Blackhat: Breaking audio CAPTCHAs with Winamp

This year’s Blackhat computer security convention started off with a bang. Convention officials told us that a record number of people have registered and there are more than 4000 people attending. Former chief counter-terrorism advisor Richard Clarke gave this year’s keynote, while veteran speaker Dan Kaminsky showcased his hacking knowledge.

Like in previous years, the keynote wasn’t deeply technically, but rather focused on broad security issues in government. Clarke is known for his criticism of the current Bush administration. He believes the United States government and corporations spend much too little on cybersecurity.

Dan Kaminsky has been talking at hacker conventions for several years and is considered to be one of the most entertaining and knowledgeable speakers here. At his Black Ops 2007: Design Reviewing the Web today, he gave his typical stream of consciousness type of talk where he discusses many of the topics he’s currently researching. The most interesting part was about recognizing and defeating audio CAPTCHA’s with Winamp and graphical plotting.

Audio CAPTCHA’s try to weed out Spam scripts from entering in comments or forum posts by forcing humans to recognize the sound of numbers from background noise. Kaminsky claims he is close to making an automated tool that can instantly and accurately cut through the noise and recognize the number.

“That tool is coming out any day now,” Kaminsky said.

Kaminsky is also concerned about Internet service providers secretly replacing ads on web pages. He told the audience that this will become a significant problem in the future and security experts will have to start working on stronger website encryption and integrity protocols.

Use the USB port to charge AA batteries

Moixa Energy has developed rechargeable AA batteries with a twist: the batteries are recharged simply by plugging them into an USB port.

The batteries, called USBCell, do not look different than a regular Ni-MH AA battery at first sight. However, the top part of the device is a cover that not only contains the cathode of the battery, but also, when opened, exposes the USB connector. The battery can be plugged into any USB host to be recharged.

At this time, there are only AA types of the technology available, but the manufacturer promises to follow up with 9V blocks and cellphone batteries in the near future.

The convenience of the recharging process (assumed you have a USB host, such as a notebook) put aside, there are a few downsides. The integration of the USB connector requires a reduction of the electrolyte. As a result, the available capacity is much lower than a typical Ni-MH battery, which are commonly selling in variants ranging from 1400 mah to about 2400 mah. The 1.2 volt AA USBCell provides a maximum of only 1300 mah, which means that it won’t be able to provide as much juice than regular rechargeable AA batteries.

The weight reduction that results from trading electrolyte for a USB connector is marginal: The USBCell weighs about 22 grams compared to the 23 grams of a regular AA battery.

Also, the charging time appears to be quite long, as the manufacturer noted on his webpage that a 90% charge is reached after a charging time of about 320 minutes.

A 2-pack of USBCell batteries is currently selling for just under $17.

Police raid game console modders

Agents from the United States Immigration and Customs (ICE) agency have raided 32 game console modders across several states. The modders sold boards and CDs that allowed gamers to play counterfeit and custom games on popular consoles like the Xbox 360, Nintendo Wii and PlayStation 2.

In a press release, ICE says agents from 22 offices executed search warrants on businesses and homes in 16 states including California, New York, Texas and Illinois this morning. The agency isn’t giving any specifics about the cases or the names of those arrested.

Modding a game console typically requires installing a small board or “mod chip” on the motherboard of the console. The board effectively bypasses BIOS and firmware on the console allowing it to play copied game discs. Early versions of these boards required some soldering and a fair amount of technical know how to install, but recent models don’t use any tools for the installation.

ICE and the Entertainment Software Association claims that billions of dollars are lost annually due to the activities of game console modders. Julie L. Myers, Assistant Secretary of Homeland Security for Immigration and Customs Enforcement said the money earned through mod chip sales help fund other crimes and added, "These crimes cost legitimate businesses billions of dollars annually and facilitate multiple other layers of criminality, such as smuggling, software piracy and money laundering."