articles

headtop

Articles , talks and news clips about security , privacy , mobile hacks & more

 

Paper : A Crazy Toaster: Can Home Devices turn against us?
DefCon 15 , Las Vegas , USA 2007

A Crazy Toaster: Can Home Devices Turn Against Us?

Home networking devices, wireless equivalents, hardware and technology raise new privacy and trust issues.
Can home devices turn against us and spy on our home network?
Do we care if our toaster sees us naked?
Technology is about to replace the trust model we use today .
Recently I had the pleasure to talk at ClubHack ,India’s own International Hackers’ Convention held in Pune.
The talk covered a scenario of “Crazy Toaster”. Trojan device under Vista and XP environment, or software with TCP/IP capabilities like routers, media players or access points, that joins a local area network and thus becoming a security hazard.

‘Crazy Toaster’ as presented at DefCon convention 2007 at the Riviera ,Las Vegas Defcon 15

People get confused between people that know things and machines that know things.
There are common privacy issues ,do we care if Google machines know that we would like to pay for porn? does this information can be given to a human? Usually we don’t trust a human in 100% to be able to deal with his knowledge about us, should we trust corporations like Google? should we trust hardware and software vendors?

While researching Simple Service Discovery Protocol (SSDP) & Universal Plug and Play (UPnP) we realized that protocols allow not only routers, media players, servers and other devices to connect seamlessly but also to attackers.
A side effect of our research was a Windows XP Simple Service Discovery Protocol Distributed Denial of Service Vulnerability , which allow a remote attacker that resides on the Lan segment connected to the affected appliance/ Trojan to exploit this vulnerability to deny service for all legitimate Lan users

The folks at Microsoft response team plan to fix on upcoming service pack 3 for windows XP.

Cheap hardware appliances open a door for “bad guys” , Wireless hardware opens new ball game.
Media centers , Game consoles , GSM Cell Phone & Linux embedded systems are not only cool devices but also target to remote attackers .

Are we entering the State of Mobile Sabotage age?

Paper:
Are we entering the State of Mobile Sabotage age?
05/12/2010 ClubHack , Pune , India

Android 101 Development

Android 101 development (hebrew)
Google Developer Groups

MoMo TLV : Dror Shalev Talks about Android

MoMo TLV July event 2009: Dror Shalev Talks about Android

 



AVG Acquires Mobile Security Startup DroidSecurity For Up To $9.4 Million

Nov 10, 2010 ,publish on techcrunch .


Hacking Outside The Box : Hacking Your Toaster

Aug 7, 2007 ,publish on Forbes .


DroidSecurity was Acquired by AVG

Nov 9, 2010 ,publish on Calcalist .

Mobile Enterprise: Mobile Expansion Needs More Security

Aug 2, 2010 ,publish on cmswire.com .

1 Smartphone Could Replace a Pile of Plastic

Aug 3, 2010 ,publish on Technology News .

What happens to your smartphone data- and is it safe?

Aug 5, 2010 ,publish on CNN.com .

“android 101” [youtube video]

May 17, 2010 ,presneted Israeli chapter for the Google Technology User Groups

Security Researcher Acknowledgments for Microsoft Online Services

May 05, 2008 publish on technet.microsoft.com.

Protocol that opened up the internet turns 25

Jan 02, 2008 publish on DNA India.

Defcon 15 – A Crazy Toaster: Can Home Devices Turn Against Us?



Sep 10, 2007 publish on DefCon , via Google Video .


How to hack with a toaster

Dec 22, 2007 publish on DNA India.

Evil Toaster – TV Interview

Dec 14, 2007 publish on SAKAL HERALD ,India .

Hackers join hands for cyber security

Dec 8, 2007 publish on The Times of India.

Man makes toaster hack computer

Dec 14, 2007 publish on Global Secure Systems ,UK .

Man makes toaster hack computer

Dec 14, 2007 publish on Information Security News.

A more traditional Trojan

Dec 13, 2007 publish on SQL Server Magazine, sqlmag.com .

Stop sending obscene SMSes or …

Dec 10, 2007 publish on ExpressIndia.com ,India.

Man Uses Toaster to Hack Computer

Dec 14, 2007 publish on DarkReading.com .

Death Toaster: Man Uses Toaster to Hack Computer
Dec 14, 2007 publish on Fergie’s Tech Blog

Man makes toaster hack computer
Dec 13, 2007 publish on The Express India.com

Man uses networked ‘crazy’ toaster to hack PC
Dec 10, 2007 publish on The Register.com – UK.

Your systems weak till it is hacked
Dec 10, 2007 publish on Sify.com ,India.

Walla! mail flaw allow credit card access
Dec 5, 2007 publish on haaretz.com,IL.

Hacking Your Toaster
aug 6, 2007 publish on Probes.com.

Safe Internet day

Apr 4, 2005 publish on NRG,Business Online ,IL. local copy

Yahoo fixes e-mail security flaw

Dec 11, 2003 publish on washingtontimes, USA.

YAHOO fixes e-mail service security flaw

Dec 11, 2003 publish on InfoWorld, CA.


YAHOO patches Web-email hole


Dec 11, 2003 publish on ZDNet.co.uk, UK.

Yahoo Plugs Security Hole In Web-Mail Service

Dec 11, 2003 publish on Internet Week.

Finjan Software Discovers a New Critical Vulnerability In Yahoo E-mail Service

Dec 10, 2003 publish on BugTraq, SecurityFocus.com.

FINJAN fixes Yahoo! mail

Dec 10, 2003 publish on Globes Online, Israel.

FINJAN Software Finds Security Flaw in Yahoo E-mail Service

Dec 10, 2003 publish on -PRNewswire.


Yahoo Fixes Security Hole in Yahoo E-Mail


Dec 10, 2003 publish on Reuters,Full News Coverage.


Microsoft Hotmail Vulnerability
Oct 15 ,2003 publish on BugTraq,
SecurityFocus.com .

Microsoft patches Hotmail after security warning

October 15, 2003 publish on News.com | CNET News.com .

Security company warns of Hotmail worm

October 15, 2003 publish on ComputerWeekly computerweekly.com .

Security Flaw Found in Hotmail

October 15, 2003 publish on PCWorld PCWorld.com .

Microsoft patches Hotmail after ‘potentially crippling’ security scare

October 16, 2003 publish on silicon silicon.com .

Hotmail Critical security vulnerability dicovered

October 14, 2003 publish on Maariv online ,(hebrew) Maariv .

Security company warns of Hotmail worm

October 14, 2003 publish on InfoWorld ,By : Security InfoWorld .


Hotmail Critical security vulnerability dicovered


Oct 16 ,2003 publish on Walla ,hebrew , Walla News .


Hotmail Critical security vulnerability dicovered


Oct 16 ,2003 publish on Nana ,hebrew, Netvision .


High risk security problem found on Microsoft Hotmail Service(Hebrew)
Oct 16 ,2003 publish on Ynet.co.il,
Must Popular Newspaper in Israel.


Finjan found high risk problem in Hotmail


Oct 16 ,2003 publish on TheMarker ,hebrew , TheMarker.com .


Finjan finds Hotmail vulnerability


Oct 16 ,2003 publish on Globes [online] ,
Globes Online � English version .


Finjan found problem in Hotmail system


Oct 16 ,2003 publish on dailymaily,hebrew
israeli news paper .


Isreali Net Send Spammers(Hebrew)
Feb 06 ,2003 publish on Ynet.co.il,
Must Popular Newspaper in Israel.


Net Send Spam
Dec 12 ,2002 publish by thepull , Hacktivisimo.com


MSN Moster Strike Back ?!
Oct 16 ,2002 publish on BugTraq, SecurityFocus.com


Who Need Friends ? (IE & MSN expose contact list & other info
)
Oct 15 ,2002 publish on BugTraq, SecurityFocus.com


Stealing Hotmail.com Cookie and User Login
Jul 18, 2002


demonstrate the possibility of stealing Hotmail’s cookie and user
login information by a third party site
Jul 17, 2002


FACE FIRST: THE DIGITAL DESKTOP
October 11, 2000


SAY GOODBYE TO THE PERSONAL COMPUTER AND
HELLO TO PERSONAL DATASPACE
September 8, 2000


DIGITAL ISLANDS E-BUSINESS
DELIVERY NETWORK ACCELERATES PERFORMANCE
OF BMYPCS VIRTUAL COMPUTING SERVICES
August 24, 2000


THE $10 PER YEAR ASP START-UP BMYPC SETS
AGGRESSIVE PRICE POINT FOR HOSTED APPS.
August 24, 2000


VIRTUAL DESKTOPS MOVE TO DEVICES
August 24, 2000


THE WEIGHTLESS LAPTOP
August 14, 2000


BMYPC OR BE WITHOUT
July 30, 2000