Dumping Aztech DSL1015EN firmware

Recently, I had the fortune to come across a spare DSL1015EN router cum modem. After dismantling the external case, this is what the internals look like. On the left, we can see 2 u.fl connectors for the antennaes. If I wanted to, I could get a RP-SMA adapter and hook up some 9-dbi antennaes ...

Cloning Mifare 1K cards

Disclaimer : The information provided here is solely for educational purposes. The system I would be looking at is the ST Electronics' ST8100 Securnet. This is an integrated security management system that includes an access control module that manages physical access to facilities. One of the ...

A different kind of birthday attack

Considering how many people actually use their birthday as their ATM pin, this is bad from a security standpoint.

Flaws of a single ecosystem

The post is triggered by the recent leak of celebrity nude photos. Apple has claimed that the iCloud ecosystem is secure and the leak was the result of targeted attempts. Nevertheless, they eventually decided to tighten the security of the ecosystem. This is not an isolated incident as I ...

Problems with Distributed Architecture

As reported here, a bitcoin mining pool has contributed 51% of total hashing output which theoretically allows them to double spend bitcoins or to deny other miner's transactions. I am not an expert at bitcoins but it appears that the distributed architecture is a crucial feature in ensuring ...

New Form of DDoS

I was always hesitant to use pay-as-you-use services like Amazon AWS, Microsoft Azure and Google App Engine for fear that the cost might spiral out of control if I turn out to be the target of a DDos attack. I did eventually try out app engine, but only because it was possible not to link a ...

Web Development in Singapore

In light of the recent fiasco over the NDP website, I thought it would be apt for me to share my thoughts on how I believe web development in Singapore has ended up in this dismal state today. This is definitely not an isolated case, the series of breaches by Messiah last year being proof. Lack ...

How I (cheated and) won a quiz

The quiz in question. In case anyone is not familiar with it. (attractive?) prizes to be won. A quick packet capture revealed that the questions could be found here in JSON format. This is what is looked like. Interesting that the answers were included even through "marking" was done only on ...