We need a new t-shirt. The current design, on the left, is entering its third year. Help us out by designing a new shirt to give away at conferences. Dash has donated a Dash Express for first prize.
Some ground rules:
You must incorporate the skull and wrenches logo in your design. You'll find a larger version below.
You can enter as many designs as you like to hackaday.shirt@gmail.com (JPG, GIF, or PNG mockups only please)
The design can't violate any copyright laws or trademarks.
The design should be one color and the shirt doesn't have to be black.
By submitting your design you give us non-exclusive rights to use the image in the design of a Hack a Day t-shirt as well as for other Hack A Day promotional materials.
We reserve the right to choose no design at all if we don't like any of the submissions.
The British military held a competition to find the newest batch of robotic surveillance drones. The article mentions that they compete in a mockup village, but sadly we don't get to see any of the action. We strongly recommend watching the video so you can see some of the robots. There is an interesting helicopter concept that has angled props for better stability and lateral motion, but more importantly you get to see the little guy pictured above. He very well could be Wall-E's great grandfather. Though his constant buzzing around during the interviews is slightly annoying, his little camera mount looking all around is instantly endearing. If he doesn't win this contest, he may have a shot at the [crabfu] challenge.
It looks like it's time to update our event list. Here are some hacking related events happening through the rest of the year.
ToorCon September 26-28 San Diego, CA - In its tenth year, ToorCon has always been one of our favorites. The conference is fairly small, but features great content like last year's fuzzing talk.
Arse Elektronika (NSFW) September 25-28 San Francisco, CA - Happening the same time as ToorCon, this conference covers the sexual side of human and machine interaction. The device list has gems like The Seismic Dildo, which only turns on if there is seismic activity in the world.
Maker Faire October 18-19 Austin, TX - It's Maker Faire! In Texas!
Germany's Chaos Computer Club has announced the theme for their annual Chaos Communication Congress: "Nothing to hide". Like last year's "Full steam ahead!", it's open to many interpretations. People striking down privacy laws often say citizens shouldn't mind since they have "Nothing to hide". The phrase is also connected to the inability to hide data, as the CCC demonstrated this year by publishing the German Home Secretary's fingerprint. On a more positive side, "Nothing to hide" is also about the free exchange of information that happens at hacker conventions. The Congress is in its 25th year and promises to be as good as ever. At last year's 24C3, we saw great talks like [Drew Endy]'s biohacking talk and the original MiFare crypto presentation. 25C3 will be held in Berlin December 27th to 30th. The wiki is already up and they've published a call for participation, if you're interested.
Many computer users rely on antivirus software from McAfee and Symantec to protect their computers from malware, worms, and viruses. Since the creation of viruses outpaces the protection abilities of the software, antivirus protection lags behind and may not be as secure as you think. [Gary Warner] provides some examples of current malware making the rounds that continue to be unaddressed by anti-virus vendors, including the recent "CNN Alerts: Breaking News" spam, which morphed into MSNBC alert spoofs. Our advice? Keep your antivirus software updated, but don't believe that it will catch everything for you. Only open files from sources you know and trust.
A federal grand jury in Boston has charged eleven people with the theft of more than 41 million credit and debit card numbers from retail stores. What makes this case interesting is that, although the defendants stole the data from retail establishments, they did so without ever having to leave their cars; they stole the numbers while wardriving. While the report doesn't make it clear whether the targeted networks used weak encryption or were simply unsecured, it's obvious that the security of your data is still not a top priority for many companies.
Scientists at the University of Reading have created a robot that runs not on microprocessors, but on brain cells extracted from a rat fetus. The robot is equipped with several sensors which stimulate the rat neurons whenever the robot approaches a wall; the response of the neurons then determines whether the robot avoids the wall or crashes into it. The truly fascinating bit is that the rat brain cells don't automatically know how to respond to the stimuli from the sensors, but instead learn to respond appropriately through repeated stimuli.
No word yet on whether the scientists will teach the robot to sing "Despite all my rage / I am still just a brain in a vat".
One of the more novel talks we saw at Defcon was [Zac Franken] presenting on access control systems. He covered several different types, but the real fun was his live demo of bypassing a hand geometry scanners like the one pictured above. With the help of two assistants, 4 pounds of chromatic dental alginate, and 5 liters of water, he made a mold of his hand. The box he placed his hand in had markings to show where the pegs on the scanner are located. After 2 minutes he could remove his hand from the cavity. They then filled the mold with vinylpolysiloxane, making sure to remove all bubbles. 20 minutes later the hand was solid and passed the scanner's test. This may not be a completely practical attack, but it does defeat the overall idea of biometrics; biometrics are built on the assumption that every person is unique and can't have their features reproduced.
[Zac] also showed an interesting magnetic card spoofer that emulated all three tracks using coils of magnet wire. We hope to see more about that in the future.
[Tanya Andersen], the defendant in Atlantic v. Andersen, has finally been paid $107,951 for reimbursement of legal fees. RIAA lawyers had appealed to get the amount reduced and originally offered $30,000 then $60,000, but [Andersen]'s lawyers convinced the judge to uphold the six-figure sum.
This is a significant setback for industry lawyers who often use illegal discovery techniques and have been criticized for using overly-litigious legal strategies to force defendants to settle. Sadly though, the payout only covers [Andersen]'s legal fees and doesn't offer any compensation for damages, but a counter-suit filed in Portland, Oregon seeks exactly that. Here's hoping her lawyers [Lory Lybeck] and [Ben Justus] continue to set favorable legal precedents for defendants of these lawsuits.
As far as the technical side of the discovery methods go, there are many ways to keep the RIAA off your back. The simplest is to disable your P2P client's available file listing or turning off outbound traffic altogether. Other ways are to use encryption (although this is usually to get around ISP blocks) or download to an offsite machine. Hopefully, though, this judgment and eventual payout will make the recording companies reconsider the amount of lawsuits they file and to use less aggressive legal tactics.
A new Discovery Channel show titled Prototype This! will debut on October 15, 2008. Hoping to capture the same demographic as Mythbusters' audience, the show is about designing and creating robots, gadgets, and other things that nerds will love. Prototype This! is hosted by four wide-ranging experts: [Zoz Brooks], who's got a PhD in robotics, [Mike North], who also has a PhD, in material sciences, [Terry Sandin], a special effects veteran of the Hollywood film industry, and [Joe Grand], who we've covered recently for his Defcon badge work. [Daniel Terdiman]'s glimpse behind the scenes reveals some interesting projects, from a stair-climbing robot to the creation of a pyro pack. We'll be sure to set our DVRs to record.
Sensacell created a unique interactive flooring system for the 2008 World Expo in Zaragoza, Spain. Comprised of 1000 LED panels, the 250 foot installation is covered in architectural glass and lights up in response to pressure. We like what different people are doing in this clip; from walking in a line to dragging a mop over the floor, the results are undeniably captivating and ultimately irresistible.
[Curiouslee] put up some pictures of his Siftables burn in. He got them in the mail with all their accessories and decided to make a special box to carry it all. He started with an ArtBin parts box and cut out dividers where necessary to make everything fit nice and tidy.
The Siftables are quite interesting. They are an information interface that is supposed to be more physical and natural. The analogy they use is a container of nuts and bolts can be sifted through quite easily using your hands. They envision us being able to sift through data similarly. They also mention that it could be used as a gestural interface as well.
While we're sure that just about everyone has heard about the conflict between Russia and Georgia, few have probably heard about the role of cyber attacks in the conflict. Shortly before Russia's armed response, Georgian state web servers were attacked by individuals assumed to be Russian hackers. This attack almost completely obliterated Georgia's online presence by shutting down the website for the Ministry of Defense, and the Central Government's main site. The Russian attackers seem to be using some form of sustained DDoS to keep many Georgian sites offline. In an effort to preserve some web presence, the Georgian Government transferred [President Mikheil Saakashvili]'s site to a US hosting provider in Atlanta. The Ministry of Foreign Affairs even created a BlogSpot page after their website initially went down. While politically motivated DDoS attacks have not been rare in past months, this seems to be the first time where the attacking party can be clearly identified. This seems to be the start of a trend where the unconventional methods of cyber warfare are used to gain an advantage over the enemy.
[Brian Salcedo] made headlines a few years ago as a hacker who attempted to break into Lowe's corporate network. He is currently serving a nine-year prison sentence, one of the longest sentences for a computer hacking offense. Recent events surrounding a different hacking case have revealed that the buyer he worked for, [Albert "Segvec" Gonzalez], was a Secret Service informant. [Salcedo] claims that were it not for [Gonzalez]'s threats, he would not have committed the hacking offense. While the Secret Service may not have even been aware of [Gonzalez's] activity with other hackers, [Salcedo] could make a case of entrapment by arguing that [Gonzalez] threatened him as a government agent in order to make him plant the sniffer in Lowe's network.
Posted Aug 12th 2008 10:14AM by Caleb Kraft Filed under: news
Google has released keyCzar, a cryptographic toolkit that supports encryption and authentication for both symmetric and public-key algorithms.
Cryptography is a common problem area for web programmers. keyCzar aims to help alleviate some of the issues by supplying safe defaults, tagging versions, and a simple interface.
