A look at the (now patched) security of [Kim Dotcom's] MEGA cloud storage service

mega-cloud-storage-security

MEGA is a new, encrypted cloud storage system founded by [Kim Dotcom] of MegaUpload fame. They’re selling privacy in that the company won’t have the means to decrypt the data stored by users of its service. As with any software project, their developers are rapidly making improvements to the user interface and secure underpinnings. But it’s fun when we get some insight about possible security problems. It sounds like the issue [Marcan] wrote about has been fixed, but we still had a great time reading his post.

The article focuses on the hashes that the website uses to validate data being sucked in from non-SSL sources using some JavaScript. Those insecure sources are a CDN so this type of verification is necessary to make sure that the third-party network hasn’t been compromised as part of an attack on the MEGA site. The particular security issue came when the hashes were generated using CBC-MAC. [Marcan] asserts that this protocol is not adequate for the application it’s being used for and goes on to post a proof-of-concept on how the messages can be forged while retaining a hash that will validate as authentic.

[Thanks Christian]

Messenger bag LED matrix keeps bikers safe at night

messenger-bag-led-matrix

Get a little more exposure than one under-saddle bike light can provide by building your own LED enabled messenger bag. It looks like the bag itself was fabricated from scratch by [Andrew Maxwell-Parish] rather than altering an existing bag. He had a few goals for the project, the most interesting of which was to make the electronics removable. His reasoning for this is so he can get the bag past security at the airport.

The design is quite simple, there’s a large flap which is attached at the top of the bag and has a couple of clips at the bottom to keep ti closed. On the inside of the flap he sewed a snap system which holds one piece of material on which all of the electronics are attached. The Lilypad system is used (it looks like the original hardware and not the FLORA upgrade). The main unit is sewn to one side, while the Charlieplex LED matrix was attached in a grid centered on the flap. The lights shine through the orange fabric, keeping them fairly safe from the weather and giving them a reddish hue.

If you’re looking for a few more features check out this GPS enabled messenger bag.

Help hackaday buy our own 3D printer UPDATED!

beggars

UPDATE: We’re getting a LulzBot thanks to [Jeff Moe].

ALL DONATIONS ARE BEING REFUNDED. YOU WILL STILL RECEIVE YOUR STICKERS.

We’ve held out for far too long. Hackaday now needs a 3D printer.   We get emails all the time asking why we don’t have a donate button. Well, we’re kind of stubborn and would rather just do with what we have. Unfortunately this hasn’t gotten us very far in the 3d printer department.

We have a few projects in mind that could really utilize a 3d printer, namely building custom game controllers for children with special physical needs.

If you have any interest in helping us get a 3D printer for Hackaday, read on. Otherwise, carry on with your day.

[Read more...]

Adapting the Nexus 7 for a double DIN car dashboard opening

making-nexus-7-fit-in-double-DIN-dashboard

It turns out that the Nexus 7 Android tablet is the perfect size to fit in a double DIN opening. DIN is the form factor of a single CD head unit for an automobile. Many models have room for a double DIN, which is defined as 4″ high by 7″ wide. Once [Meta James] figured out that the dashboard bezel for his Subaru framed the Nexus 7 perfectly he set out to fabricate the mounting system for an in-dash tablet installation.

Unlike a lot of these dashboard tablet installs, [James] didn’t need any Bondo, sanding, or painting to get things to look right. Like we mentioned, the bezel is a perfect fit so his alterations are hidden behind the tablet itself. He removed the stock head unit and ordered a DIN adapter kit to get the black bracket plate seen above. He built an acrylic box the same size as a double DIN head unit, then mounted the plates to the sides and a Nexus 7 case to the front. This holds the tablet in firmly, lets him mount the entire assembly using the factory mounting points, and leaves plenty of room for the cabling that connects the device to the car. Since he already had a hands-free phone system he just uses that to amplify the audio fed to it via Bluetooth.

[via Reddit]

Genetic algorithms become programmers themselves

AI

[Kory] has been experimenting with genetic algorithms. Normally we’d expect his experiments to deal with tuning the variables in a control system or something, but he’s doing something much cooler. [Kory] is using genetic algorithms to write computer programs, and in the process bringing us one step closer to the Singularity.

The first experiments with genetic algorithms generating applications did so in BASIC, C, and other human-readable languages. While these programs nearly worked, there were far too many limitations on what could be produced with a GA. A simpler language was needed, and after turning to assembly for a hot second, [Kory] ended up using brainfuck, an extremely minimal but still Turing-complete language.

The use of brainfuck for creating programs from a genetic algorithm may seem a bit strange, but there’s a method to [Kory]‘s madness. It’s relatively simple to write an interpreter the GA’s fitness function can look into and come up with a score of which programs should breed and which should die. Also, the simplicity of brainfuck means a computer doesn’t have to learn much syntax and grammar at all.

Right now, [Kory]‘s computer that can program itself only does so by creating simple ‘hello world’ programs. It should be possible, though, for this AI to create programs that take user input and generate an output, whatever that may be. Once [Kory] is able to have the computer generate its own fitness functions, though, the sky is the limit and the Singularity will be fast approaching.

Building a velocity sensitive keyboard

keys

Cheap toy pianos don’t usually have MIDI, and getting a velocity-sensitive keyboard from something out of the toy aisle at Walmart is nearly out of the question. If you’re willing to tear one of these toy pianos apart and build your own control electronics, though, the sky is the limit, as [JenShen] shows us with his home built velocity sensitive keyboard.

Usually, velocity-sensitive keyboards have two buttons underneath each key. By having a microcontroller measure the time difference between when each button is pressed, it’s possible to sense how fast each key was pressed. [JenShen] took the idea of a velocity-sensitive keyboard in another direction and instead used a force sensitive resistor strip, cut up into many pieces to provide velocity and aftertouch data.

[JenShen]‘s keyboard adds these resistive buttons to the button matrix he already made. The result is a very inexpensive velocity sensitive keyboard with aftertouch, an impressive feat for an Arduino and only a few components.

You can check out the keyboard in action after the break.

[Read more...]

This man will take your picture while macing you

pepper

Odds are you don’t have a photographic memory, so if you ever have to mace someone, you probably won’t remember exactly what your attacker looks like. Compound that with talking to the police and looking at a few dozen mug shots, and it’s highly unlikely you’ll ever be able to identify the person you maced. This was the problem [John], [Cordelia], and [Adrian] chose to solve for [Bruce Land]‘s microcontroller course at Cornell this semester.

The device they created, PepGuard, adds a microcontroller and a serial JPEG camera to a canister of pepper spray. When the button on top is pressed, the microcontroller flashes a LED, takes a picture with a camera, and sends that picture to a phone over a Bluetooth connection.

PepGuard is always connected to the user’s phone via Bluetooth, and this allows for some interesting possibilities. With their Android app, the team can set up the phone to call emergency services when the device is activated.

You can check out the demo of the device after the break, or read the team’s report here.

[Read more...]

Follow

Get every new post delivered to your Inbox.

Join 91,415 other followers