Dieselgate: an analysis of VW's cheating firmware

Daniel Lange and Felix "tmbinc" Domke bought some of Volkswagen's cheating Engine Control Units on Ebay and extracted and decompiled the software in them to learn exactly how the cheating took place. Read the rest

Videos from the thirty-second Chaos Communications Congress

More overtly political than security events like Vegas's Defcon, more regular than New York's HOPE, CCC events in Hamburg are an annual gathering of the hacktivist tribes. Read the rest

Payment system security is hilariously bad

In Shopshifting: The potential for payment system abuse, Karsten Nohl and Fabian Bräunlein showed attendees at Hamburg's Chaos Communications Congress just how poor the security in payment terminals is, and demonstrated several attacks that would let them harvest card numbers and PINs, make undetectable phantom charges and refunds to merchant accounts, and commit other mischief. Read the rest

North Korea's paranoid GNU/Linux watermarks every file

Florian Grunow and Niklaus Schiess downloaded the sourcecode for Red Star OS, North Korea's homegrown, paranoid fork of Red Hat's Fedora, a flavor of GNU/Linux. The researchers analyzed the OS and presented their findings to the thirty second Chaos Communications Congress in Hamburg yesterday. Read the rest