Drill powered mini bike

DPX Systems seems to deal exclusively in devices powered by handheld drills. In addition to the mini bike in the video above, they’ve made systems for wheelchairs, toolboxes, and hoists. The device costs $630, but we know most of you just need prompting that something is possible to be well on your way to building your own version. We’re still more fond of weed whacker machines.

[via Toolmonger]

DNS cache poisoning webcast

UPDATE: Full audio of the webcast is now available

Today Black Hat held a preview webcast with [Dan Kaminsky] about the massive DNS bug he discovered. On July 8th, multiple vendors announced a patch for an undisclosed DNS vulnerability. [Dan Kaminisky] did not release the details of the vulnerability at that time, but encouraged security researchers to not release their work, if they did happen to discover the bug. On the 21st, the full description of the vulnerability was leaked.

In today’s webcast, [Dan] covered how he felt about the handling of the vulnerability and answered a few questions about it. He started out by talking about how he stumbled across the bug; he was working on how to make content distribution faster by using DNS to find the server closest to the client. The new attack works because DNS servers not using port randomization make it easy for the attacker to forge a response. You can read the specifics of the attack here.

[Read more...]

HOPE 2008: Methods of Copying High Security Keys

[Barry Wels] is well known for his lockpicking talks, but this year he wanted to talk about how he copies high security keys. If a key blank is available, you could make a copy just by viewing the original. High security keys generally have profiles with more side cuts, which means you can guess at how deep a specific pin is by observing how many cuts it crosses. He also showed that you could imprint your arm with the key and use that as a guide. If a blank isn’t available, you could fill a similar key with solder and file that down.

[Barry] showed two different kits for casting keys. The first used soft clay in a clam shell to make an imprint of the original key. The form is then filled with a low melting point alloy (probably Wood’s metal) to create the new key. A second style uses a metal form and two part silicone to create the mold. This method works for most high security keys, but will not work on keys with active elements like sliders or magnets.

Finally, [Barry] talked about his favorite method: impressioning. Unlike picking a lock, when you’re done impressioning you have a funtional key. You start with key blank and file off the top layer. Place the blank in the lock and turn it till it jams. Then, you rock the key up and down. Observing the key under light you’ll see a small mark where each pin is. File a bit where the marks appear and repeat the process. You can’t use too much force or you might break the blank. This also works on dimple keys and as this video shows, laser cut keys. [Barry] highly recommends the impressioning book by [Oliver Diederichsen].

[photo: Rija 2.0]

Behead your laptop

[Mark] sent in this nice trick for breathing new life into an old laptop. [Sarc] had a tibook with a broken LCD. It was still usable with an external monitor, so he simply removed the broken LCD. The tibook (and MacBook) uses a magnetic sensor to monitor the LCD position. To put the machine in the right mode, he taped a magnet in place to make the machine think that the display was in the closed position. To really clean things up, he mounted all the hardware under the desk and used a wireless keyboard and mouse with the machine.