Paul Moreno, an Ecuadoran blogger, discovered a flaw in the country's national online identity database, which he demonstrated by hijacking the identity of President Rafael Correa. He was briefly arrested, but was released after a vociferous Twitter campaign that prompted action from the president, who personally ordered Moreno's release. Moreno triumphantly announced his victory on Twitter.
Citing a Wired story on password security, Moreno set out on Nov. 26 to demonstrate a security flaw in DatoSeguro with an attention-getting proof of concept scheme: accessing President Correa’s account. He began by doxing the president, and once equipped with Correa’s date of birth and a national identification number — obtained via online searches — he had two of the three pieces of information he needed. The third was a set of two numbers from an identity card, which he simply guessed. With that, he had access to Correa’s account.
“Out of curiosity, I noticed one time that the fingertip digits in the IDS are all very similar,” he wrote on his blog. “There’s a V or an E or an A followed by various numbers: V23444 – E5444 and so on…combinations that are very simplistic, apparently. The system asked me for the third and fourth numbers of the fingertip digits. With the first combination, I got the numbers right and my account was created. After verifying the email the system sends, I had access to all Rafael Vicente Correa Delgado’s so-called secure data. It took me about half an hour, maybe less.”
Blogger Jailed After Password-Hacking Ecuador’s President [Wired/Mat Honan]
Magic Lantern is a replacement OS for your Canon EOS camera that you load via a SD card; in addition to a suite of video-recording tools, Magic Lantern allows fine-grained gain adjustments, selection of input sources, wind filters, audio monitoring, and better tools for everything from white-balance to exposure presets to overlays to help with […]
Last week's publication of the final draft of the new EU Copyright Directive baffled and infuriated almost everyone, including the massive entertainment companies that lobbied for it in the first place; the artists' groups who endorsed it only to have their interests stripped out of the final document; and the millions and millions of Europeans […]
Lucian's SPUDwriter (Single Purpose User Device) was designed to help him focus on creative writing after a long day of staring at a screen in his engineering job: it uses an e-ink screen and a keyboard, and only outputs via SD card or thermal printer. As a person who does all of their engineering work […]
What do Facebook, Twitter, YouTube and Google all have in common? Somewhere in their framework, they all use MySQL, that most versatile (and free!) of database management systems. And they’re not alone. If your company or the one you’d like to work for wrangles data (and who doesn’t?), they’re going to need someone with a […]
There’s a reason you’re hearing about the gig economy in every other business story these days. More than ever, people are finding income from more than one source. And if you find the right one, a side hustle can do more than just pad your pockets – it can allow you to finally get paid […]
High-def cameras are available to anyone and for much less than they were just a decade ago. Even the phones in our pockets can be used to shoot and edit short films. It’s never been easier to be a filmmaker, providing you have the technique. Enter the Film & Cinematography Mastery Bundle, an online boot […]
