EuSecWest 2010 - ‘Hacking printers for fun and profit’

Most probably you have come to the right place if you were looking for:
- “Hacking printers for fun and profit” paper from EuSecWest 2010
- Andrei Constin or Andrei Constantin presentation from EuSecWest 2010

Actually, by a mis-fortunate spelling mistake on the initial publication of the speakers list for EuSecWest 2010, which (given the copy-paste and propagation effect of the blogs and mailing-lists) transformed my correct name Andrei Costin to become Andrei Constin which then by Google’s “wisdom” became Andrei Constantin.

Download here: EuSecWest 2010 “Hacking Printers for fun and profit” Andrei Costin

Download here: Remote-initiated PPE (printer payload exploit) using Java applets.

ESW10 Feedback

Seems some people really liked the talk, paper and the ideas, while others took their most hilarious laughs ever (not sure if it was because of my talk or because of Amsterdam treats =)) ).

Tweetfeeds of the conference can be found here and here.

All in all, the event was very nice. Special thanks to Dragos and all the crew for organizing a great event.

After hearing about hackers on the plane and hackers on the train, we were doing hackers on the boat on Amsterdam’s canals. Also, it was nice to see that a cool crowd from ESW10 DoS-ed the tram literally on their way to the boats .
PS: we almost got owned by the boat captain like a group of kindergarten kids =))… shhhhh and quiet, otherwise get kicked in the ass

And yeah, props to Dragos for the pelican case full of beer and to the guys caring the heavy devil of ice and beer .

EUSecWest 2010 is near

I invite you to take a look at EUSecWest 2010 agenda and register. Perhaps we could meet there, who knows…

Comprehensive list of security and hackers conferences 2010

Recently, there is a high span of various security and hackers conferences and conventions going on.

Keeping track of them is not as easy as it seems, since there is no central point where to look up their schedules, locations, call for papers, etc.

So I decided to compile a list for my own (well it doesn’t cover 100% of security related conferences out there, but it tries to cover most of the publicly known/accessible ones).

Read more! »

TV-B-Gone experiments - Part 1

Prolog

For those who don’t know, TV-B-Gone is a device that makes TVs… well, to be gone… (As in Boris-The-Bullet-Dodger). It was invented by Mitch - Altman, and is sold as a ready (but limited in flexibility) unit, as well as a soldering/programming kit from Limor aka LadyAda.

I bought my TV-B-Gone kit version 1.1 from LadyAda some time back, but only recently with help from VadimBo, we got it soldered and (re)programmed.

Just to give you an idea what can be done (but not actually advised though ) - check “Confessions: The Meanest Thing Gizmodo Did at CES”

To the point

The downsides of the version 1.1 are:

• there are mainly NA codes only supported in firmware 1.1 and 1.1b
• there are only around 40+ codes supported in firmware 1.1 and 1.1b

So, I backported from tvbgone firmware 1.2 (Caitsith corrected WORLDcodes.c #ifdef version) into firmware 1.1b the following:

• removed NAcodes, which are UNcompressed version of limited codes table
• added WORLDcodes, which are compressed/optimized version of extended codes table
• modified main() to use compressed codes table routines
• modified Makefile to use EU/NA/both tables

Downloads

Read more! »

UPDATE 20101012

By a very nice coincidence I have bumped into this interesting paper (dating around 15 Jul 2008) - “BREAKING THE BANK - VULNERABILITIES IN NUMERIC PROCESSING WITHIN FINANCIAL APPLICATIONS” - ENJOY the reading!

Given I currently work in a telecom billing software company - I just cannot find enough words and meanings to confirm with sorrow that pretty-fucking-many of my fellow programmers do not give a shi…ny glass for avoiding this kind of problems. Worst, they don’t even realize it :-S…

PS: …and YES, Bank Of Cyprus (along with its new migrated Java/JSF-based banking application - a special post on this to follow) allows/uses:

• input like “1E+3″ which gets translated into “1000″
• “round-to-nearest, ties away from zero” for 3rd decimal, i.e. “0,004″ gets translated to “0,00″ and “0,007″ gets translated to “0,01″

Happy hacking…

Money

When it comes to speaking about money, a lot of people get interested. And nowadays most money discussion evolve around or near-by the EUR-USD exchange rates.

Some people (including me sometime ) are unhappy to depend and always lose their honestly earned savings because of some avid and greedy circles of interest are playing with exchange rates and make them uncontrollable…

Read more! »