Hack a Day

Recon 2008 recap

Juan Aguilar — 2008-07-03T20:50:00+00:00

Filed under: cons, news

[Tiller Beauchamp] gave a presentation on applied reverse engineering in OS X at this year's REcon, but he also attended many of the other talks and gives his take on the highlights of REcon 2008 in a guest post on the ZDNet blog, Zero Day.

One of the highlights for him was Neohapsis's [Chris Smith] discussing virtual machines implementing code obfuscation. The method uses custom instructions and runtime interpreter, which can help make the task of reverse engineering markedly more difficult if implemented properly.

On the opposite end of the spectrum, [Beauchamp] noted [Gerardo Richarte]'s software reverse engineering tools that decompile and recompile software in iterative portions. This allows the recompiled software to be tested piece by piece. Be sure to read his post and see what you missed.

Read | Permalink | Email this | Linking Blogs | Comments

SSD hard drives tank laptop battery life

Juan Aguilar — 2008-07-01T22:20:00+00:00

Filed under: news

Tom's Hardware has been running some tests to challenge the common assumption that SSD hard drives use power more efficiently than magnetic plate drives. Their results were quite definitive: not only are they not as energy efficient, SSDs actually use more power than conventional hard drives.

What they found is that most plate drives are at peak consumption (up to 4W) when accessing files fragmented across the media, which causes the actuator to move back and forth across the media several times. However, this is almost never sustained for extended periods of time; the actuator usually doesn't move much when reading unfragmented data, and most plate drives are also capable of going idle when they are not in use.

Most SSDs on the other hand, only have two states: on and off. This means that when they are on, they are always at peak energy consumption. Though this number hovers around 2W for most of the SSDs they tested, over prolonged periods this can mean a great deal more power consumption than is immediately apparent, which can have short and long term effects on the battery life of a laptop. See the Tom's Hardware article for benchmarks of specific products and more in-depth data.

Read | Permalink | Email this | Linking Blogs | Comments

Time Magazine's favorite robots

Juan Aguilar — 2008-07-01T21:00:00+00:00

Filed under: news

Time Magazine recently posted a photo essay of some of their favorite robots. The article was composed in response to the recent release of the Pixar film Wall-E, and features some of the cutest, most cuddly automatons in the world. We were more interested in the most functional ones, huggability notwithstanding. See some of these Hack a Day veterans after the break.

One of the ones that caught our eye is the Shadow Robot Company's The Shadow Hand we first posted in 2005. Despite its name, this robot was not designed for evil, but to be the best available robot modeled on the human hand. It is composed of a system of more than 40 air muscles, which are flexible devices made of a rubber tube surrounded by a flexible plastic mesh. The Air Muscles provide the pulling force needed to clench and unclench the hand.

An even more advanced robot is the anthropomorphic HOAP-3 (PDF file), which can walk, talk, and look good in one of those tall chef hats. What's more, the robot can be taught to perform simple tasks; in the video, a team of researchers at the Ecole Polytechnique Federale de Lausanne in Switzerland taught the HOAP-3 to mix eggs in a mixing bowl by simple demonstrating once how it's done.

A chef robot may be impressive, but robot clergymen simply blow our minds. That's the best way to describe Tiro (site is in Korean), a robot that was used to officiate the wedding of one of its creators. Tiro is designed to be a general helper robot, and is capable of playing back audio, moving on its own, carrying objects in its arms, and displaying various facial expressions on its LED face. All these abilities make Tiro well-suited to complete basic social tasks, although we're not sure whether they're all ordained ministers or if that's only true for the one pictured above.

Check out some more lovable and functional bots at the read link below, and see if your favorite robot made the list.

[via Shake Well Before Use]

Read | Permalink | Email this | Linking Blogs | Comments

Seattle Power Tool Race & Derby

Eliot Phillips — 2008-06-29T19:25:00+00:00

Filed under: news

Yesterday, the Hazard Factory, an industrial arts studio, hosted the 3rd annual Seattle Power Tool Race & Derby. Participants construct a dragster powered by at most two "power tools" to race head to head down a 60 foot plywood channel. The rules are fairly loose and creativity is encouraged just as much as performance. For an example build, [spacematters] posted his machine using a circular saw and inline skate wheels. A Flickr photo pool of the day's shenanigans is coming together and you can see some of the registered entries on the Hazard Factory's site.

[photo: Æther]

Read | Permalink | Email this | Linking Blogs | Comments

Botnet attack via P2P software

Juan Aguilar — 2008-06-29T00:30:00+00:00

Filed under: news

P2P networks have long been a legal gray area, used for various spam schemes, illegal filesharing, and lots and lots of adware. Last year, though, the first botnet created by a worm distributed via P2P software surfaced, the work of 19-year-old [Jason Michael Milmont] of Cheyenne, Wyoming, who distributed his Nugache Worm by offering free downloads of the P2P app Limewire with the worm embedded. He later began distributing it using bogus MySpace and Photobucket links shared via chats on AOL Instant Messenger. The strategy proved effective, as the botnet peaked with around 15,000 bots. [Milmont] has plead guilty to the charges against him. Per his plea agreement, he will pay $73,000 in restitution and may serve up to five years in prison.

Read | Permalink | Email this | Linking Blogs | Comments

Bittorrent admin convicted by federal jury

Eliot Phillips — 2008-06-28T03:20:00+00:00

Filed under: news

[Daniel Dove], administrator of the site EliteTorrents.org, has been convicted of conspiracy and felony copyright infringement. Running a bittorrent tracker isn't in itself illegal, but [Dove] apparently recruited seeders and distributed the initial illegal copies to them from his own server. From the press release, it seems the Justice Department is quite tickled with finally getting a conviction in a P2P case after a jury trial.

[photo: nrkbeta]

Read | Permalink | Email this | Linking Blogs | Comments

Defcon 16 schedule finalized

Eliot Phillips — 2008-06-28T01:05:00+00:00

Filed under: cons, news

If you were waiting to finalize you travel plans, now's the time; Defcon has published the final speaking schedule. The conference starts Friday August 8th in Las Vegas, NV and continues through Sunday with four separate speaking tracks. There's quite a few talks we're looking forward to: Silicon guru [Christopher Tarnovsky] from Flylogic will be hosting a breakout session on smartcard security. [Gadi Evron] will talk about the security implications of biological implants in the future. [Thomas Wilhelm] is going to cover building a mobile hacker space and the vehicle related hacks it requires.

Read | Permalink | Email this | Linking Blogs | Comments

OiNK uploaders' bail extended

Juan Aguilar — 2008-06-26T23:55:00+00:00

Filed under: news

The six people arrested by British authorities for uploading files to the OiNK torrent network, all out on bail, have had the period of their bail extended. Charged with conspiracy to defraud the music industry, the woman and five men as well as OiNK operator [Alan Ellis] have been ordered to report to the police on July 1st, where their bail will be formally extended for another 27 days. According to TorrentFreak, sources close to the case believe that the police are still building their criminal case, which accounts for the bail extensions. They could have civil charges levied against them, but current British Law cannot prosecute individuals for illegal filesharing unless it is done for profit.

Read | Permalink | Email this | Linking Blogs | Comments

MSI Wind under FCC review

Juan Aguilar — 2008-06-26T22:40:00+00:00

Filed under: news

Those of us who have been eagerly waiting to get their mitts on an MSI Wind can see some light at the end of the tunnel, as it is currently under review for domestic sale by the FCC. The Wind is MSI's answer to Asus's game-changing ultraportable, the Eee PC, and has slightly better specs. It features an Intel Atom 1.6GHz CPU, 1GB of RAM. It also has built in bluetooth and webcam. Check out a few shots of the Wind's internal parts at jkkmobile or grab them all from the FCC's site.

Read | Permalink | Email this | Linking Blogs | Comments

IronKey USB key has military grade encryption

Juan Aguilar — 2008-06-26T22:30:00+00:00

Filed under: news

Plenty of USB storage keys are on the market, but Ironkey is the first to use military level encryption. Sold in 1GB, 2GB, and 4GB sizes, the key features a processor called the Cryptochip, which uses Public Key Cryptography ciphers linked to an online account to create encryption keys on the hardware. A Federal Information Processing standard 140-2 compliant true random number generator on the Cryptochip ensure that encryption keys are extremely secure and totally random.

Ironkeys come in different sizes, but there are also three different versions, each with unique features. The basic version has a very James Bond-esque feature to destroy the data on it in case of an emergency. The personal version is loaded with Firefox 3 with various addons that make browsing encrypted and anonymous. The enterprise version is made to order with no specific price on the IronKey site, just a form to order one built to your specifications. All of them support Windows, OS X, and a large amount of Linux distros, and they all come in tamper proof and water resistant cases with a brushed metal finish. We tend to think this level of security is overkill for the average person, but people can't seem to get with our freewheeling approach to security; remember, we leave our WLAN open.

[via LinuxDevices]

Read | Permalink | Email this | Linking Blogs | Comments

Mr. Modchip ruling released

Juan Aguilar — 2008-06-26T16:20:00+00:00

Filed under: xbox hacks, news

In an unexpected development, [Neil Stanley Higgs], aka Mr. Modchips, was cleared of his previous convictions in British courts for selling modchips for the Xbox 360 as well as modded consoles.

Notably, the prosecution did not argue that he infringed copyrights, but merely facilitated copyright infringement by selling modchips that circumvent the Xbox's ETM. Since the copyright infringement argument was not made, existing law continues to hold sellers of pirated games and owners of modded consoles responsible for infringing the copyrights of game developers, as they are the ones who illegally copy the software. Pirated game sellers' violation of the law is plain to see, but owners are still held responsible the moment they place the pirated disc into the loading tray and boot it up. The infringement in these cases occurs exactly when any part of the pirated game is loaded onto the console's RAM, as this is considered another illegal copy.

[Higgs]'s charges hinged on whether the Xbox's piracy prevention methods were intended to completely prevent pirated games from being played or merely act as a hindrance. The court felt it was the latter, and so they reversed the charges.

[via Xbox-Scene via Team Xecuter]
[photo: Raybdbomb]

Read | Permalink | Email this | Linking Blogs | Comments

Ubuntu released for MIDs

Eliot Phillips — 2008-06-25T18:40:00+00:00

Filed under: news

Ubuntu MID edition has been released for handheld Mobile Internet Devices. It's targeting devices based on Intel's A100/110 and the new Centrino Atom platforms. Successors to the UMPC, MIDs are usually small formfactor and have a touchscreen, plus a physical keyboard. UMPC portal has a examples of devices that are currently supported by this release, inluding plamtops like the Kohjinsha SH6. This release is only for x86 devices, so don't expect it to be ported to the ARM based Nokia N800/810. The user interface is based on the Hildon framework and we're glad people are attempting to think beyond a standard UI. We hope they plan on punching up the use of the color brown in the final though; it just wouldn't be an Ubuntu release without it.

[via Linux Devices]

Read | Permalink | Email this | Linking Blogs | Comments

Charter abandons packet monitoring advertising plan

Eliot Phillips — 2008-06-25T17:50:00+00:00

Filed under: news

Charter Communications has announced that it will no longer be attempting to target advertising based on user actions. The original strategy would have involved inspecting the contents of every packet sent or received by the customer. This usage pattern is associated with a specific IP and relevant ads are displayed on sites using NebuAd when that IP visits. NebuAd doesn't directly share the IP, but we've seen in the past, even with obfuscation, a user's search patterns alone have been known to give away their identity. The majority of all internet traffic is plaintext, but endusers have an expectation of privacy. User backlash is what eventually caused Charter to back down, but that doesn't mean companies like NebuAd are going to be any less common.

[via EFF]
[photo: mattdork]

Read | Permalink | Email this | Linking Blogs | Comments

U.S. and China host majority of malware

Eliot Phillips — 2008-06-25T00:45:00+00:00

Filed under: news, security hacks

StopBadware.org has released their May 2008 Infected Sites Report(PDF). They took their current list of 213K active badware websites and resolved the IP addresses. These addresses were used to determine the network block owner and country. The results could be skewed to networks Google scans more often, but they should give a decent overall picture. China hosts 52% of all the badware sites while the U.S. has 21%. There weren't any other countries maintaining over 4% of the total. They also calculated the number of infected sites per capita, which China also led. Last year's report resulted in several AS block maintainers cleaning up to the point that they don't even make the top 250 this year.

Read | Permalink | Email this | Linking Blogs | Comments

Citibank ATM PIN heist mystery continues

Eliot Phillips — 2008-06-24T22:50:00+00:00

Filed under: news

For the last few months, the FBI have been investigating a breach of Citibank's ATM transaction processing servers. We've seen credit card numbers get stolen before, but these compromised servers were used to collect card numbers and PINs as transactions took place. The group responsible hired people to write new cards and use them to make ATM withdrawals. The card makers would keep a percentage and launder the rest. This is just a very small part of story and the extent of the breach isn't fully realised yet. Threat Level's [Kevin Poulson] has the whole story on this disturbing situation.

[photo: Bryan Derballa]

Read | Permalink | Email this | Linking Blogs | Comments

Open source Symbian

Eliot Phillips — 2008-06-24T16:40:00+00:00

Filed under: cellphones hacks, news

Nokia recently announced its plans to purchase Symbian and formed the Symbian Foundation with the intention opening the software platform over the next two years. Symbian is already present on 60% of all cellphones in the world. With such a massive install base, open source Symbian has a much better chance of taking off than platforms like Android, which are starting on the ground floor.

Read | Permalink | Email this | Linking Blogs | Comments

EFiX dongle still not available

Juan Aguilar — 2008-06-23T20:30:00+00:00

Filed under: news

Well, it's June 23rd, and still no dongle from EFiX. Despite a new product page on the company's site, the OS X installing dongle is still not available for purchase. The USB dongle is supposed to facilitate the installation of Mac OS X by booting the Leopard install DVD on PCs, but so far no one has been able to verify this claim as no one has one of these in their hands yet. We've been covering this story since the beginning, and we'll be sure to let you know when you can actually buy one of these.

[via Engadget]

Read | Permalink | Email this | Linking Blogs | Comments

OLPC dual booting

Juan Aguilar — 2008-06-23T18:25:00+00:00

Filed under: news

Gizmodo has the first ever footage of an OLPC dual-booting both its default OS, Sugar Linux, and Windows XP. The BIOS was not originally intended to boot XP, so it had to be modified for this to work. The XO's screen flipper and directional buttons work in XP as well.

It's not all good news, though: XOs are designed to be ultra-lean, packing a meager 256MB of RAM, which is hardly ideal to run XP. Booting it alone took an eternity, so we can't imagine anyone doing anything practical with this. The machines will never ship with only XP installed.

Read | Permalink | Email this | Linking Blogs | Comments

Consumer Reports releases vintage photos

Juan Aguilar — 2008-06-22T22:15:00+00:00

Filed under: news

Consumer Reports has just released this photoset of vintage photos of consumer product tests. It includes photos of conventional products like the one above (a portable hair dryer), but also some interesting tech that never took off, like a motorized scour pad and a record player for cars. The products depicted in the set are all from before the 1970s (and remember, a few machines from back then were able to do some pretty impressive things), so whether you're into old tech for its own sake or you're just looking for photography of really old tv consoles, get a look.

[via Laughing Squid]

Read | Permalink | Email this | Linking Blogs | Comments

MIT Mobile Cloud

Juan Aguilar — 2008-06-22T21:15:00+00:00

Filed under: news

The MIT Mobile Experience lab has just developed this ambitious interactive installation called The Cloud. Located in Firenze, Italy, The Cloud is a sort of sculpture with over 15,000 LEDs and several miles of fiber optics. The tips of the fibers glow, but they also change colors in response to human interaction, including touching it or standing near it. The Cloud uses a combination of proximity and touch sensors to achieve this. It also has two cameras and a microphone, which allows it draw input from various sources and output a much richer, more organic response.

[via Cool Hunting]

Read | Permalink | Email this | Linking Blogs | Comments