Noobz.

Posted in PSP Hacks | Leave a Comment »

Upgrade your XBox 360's HD by yourself

Posted by Xavier Ashe on January 29, 2007

TheSpecialist (one of the hackers who worked a lot on the original Xbox (360) DVD Firmware hack) sent us an awesome new tool that will allow you to use your own new SATA HDD in your Xbox360! No more 100usd for 20GB 😉

current tool only works with Western Digital BEVS series HDDs (20GB or
larger needed) and for now you can use max 20GB, but when Microsoft
will release larger drives you will be able to use as much space as
Microsoft's largest HDD.

Official Site: n/a, by TheSpecialist
Download HDDHacker v0.5B: here
Open Xbox360 HDD-case: here
Discuss this news item on our forums:

Read the full readme on

Posted in XBox Hacks | Leave a Comment »

Wiinja modchip enables Wii / GameCube backups to function

Posted by Xavier Ashe on January 28, 2007

We've seen plenty of Wii hacks since its November release, and we've even seen a completely uninspiring “hack” to run backup discs, but this time, we're thinking it's for real. The Wiinja modchip is on the loose, and apparently it requires soldering to the Wii innards in order to function, but it purportedly allows for Wii and GameCube
backups to be played back on the console. Unfortunately, there's not a
whole lot of information beyond that, and there's just a single photo
to instruct forthcoming owners how to correctly attach it, but if
there's one thing that helps its case, it's the video. So go on, click
on through for the YouTube demonstration, and start saving up those €40
($52) it'll run you when this hits “commercialization.”

From Engadget.

Posted in PSP Hacks, Security, XBox Hacks | Leave a Comment »

Diebold disclosed e-voting key on website

Posted by Xavier Ashe on January 27, 2007

Electronic voting machine firm Diebold is once again the subject of
an embarrassing security gaffe after hackers created keys capable of opening voting machines from pictures posted on its website.

Two of three keys crafted by Ross Kinard of SploitCast were capable
of opening a voting machine obtained by Princeton University for
testing purposes. It's tempting to think, given the apparent ease of
the attack, that the locks are simple enough to be opened by anyone
with a basic knack for lockpicking.

Diebold has removed the offending images, replacing them with
pictures of digital card keys but that's akin to closing the gate after
the horse has bolted. Access to the key would allow tamperers to slip
in a memory card containing a virus or, even worse, tally-altering
software. In theory, security tape ought to be posted over the
compartment to detect such tampering, but that relies on election
officials checking for problems.

To make matters worse, the filing cabinet-style key is the same across all Diebold voting machines of the same model.

From The Register.

Posted in Security | Leave a Comment »

Vista pwen3d

Posted by Xavier Ashe on January 23, 2007

I posted a new photo to RandomPics.

Posted in Main Page | Leave a Comment »


Posted by Xavier Ashe on January 23, 2007

Posted in Random Pics | Leave a Comment »

Wii Disc Dumper

Posted by Xavier Ashe on January 22, 2007

A method has been found for dumping Wii
game discs via PC. Unfortunately, the process takes approximately 50+
hours to dump an entire disc!
A readme with instruction is included. Remember, this process takes
over two full days to dump a single disc. This method is suitable for
testing purposes only!!!

Update: File Updated to version 0.3 – 01-20-07

Don't rely on other half-assed websites to give you
full details when they only copy their content from here. This only
works with LG and Hitachi drives!!! I have been reading a lot of
posts on other forums (who don't credit us as the original source, by
the way) from people claiming this is working with other drives,
reading the whole disc in just a few hours, etc. The program uses debug
commands in the LG (Hitachi) firmware so that is pretty much
impossible. You may be dumping something… but it's not the correct

To tell if you are dumping correctly, check if the DVD name shown by
rawdum is a “real” name. If it shows garbage, the dump WILL fail (even
with a compatible drive). If you have a compatible drive and the DVD
name is garbage, restart rawdump and DVDInfoPro.

You will need: An LG-8164b, LG-8163b or LG-8162b DVD-ROM drive.
The DVDInfo program.
.NET framework 2.0 installed on your PC.
The apps attached to this news post.

Attached Files
Rawdump03.rar (42.9 KB)

From  Still no way to play these backups yet.

Posted in Security | Leave a Comment »

It's Official: Pretexting Is Illegal

Posted by Xavier Ashe on January 22, 2007

President Bush signed a bill last week making a controversial practice known as “pretexting,” a federal offense.

The law specifically forbids the act of misrepresentation,
impersonation or deception in order to obtain personal telephone
information. Just five months ago, pretexting fell into a gray area of
the law.

The issue gained national attention when Hewlett-Packard filed a document with the U.S. Securities and Exchange Commission. The computer
maker said its investigators had used tactics to find out which members
of its board where leaking private company information to the media,
which ended up as news reports. The scandal led to testimony before
Congress and the resignation of several board members and HP employees.

Several lawyers and private investigators — including some working for
HP when the company obtained journalists' and board members' personal
phone records during an investigation into leaks from its boardroom —
said that it was unclear whether pretexting was against the law.

The legal line is clearer now. The text of the Telephone Records and Privacy Protection Act
of 2006 now states it is illegal to use fraud in order to obtain
billing records and other information phone companies retain on
individual customers. Law enforcement officers are exempted but
generally need warrants to get the information.

Read the full article on InformationWeek.

Posted in Privacy | Leave a Comment »

Approaches to Security Breach Notification by CIPPIC

Posted by Xavier Ashe on January 22, 2007

Identity theft and related fraud have become serious risks for individuals in the information age. Identity thieves gather sensitive personal information from a number of sources, then use it to engage in fraudulent activities in the name of the victim, usually for financial gain.  Sources of information include data brokers and other organizations that collect, hold and disclose such information in the course of their normal activities.   As the number and size of personal information databanks grows, security breaches exposing customer information to unauthorized access and use are becoming commonplace 
Unless an organization notifies individuals whose information has been placed at risk, affected individuals may end up as the unwitting victims of potentially devastating identity theft.  Yet organizations, especially those in competitive markets, have little incentive to disclose their security failures voluntarily, given the costs and the damage this can do to their reputation.  
This White Paper argues for a Canadian law requiring that organizations notify individuals when their personal information has been compromised as a result of a breach of the organization's security.  In particular, it calls for an amendment to the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) to provide for mandatory notification of security breaches when certain types of personal information are exposed to unauthorized access as a result of a security breach.
Following a review of gaps in the Canadian legal framework, this Paper analyzes security breach legislation in the U.S., where over half the states have enacted a mandatory security breach disclosure requirement and where several federal bills are currently pending.  Various arguments for and against mandatory notification are analyzed, and specific recommendations for amending PIPEDA are proposed.

Approaches to Security Breach Notification” is a White Paper released by the Canadian Internet Policy and Public Interest Clinic (CIPPIC).  It's a great read and will help a lot when working with my Canadian customers.

Posted in Security | Leave a Comment »

23C3 Video Recordings

Posted by Xavier Ashe on January 22, 2007

The 23nd Chaos Communication Congress (23C3: Who Can You Trust?) took
place from December 27th to December 30th 2006 at Berliner Congress
Center in Berlin, Germany. This channel offers the complete set of
available recordings of the 23C3 lectures. Most lectures are in
english, some in german. The videos are being offered in an
iPod-compatible encoding (MPEG-4 AVC/H.264 with AAC, 640×480).

Download them on Chaosradio.  UPDATE:  Looks like someone jumped the gun.  As the commenter says, the page has been removed.  We'll have to wait until official release.  I should have leeched the page when I saw it yesterday.  I can't wait until the official release… It looked like some good stuff.

Posted in Security | Leave a Comment »

Cisco Security Monitoring, Analysis and Response System Does Not Properly Validate Remote Device Certificates and Keys

Posted by Xavier Ashe on January 21, 2007

Description:  A vulnerability was reported in the Cisco Security Monitoring, Analysis and Response System (CS-MARS). A remote user may be able to impersonate a trusted device to obtain sensitive information or report incorrect information.

The system does not properly validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or the Secure Shell (SSH) public keys presented by the connected managed devices.

A remote user may be able to impersonate a managed device.

Cisco has assigned Cisco Bug ID CSCsf95930 to this vulnerability.

Cisco credits Jan Bervar from NIL Data Communications with reporting this vulnerability.

Impact:  A remote user may be able to impersonate a managed device.
Solution:  The vendor has issued a fixed version (4.2.3 (2403)).

The Cisco advisory is available.

Another fix to the solution above would be to buy IBM Tivoli Security Operations Manager, but my opinion may be slanted at bit :).  Found on

Posted in Security | Leave a Comment »

Chinese Professor Cracks Fifth Data Encryption Algorithm

Posted by Xavier Ashe on January 21, 2007

In five years, the U.S. government will cease to use SHA-1 (Secure
Hash Algorithm) and convert to a new and more advanced computer data
encryption, according to the article “Security Cracked!” from New Scientist
. The reason for this change is that 41-years old associate professor
Wang Xiaoyun of Beijing's Tsinghua University and Shandong University
of Technology has already cracked SHA-1.

According to a Beijing digest, this SHA-1 encryption includes
the world's gold standard Message-Digest algorithm 5 (MD5). Before
Professor Wang cracked it, the MD5 could only be deciphered by today's
fastest supercomputer running codes for more than a million years.

However, professor Wang Xiaoyun, a graduate of Shandong
University of Technology's mathematics department, and her research
team obtained results by using ordinary personal computers.

In early 2005, Wang and her research team announced that they
had succeeded in cracking SHA-1. In addition to the U.S. government,
well known companies like Microsoft, Sun, Atmel, and others have also
announced that they will no longer be using SHA-1.

Two years ago, Wang convened an international data encryption
conference to announce that her team had successfully cracked the four
world-class standards of data encryption algorithms of MD5, HAVAL-1 28,
MD4 and RIPEMD within 10 years.

A few months later, she then cracked the even more advanced and difficult SHA-1.

Read the full article at The Epoch Times.  Past coverage on The Lazy Genius can be found here and here.

Posted in Security | Leave a Comment »

BlueRay Cracked?

Posted by Xavier Ashe on January 21, 2007

In less that 24 hours, without any Blu-Ray equipment, but with the help
of Janvitos, I managed to decrypt and play a Blu-Ray media file using
my known-plaintext attack…

The file from the movie “Lord of war”, play well with VideoLan.

Janvitos gave me few files on the BD disc and a memory dump…

Note that I don't address BD+. The file don't seem to be BD+ protected.

I will keep you informed If I found anything new…

You can have a look at that file at:…pted.m2ts.html

From the Doom9 forums.  Further down in the thread muslix64 talks about “the known-plaintext attack”.  Head to page two of the thread for his explanation.

Posted in Security | Leave a Comment »

Very Busy Week

Posted by Xavier Ashe on January 21, 2007

It's been a crazy busy week at a client site with no internet connectivity.  Gotta love those air gapped networks!  Anyway… the post will resume shortly.  Thanks for all your emails!  In the meantime, many of you in security will find the picture familiar:

Posted in Personal Note | Leave a Comment »

'Make your own man-in-the-middle attack' online kit found

Posted by Xavier Ashe on January 12, 2007

Fraudsters are hawking free trials of “universal”
man-in-the-middle phishing kits through an online forum, security
researchers said today.

RSA's Anti-Fraud
Command Center (AFCC) discovered an internet forum populated by
fraudsters that is offering a set of tools to create a
man-in-the-middle scheme, according to a company news release.

The kit allows would-be attackers to create a bogus URL that
communicates with both the end user and the legitimate website in real
time, the release said. The scammer must first dupe the user into
visiting the spoofed site.

These so-called universal phishing kits allow users to configure
their attacks to take advantage of any target website, according to the

Script Kiddies are moving into Phishing.  Great.  From SC Magazine.

Posted in Security | Leave a Comment »

Rush job MI5 security alert service wide open to snoopers

Posted by Xavier Ashe on January 12, 2007

MI5 new e-mail alert service sends web subscription forms to the US
without encryption, according to an investigation by Spyblog.

The service, launched by MI5 on Tuesday, is designed to allow
subscribers to receive email notification of changing national security
threat levels by email. This information is already available on MI5's
website for anyone who cares to look.

Worse than being of limited value, Spyblog discovered data submitted to
the form is sent to US email marketing and tracking firms without the
informed consent of subscribers, evidence of either incompetence or
“indifference to the privacy and security of the general public”. The
privacy campaign website described the heavily promoted service as a
“rush job” and a “shambles”.

“Astonishingly, MI5, the Security Service, part of whose remit is
supposed to be giving protection advice against electronic attacks over
the internet, is sending all our personal details (forename, surname
and email address) unencrypted to commercial third party e-mail
marketing and tracking companies which physically and legally in the
jurisdiction of the United States of America, and is even not bothering
to make use of the SSL / TLS encrypted web forms and processing scripts
which are already available to them,” Spyblog rants.

Ha.  From The Register.

Posted in Privacy, Security | Leave a Comment »

The 60 Minute Network Security Guide

Posted by Xavier Ashe on January 4, 2007

During the last seven years the National Security Agency’s Systems and Network Attack Center has released Security Guides for operating systems, applications, and network components that operate in the larger IT network. These security guides can be found on our web site at Many organizations across the Department of Defense have used these documents in the development of new networks and in securing existing IT infrastructures. This Security Guide addresses security a bit differently. Instead of focusing on a single product or component it covers a wide range of network elements with the notion of providing a terse presentation of those most critical steps that should be taken to secure a network. While intentionally not as complete as the totality of our other guides, our goal is to make system owners and operators aware of key actions that are especially useful as “force multipliers” in the effort to secure their IT network.

Security of the IT infrastructure is a complicated subject, usually addressed by experienced security professionals. However, as organizations increase their dependence on IT, a greater number of people need to understand the fundamentals of security in a networked world. This Security Guide was written with the less experienced System Administrator and Information Systems Manager in mind, to help them understand and deal with the risks they face.Opportunistic attackers routinely exploit the security vulnerabilities addressed in this document. Information Systems Managers and System Administrators perform risk management as a counter against the multitude of threats and vulnerabilities present across the IT infrastructure. The task is daunting when considering all of their responsibilities. Security scanners can help identify thousands of vulnerabilities, but their output can quickly overwhelm the IT team’s ability to effectively use the information to protect the network.

This Security Guide was written to help with that problem by offering a focused presentation reflecting the experience gained via our research and our operational understanding of the DoD and other US Government IT infrastructures. It is intended that one can read this “60 Minute Network Security Guide” in around an hour.This Security Guide should not be misconstrued as containing anything other than recommended security “best practices” and as such must be considered in the context of an organization's security policies. We hope that this document will equip the reader with a wider perspective on security in general and a better understanding of how to reduce and manage network security risk.

We welcome your comments and feedback.

Download the PDF here.

Posted in Security | Leave a Comment »

%d bloggers like this: