Attacks/Breaches
12/28/2011
01:23 PM
50%
50%

7 Coolest Hacks Of 2011

Evil insulin pumps and laptop batteries, war texting, and a tween hacker captured our imagination -- and our attention.

Some hacks are epic not merely for their significance in IT security, but for their sheer creativity and novelty. They're those in-your-face hacks that both entertain and educate, and crack those things we take for granted in our everyday lives.

For the fifth year in a row, Dark Reading has compiled an end-of-the-year list of the coolest hacks executed by those imaginative, inquisitive, and resourceful hackers who dare to go the distance to try some of the most unique--and sometimes bizarre--hacks.

Some of this year's coolest hacks are downright chilling in that they could mean life or death, like the ones that tampered with the dosage dispensed by popular insulin pumps, or that remotely shut down the power on industrial control systems that run power plants. Others were both charming and precocious, like the 10-year-old hacker who found a major flaw in her favorite mobile gaming app after getting bored and looking for a way to progress further with it.

So grab a cup of eggnog, kick back by the fireplace, and time-travel back--to some of the coolest hacks of the year.

1. Remotely starting a car via text message.
There's war driving, and then there's war texting. Security researcher Don Bailey discovered how simple it is to remotely disarm a car alarm system and control other GSM and cell-connected devices: He showed off his find by remotely starting a car outside Caesars Palace in Las Vegas during the Black Hat USA and DefCon shows.

It took Bailey, a security consultant with iSec Partners, only two hours to first hack into a popular car-alarm system and then start the car from afar with a text message. He and fellow researcher Mat Solnick later re-enacted the hack via video in Vegas.

Read the rest of this article on Dark Reading.

Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
1/9/2012 | 12:42:55 AM
re: 7 Coolest Hacks Of 2011
Good list. I would also add the Hacker Halted talk about hacking into prison systems.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5027
Published: 2014-12-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2062. Reason: This candidate is a reservation duplicate of CVE-2010-2062. Notes: All CVE users should reference CVE-2010-2062 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2010-1441
Published: 2014-12-26
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.

CVE-2010-1442
Published: 2014-12-26
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.

CVE-2010-1443
Published: 2014-12-26
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format...

CVE-2010-1444
Published: 2014-12-26
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.