HACKER INTEREST
OK – For a minute there I was thinking Google was trying to confuse me – do I love them or hate them? Now I realize they’re profitting off their platform, it’s Popular Science that’s giving us the content. An awesome development!
[Popular Science] partnered with Google to offer our entire 137-year archive for free browsing. Each issue appears just as it did at its original time of publication, complete with period advertisements. It’s an amazing resource that beautifully encapsulates our ongoing fascination with the future, and science and technology’s incredible potential to improve our lives. We hope you enjoy it as much as we do.
Here’s a USB oscilloscope project from a few years back. It’s easy to build on a single-sided PCB and very cheap because it uses just a handful of parts. At the center, an ATtiny45 microcontroller uses its ADC capabilities for the two traces and also handles the USB connectivity. The internal oscillator is used and trimmed up for accuracy by referencing the USB clock. On the PC side of things, a program written in C# displays the data coming over the serial bus…
Imposter
Imposter is a flexible framework to perform Browser Phishing attacks.
The lists of attacks performed are:
- Steal cookies
- Set cookies
- Steal Local Shared Objects
- Steal stored passwords from FireFox
- Steal cached files
- Poison browser cache
- Steal files from the victim’s local file system through Internet Explorer
- Run SQL queries on the victim’s Google Gears database and transfer the results
- Create ResourceStore and Managed ResourceStore on the victim’s Google Gears LocalServer
Sniff-n-Spit
During Penetration testing it can be seen that thick-clients sometimes communicate with a server whose IP address is hardcoded in to it. The HTTP communication between such client and server is harder to intercept and test. Sniff-n-Snip is a very useful utility in such scenarios. It sniffs for HTTP packets from the client to server and forwards them to your favorite proxy (Burp, WebScarab , Paros etc).
There have been a LOT of lame “Top Security” lists lately. Some start off as a self-serving stroke-fest, others degrade into that as the votes get rigged. While ChannelWeb didn’t get everyone out there, for once we’re seeing a list that goes outside social circles, the Twittersphere, and some n00b’s limited view of the world. I mean really, when was the last time you saw Joanna of all that is kernel fame or David Litchfield who can do more to Oracle with his pinkey than… well, for once we will pull a punch but only because there are too many targets to choose. Of course this list overlooks everyone under 18 and/or operating underground and misses plenty of equally qualified security luminaries but at least it doesn’t leave us thinking, “wtf?”
Equipped with drive and innovation, as well as an innate desire to break into things, they tackle what seems to be the insurmountable challenge of exposing vulnerabilities and squelching elusive and highly sophisticated security threats, such as botnets, Internet worms and Trojan horses. They then risk both public persecution and untold glory in an effort to warn users about vulnerabilities on the devices and applications that many take for granted. Here are a few of the best and brightest.
How many humans does it take to change a lightbulb?
tan : February 24, 2010 6:56 pm : Hacker InterestNONE when the lightbulbs can simply fly into place themselves! In its first implementation, the Flyfire project sets out to explore the capabilities of this display system by using a large number of self-organizing micro helicopters. Each helicopter contains small LEDs and acts as a smart pixel. Through precisely controlled movements, the helicopters perform elaborate and synchronized motions and form an elastic display surface for any desired scenario. via Flyfire. |
This guitar pedal can record, playback, and modify samples. [Colin Merkel], also know for his work on electronic door locks, built this to replicate some guitar effects he heard in recordings. By tapping the button at the bottom with your foot the device begins recording. Another tap stops the recording and starts the loop. That’s where the rest of the controls take over, with settings to adjust the speed of playback, volume, and the type of playback looping. The video after the break gives a great demonstration of these features.
via Looping foot pedal – Hack a Day.
Dub FX ‘Love Someone’ from Ben Dowden on Vimeo.
|
Every time I say I’m going to try to post LESS from Hack a Day, I run into something like THIS, have to pick my jaw up off the floor, and go for the Post link :/ Do you ever wonder what projects your neighbors have going on in their basements? [Will Jack's] neighbors might be surprised to find he’s building a fusion reactor. The first step toward completing a Farsworth-Hirsch Fusor is up and running. The picture above shows heated plasma contained in a magnetic field. Next he just needs to up the voltage and inject some deuterium. |
Heh – what a great point. Sometimes it’s really difficult to see what the underlying, human, drivers are behind the screwed up situations we’re in. Dale Peterson really hits the nail on the head here. Even those who don’t have any SCADA elements to their own concerns can get an ugly look under the power industry’s kimono – perhaps they’ll see something horrifyingly familiar to their own cirucmstances…
For a long time it has been buy and install a SCADA or DCS, change it as little as possible for ten to twenty years, and then completely replace the system. In SCADA it is common to have different lifecycles for the control center [realtime server, historian, HMI, EWS, web portal,...] and the field devices, but in almost all cases it is what IT calls a forklift upgrade. You haul the old stuff out and replace it.
When the community decided to embrace Windows, databases, web servers, JRE, …
Book Maps Cyber-Warfare Battlefields on the Internet
tan : February 18, 2010 10:42 pm : Hacker Interest
|
We would love it if someone could do a book review on this. Perhaps we’ll get to one ourselves but this looks like it has more potential than the average book release we read about. Anyone? Inside cyber warfare by Jeffrey Carr, CEO of security analysis startup GreyLogic and founder of the open-source intelligence project, “Grey Goose,” is a must-read for cyber-warfare skeptics or anyone wanting to know the what, when, how, and where of the cyber battlefield. via Book Maps Cyber-Warfare Battlefields on the Internet | HostExploit News. |
UPDATE: This has attracted enough attention for a more detailed post on how electronic locks are impressioned: HERE.
Apparently, a handheld impressioning device is about to hit the market that can tell you the key codes for a lock in a matter of seconds. [Barry's] guessing at how this is done from his experience with a similar device aimed at car locks. When the circuit board seen above is inserted into a lock, it completes a circuit between the lock housing and the wafer. The firmware monitors the conductors on the tip of the PCB to calculate how deeply the cut should be and at what point on the key.
HNN DOES NOT ENDORSE THESE STORIES AS VALID OR PRODUCTS AS LEGIT. WE SIMPLY SHARE THE MOST INTERESTING HACKER RELATED HUMAN INTEREST STORIES OF THE DAY WITH OUR READERS. FEEL FREE TO LEAVE RESPONSES ON ANY STORY.
