I happened to be looking through the Saturn owner’s manual for something completely unrelated and found a page that ended up being a bit humorous. Apparently Saturn engineers went through all of the trouble to make sure that the remote transmitter didn’t send the same signal twice so that it couldn’t be “sniffed” and re-broadcast for a thief to break in. Unfortunately, when creating the owner’s manual, they decided to share how to bypass the security of the remote transmitter so that anyone with a Saturn transmitter can get into your car.
If you flip to page 79, the manual states:
"Syncronization may be requried due to the security method used by this system. The transmitter does not send the same signal twice. The receiver will not accept a signal that has been sent to it more than once. This eliminates the possibility that the signal will be recorded and played back."
Now for the kicker. The very next sentence tells you how to bypass it:
"To syncronize your transmitter with the receiver, press and hold the LOCK and UNLOCK buttons on the transmitter, at the same time for about 10 seconds, near your Saturn."
Kind of senseless to go through all of that trouble to change the signal each time you use the remote. It takes a little more technical knowledge to record and retransmit a signal than it does to hold two buttons on a remote for 10 seconds. I would imagine that this method would be similar on other vehicles, so I guess it’s time to check your owner’s manual for something similar. Luckily the Saturn I drive does not have keyless entry.
Materials: 2000 Saturn owner’s manual.
Recently, my mortgage lender made a mistake and I had to visit their office to assist in correcting their problem. As always, I was curious as to how their policies/procedures worked and kept an eye out for vulnerabilities. After all, I do some banking through these people, so I want to feel at least somewhat confident in how they handle my personal information. What I had discovered was quite interesting.
I met with the mortgage loan officer who had greeted me and led me into his office. He proceeded to call the corporate office to inquire about my loan and to make a few changes like the SEV, the estimated value of the home, and the amount taken out via escrow for city taxes. Verification of his identity over the phone to the corporate office was only his name and an internal “identification number”. The internal I.D. number was read off by the loan officer very casually and could have been heard by anyone near or in his office. I texted his I.D. to myself and grabbed a business card for all of his other business information. One could imagine how this could potentially be abused – especially as this particular loan officer managed mortgage loans for a fairly large portion of these banks in the mid-Michigan area.
Materials: Motorola Razr phone with text messaging.
Verizon Business has released a report that touches on what they found after looking through 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches. These breaches include three of the five largest breaches ever reported. Here is a few items they discovered:
- 87% of corporate data breaches could have been prevented if they had reasonable security measures been in place (duh!).
- Less than 25 percent of attacks took advantage of a known or unknown vulnerability.
- Asian attacks (mainly China and Vietnam) are usually application exploits that are used for data compromise.
- Most defacements originate out of the Middle East.
There’s also some very good information in the article regarding how to protect your network and data. I would strongly encourage any network/system administrator to, at the very least, browse this part of the report.
Here’s a funny older trick for those of you on windows:
- Create a new text document
- Open it with Notepad
- Enter the text “Bush hid the facts” (without the quotes)
- Save it as whatever you want
- Close it then re-open it
Depending on what fonts you have installed, either you will see squares or you might see some Chinese characters. Certain characters are mistaken as UTF-16 characters intead of ASCII and that’s what you get. Actually, it’s any 4-3-3-5 combination of words (“chad did mrs gates” works too), just remember your spaces.
