DRM causes vulnerabilities

This image is from Microsoft's DRM page.

We often hear people touting the evilness of DRM, but usually they are talking about the idea of ownership. In this case, DRM is actually causing harm. It turns out that Microsoft’s msnetobj.dll, which is supposed to enforce DRM on your computer, stopping you from doing certain things like saving files you don’t “own” is open to 3 attacks.  Vulnerable to buffer overflow, integer overflow, and denial of service, this sucker is riddled with issues.

The vulnerabilities in this file aren’t groundbreaking. Buffer overflow is a common method to get to many systems. The problem here, according to some commenters at BoingBoing, is the fact that this DLL is called every time you open a media file.

[via BoingBoing]

PS3 Sixaxis controller now houses exploit

[Hasuky] posted a guide for turning a PlayStation 3 Sixaxis controller into a PSGroove exploit device (translated). Unfortunately you’ve got to crack open the controller and add some parts to get it working. The hack requires a PIC 18F2550 (a chip we’ve already seen used as a standalone PSGroove device), a crystal, and various resistors and capacitors to connect to the controller’s PCB. From there you connect the USB cable between the controller and the game console and boot using the exploit.

[Thanks Craig via DCEmu]

From cinema to stills, camera lens gets new life

[Timur Civan], with a beautiful merge of past and present, has taken a 102 year old camera lens (a 35mm F5.0 from hand cranked cinema cameras) and attached it to his Canon EOS 5D. While this is not the first time we’ve seen someone custom make a camera lens or attach a lens to a different camera, such as when we brought you plumbing tilt shift or iPhone camera SLR or Pringles can macro photography, the merge of old tech with new warms our empty chest cavities hearts. Catch some additional shots of 1908/2010 New York City after the jump.

Continue reading “From cinema to stills, camera lens gets new life”

Portable password vault

This little box remembers all of your user names and passwords. Inside you’ll find an Atmel AT89S5131 microcontroller which has built-in USB capability. When the box is plugged into a USB port it identifies as a keyboard. Manipulating the buttons on the top and side will select and print out various stored usernames and passwords. Passwords are generated on-chip from a random seed and the device itself requires a passcode after power up as a security feature.

[SigFLUP’s] included a pretty nifty configuration algorithm. It doesn’t rely on a terminal connection, since the device is a keyboard you can communicate with it in an editor window (which should make it platform independent). There’s no code available, but trying to write your own to the spec outlined in the demo after the break will make for a fun weekend project.

Continue reading “Portable password vault”