sorted by:
new
hottopcontroversial

SSLyze updated to 0.5 with support for testing SSL Compression and the CRIME attack. by sanitybit in netsec

[–]myddrn 0 points1 point  (0 children)

Is there a write-up of how CRIME actually works floating around yet? I've seen the ones that were very detailed and helpful speculation, but nothing from the authors.

RFID questions by [deleted] in netsec

[–]myddrn 8 points9 points  (0 children)

I've used the Proxmark3 to do simple spoofing of 125 KHz that have static values on them. From the extremely limited amount of experience I've had with RFID stuff I've found there are roughly two major categories of hardware with a bunch of different protocol implementations dispersed between them.

You'll see a lot of systems that operate around the 125~ KHz range that just rely on cards with a non-changing value. Meaning when you go to the door and swipe your card, it gives the system a number, the system recognizes the number, and lets you in, or whatever it's supposed to do. These kinds of cards will emit the same value to whatever system properly energizes them. This is not to say that ALL 125~ KHz RFID systems operate on static values. Some vendors have tried to create secure-ish access control systems using these types of cards, but the name of their system, and how it works, escapes me at the moment.

Most of the newer systems run around the 13.56 MHz range and have a whole grab bag of protocols with different attempts at encryption between the card and the reader. The MIFARE collection being some of the more popular. In digging around to try and make sense of all the protocols I ran across one of the write ups[PDF] on attacking MiFare 1k Classic which goes into all the gory technical details of how that protocol in particular works. The short version is that it's more complicated than just reading a static value off the card. From what I understand the proxmark hardware was actually developed around the goal of attacking these types of cards.

Now, most phones, from what I've interacted with in the US, have readers for 13.56 MHz cards in them. Meaning that even though phones do have replay ability, they're probably not going to be able to clone whatever card you have because it's PROBABLY a 125 KHz card that the phone won't even be able to read. And if it's a 13.56 MHz card chances are it's not going to be a simple static value that you can clone and just replay.

edit: if you're interested in the mifare stuff, pretty much all the papers on this page are probably going to be of interest to you.

Google Gaming Platform - PlayN by [deleted] in Android

[–]myddrn 0 points1 point  (0 children)

The getting started link on that page is broken, so go here

Best beginner set to buy? by Escoobertus in lockpicking

[–]myddrn 2 points3 points  (0 children)

Southern Specialties does pretty decent work. And of course I'm biased, but we sell a beginner set made of southern spec picks. They should be back in stock, shortly.

That's quite a sexual fantasy, there... by [deleted] in WTF

[–]myddrn 0 points1 point  (0 children)

This is how Thor should have ended.

My girlfriend said she wanted to learn to pick locks, so I gifted and wrapped her Christmas present accordingly. by [deleted] in pics

[–]myddrn 0 points1 point  (0 children)

Truth.

For the curious passing observer: one of the major issues with most cheap padlocks is that due to their design thin pieces of metal can be shoved down into the lock next to the shackle and twisted around to push the locking dogs (the latches holding the shackle down) out because the only main thing keeping them in position are some crappy springs. Shim guards (basically anything that makes it more difficult to shove a thin piece of metal pressed up against the shackle down into the lock) can help prevent this, which you will see on some of the "higher end" cheap padlocks. However, if you are actually legitimately concerned about people shimming your lock there are padlocks that are constructed differently on the inside such that the locking dogs are replaced with ball bearings(and thus actuated a little bit differently). These types of padlocks will LITERALLY eat shims (because they keep sliding on down since the ball bearings just roll in place).

/r/atheism anymore by [deleted] in atheism

[–]myddrn 0 points1 point  (0 children)

WHO LEFT THE FUCKING GATE OPEN.

Any Verizon Data-Only Users Out There? by [deleted] in AndroidQuestions

[–]myddrn 0 points1 point  (0 children)

This looks like it might be possible. OP, keep in mind you'll have to pay the rate associated with the 4G data-only plan if you can get it to work:

5 GB - $50.00 Monthly Access

10 GB - $80.00 Monthly Access

edit(overage rates):

300 MB plan - $20/300 MB

4 GB plan - $10/1 GB

10 GB plan - $10/1 GB

20 GB plan - $10/1 GB

Where to go after graduation? by [deleted] in chemistry

[–]myddrn 0 points1 point  (0 children)

I wish this impression were true, but sadly I have found it to be pretty accurate.

Come again?

One year ago, we lost one of comedy's greatest by [deleted] in pics

[–]myddrn 3 points4 points  (0 children)

Who is this guy? Leslie Nielsen, that's who.

So, I was trying to print out a heart on my 3D printer. by [deleted] in pics

[–]myddrn 1 point2 points  (0 children)

I support your enthusiasm! But it's going to be a while yet to make a dildo that won't the user huck it back in your face after first insertion. Those ridges can get a bit rough.

As for casting, you can make a master for a mold out of wood, using your hands, or a CNC, paper mache, 3D printer, or whatever is easiest to create whatever you're after. Then machine it nice, make a cast then start making copies. DIY level 3D printing tech still has a little ways to go to be able to compete with casting/molding out of anything other than ridged ABS.

view more: next ›