Metadata

Recently StarShipSofa has been delivering podcast files to me that contain 3rd party ads. It is their hosting provider that is inserting the ads, but both times I have been aksed if this my client is to blame.

I am certain PocketCasts would never do this.

Maybe there is something in the file that would indicate who did the encoding?

play (from the sox package) 

$ play starshipsofa-454-ads.mp3:

starshipsofa-454-ads.mp3:

File Size: 33.7M     Bit Rate: 64.0k
  Encoding: MPEG audio    
  Channels: 1 @ 16-bit   
Samplerate: 44100Hz      Album: StarShipSofa
Replaygain: off         Artist: StarShipSofa
  Duration: 01:10:10.78  Title: StarShipSofa No 454 Alex Shvartsman and Stephen S. Power

In:0.05% 00:00:02.04 [01:10:08.74] Out:90.1k [  -===|===-  ]        Clip:0

Just the file name and year, lets try ffprobe from the ffmpeg tools:

ffprobe 

$ ffprobe starshipsofa-454-ads.mp3:

[mp3 @ 0x809691000] Skipping 0 bytes of junk at 159.
[mp3 @ 0x809691000] Estimating duration from bitrate, this may be inaccurate
Input #0, mp3, from 'starshipsofa-454-ads.mp3':
  Metadata:
    title           : StarShipSofa No 454 Alex Shvartsman and Stephen S. Power
    album           : StarShipSofa
    artist          : StarShipSofa
    date            : 2016
  Duration: 01:10:10.39, start: 0.000000, bitrate: 64 kb/s
    Stream #0:0: Audio: mp3, 44100 Hz, mono, s16p, 64 kb/s

Nothing more there, a google says there is something called mp3info:

mp3info 

$ mp3info starshipsofa-454-ads.mp3:

starshipsofa-454-ads.mp3 does not have an ID3 1.x tag.

Well that was no good at all.

I don't have a ton of time to find the mp3 metadata might be, none of these tools show anything. I guess that means I can be happy I am not leaking info when I encode an mp3, or I can't find it with normal tools.

Reading: Little Brother

About Electron Gnomes

As an aside form talking about the Electron Gnomes on the latest Embedded FM podcast Elecia and Christopher implored us to talk to people about their awesome podcast to everyone we know.

So, go and listen to the Embedded FM Podcast featuring excellent interviews , professional advice and something about Electron Gnomes.

Reading: Little Brother

5th post

WPA IS BROKEN!!!

WPA IS BROKEN!!!1

Okay it isn't, that attack is awesome, but it is a social one rather than a break of WPA. I bet it would work in a load of environments, I would be surprised if pentesters didn't already have it in their toolkits.

Really the OS should be doing much more to protect users from this class of attacks. WPA written today would not be vulnerable to this class of attack at all.

Reading: The Puzzle Palace, 802.11 Wireless Networks 2nd Edition, Packet Captures

Hacking Games

I read this awesome review of hackmud , it made me think of other games about hacking or games that involve actual hacking.

I have only played Uplink and TIS-100, I have heard the others are pretty great. You should play them and tell me how they are.

blog games

Posted on

Malware

There are reports of Malware in the PS Vita Piracy scene. When you have to pursue shady enterprises to use the hardware you own this is always the risk you take. Consoles have the coolest security hardware, but it is aimed at stopping piracy rather than protecting users.

The Grey area jailbreak tools live in make it really hard for users to find the real tools. Instead the end up with malware.

Here is 50 minutes on why this was going to happen.

Reading: The Puzzle Palace

previous next