GetLoFi’s dub siren


GetLoFi has always been one of our first stops when looking for circuit bending fun. Their latest project is building this simple dub siren from a noise making key chain. Dub sirens or rasta boxes are a signature sound in dub reggae. The base of this project is an eight sound keychain. Each pad is wired to an eight position selector switch. The pitch resistor is replaced with a linear pot. One push button is used to replace the original eight and another is used for mute. Plug the 1/4inch jack into a delay pedal and you’re ready to rock. Check out the video below to see this particular box in use.

[Read more...]

Citibank ATM PIN heist mystery continues


For the last few months, the FBI have been investigating a breach of Citibank’s ATM transaction processing servers. We’ve seen credit card numbers get stolen before, but these compromised servers were used to collect card numbers and PINs as transactions took place. The group responsible hired people to write new cards and use them to make ATM withdrawals. The card makers would keep a percentage and launder the rest. This is just a very small part of story and the extent of the breach isn’t fully realised yet. Threat Level’s [Kevin Poulson] has the whole story on this disturbing situation.

[photo: Bryan Derballa]

Crawling + SQL injection with Scrawlr

Scrawlr is the latest tool to come out of HP’s Web Security Research Group. It was built in response to the massive number of SQL injection attacks happening on the web this year. Most of these vulnerable sites are found through googling, so Scrawlr works the same way. Point it at your web server and it will crawl all of the pages and evaluate the URL parameters to see if they’re vulnerable to verbose injection. It reports the SQL server and table names if it comes across anything.

It only supports 1500 pages right now and can’t do authentication or blind injection. It’s still a free tool and a great way to identify if your site is vulnerable to automated tools finding you website via search engines.

[via Acidus]

Server access FAIL


Head over to The Daily WTF to find out about the building upgrade that made this data center only accessible from the handicap stall of the women’s restroom.

Open source data recovery tools


InformationWeek has great article on open source data recovery tools. What type of tools you use will depend on the severity of the situation. You can use live Linux distros designed for recovery like SystemRescueCD or Partedmagic (the latter being more user friendly). Security tools distrubutions like BackTrack can also be helpful; Helix in particular was designed for forensics work. dd is a standard *nix tool for imaging drives, but something like TestDisk can help you repair partition tables for whole disk recovery. Most deletion operations don’t overwrite the data which means you can use file carving to capture the lost files. PhotoRec is able to find files in a number of common formats. Finally, if you’ve got some serious forensic work ahead of you there’s The Sleuth Kit and many other command line tools.

As an addendum, OStatic put together a list of 5 freeware tools for protecting your system.

DefconBots sentry gun competition


DefconBots is returning again this year with their shooting gallery robot competition for Defcon 16. They’ve decided to leave the rules unchanged from last year. It’s a head to head competition between fully autonomous guns. The first gun to shoot all the targets on their side of the board wins. The rules aren’t very strict on design; as long as you use nonlethal nonmessy amunition and include a safety switch you’re pretty much good to go. The DefconBots site has a reference design to put you on the fast track to competing. Defcon 16 is August 8-10, 2008 in Las Vegas.

Related: [Aaron Rasmussen]‘s sentry gun we covered back in 2005

[photo: Bre Pettis]

Streaming Netflix to the Xbox 360


We were just as excited as anyone when we heard about Roku’s Linux based Netflix Player, but not being ones to spend money on hardware, even $99, we’d much rather use something that’s laying around that’s not living up to its full potential. Lifehacker has a guide for using vmcNetflix to stream Watch Instantly movies to the Xbox 360. vmcNetflix is a Media Center plugin. When the 360 was originally released, you could only get Media Center by buying a new PC, now it’s included with Vista, meaning people might actually use it.

Follow

Get every new post delivered to your Inbox.

Join 96,671 other followers