Abusing HTTP status codes

Concerns over privacy online are an ever growing theme. Every day we see people complaining about the policies of facebook and the like. [Mike Cardwell] points out another method of gleaning a bit of personal data from you that you may not have seen yet. By embedding a hidden image or using some really simple javascript, he can tell if you are currently logged into Gmail, Twitter, Facebook, or Digg. While this could possibly be used for more nefarious things, he points out that you could also use it for customizing your website to better suit the experience of the browser. For example, if the “reader” is already logged into Gmail, you could have any email links automatically open a gmail instance instead of the local mail client.

Wireless Sniffing and Jamming of Chronos and iclicker

The ubiquitous presence of wireless devices combined with easy access to powerful RF development platforms makes the everyday world around us a wireless hacker’s playground. Yesterday [Travis Goodspeed] posted an article showing how goodfet.cc can be used to sniff wireless traffic and also to jam a given frequency. We’ve previously covered the work of [Travis] in pulling raw data from the IM-ME spectrum analyzer, which also uses goodfet.cc.

The Texas Instruments Chronos watch dev platform contains a C1110 chip, which among other things can provide accelerometer data from the watch to an interested sniffer. The i>clicker classroom response device (which houses a XE1203F chip) is also wide open to this, yielding juicy info about your classmates’ voting behaviour. There is still some work to be done to improve goodfet.cc, and [Travis] pays in beer–not in advance, mind you.

With products like the Chronos representing a move towards personal-area wireless networks, this sort of security hole might eventually have implications to individual privacy of, for example, biometric data–although how that might be exploited is another topic. Related to this idea is that of sniffable RFID card data. How does the increasing adoption of short-range wireless technologies affects us, both for good and bad? We invite you to share your ideas in the comments.

Inaccurate Breathalyzer is still quite nice

Sure, [Hunter Scott’s] Breathalyzer can only differentiate between hammer and sober, but look how nice it came out. He’s using an MQ-3 alcohol sensor which, from previous projects, we know is very difficult to accurately calibrate. But if you want to monkey around with embedded systems you’ve got to have a goal. [Hunter] chose a gorgeous aluminum project enclosure, adding a big LCD display to the to the lit. The switch on the bottom selects between on, off, and charging modes. He’s using a USB charger from Adafruit to top off the lithium battery inside. Everything runs on 3.3V with the exception of the sensor which gets its 5V supply from a boost converter. An Arduino is the brains that pulls everything together.

See [Hunter’s] video description of the project embedded after the break.

Continue reading “Inaccurate Breathalyzer is still quite nice”

Monocrome to Magnificent: computer display chronology

Remember when CGA came out and made monocrome monitors look horrible? Well CGA is crap, VGA is where it’s at. Wait… weren’t there a couple of standards in between those two? Take a walk down memory lane and relive the evolution of computer display technology. You’ll start with displays that are more or less CRT oscilloscopes and end up in better than high-def territory. The article is an interesting read but for those with short attention spans jump to the fourth page and check out the chart of technologies, resolutions, and implementation dates. We’ve come a long way in a few short decades.

Jamming gripper completes robot drug dealer

Here’s an inexpensive way to build your own jamming gripper. [Steve Norris] combined a robot arm with a few inexpensive items to achieve similar results as the original. Much like the last DIY version he started with a balloon and some coffee grounds, but instead of using his own body as a vacuum pump he sourced a Reynolds Handi-Vac, an inexpensive food vacuum sealer. It connects to the balloon using some plastic tubing, and sucks all of the air out, locking the coffee grounds around an object for a firm grip. The video after the break even shows the gripper picking up two aspirin. At first we thought a servo motor was being used to seal off the tube once the air had been pumped out. Instead, it is covering a hole in the tubing, which breaks the vacuum when it’s time to let go of an object.

Continue reading “Jamming gripper completes robot drug dealer”

Sparkfun free day recap

It looks like the dust has finally settled with sparkfun’s free day. They managed to give away $150,541 to users and $22,988 to charity.  The general idea is you could ether take $10/year you’ve been a sparkfun customer, or take a 10 question quiz and earn $10/correct answer plus some money for charity. It looks like some technical difficulties prevented people from taking the quiz until free day had been under way for a couple of hours. Once they managed to fix the problem the money went pretty fast, eating up the last $40,000 in about 5 minutes. So did anyone manage to get anything good? Be sure to checkout sparkfun’s recap video after the break for more details.

Continue reading “Sparkfun free day recap”

Radios without power sources

[Goodhart] is sharing his process for building a couple different AM radios. It’s surprising how few components he’s using; the first build is just a germanium diode, some wire, and a piezo earpiece. But it strikes us that both of the radios he gives build instructions for have no power source. We’re also amused by the process of selecting the station. His example uses 770 AM, and requires you to take the wire and place it up in a tree with the two ends about 1216 feet apart. We think there’s something a bit off with the math, but with that much conductor to start with there might be enough induced current for you to actually hear something come out the piezo. We don’t think we’ll be trying this anytime soon, but we’d like to hear comments from those of you who do (or already have).