...stuff I do and things I like...

Thursday, August 31 2006


from tomorrow on (Sept. 1st) I will be working at Archos, the company builds various portable music and video players (like the PMA400). I'll be working on some of the Linux based devices and of course I'm going to make software not hardware :-)

Please note: I will not answer any questions regarding any of my employers products - so just don't ask!

To make things clear I also added a disclaimer. In short, this web blog expresses personal opinion.

Tuesday, August 15 2006

Screenshots from the MMS Exploit

I posted some action shots of the PocketPC MMS / SMIL exploit on my PocketPC Security Research page. The screen shots are somewhat older (I think this might even be from the first day I got this to work). Anyway I just didn't want to keep these from you guys. Btw. as far as I remember I took the pictures with the camera of the i-mate PDA2k my only other test device next to the iPAQ h6315.

Trolltech Linux hacking Phone

check this out, it is supposed to be a mobile phone built to be modified/hacked. The hardware specs are pretty standard and are comparable with the PocketPC-based smartphones (WLan, Bluetooth, camera, usb). This looks super fun, hopefully it will be available to normal developers like myself.

This defently goes into the I want one category!

Wednesday, August 09 2006

MMS DoS Attack, have you tested your device?

So I'm really wondering if all PocketPC-based phones are affected by the vulnerabilities I found and presented at defcon. Since I released a proof-of-concept tool for the M-Notification.ind/WapPush/UDP denial-of-service attack I would like to get some feedback from people who tested their device. I would especially like people to test WinCE5.0 devices.

So if you have tested any device besides the iPAQ h6315 or the i-mate PDA2k please send me an email at: collin[at]trifinite.org

All the info is here: My PocketPC Security Research site

Monday, August 07 2006

Defcon day 3

this is a little late ... but what ever. I'm up since 6am to work on some CTF stuff with the others from team shellphish. Still I haven't seen a single talk *ARG* but CTF kept me busy so that I miss all the talks I wanted to see. The third day seems to be less crowded then the first two - are people really leaving that early? The closing event with the award show was really boring, also the statistics were kind of interesting - 7000 attendees *WOW*. But only 6.5Mb Internet? 22C3 had something like 16Gb. All in all it was fun but very different from the European events.

Sunday, August 06 2006

Defcon day 2

I'm mostly playing in the CTF so I haven't seen much from defcon itself and actually I haven't seen a single talk yet. So nothing much to say...

Saturday, August 05 2006

Slides for Advanced Attacks Against PocketPC Phones or 0nwd by an MMS...

the slides and the other material for my defcon talk are now available at: my pocketpc section

Friday, August 04 2006

Defcon day 1 (morning)

we arrived at the Riviera the new defcon site and stated setting up our equipment for the CTF. The CTF area is really big and apparently much nicer then last year (I wasn't there last year). Everything looks cool here at defcon besides that now at 11:00am everything seems to be pushed back 2 hours. More later...

Thursday, August 03 2006

On the way to DEFCON

I and most of the RSG are just doing the last preparations before leaving for Las Vegas tomorrow morning. It will be my first time at defcon and I'm also giving a talk so I'm pretty excited.

Also I am participating in the CTF (with the other people from the RSG) I'll still try to post from defcon at least once per day.

Finally don't forget to come to my talk Advanced Attacks Against PocketPC Phones since it will be very very cool. I'll post some more details (stuff the abstract doesn't tell you) tomorrow :-P