The Boxee blog has recently announced that they have finally released a Linux version. So far, only Ubuntu 7.10 through 8.04 support is available. We covered Boxee when they released their alpha version a few months ago. One of the unique things we found about it was the added social layer that allows the user to share their viewing and listening information on various social networking sites.
This XBMC based media streamer has won a lot of praise lately and we are excited to finally see it step into the Linux platform. Up until now, Boxee was strictly run on OSX 10.5 and thus bound to Apple's hardware configurations. Once they get a stable version running, it will be extremely easy for anyone to build a media streamer from an old PC with various hardware configurations.
Adeona is an open source internet-based laptop tracking system that is free to use. It's available for Linux, OSX, and Windows XP/Vista. After installation, Adeona will submit at random intervals, anonymously encrypted updates on the computer's location to servers on the Internet, specifically to OpenDHT, a free storage service. The information is kept on the servers for one week. If your laptop becomes lost or stolen, you can use the retrieval tool to access information about where your laptop was last used: the external IP address, internal IP address, and nearby routers. If your laptop is a Mac, you can also download isightcapture to grab a picture of the thief. Adeona is designed to protect against common criminals who may not have much technological knowledge, and does not have any protections against events such as disk wipes. The open source nature of Adeona's system means that there's ample opportunity to improve upon the release or add extensions. Here's one user who really likes what he sees.
How do you protect your own blog from getting hacked? There's never a foolproof answer, but with some added tools and caution, you can make your website a little safer from getting into harm's way. Cats Who Code has five plug-ins and tips you can use to protect your Wordpress install. Some of the tips are common sense advice that can apply to anything related to technology - such as making backups often and using strong passwords. Others include suggested plugins that can help you verify whether your Wordpress install has any security holes, or small tricks to hide the version of Wordpress you're using. Do you have any useful plugins or tricks to share to keep your blog safe from hackers?
[liseman] decided to build a honeypot for bicycle thieves. He mounted a pay as you go cell phone and a gutted stun gun inside a water bottle. When the phone is dialed, the stun gun is activated thanks to a tap on the vibration motor inside the phone. He also installed some tracking software on the phone so the bike can be traced when stolen. Location of the stun gun probes depends on certain assumptions: will the thief ride off on the bike, or simply toss it in the back of a truck. (Check your local laws if you're contemplating doing this yourself.)
This project has two demonstrations on their site. The first is dubbed the RTS-2 (Racial Targeting System). This system is essentially a camera which follows faces and is able to analyze and interpret the person's race. The second is SOLA. This system is able to quickly scan someone and calculate their body mass index then publish this information to the web. Both systems achieve their goal by blatantly pointing out a line in which more surveillance does not equate to more security. They also show the wealth of personal data that can be obtained about a person by a simple camera.
While at The Last HOPE this year, we were fortunate enough to see Wiremap, a volumetric display made from thread. Using a projector and 256 individual strands of cotton thread, [Albert Hwang] produces 3D effects. The result is a visually stunning piece of work.
The DShield project is hoping to change how we protect our networks from malware with predictive blacklisting. Using a method similar to Google's PageRank, DShield collects logs from network administrators to help develop a score based on maliciousness. They combine this score with information about where the malware has already hit to determine an overall threat level.
Similar to antivirus programs, the system still relies on networks being attacked to rate the threat level. They have shown though, that the predictive method is consistently more effective than manual blacklisting. The system has been available for free for the past year. Those utilizing the system have been reporting positive results. They do note that there are a few people whose network infrastructure doesn't match up with the predictions very well. If you would like to participate, go to their site and sign up.
YouTomb is a research project designed by the MIT Free Culture group to track video take downs on YouTube. To succeed, the team needed to track every single video on YouTube... which is close to impossible. Instead, they built several "explorer" scripts to track what videos were interesting. One explorer tracks all of YouTube's lists: recommended, featured, most active, and more. Another explorer picks up every video submitted to YouTube, and a third crawls Technorati.
The explorers just find the videos; a separate group of scanner scripts checks the current status of videos. It checks both the new videos and ones that have been killed to see if they return. YouTomb archives every video it finds. They display the thumbnail of the video under fair use, but they're still determining whether they can display each video in full.
[Che-Wei Wang] has a few more projects up his sleeve aside from his pneumatic power suit. This is a bit artsy, but he created an ultraviolet ink dropper to leave a trail of invisible ink wherever he rides his bike. Just think of it as a modernized version of [MacGyver]'s paint can under the bad guys car tracking system.
DPX Systems seems to deal exclusively in devices powered by handheld drills. In addition to the mini bike in the video above, they've made systems for wheelchairs, toolboxes, and hoists. The device costs $630, but we know most of you just need prompting that something is possible to be well on your way to building your own version. We're still more fond of weed whacker machines.
In today's webcast, [Dan] covered how he felt about the handling of the vulnerability and answered a few questions about it. He started out by talking about how he stumbled across the bug; he was working on how to make content distribution faster by using DNS to find the server closest to the client. The new attack works because DNS servers not using port randomization make it easy for the attacker to forge a response. You can read the specifics of the attack here.
[Barry Wels] is well known for his lockpicking talks, but this year he wanted to talk about how he copies high security keys. If a key blank is available, you could make a copy just by viewing the original. High security keys generally have profiles with more side cuts, which means you can guess at how deep a specific pin is by observing how many cuts it crosses. He also showed that you could imprint your arm with the key and use that as a guide. If a blank isn't available, you could fill a similar key with solder and file that down.
[Barry] showed two different kits for casting keys. The first used soft clay in a clam shell to make an imprint of the original key. The form is then filled with a low melting point alloy (probably Wood's metal) to create the new key. A second style uses a metal form and two part silicone to create the mold. This method works for most high security keys, but will not work on keys with active elements like sliders or magnets.
Finally, [Barry] talked about his favorite method: impressioning. Unlike picking a lock, when you're done impressioning you have a funtional key. You start with key blank and file off the top layer. Place the blank in the lock and turn it till it jams. Then, you rock the key up and down. Observing the key under light you'll see a small mark where each pin is. File a bit where the marks appear and repeat the process. You can't use too much force or you might break the blank. This also works on dimple keys and as this video shows, laser cut keys. [Barry] highly recommends the impressioning book by [Oliver Diederichsen].
[Mark] sent in this nice trick for breathing new life into an old laptop. [Sarc] had a tibook with a broken LCD. It was still usable with an external monitor, so he simply removed the broken LCD. The tibook (and MacBook) uses a magnetic sensor to monitor the LCD position. To put the machine in the right mode, he taped a magnet in place to make the machine think that the display was in the closed position. To really clean things up, he mounted all the hardware under the desk and used a wireless keyboard and mouse with the machine.
On the latest episode of Systm, they talk to [David Calkins], founder of the RoboGames competition, about humanoid robotics. The robots featured in the episode are Hitec's ROBONOVA-I. The ROBONOVA is about a foot high and has 16 servos with support for up to 24, all connected to an Atmel controller. The episode is quite long: At around 15 minutes, they demonstrate the programming enviroment. You can program it traditionally or pose the bot to work out the motions. At 30 minutes, [David] mentions that next year's competition will allow airsoft weapons to be attached, but bots have to be controlled from a first person perspective. If you're interested in one of these kits, they have a ROBONOVA special of $900 or as low as $500 for educational institutions (that's us, right?). Now is the perfect time to get one since you'll have nearly a full year to prepare for RoboGames.
Related: You'll hear builder [Matt Bauer]'s name mentioned several times.
We've been tracking Metasploit commits since Matasano's premature publication of [Dan Kaminsky]'s DNS cache poisoning flaw on Monday knowing full well that a functional exploit would be coming soon. Only two hours ago [HD Moore] and [I)ruid] added a module to the Metasploit Project that will let anyone test the vulnerability (with comment: "ZOMG. What is this? >:-)"). [HD] told Threat Level that it doesn't work yet for domains that are already cached by the DNS server, but it will automatically wait for the cached entry to expire and then complete the attack. You can read more about the bailiwicked_host.rb module in CAU's advisory. For a more detailed description of how the attack works, see this mirror of Matason's post. You can check if the DNS server you are using is vulnerable by using the tool on [Dan]'s site.
