Sunday, January 29, 2012

Fishbone - Servitude

Give A Monkey A Brain And He'll Swear He's The Center Of The Universe

Thursday, January 26, 2012

Friday, January 20, 2012

Dr. Kacem Zoughari - On Ninjutsu (Mini-documentary)

In this short documentary, the well known martial artist and historian Dr. Kacem Zoughari speaks about various aspects of the art widely known as 'ninjutsu', as well as his own personal journey in the art and its practice. Topics covered include the master-student relationship, the historical ninja, and actual practice.

Dr. Zoughari holds a PHD in Japanese history with a thesis about the transmission of classical japanese martial arts and has practiced the ryûha of the Bujinkan for more than two decades as a personal disciple of Ishizuka Tetsuji, the eldest student of sôke Hatsumi Masaaki. In the summer of 2012 he will move to Japan for a teaching position at an exclusive university.

Produced by: William Ustav
Music by: Rannar Sillard

Tuesday, January 17, 2012

Print Me If You Dare

Ang Cui, Jonathan Voris: Print Me If You Dare
Firmware Modification Attacks and the Rise of Printer Malware
Network printers are ubiquitous fixtures within the modern IT infrastructure. Residing within sensitive networks and lacking in security, these devices represent high-value targets that can theoretically be used not only to manipulate and exfiltrate the sensitive information such as network credentials and sensitive documents, but also as fully functional general-purpose bot-nodes which give attackers a stealthy, persistent foothold inside the victim network for further recognizance, exploitation and exfiltration.

We first present several generic firmware modification attacks against HP printers. Weaknesses within the firmware update process allows the attacker to make arbitrary modifications to the NVRAM contents of the device. The attacks we present exploit a functional vulnerability common to all HP printers, and do not depend on any specific code vulnerability. These attacks cannot be prevented by any authentication mechanism on the printer, and can be delivered over the network, either directly or through a print server (active attack) and as hidden payloads within documents (reflexive attack).

In order to demonstrate these firmware modification attacks, we present a detailed description of several common HP firmware RFU (remote firmware update) formats, including the general file format, along with the compression and checksum algorithms used. Furthermore, we will release a tool (HPacker), which can unpack existing RFUs and create/pack arbitrary RFUs. This information was obtained by analysis of publicly available RFUs as well as reverse engineering the SPI BootRom contents of several printers.
Next, we describe the design and operation a sophisticated piece of malware for HP (P2050) printers. Essentially a VxWorks rootkit, this malware is equipped with: port scanner, covert reverse-IP proxy, print-job snooper that can monitor, intercept, manipulate and exfiltrate incoming print-jobs, a live code update mechanism, and more (see presentation outline below). Lastly, we will demonstrate a self-propagation mechanism, turning this malware into a full-blown printer worm.

Using HPacker, we demonstrate the injection of our malware into arbitrary P2050 RFUs, and show how similar malware can be created for other popular HP printer types. Next, we demonstrate the delivery of this modified firmware update over the network to a fully locked-down printer.

Lastly, we present an accurate distribution of all HP printers vulnerable to our attack, as determined by our global embedded device vulnerability scanner (see [1]). Our scan is still incomplete, but extrapolating from available data, we estimate that there exist at least 100,000 HP printers that can be compromised through an active attack, and several million devices that can be compromised through reflexive attacks. We will present a detailed breakdown of the geographical and organizational distribution of observable vulnerable printers in the world.

*We have also unpacked several engine-control processor firmwares (different from the main SoC) and are currently attempting to locate code related to tracking dots. Perhaps we will have some results by December. In any case, HPacker will help the community to do further research in this direction, possibly allowing us to spoof / disable these yellow dots of burden.

more events here:

Anonymous - If not now then when?

Anonymous - If not now then when?

Wednesday, January 11, 2012

Where do we land?

The Converse China skateboard team ventured up north to give their neighbor, Mongolia, a week long visit! Besides filming skateboarding in Ulaanbaatar, the troupe journeyed through the chilly Gobi Desert via camels, stayed in traditional yurts and experienced some unwelcoming as well as sketchy situations while trying to just film some maneuvers on rough terrain.
"Where do we land?" features the skateboarding of Keng Qu, Thrasher, Xu Ying, Blackie, Dan Leung and Xiao Xing.
Directed, filmed & edited by Patrik Wallner.
More info: or

"Where do we Land?" (Full Length) Converse China trip to Mongolia from Patrik Wallner on Vimeo.

Lamb of God - Shanghai Concert 2012

Lamb of God - Shanghai Concert 2012.One of the world most celebrated thrash metal bands of all time, LAMB OF GOD plays Shanghai for the very first time.
venue: MAO Live House
date: February 14
ticket: Pre-sale / 340 rmb

Monday, January 9, 2012

Onmyouza - konpeki no soujin

Onmyouza - konpeki no soujin 陰陽座 / 紺碧の双刃

Sunday, January 1, 2012