On Copper Cutters and getting busted.

Uh -oh! 

For the first time EVER. I got busted.

This happened a while ago at a location I hadn't visited before. I won't mention the location or the date in case someone comes looking for me (healthy paranoia).

I'll start at the beginning of the day, I woke up early to go rock climbing out in Werribee Gorge with some friends, up at 7AM isn't something I usually do and as a result, I only got 5-6 hours of good sleep.
I spent the day trekking about, climbing and having a blast, after heading back home, after nearly 9 hours of climbing (and driving) I was fairly tired... I got a call from 2 of my friends saying that we should go exploring.

Me, thinking that was a good idea (and wanting to check out some places I'd previously seen (both on-line and while driving around) agreed. I swung by and picked up the crew.
We arrived on site and loosened some previously cut wires in the fence. This was to be the beginning of several mistakes...

Social Engineering for Replacement cards

I'm a fan of Social Engineering (SE).

A while ago I had my Credit Card 'eaten' by a ATM. As a result. I was down a piece of ID.
When I went to the bank to complain I told them what had happened they told me it'd cost $20 to replace the card.
Me:"Can't you just get it back from the ATM and post it to me or something?"
Cashier: "Nope. It Needs to be re-issued."
Me: "LAME! Don't worry about it then. I'll use my debit card instead."

A month or so later. I went back to the bank and changed the story.
Cashier: "Hi There, how can I help you?"
Me: "Well, I had my wallet stolen a while ago and it had my credit card in it, luckily I've got my debit card so it wasn't to much of an issue, but unfortunately I need a new one now for online stuff"
Cashier: "Oh noes. That's terrible."
Me: "I was wondering if I could get a replacement one?"
Cashier: "Sure, would you like to pick it up in 3-4 days?"
Me: "Sure, thanks!"

Bang.
4 Days later. New credit card arrives at bank. I pick it up. I've saved $20.

So. If ever you've lost or had your card eaten by a machine. Just tell 'em it was stolen in your wallet.
Sympathy ensues.
Free cards prevail!

Huzzah.

Bank Of Melbourne Terminals

That are used for Ticket/Queue dispensing:
Are running windows XP.
Automatically log in when booted
Prompt for re-boot when you plug in new hardware.
Down the entire system 'queue' system when you reboot them ;)

If you know anything more about them, let me know.

New Parking Technology

Damn.

Now the parking goons have some more advanced tech up their sleeves, fine-giving-efficiency is up 100%.
General niceness is now down 99%. 1% margin of error.

I was actually under the assumption that ALL parking spaces in the city were already decked out with these. So the 'revelation' that they are only now being rolled out is a bit surprising (you thought the parking goons were efficient before? Just wait!).
http://www.melbourne.vic.gov.au/ParkingTransportandRoads/Parking/Pages/InGroundSensors.aspx

I hack therefore I am.

Using biometrics seems like a good idea at first. Unique physical characteristics that only one person can ever have.
Its flawless in theory. But in practice, biometrics are a long way off perfect.

Using biometrics, such as fingerprint technology (currently the most common kind), is kind of like saying, "I'm not going to tell you my password, but if you look carefully at every item i've touched in this room you'll notice that i've actually written it everywhere."

It just doesn't work yet.

Xbox as a pivot point

I read some article a while ago, through slashdot or perhaps Hacker News, about how a skilled attacker had compromised a company network by attacking an Xbox console and using it as a pivot point in the network. So far as i can tell, there is no documentation on this. ANYWHERE. And i've since lost the article. Regarless, the idea seems awesome. How many people install a firewall on their Xbox? None! Because you cant!

Hack the planet!

MD5+SALT

Q: Can you generate a hash collision for MD5 (with a pre-known Salt) and have it CUDA accelerated/Multi-core capable?
A: Shit yes you can! http://durandal-project.org/download.html
A2: Haven't run it up yet, but feedback looks good.

On Encrypted USB's

I've got a few shiny new security toys...

1x Checkpoint ABRA Key
1x McAfee Encrypted USB
2x Enterprise IronKeys

First thoughts.
1) IronKeys are the 'gold standard' which all other "Secure" USBs are compared to.
2) I don't have the passwords for the IronKeys at the moment. I'm looking at getting them from the previous owner which may or may not happen.
3) IronKeys and Abra keys Look and FEEL serious. The McAfee USB feels like a toy.
4) The Abra key (hopefully an old version) does not work on Windows 7 x64. 'Does not support 64 bit computers'
5) McAfee seems to work flawlessly and I'm using it day to day at the moment.
6) While I appreciate the thought of having a 'recover password feature for enterprise users' i wouldn't personally use it on my IronKey. Spending a few hundred bucks on a USB stick is good motivation NOT to loose the password.
7) IronKeys seem to get scratched and generally worn looking even after a short time. The metal appears to be very soft and scratch prone. Abra keys seem tough. McAfee is plastic.
8) Only the IronKeys are waterproof which is always handy
9) IronKeys self destruct. TOTAL-BAD-ASS factor right there.
10) Abra keys are not technically removable storage, rather a kind of 'Live CD that you can run inside 'any' OS'. Cool idea.

Relevant Links (featuring Pictures)
https://www.checkpoint.com/products/abra/
https://www.ironkey.com/
http://www.mcafee.com/us/products/encrypted-usb.aspx