Blogger proves flaws in Ecuadoran security system by hacking president's identity

Cory Doctorow 9:40 am Tue Dec 4, 2012

Paul Moreno, an Ecuadoran blogger, discovered a flaw in the country's national online identity database, which he demonstrated by hijacking the identity of President Rafael Correa. He was briefly arrested, but was released after a vociferous Twitter campaign that prompted action from the president, who personally ordered Moreno's release. Moreno triumphantly announced his victory on Twitter.

Citing a Wired story on password security, Moreno set out on Nov. 26 to demonstrate a security flaw in DatoSeguro with an attention-getting proof of concept scheme: accessing President Correa's account. He began by doxing the president, and once equipped with Correa's date of birth and a national identification number — obtained via online searches — he had two of the three pieces of information he needed. The third was a set of two numbers from an identity card, which he simply guessed. With that, he had access to Correa's account.

"Out of curiosity, I noticed one time that the fingertip digits in the IDS are all very similar," he wrote on his blog. "There's a V or an E or an A followed by various numbers: V23444 – E5444 and so on…combinations that are very simplistic, apparently. The system asked me for the third and fourth numbers of the fingertip digits. With the first combination, I got the numbers right and my account was created. After verifying the email the system sends, I had access to all Rafael Vicente Correa Delgado's so-called secure data. It took me about half an hour, maybe less."

Blogger Jailed After Password-Hacking Ecuador's President [Wired/Mat Honan]

A look inside the Codex Seraphinianus

We here at Boing Boing have long been fans of the Codex Seraphinianus, a mysterious surrealist cypher manuscript that first appeared in print in the early 1980s. We first covered it in The Happy Mutant Handbook and have been marveling at it ever since. The book is a faux cypher manuscript modeled after works like… READ THE REST
Remembering Moondog, The Viking of 6th Avenue

If you lived in New York sometime between the 1940s and 60s, you may have walked past the legendary Moondog, also known as "The Viking of 6th Avenue. In this video, you can learn about the life of Moondog, born Louis Thomas Hardin (May 26, 1916 – September 8, 1999). Moondog was an American musician,… READ THE REST
8-Bit Trip 2: stop-motion Lego tribute gets a sequel

It's been more than a decade since the original 8-Bit Trip, but Rymdreglage hasn't been sleeping. Hello, finally, we are done with this video, we have been working on it for around 9 years (not full time). We hope you enjoy it. READ THE REST
If you're a content creator, this MOZA Moin Mini Camera will change the game

Whether you're capturing a memorable trip to the beach or content for your business, a good camera can really take content to the next level. And before you complain that a fancy new camera isn't in your budget these days, there's a must-have model with an even more impressive price tag that definitely deserves your… READ THE REST
This bundle of arts and crafts classes will help you find your new favorite hobby in a flash

Learning how to DIY is the perfect way to keep busy when we eventually have to go back to living in social isolation again, but some people just aren't quite sure where to learn how to create. Before you try and take up at-home barbering again, try this one-year Unlimited Plus subscription to Creativebug Fine… READ THE REST
Get the most peaceful sleep you've ever had with over $50 off this snoring stopper

Sleep is one of the most important things we can do for our bodies. Whether we're taking a midday nap or tucking in for the night, it's quite literally how we recharge and "clean" our minds from the stresses of the day. However, sometimes we don't get the proper rest we need due to improper… READ THE REST