Earlier this year, our friend [Dan Kaminsky] discovered a major DNS issue that could allow hackers to compromise name servers and clients easily. The vulnerability involves cache poisoning, and [Kaminsky] plans to publish the full details of the vulnerability on August 6th. However, he has already begun his work to control it, alerting major authorities early on of the vulnerability.

As a result, engineers from many major technology vendors quickly began working on coordinated patches for DNS servers. The patches were all released today; vendors and a CERT advisory urge organizations to apply them today, before the vulnerability becomes common knowledge. More details on the DNS issue can be found in the executive overview (PDF file). [Rich Mogull] interviewed [Dan] for the Network Security Podcast. It doesn’t detail the attack but points out that services that use port randomization like OpenDNS are unaffected and that Bind8 is being deprecated.

UPDATE: Here’s the audio from this morning’s press conference.

[image: Flickr / d70focus ]

A group from Philadelphia PA calling themselves Team pzkpfw decided to recreate a Panzerkampfwagen III, but not entirely according to the original specs. Instead of treads and an engine, they used a system of pedals, gears and chains powered by up to six riders. The team of roughly nine men spent eleven days welding beams and plates, drilling and shaping sprockets, and painting the tank a fearsome pink camouflage. They were planning on crashing the 2nd annual Kensington Kinetic Sculpture Derby with it, which they crashed last year in a pirate ship, but they ended up being too tired from their tooling around to actually do it. There’s always next year. Get a look at their promotional video after the break, or if you’ll be in the Philly area soon, “visit the tank on Frankford Ave, just north of Norris St in Philadelphia.”

Read the rest of this entry »

We’ve seen some fairly impressive mixer projects this year, and the Aurora mixer is no exception. It is a dual channel USB-powered mixer with two linear faders, one crossfader, eight backlit buttons and 24 potentiometers, all built around a PIC 18LF4525 microcontroller. That’s all pretty typical for a mixer, but this one is very visually attractive, featuring a clean and stylish form factor and controllable lighting both under the board and in the LEDs backlighting the buttons and knobs.

Whether you want to buy one now or build one yourself, the Aurora team has made both possible. You can contact them for pricing if you are ready to buy. If you prefer to build, this is an open source project with full assembly instructions, schematics, drivers, patches and all other source code and information you should need available here. See more photos of the Aurora mixer here, or see it in action after the break.

Read the rest of this entry »

Do you have a burning desire to fight grizzly bears? If you do, We can’t guarantee that the first bear you face will win, but we really can’t imagine another outcome unless you use [Troy Hurtubise]‘s Mk IV suit, which is currently up for auction. We have discussed the suit before along with several other high-tech power suits, but this is the only one with bear-resistance in mind. The suit features several safety features, including layers of chainmail and titanium.The suit was also featured in the film “Project Grizzly.” [Hurtubise] is hoping to sell the suit for $40,000 or more to offset his personal costs, and judging by the current price, he may well make it.

[via Engadget]

If you’ve been looking for a cheap way to do motion capture on 3D Studio Max, [melka] has devised an ingenious way to do mocap using a Wii nunchuck. As shown in his Vimeo video, the nunchuck is connected to an Arduino that feeds MIDI data to a computer running the MIDI app Ableton Live. Ableton Live feeds that data to 3D Studio Max via MIDI Yoke.

The video below the break shows that the motion of the nunchuck can be seen in real time in the 3D Studio Max Window. We’re really hoping [melka] will post a writeup of this project soon, as we are hungry for more details.

Read the rest of this entry »

Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]‘s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.

In paintball, the element of surprise can make the difference between victory and defeat. While we can’t help you with the sounds of labored breathing and shuffling feet as you waddle across the field, we did find this guide on how to make a silencer for your paintball gun.

To build this you will need two lengths of PVC pipe, one slightly larger in diameter than the barrel of the gun, the other about 1″ beyond that. You will also need PVC reducers that fit the pipes, cotton balls, and various cutting and finishing tools. Cut the stopper tab from the smaller pipe and put into a reducer, hammering the reducer into place. Cut the pipe about 1″ away from the reducer, being careful to make the cut as even (perpendicular to the length of the pipe) as possible. Now drill six straight lines of ten holes along the pipe with the smallest drill bit possible. Sand down the inside of the pipe by wrapping sandpaper around a cylindrical stick and move the stick in and out of the pipe. Cut the larger pipe so that it is slightly shorter than the smaller pipe. Fit the two pipes together and fill the area between the two with about 20 cotton balls. After that, fit the second reducer to the other end. At this point the silencer is functional, but guide author [MrAngryPants] suggests painting it black.

As the paintball and CO2 are expelled from the gun, the cotton baffles dampen the resulting sound wave.

Whether you consider yourself a bona fide mad scientist or you simply think your horrifying mutant creations are misunderstood, you’ll want to enter io9′s Build a Lifeform contest.

The contest doesn’t require any actual primordial soup, just a concept of a synthetic lifeform you think would be useful or interesting. There are two categories with different prizes for each one. The first category asks contestants to use the BioBricks registry of standard biological parts to design a lifeform that could be created in a lab. Descriptions of how it would be made, what it would do, and potential hazards in creating it must all be included with the entry. The winner of this category will recieve an all-expenses-paid trip to the Synthetic Biology Conference in Hong Kong in October.

The second category is more focused on creativity, asking for the same descriptions as the first category without any BioBricks data. While this is the more speculative category, proposed lifeforms must still be plausible to create using current technology. The prize is $1000 and a signed drawing of your lifeform rendered by “a cool comic book artist.”

Both categories offer pretty good loot for your concepts, just be sure they’re more original than an esquilax if you intend to win.

For the background on BioBricks, check out [Drew Endy]‘s Hacking DNA talk from last year. He’s one of the judges for the contest.