Andrea Barisani

• 
  www.fenacv.com/2007/05/08/security-experts-warn-of-sate - [Cached Version]
  Published on: 5/8/2007    Last Visited: 9/5/2007  

  Andrea Barisani, chief security engineer for Inverse Path Ltd. and Daniele Bianco, a hardware hacker at Inverse Path, used off the shelf equipment to transmit messages to their car satellite navigation system warning of conditions ranging from foggy weather to terrorist attacks.
  ...
  Barisani and Bianco sent the messages over RDS (Radio Data System), a standard created in Europe but also used in North America that allows FM radio stations to transmit data over a sliver of spectrum that runs along every FM channel.
  ...
  Over the past couple of years, satellite navigation systems have begun receiving that data so that users are alerted to traffic or weather conditions, Barisani said.
  
  Barisani and Bianco found that they could build a device that transmits over the RDS channel.
  ...
  Barisani advises satellite navigation users that if they ever see an alarming message on their device, "don't freak out immediately, listen to the news on the radio to get confirmation."
  
  They found that the RDS data isn't authenticated or encrypted, which allowed them to broadcast the data to be picked up by any satellite navigation systems.Most satellite navigation devices cycle through the FM channels looking for the traffic data that could be broadcast over RDS, Barisani said.A hacker could obscure an existing station, like a man-in-the-middle attack, in order to transmit what they want.Or, a hacker could also transmit over an unused channel, he said.
  
  Satellite navigation systems that are built into cars aren't easy for users to upgrade, so Barisani doesn't expect the manufacturers to be able to make any changes that could prevent this type of attack.But he hopes that future standards might address the issue.
  
  Entry Filed under: Previews

• 
  www.article33.com/2007/03/31/hackers-next-target-your-i - [Cached Version]
  Last Visited: 1/7/2008  

  Andrea Barisani, chief security engineer with Italian consultancy Inverse Path, has claimed that the wireless signals could not only be intercepted, but incorrect directions could actually be used to lead motorists into a trap, direct traveling competitors away from a sales presentation, or create a massive gridlock by instructing the weary working crowd to all take the same "detour" home.It was noted that some firms are already looking into more secure methods of delivering such critical information, and considering the lessons we've already learned about GPS-addicted drivers, the updates can't come soon enough.
  
  [Thanks, Andrea B.]
  
  Read | Permalink | Email this | Comments

• 
  www.darthnull.org/defcon17/Speakers/barisani.html - [Cached Version]
  Published on: 1/26/2006    Last Visited: 11/5/2009  

  Andrea Barisani Chief Security Engineer, Inverse Path Ltd. Founder & Project Coordinator, oCERT
  ...
  Andrea Barisani is a security researcher and consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 17 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia. Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester projects as well as the founder and project coordinator of the oCERT effort, the Open Source Computer Emergency Reponse Team.
  
  He has been involved in the Gentoo project, being a member of the Gentoo Security and Infrastructure Teams, and the Open Source Security Testing Methodology Manual, becoming an ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.
  
  He has been a speaker and trainer at PacSec, CanSecWest, BlackHat and DefCon conferences among many others, speaking about SatNav hacking, 0-days, LDAP and other pretty things.

• 
  conference.hitb.org/hitbsecconf2008dubai/ - [Cached Version]
  Published on: 12/3/2007    Last Visited: 12/3/2007  

  2. Andrea Barisani (Chief Security Engineer, Inverse Path Ltd)3. Anthony Zboralski (Founder, HERT & PT. Bellua Asia Pacific)

• 
  secsb.itworld.com/4363/070925wabisabi/page_1.html - [Cached Version]
  Published on: 9/25/2007    Last Visited: 11/28/2007  

  But if a vulnerability affects a big commercial vendor, and I know that vendor is usually not responsive on security bugs, then I would probably sell it," said Andrea Barisani, chief security engineer at Inverse Path Ltd.
  
  But Barisani, who discovered a vulnerability that allows false messages to be injected into satellite navigation systems, knows the people behind WabiSabi Labi personally and trusts them.He's quick to acknowledge others may not share that trust.
  
  "If I'm a random researcher, and I know I have a very important vulnerability -- and ideally you would sell only vulnerabilities that are very important -- my primary concern would be not to leak that vulnerability.Since most people in the security industry are very paranoid, I wouldn't trust a middleman," Barisani said.

• 
  www.linuxworld.net/news/2007/092507-wabisabi-labi-aims- - [Cached Version]
  Published on: 9/13/2007    Last Visited: 11/5/2007  

  But if a vulnerability affects a big commercial vendor, and I know that vendor is usually not responsive on security bugs, then I would probably sell it," said Andrea Barisani, chief security engineer at Inverse Path Ltd.Continued

• 
  www.article33.com/2007/03/31/hackers-next-target-your-i - [Cached Version]
  Published on: 3/31/2007    Last Visited: 10/9/2007  

  Andrea Barisani, chief security engineer with Italian consultancy Inverse Path, has claimed that the wireless signals could not only be intercepted, but incorrect directions could actually be used to lead motorists into a trap, direct traveling competitors away from a sales presentation, or create a massive gridlock by instructing the weary working crowd to all take the same "detour" home.It was noted that some firms are already looking into more secure methods of delivering such critical information, and considering the lessons we've already learned about GPS-addicted drivers, the updates can't come soon enough.
  
  [Thanks, Andrea B.]
  
  Read | Permalink | Email this | Comments

• 
  www.freshports.org/vuxml.php?all - [Cached Version]
  Published on: 11/14/2007    Last Visited: 11/15/2007  

  Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space.

• 
  www.hackcon.org/HC1 - [Cached Version]
  Published on: 3/19/2008    Last Visited: 3/19/2008  

  This talk is been held by Daniele Bianco and Andrea Barisani from Italy.
  ...
  Andrea is being an active member of the international Open Source and security community, he's maintainer/author of the tenshi, ftester and openssh-lpk projects, and he's been involved in the Open Source Security Testing Methodology Manual, and becoming a ISECOM Core Team member.

• 
  www.pcworld.com/article/id,137644-c,hackers/article.htm - [Cached Version]
  Last Visited: 9/26/2007  

  But if a vulnerability affects a big commercial vendor, and I know that vendor is usually not responsive on security bugs, then I would probably sell it," said Andrea Barisani, chief security engineer at Inverse Path Ltd.
  
  But Barisani, who discovered a vulnerability that allows false messages to be injected into satellite navigation systems, knows the people behind WabiSabi Labi personally and trusts them.He's quick to acknowledge others may not share that trust.
  
  "If I'm a random researcher, and I know I have a very important vulnerability -- and ideally you would sell only vulnerabilities that are very important -- my primary concern would be not to leak that vulnerability.Since most people in the security industry are very paranoid, I wouldn't trust a middleman," Barisani said.
  ...
  WabiSabi Labi Ltd. - Roberto Preatoni - eBay Inc. - Andrea Barisani - Kuala Lumpur - Malaysia - Inverse Path Ltd.

Page:  1 2 3 4 5 6