November 22nd, 2014

January MRL meeting

        On Friday January 26th at 7pm PST we will be holding our monthly
        official Midnight Research Labs meeting.

        This month will be a mostly hands on meeting with some hardware hacking
        and random experimentation.  I want to finish motorizing the bi-quad
        antenna we were working on as a proof of concept for the larger (1
        meter grid) motorized antenna project.  There are some other ideas I
        had for how we can mount the larger antenna to make things easier, so I
        wanted to brainstorm on that.  I also finally got my teachers
        ferro-fluid kit with some neodynium magnets in the mail that we can
        play around with that (if someone has a good small (<4 oz) glass
        container we can use, please bring it).  Hopefully we'll be able to see
        what it should really look like this time, :)

        I also thought we could try some of the "non-newtonian-fluids"
        experiments as well if we get bored.  We can vote on what we'd like to
        work on first.  I'd also like to kick off the next phase of wicrawl,
        and possibly hack on that if we have some extra time.

        Though ours would probably look more like on of the following:

        As always, anyone with cool toys, or interesting project ideas, bring
        them along.

        Light refreshments, pizza and beer will be served.  Note, this time
        we'll be serving food right at 8pm, so don't be late.

                Phase 0x0: Bootstrapping
                  - Greetings and welcome
                  - MRL updates and status
                Phase 0x1: Initialization
                  - Antenna and hardware hacking
                  - Ferro fluids
                  - Non-newtonian fluids?
                Phase 0x2: Local exploits
                  - Food
                  - Off topic tools, toys and other shiny things -- If anyone
                    has any interesting to show off or play with, please bring
                  - Whatever till whenever -- This is the more social
                    part of the event.  People are invited to stay and
                    hack and have a couple drinks till whenever this
                    phase is no longer self-sustaining, =)

MRL meeting *next* friday

Dearest MRL attendees:

For any actual MRL members reading this, our monthly meeting is scheduled for Friday January 26 instead of its normally scheduled time. Of course any attendee should already know this since you should be on the mailing list, :). I’ll still send out a formal meeting announcement in a couple days.

What google images thinks a “MRL meeting” looks like. Not Quite.

Hack in the Box CTF source posted

The source, binaries, and even some solutions have been posted for the CTF game held at the Hack in the Box conference this year. They have posted details about the game itself including how the scoring works. A third party (matador) even started posting solutions to the challenges. You can find the binaries here, and the source code here.

More con videos

From all reports it sounds like the CCC conference in Berlin went very well this year with many great presentations. Those of us that were unable to attend are now lucky enough to see the videos that have already been posted online. It looks like many of them have made it to google video as well.

Also, following up on an earlier entry, Jeff Moss recently posted on a few mailing lists that the Black Hat US videos from 2006 are now available for download. It appears that the regular media page does not have it available, but if you subscribe to the RSS feeds you can get access to the iPod versions (video and audio).

Pretty Pretty Pwnies

The latest month of bugs trend has started again with the Month of Apple Bugs. The first bug is a buffer overflow in Apple Quicktime rtsp URL Handler. Here is the description from the bug information on the MOAB site:

A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.

Note that this affects the OSX and the Windows versions of Quicktime. It doesn’t look like there is a patch for this yet, but apparently you can disable the rtsp handler within Quicktime.

Here is the official MOAB mascot:

OMG! Pwnies!

“Mac bugs come in pink.” ™

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS