YouTomb is a research project designed by the MIT Free Culture group to track video take downs on YouTube. To succeed, the team needed to track every single video on YouTube... which is close to impossible. Instead, they built several "explorer" scripts to track what videos were interesting. One explorer tracks all of YouTube's lists: recommended, featured, most active, and more. Another explorer picks up every video submitted to YouTube, and a third crawls Technorati.
The explorers just find the videos; a separate group of scanner scripts checks the current status of videos. It checks both the new videos and ones that have been killed to see if they return. YouTomb archives every video it finds. They display the thumbnail of the video under fair use, but they're still determining whether they can display each video in full.
DPX Systems seems to deal exclusively in devices powered by handheld drills. In addition to the mini bike in the video above, they've made systems for wheelchairs, toolboxes, and hoists. The device costs $630, but we know most of you just need prompting that something is possible to be well on your way to building your own version. We're still more fond of weed whacker machines.
In today's webcast, [Dan] covered how he felt about the handling of the vulnerability and answered a few questions about it. He started out by talking about how he stumbled across the bug; he was working on how to make content distribution faster by using DNS to find the server closest to the client. The new attack works because DNS servers not using port randomization make it easy for the attacker to forge a response. You can read the specifics of the attack here.
[Barry Wels] is well known for his lockpicking talks, but this year he wanted to talk about how he copies high security keys. If a key blank is available, you could make a copy just by viewing the original. High security keys generally have profiles with more side cuts, which means you can guess at how deep a specific pin is by observing how many cuts it crosses. He also showed that you could imprint your arm with the key and use that as a guide. If a blank isn't available, you could fill a similar key with solder and file that down.
[Barry] showed two different kits for casting keys. The first used soft clay in a clam shell to make an imprint of the original key. The form is then filled with a low melting point alloy (probably Wood's metal) to create the new key. A second style uses a metal form and two part silicone to create the mold. This method works for most high security keys, but will not work on keys with active elements like sliders or magnets.
Finally, [Barry] talked about his favorite method: impressioning. Unlike picking a lock, when you're done impressioning you have a funtional key. You start with key blank and file off the top layer. Place the blank in the lock and turn it till it jams. Then, you rock the key up and down. Observing the key under light you'll see a small mark where each pin is. File a bit where the marks appear and repeat the process. You can't use too much force or you might break the blank. This also works on dimple keys and as this video shows, laser cut keys. [Barry] highly recommends the impressioning book by [Oliver Diederichsen].
On the latest episode of Systm, they talk to [David Calkins], founder of the RoboGames competition, about humanoid robotics. The robots featured in the episode are Hitec's ROBONOVA-I. The ROBONOVA is about a foot high and has 16 servos with support for up to 24, all connected to an Atmel controller. The episode is quite long: At around 15 minutes, they demonstrate the programming enviroment. You can program it traditionally or pose the bot to work out the motions. At 30 minutes, [David] mentions that next year's competition will allow airsoft weapons to be attached, but bots have to be controlled from a first person perspective. If you're interested in one of these kits, they have a ROBONOVA special of $900 or as low as $500 for educational institutions (that's us, right?). Now is the perfect time to get one since you'll have nearly a full year to prepare for RoboGames.
Related: You'll hear builder [Matt Bauer]'s name mentioned several times.
We've been tracking Metasploit commits since Matasano's premature publication of [Dan Kaminsky]'s DNS cache poisoning flaw on Monday knowing full well that a functional exploit would be coming soon. Only two hours ago [HD Moore] and [I)ruid] added a module to the Metasploit Project that will let anyone test the vulnerability (with comment: "ZOMG. What is this? >:-)"). [HD] told Threat Level that it doesn't work yet for domains that are already cached by the DNS server, but it will automatically wait for the cached entry to expire and then complete the attack. You can read more about the bailiwicked_host.rb module in CAU's advisory. For a more detailed description of how the attack works, see this mirror of Matason's post. You can check if the DNS server you are using is vulnerable by using the tool on [Dan]'s site.
Hacking At Random 2009 has recently been announced. It's brought to you by the same people who held the outdoor hacking event What The Hack, which we covered in 2005. Date, location, and many other details are still up in the air. They're looking to host 3000 attendees and we're guessing it will be similar in nature to last Fall's incredible Chaos Communication Camp near Berlin. 2009 will also feature the beta run of outdoor hacker event ToorCamp near Seattle. Two great events we're certainly looking forward to.
Last month we mentioned [bunnie]'s Name that Ware competition where participants try to guess the functionality of a random bit of hardware. We thought you might want to see another example; pictured above is the June 2008 ware provided by [xobs]. You can see a high res version here and an image of the daughter card as well. Be forewarned that someone has already posted the solution in the comments. At first glance there are quite a few interesting bits: board is copyright 1991, the 8-bit ISA connector doesn't have any data lines connected, just power, and it's got a lot of analog circuitry. Take a guess and then check out the comments on [bunnie]'s site to see the solution.
Against all previous indications-including being called The Last HOPE-the conference will not only be returning in 2010, it will be at the Hotel Pennsylvania. We're looking forward to The Next HOPE, which will probably followed by The Last HYPE, which in turn will be followed by: We're Super Serious This Is The Last HOPE.
Earlier today, the iPhone Dev Team teased that they wouldn't release their latest Pwnage Tool until Sunday. Since this was yetanother in a week long bit of teasing, we were somewhat surprised when a few hours later they posted a rather relaxed Thanks for waiting :) post announcing that Pwnage Tool 2.0 is available. Here's a direct link to the tool and a mirror courtesy of [_BigBoss_].
According to TUAW, Pwnage Tool 2.0 will activate, jailbreak, and unlock first generation iPhones running any firmware up to and including version 2.0. Unfortunately, it will not unlock an iPhone 3G (at least, not yet). iPhone 3G owners can still use the tool for activation and jailbreaking (so you can run 3rd party apps not supported by Apple and the new iPhone App Store).
So far, skimming through the 1322 comments on their announcement post, I've not seen any complaints or death threats about the tool bricking iPhones, but one should still proceed with caution. According to one update to the post, some people either get an error 1600 from iTunes or they notice a "failure to prepare x12220000_4_Recovery.ipsw" in the log. They've provided a workaround, however. If this happens to you, simply mkdir ~/Library/iTunes/Device Support or alternately nuke all the files in that already extant folder and re-run Pwnage Tool.
Today at The Last HOPE, [Far McKon] from Philadelphia's Hacktory presented on community fabrication. Over the last few years we've seen a lot of different accessible rapid prototyping machines created. There's the RepRap, a fabrication machine that has achieved self replication; our friends at Metalab have gotten their own version of the machine running too. The Hacktory has recently acquired a Fab@home machine. Fab@home hopes to make manufacturing using multiple materials accessible to home users. Multiple materials means people have constructed objects that vary from embedded circuits to hors d'oeuvres. We can't talk about edible prototyping without bringing up the CandyFab machine, which fuses sugar. The Hacktory has enjoyed their machine so far, but have found the learning curve fairly difficult. While it's great to see the cost of rapid prototyping dropping, we'll be much happier when the ease of use improves.
Adafruit Industries just announced their next kit: a SIM card reader. Using the kit, you can read or write any SIM card. You could use this for fun things like recovering deleted contacts and SMS messages. The kit looks like a very straight forward design (based on [Dejan]'s work); the only chip is a hex inverter and the board is powered by a regulated 9V battery. With all through-hole components, it should be easy to assemble. You can talk to it using the board mounted serial port or connect to the extra pin header using an FTDI USB cable just like the Boarduino. The FTDI option is bus powered, so you won't need the battery. [ladyada] has collected some resources in case you want to learn more about smart cards.
[Virgil] presented the next version of Wikiscanner at The Last HOPE today. To build the original, he scanned the monthly database dump of anonymous edits and compared that against a purchased list of known company IP addresses. The 34.5 million edits account for nearly 21% of all edits. The idea was to unearth businesses and groups white washing critical pages. This only handles anonymous edits though. Users could log in to avoid having their IP reversed.
In the new version, [Virgil]'s team developed a "Poor Man's CheckUser". If you spend too much time editing a talk page, your session could end and when you hit save it attaches your IP. Most regular users will then log in and remove their IP. They found 13,000 username/IP address pairs by searching for IPs being removed and replaced with usernames. These are some of the most active users. Using this list, they could potentially uncover sockpuppets or potential collusion by top editors.
The team from Princeton has released their cold boot attack tools at The Last HOPE. Earlier this year they showed how to recover crypto keys from the memory of a machine that had been powered off. Now they've provided the tools necessary to acquire and play around with your own memory dumps. The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There's also efi_memimage which implements the BSD TCP/IP stack in EFI, but it can be problematic. aeskeyfind can recover 128 and 256bit AES keys from the memory dumps and rsakeyfind does the same for RSA. They've also provided aesfix to correct up to 15% of a key. In testing, they only ever saw 0.1% error in there memory dumps and 0.01% if they cooled the chips first.
The Last HOPE is off and running in NYC. [Karsten Nohl] started the day by presenting The (Im)possibility of Hardware Obfuscation. [Karsten] is well versed in this subject having worked on a team that the broke the MiFare crypto1 RFID chip. The algorithm used is proprietary so part of their investigation was looking directly at the hardware. As [bunnie] mentioned in his Toorcon silicon hacking talk, silicon is hard to design even before considering security, it must obey the laws of physics (everything the hardware does has to be physically built), and in the manufacturing process the chip is reverse engineered to verify it. All of these elements make it very interesting for hackers. For the MiFare crack, they shaved off layers of silicon and photographed them. Using Matlab they visually identified the various gates and looked for crypto like parts. If you're interested in what these logic cells look like, [Karsten] has assembled The Silicon Zoo. The Zoo has pictures of standard cells like inverters, buffers, latches, flip-flops, etc. Have a look at [Chris Tarnovsky]'s work to learn about how he processes smart cards or [nico]'s guide to exposing standard chips we covered earlier in the week.
