While perusing the web this morning I ran across something that made me very happy; the playstation 3 has finally been hacked!  Hacked by Geohot, the same guy that first hacked the iphone no less.  This guys a legend!

Currently this doesn’t mean anything other than a glimmer of hope for us frustrated owners of the PS3, but Geohots released an exploit, tutorial, and encouraged hardcore console hacking enthusiasts to document research on the psDevWiki.  This means that hackers can start building software to enhance the playstations capabilities.

Sony built a console with tons of potential as media centre, and marketed it as such.  Sadly however, they failed to deliver anything more than something rather mediocre.  I’d love to make my PS3 my media centre, but it just isn’t good enough.

In case Sony (who are no doubt depressed right about now) come across my blog heres a few features I desperately want in my playstation.

1) Last fm scrobbling.  I’ve been scrobbling music to last.fm since 26th March 2004.  Building up statistics of music I listen to.  I’m not going to play music primarily through my ps3 until it can scrobble my plays.

2) Media Server Capabilities.  If you want me to put all my media on my ps3, then I’d damn well better be able to share it with my other devices.  Why cant I sync it to an mp3 player?  Stream it to my laptop or other computers?

3) I bought a PSP because provided my ps3 is on standby, I can travel, and providing I have access to the internet, use my psp to turn on my ps3 and browse the media on it.  I’d presumed my psp would be able to DOWNLOAD the media from my ps3, not simply stream it…  Seriously, I mean, if its streaming the media anyway, then all the psp needs to do is SAVE the media for playback when my psp is no longer connected to the internet.  How is this not an obvious idea?  I have since sold my psp.

Now that the ps3 has been hacked, and hope renewed for hackers hardcore or not, maybe we can let ourselves dream about ps3 features we would love to see.

What would you like to see enabled on the playstation 3?  Leave your comments below.

Thanks once again to Geohot for improving my iphone, and making this leap of progress for my ps3.

Filed under: Games, Recreation, geek, music, security by kiamo
3 Comments »

Kiamo’s Security VLOG from Kian Mehrabi on Vimeo.

Edit:  Embed is now working correctly.  yay!

Unfortunatly it’s not embedding properly.  Gotta go to work now so I’ll try and sort it out later.  However You can watch it at vimeo in HD with no problems by clicking on the above link.

Purpose: Explaining computer security threats to users that dont consider themselves hackers or even to be very proficiant with computers.

Inspiration: After writing an article on my blog last night about the Torpig Botnet, I was thinking a lot about the importance of having a culture in which people use there computers securely, with an approach just as second nature as most of us have with regards to physical security, such as locking our doors when we go out.

Good habbits and practices are essential to responsible computer use, but I also think it is a great help if users understand the techniques that black hat hackers use to attack victims.  This begins to develop a good intuition, and builds awareness of things that could be a threat.

If anyone wants to ask questions or comment, please do so on my site, rather than on facebook or vimeo.

Filed under: security by kiamo
5 Comments »

Torpig  is a malware program that harvests sensitive information from victims.

Botnets are networks of machines infected with malicious code (malware) that are controlled by an adversary.

Researchers from the University of California have released a 13 page paper documenting their experience hijacking a botnet referred to as “one of the most advanced pieces of crimeware ever created”.

They hijacked the Torpig botnet for 10 days, during which time they recorded more than 70GB of data that the bots collected, and observed more than 180 thousand infected machines.

Different data types of information recorded over the 10 day period includes:

Mailbox account 54,090
Email 1,258,862
Form data 11,966,532
HTTP account 411,039
FTP account 12,307
POP account 415,206
SMTP account 100,472
Windows password 1,235,122

“Form data” is anything submitted into web page fields, such as login names, passwords, credit card details, address’s, etc.
Even encrypted and secured methods for transmitting this information that most banks use, do not protect infected machines from Torpig, as Torpig can read the information before it gets encrypted.

The last few years have seen a big shift from malware for fun, to, malware for profit.  Torpig is specifically crafted to obtain information that can easily be sold in the underground market.  Bank account info, and credit card numbers are particularly valuable, and the typical Torpig configuration file lists about 300 domains belonging to banks and other financial institutions.

“In ten days, Torpig obtained the credentials of 8,310 accounts at 410 different institutions.
The top targeted institutions were PayPal (1,770 accounts), Poste Italiane (765), Capital One (314), E*Trade (304), and Chase (217).”

38% of these credentials stolen where obtained from the password manager of browsers.  The researchers also found that almost 28% of the victims reused their credentials for accessing sites.

Lessons to be learned from the research are to use STRONG passwords!  Seemingly random letters, numbers, and punctuation if possible.  I pick the first letters of words in sentences and throw in some numbers and ASCII characters.  Another lesson is to use unique passwords for sites and accounts, and to refrain from saving your important passwords in your browser.  It’s no good avoiding saving your online banking password, but then thinking you can save your password for an unimportant site, if you use that same password for your online banking.

Victims of botnets are people with poorly maintained computers that choose easily guessable passwords.  The main security problem rampant in technology is fundamentally a cultural problem.  Most of us get the concept of physical security; locking our houses, our cars, looking after our bags and purses, however there is a serious lack of awareness and understanding when it comes to responsible use of computers.

Using our computers in a secure fashion must become as normal and second nature as locking the doors at home.

Filed under: security by kiamo
No Comments »