Thursday, August 31 2006
from tomorrow on (Sept. 1st) I will be working at Archos, the
company builds various portable music and video players (like the PMA400). I'll be working on
some of the Linux based devices and of course I'm going to make software not hardware :-)
Please note: I will not answer any questions regarding any of my employers products - so just
don't ask!
To make things clear I also added a disclaimer. In short, this web blog
expresses personal opinion.
Tuesday, August 15 2006
I posted some action shots of the PocketPC MMS / SMIL exploit on
my PocketPC Security Research page. The screen
shots are somewhat older (I think this might even be from the first day
I got this to work). Anyway I just didn't want to keep these from you
guys. Btw. as far as I remember I took the pictures with the camera of
the i-mate PDA2k my only other test device next to the iPAQ h6315.
check this out, it is supposed to
be a mobile phone built to be modified/hacked. The hardware specs are pretty standard and are
comparable with the PocketPC-based smartphones (WLan, Bluetooth, camera, usb).
This looks super fun, hopefully it will be available to normal developers like myself.
This defently goes into the I want one category!
Wednesday, August 09 2006
So I'm really wondering if all PocketPC-based phones are affected by the
vulnerabilities I found and presented at defcon. Since I released
a proof-of-concept tool for the M-Notification.ind/WapPush/UDP denial-of-service
attack I would like to get some feedback from people who tested their device.
I would especially like people to test WinCE5.0 devices.
So if you have tested any device besides the iPAQ h6315 or the i-mate PDA2k
please send me an email at: collin[at]trifinite.org
All the info is here: My PocketPC Security Research site
Monday, August 07 2006
this is a little late ... but what ever. I'm up since 6am to work
on some CTF stuff with the others from team shellphish. Still I haven't
seen a single talk *ARG* but CTF kept me busy so that I miss all the
talks I wanted to see. The third day seems to be less crowded then the
first two - are people really leaving that early? The closing event
with the award show was really boring, also the statistics
were kind of interesting - 7000 attendees *WOW*. But only 6.5Mb
Internet? 22C3 had something like 16Gb. All in all it was fun
but very different from the European events.
Sunday, August 06 2006
I'm mostly playing in the CTF so I haven't seen much from defcon itself
and actually I haven't seen a single talk yet. So nothing much to say...
Saturday, August 05 2006
Friday, August 04 2006
we arrived at the Riviera the new defcon site and stated setting up our equipment for
the CTF. The CTF area is really big and apparently much nicer then last year (I wasn't there
last year). Everything looks cool here at defcon besides that now at 11:00am everything
seems to be pushed back 2 hours. More later...
Thursday, August 03 2006
I and most of the RSG are just
doing the last preparations before leaving for Las Vegas tomorrow morning.
It will be my first time at defcon and I'm also giving a talk so I'm
pretty excited.
Also I am participating in the CTF (with the other people from the RSG) I'll
still try to post from defcon at least once per day.
Finally don't forget to come to my talk Advanced Attacks Against PocketPC Phones since it will be very very cool. I'll post
some more details (stuff the abstract doesn't tell you) tomorrow :-P