Black Hat hackers face off in Iron Chef style competition

Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]‘s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.

Paintball gun silencer

In paintball, the element of surprise can make the difference between victory and defeat. While we can’t help you with the sounds of labored breathing and shuffling feet as you waddle across the field, we did find this guide on how to make a silencer for your paintball gun.

To build this you will need two lengths of PVC pipe, one slightly larger in diameter than the barrel of the gun, the other about 1″ beyond that. You will also need PVC reducers that fit the pipes, cotton balls, and various cutting and finishing tools. Cut the stopper tab from the smaller pipe and put into a reducer, hammering the reducer into place. Cut the pipe about 1″ away from the reducer, being careful to make the cut as even (perpendicular to the length of the pipe) as possible. Now drill six straight lines of ten holes along the pipe with the smallest drill bit possible. Sand down the inside of the pipe by wrapping sandpaper around a cylindrical stick and move the stick in and out of the pipe. Cut the larger pipe so that it is slightly shorter than the smaller pipe. Fit the two pipes together and fill the area between the two with about 20 cotton balls. After that, fit the second reducer to the other end. At this point the silencer is functional, but guide author [MrAngryPants] suggests painting it black.

As the paintball and CO2 are expelled from the gun, the cotton baffles dampen the resulting sound wave.

Build a lifeform for io9

Whether you consider yourself a bona fide mad scientist or you simply think your horrifying mutant creations are misunderstood, you’ll want to enter io9′s Build a Lifeform contest.

The contest doesn’t require any actual primordial soup, just a concept of a synthetic lifeform you think would be useful or interesting. There are two categories with different prizes for each one. The first category asks contestants to use the BioBricks registry of standard biological parts to design a lifeform that could be created in a lab. Descriptions of how it would be made, what it would do, and potential hazards in creating it must all be included with the entry. The winner of this category will recieve an all-expenses-paid trip to the Synthetic Biology Conference in Hong Kong in October.

The second category is more focused on creativity, asking for the same descriptions as the first category without any BioBricks data. While this is the more speculative category, proposed lifeforms must still be plausible to create using current technology. The prize is $1000 and a signed drawing of your lifeform rendered by “a cool comic book artist.”

Both categories offer pretty good loot for your concepts, just be sure they’re more original than an esquilax if you intend to win.

For the background on BioBricks, check out [Drew Endy]‘s Hacking DNA talk from last year. He’s one of the judges for the contest.

Pulse, the emotional visualization organism

[Markus Kison] built a device called Pulse, which is part art installation and part data visualization tool. What the emotional visualization organism called Pulse actually does is scan new posts on blogs for synonyms of keywords related to 24 distinct emotions from eight emotional groups. A red cone in the center expands when keywords are detected, in effect acting as a mood indicator for blogs.

The 24 distinct emotions are based on [Robert Plutchik]‘s psychoevolutionary theory of emotion, and the device itself is built from a glass case, various servo motors, and custom controller for the servos. This is a compelling idea, but we wonder whether it scans for modifying words or just the keywords alone. It wouldn’t make a lot of sense to have the sadness region expand drastically if many people simultaneously post the sentence “I’m not sad at all.” Video embedded after the break.

[Read more...]

Eee PC tablet build

OCAU member [Bismar] was in the market for an e-book reader, but all of his commercial options were too expensive. He decided to build one himself, and what he came up with is the Tabeee MK1, an e-book reader made from a 7″ Eee PC, a touchscreen, and a custom case.

The project is far from completion, still in the midst of its first objective: building the case. [Bismar] cut an old Lian Li case for the aluminum base, then made sure the motherboard from the Eee fit properly. The next major step was bending and cutting an acrylic sheet to form the exterior of the case. He hit a few snags bending the sheet, but forum members offered some ideas on how to do this effectively. The project is still rolling along, and we’ll be sure to show you the Tabeee MK1 when it is finished.

StereoData Maker

So you got CHDK working on your camera, and the histograms, raw image files, variable shutter speeds and other added functions are amazing, but stereo imaging is what you really want. If you have two or more CHDK-ready cameras, it’s cheap and easy to run StereoData Maker, a system that synchronizes the shutter and flash of multiple cameras.

The first step in getting SDM to work is installing the software on your SD card. You’ll need to find the correct version for you camera; a list is available on the main SDM page. If you are running Windows XP or Vista, run the installer in the zip file. Otherwise, load the files on the SD card and run the installer directly from the camera. Then decide whether this will be the right or left camera and repeat the steps for your second camera.

Next, you’ll need to prepare a switch unit, essentially a set of synchronized USB remotes. There are many ready made commercial units available, but building one on your own shouldn’t be much trouble, and a few ideas are provided on the SDM instruction page.

You’re basically ready to start shooting stereo images, just take a few test shots to get used to it and to customize the configuration on the cameras.

Javascript Vi

Few would dispute that Vi was a great text editor in its day, but no one has done anything to bring it back until now. A company called Internet Connection has developed JSVI, a clone of Vi that was written in javascript and runs inside editable text areas on virtually any browser with javascript support.

It functions identically to Vi, offering ed/ex command support, vi-keys, unicode awareness, and a number of other features available on Vi. You can see a demo of JSVI here. If you prefer to run vi on your own page, download this javascript document. JSVI is open source, and we certainly agree with [Jason Striegel] that this would make a fitting addition to any Unix blog or forum.

emacs sucks.

[via Hackzine]