Unbreakable: Eight codes we can't crack

From: http://www.newscientist.com/

(Image: Time Life Pictures/Getty)
The capture of the Enigma code machine 70 years ago changed the course of the second world war. But the secret codes broken by this event were not history’s toughest ciphers. Plenty of codes are uncracked and, as MacGregor Campbell discovers, their solutions may provide the key to murders or even buried treasure

MURDER

Somerton Man's poetic mystery

A well-dressed man found dead on an Australian beach in 1948 wrote an indecipherable scribble in a book of Persian poetry
Read more

TREASURE

Beale's buried treasure

Three coded messages published in 1885 hold the location of treasure buried in Virginia – or was it a hoax? We still don't know
Read more

PUZZLE

The MIT time-lock puzzle

A giant of internet cryptography has devised a code that he says will take 35 years to solve – with a mystery prize sealed in lead
Read more

CIA SECRET

Kryptos, a monument to CIA secrecy

What is the secret of a sculpture at CIA headquarters? Two decades and tens of thousands of attempts haven't broken it
Read more

MEDIEVAL MYSTERY

The Voynich manuscript

A medieval tome is filled with illustrations of medicinal plants, astrological diagrams, naked nymphs – and indecipherable script
Read more

MUSICAL MESSAGE

Elgar's unread message

The composer Edward Elgar wrote a message to a friend in 1897 – in code. She never understood it, and nor has anyone else
Read more

THE ENIGMA CODE

The second world war's last Enigma

The second world war Allies captured a German Enigma code machine 70 years ago – but many messages have never been decoded
Read more

ZODIAC

Who was the Zodiac killer?

The 1960s serial murderer Zodiac may have told the world his or her identity – but no one has been able to decrypt the message
R

Guy Hacks Times Square Video Screens With Iphone

Guy Hacks Times Square Video Screens With Iphone - Watch more Funny Videos

Windows 7 has lots of 'GodModes' (exclusive)

by Ina Fried

from: http://news.cnet.com/

Those intrigued by the "GodMode" in Windows 7 may be interested to know that there are many other similar shortcuts hidden within the operating system.

Intended for developers as a shortcut to various internal settings, such features have been around since Vista and even before, according to the head of Microsoft's Windows division, who tells CNET that the so-called GodMode settings folder uncovered by bloggers is just one of many undocumented developer features included in Windows.

In an e-mail interview, Steven Sinofsky, Windows division president, said several similar undocumented features provide direct access to all kinds of settings, from choosing a location to managing power settings to identifying biometric sensors.

As with the all-encompassing GodMode uncovered by bloggers, these other settings can be accessed directly by creating a new folder with any name (GodMode or otherwise) and then including a certain text string. Sinofsky noted more than a dozen strings create particular settings folders, in addition to the overarching GodMode folder option.

Sinofsky and others say the term GodMode was coined by bloggers; it was not something the company used internally to refer to the settings folders. Although Microsoft maintains many such undocumented developer commands to access such settings, all are replicated by the operating system's Control Panel settings.

Such undocumented means of accessing various settings have occurred in previous versions of Windows, and the GodMode identified by bloggers was also present in Windows Vista. Some users of the 64-bit version of Vista, however, say invoking the GodMode folder caused their machines to crash. Microsoft says it has yet to reproduce that problem, though several readers have said they have encountered problems.

It seems that the folks in Redmond have gotten a kick out of all the attention that the Godmode has gotten and have decided to have fun with it. Sinofsky sent a list of other commands that also create special folders (see list below).

Given the Vista issues, though, I would try these only on a Windows 7 machine, ideally a test machine. To make it work, create a new folder with any name, then a period, then one of the text strings below.

For example, the first one could be a folder named "thankscnet.{00C6D95F-329C-409a-81D7-C46C66EA7F33}" (use everything inside quotes--but not the quotes themselves).

Here's the list of strings:

{00C6D95F-329C-409a-81D7-C46C66EA7F33}
{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
{025A5937-A6BE-4686-A844-36FE4BEC8B6D}
{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
{1206F5F1-0569-412C-8FEC-3204630DFB70}
{15eae92e-f17a-4431-9f28-805e482dafd4}
{17cd9488-1228-4b2f-88ce-4298e93e0966}
{1D2680C9-0E2A-469d-B787-065558BC7D43}
{1FA9085F-25A2-489B-85D4-86326EEDCD87}
{208D2C60-3AEA-1069-A2D7-08002B30309D}
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
{2227A280-3AEA-1069-A2DE-08002B30309D}
{241D7C96-F8BF-4F85-B01F-E2B043341A4B}
{4026492F-2F69-46B8-B9BF-5654FC07E423}
{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
{78F3955E-3B90-4184-BD14-5397C15F1EFC}

And, as a reminder, to create the Godmode folder itself, use this string:

{ED7BA470-8E54-465E-825C-99712043E01C}

Smart Parking Meters Hacked — Free Parking For All!

• By Kim Zetter

LAS VEGAS — Scofflaws could hack the smart cards that access electronic parking meters in large cities around the United States, researchers are finding. The smart cards pay for parking spots, and their programming could be easily changed to obtain unlimited free parking.

It took researcher Joe Grand only three days to design an attack on the smart cards. The researchers examined the meters used in San Francisco, but the same and similar electronic meters are being installed in cities around the world.

“It wasn’t technically complicated and the fact that I can do it in three days means that other people are probably already doing it and probably taking advantage of it,” said Grand, a designer and hardware hacker and one of the hosts of the Discovery Channel’s Prototype This show. “It seems like the system wasn’t analyzed at all.”

Grand and fellow researcher Jake Appelbaum present their findings Thursday afternoon at the Black Hat security conference (.pdf) here. The researchers did not contact the San Francisco Municipal Transportation Agency or the meter maker prior to their talk, and asked reporters not to contact those organizations ahead of their presentation, for fear of being gagged by a court order. At last year’s DefCon hacker conference, MIT students were barred from talking about similar vulnerabilities in smartcards used by the Massachusetts Bay Transportation Authority after the MBTA obtained a restraining order. They spoke with Threat Level about their findings prior to the presentation.

“We’re not picking on San Francisco,” Grand said. “We’re not even claiming to get free parking. We’re trying to educate people about … how they can take our research and apply it to their own cities if they are trying to deploy their own systems or make them more secure…. Cities all over the nation and all over the world are deploying these smartcard meters [and] there’s a number of previously known problems with various parking meters in other cities.”

San Francisco launched a $35-million pilot project in 2003 to deploy smart meters around the city in an effort to thwart thieves, including parking control officers who were skimming money from the meters. The city estimated it was losing more than $3 million annually to theft. In response, it installed 23,000 meters made by a Canadian firm named J.J. MacKay, which also has meters in Florida, Massachusetts, New York, Canada, Hong Kong and other locales.

The machines are hybrids that allow drivers to insert either coins, or a pre-paid GemPlus smart card, which can be purchased in values of $20 or $50. The machines also have an audit log to help catch insiders who might skim proceeds.

To record the communication between the card and the meter, Grand purchased a smartcard shim — an electrical connector that duplicates a smartcard’s contact points — and used an oscilloscope to record the electrical signals as the card and meter communicated. He discovered the cards aren’t digitally signed, and the only authentication between the meter and card is a password sent from the former to the latter. The card doesn’t have to know the password, however, it just has to respond that the password is correct.

The cards sold in San Francisco are designed to be thrown out when the customer has exausted them. But the researchers found that the meters perform no upper-bounds check, so hackers could easily boost the transaction limit on a card beyond what could legitimately purchased. They could also program a card to simply never deduct from the transaction count.

“We’re residents of San Francisco and our taxes are going towards a broken system that they could potentially be losing money on and we pay the consequences of that,” Grand said.

Other cities around the country are using smart meters and electronic pay boxes built on different kinds of systems and varying implementations. Some are centrally controlled through a wireless network, while others are stand-alone units, like the ones in San Francisco.

Last May in Chicago, some 250 new electronic pay-and-display parking boxes made by Cale Parking Systems suddenly stopped working one day in the city’s central business district. The machines stopped issuing tickets that drivers were required to place on their dashboards. It took technicians most of the day to get the machines working again, and initially some were concerned that the systems might have been hacked.

In 2001 in New York, the city’s 7,000 MacKay Guardian smart meters were found to have a glitch that would allow someone with a TV remote to reset the time left on a meter to zero, leading drivers to be ticketed for exceeding their limit. All that was required was for someone to point a universal remote at a meter’s infrared sensor and hold down a button for more than a minute.

Appelbaum says that type of attack could be a nightmare for a driver who’s ticketed or towed because someone reduced the time on their meter. “[Even] when the machine is saying something that is actually factually wrong, you have no recourse,” he says, because the machine is assumed to be right.

The researchers say they’ve barely scratched the surface of parking meter hacking. They didn’t retrieve and examine any code to conduct their attack, though doing so would have given them more insight into other ways to attack the cards and meters, including the audit logs. They also didn’t examine the PDA that parking control officers use to communicate with the meters to change the rates, extract logs and perform other functions.

“If we had access to one of these [PDAs], if we could figure out the communications protocol that a legitimate administrator would use, that’s a completely different set of attacks that we would love to look at,” Grand said.

Examining the meters themselves could yield additional vulnerabilities that might allow someone to conduct other kinds of attacks, such as propagating a virus from meter to meter via the smart cards or a meter minder’s PDA. There is also the possibility that vulnerabilities exist in other types of meters, such as the pay-and-display payment boxes that accept credit card payments. In the case of the latter machines, the researchers say an attacker might be able to skim credit card data from it in real time by tapping the bus on the reader. An attacker would need physical access to the circuitry, but the payment boxes are secured with mechanical locks that are known to be pickable.

“From looking at previous meters we know there is no anti-tamper mechanisms or any secure hardware design techniques once you have physical access,” Grand said. “If you get physical access, you can just tap onto lines. . . . and a lot of parking meter companies are assuming no one will ever get physical access to the device.”

Photo: SF parking meter with smart card. (Jon Snyder/Wired)

See the original image at blog.wired.com — Free Service Unblocks Private Phone Calls

By Kevin Poulsen

A new service set for launch Tuesday allows cellphone users to unmask the Caller ID on blocked incoming calls, obtaining the phone number, and in some cases the name and address, of the no-longer-anonymous caller.

The service, called TrapCall, is offered by New Jersey's TelTech systems, the company behind the controversial SpoofCard Caller ID spoofing service. The new service is likely to be even more controversial — and popular.

"What’s really interesting is that they’ve totally taken the privacy out of Caller ID," says former hacker Kevin Mitnick, who alpha-tested the service.

TrapCall's basic unmasking service is free, and includes the option of blacklisting unwanted callers by phone number. It also allows you to listen to your voicemail over the web. It's currently available to AT&T and T-Mobile subscribers, with support for the other major carriers due within weeks, says TelTech president Meir Cohen.

"It’s not meant for spies, it’s not meant for geeks, it’s not meant for any specific target audience,” Cohen says. "Everybody hates getting blocked calls, and in this day and age they want to know who’s calling, and they want the option of taking the call or not."

Consumers have had the option of shielding their number from display since Caller ID was introduced in the early 1990s, either by dialing *-6-7 before placing a call, or asking their carrier for blanket anonymity for their line. But TrapCall takes advantage of a loophole in Caller ID blocking that’s long benefited corporate phone customers: Namely, calls to toll-free numbers are not blocked, because those calls are paid for by the recipient.

TrapCall instructs new customers to reprogram their cellphones to send all rejected, missed and unanswered calls to TrapCall’s own toll-free number. If the user sees an incoming call with Caller ID blocked, he just presses the button on the phone that would normally send it to voicemail. The call invisibly loops through TelTech’s system, then back to the user’s phone, this time with the caller’s number displayed as the Caller ID.

The caller hears only ringing during this rerouting, which took about six seconds in Wired.com's test with an iPhone on AT&T. Rejecting the call a second time, or failing to answer it, sends it to the user’s standard voicemail.

The service comes as bad news to advocates for domestic violence victims, who fought hard to make free blocking an option in the early days of Caller ID. "I have huge concerns about that,” says Cindy Southworth, director of technology at the National Network to End Domestic Violence, in Washington, D.C. Southworth fears that abusers will use the new service to locate partners fleeing a violent relationship.

In a notable case in 1995, a Texas man named Kevin Roberson shot his ex-girlfriend to death after locating her through the Caller ID device on her roommate's phone line.

The problem is serious, because domestic violence victims who've fled an abusive relationship often have to stay in contact with their abuser by phone, particularly in situations where the former couple share custody of their children,” Southworth says.

"The judge will require that the victim contact the offender to discuss where they’re dropping the children off, for example," says Southworth. "And there’s often court-mandated phone contact between the abusive partner and the victim." In those cases the victims often rely on Caller ID blocking to keep their former partner from knowing where they’re living.

Cohen dismisses that concern, arguing that Caller ID blocking was never secure to begin with. "It’s very simple for somebody to forward a phone to an 800 number in their office, and right there, they’re picking up the phone number of the person who is calling," he says. At least now the false illusion of Caller ID privacy will be dispelled by TrapCall, he adds.

In addition to the free service, branded Fly Trap, a $10-per-month upgrade called Mouse Trap provides human-created transcripts of voicemail messages, and in some cases uses text messaging to send you the name of the caller — information not normally available to wireless customers. Mouse Trap will also send you text messages with the numbers of people who call while your phone was powered off, even if they don’t leave a message.

With the $25-a-month Bear Trap upgrade, you can also automatically record your incoming calls, and get text messages with the billing name and street address of some of your callers, which TelTech says is derived from commercial databases.

TelTech is no stranger to controversy. Its Spoofcard product lets customers send any phone number they want as their Caller ID. Among other things, the spoofing service has been used by thieves to activate stolen credit cards, by hackers to access celebrities’ voicemail boxes, and by telephone hoaxsters to stage a dangerous prank called "swatting," in which they spoof an enemy’s phone number while calling the police with a fake hostage situation. The goal of swatting — realized in hundreds of cases around the country — is to send armed cops bursting into the victim's home.

Cohen’s company has cooperated in law enforcement investigations of Spoofcard abuse, which have led to several prosecutions and convictions. Despite the spoofing-linked crimes, he insists that most Spoofcard users are just privacy-conscious consumers, including celebrities, government officials, private investigators and even spousal abuse victims and shelters.

He also expects his new business will be good for his old one.

“The only way to block your number after this is released is to use Spoofcard,” he says with a laugh.

(Photo: Jon Snyder/ Wired.com. Illustrations courtesy TelTech Systems)