Our friend [Jeffrey Sharkey] hacked the iTunes remote control protocol and produced his own version for Android, one of the smartphone OSes we just covered. He pored over dumped packets for a few days and wrote a client which is of course GPL’d. Besides that, he’s been busy winning the Android Developer Challenge. His app, Compare Everywhere, was one of the top 10 winners, netting him a cool $275,000. This ingenious bit of code deciphers barcodes scanned using a cell phone camera and then finds prices for that item at every nearby store that sells it.

The other winners wrote apps that do cool things such as one-click cab ordering, locate missing children, and find parties. Check out all 50 finalists and winners here.

The Griffin AirCurve Dock is a nifty gadget that uses a coiled horn to increase the volume of your iPhone’s speaker. Griffin’s marketing claims that their passive device delivers “amazing amplification” and “you’ll swear there are full-sized speakers in there.” Meh. It does look like an interesting project for someone with a 3D printer. You could experiment with different passage and dock shapes. At least it gives us an excuse to post two massive DIY horns.

Read the rest of this entry »

[Peter Edwards] at Casper Electronics built a modular synth and integrated it with the Barbie karaoke machines we saw at Notacon last April. The complete unit consists of 25 modules which are wired together using banana cables. He’s using this homebrew step sequencer to control the bent karaoke machines which then feed into the rest of the synthesizer. If you’d like to bend your own barbie karaoke machine, [Peter] was kind enough to post schematics and instructions for his bends.

[Zack Anderson], [RJ Ryan], and [Alessandro Chiesa] were sued by the Massachusetts Bay Transit Authority for an alleged violation of the Computer Fraud and Abuse Act after copies of their presentation slides were circulated at Defcon 16. The slides give an eye widening glimpse into the massive security holes present in the Boston subway system. There are at least 4 major security flaws in the subway, which allowed them to get free subway rides by finding unlocked, back door routes into the subway, spoofing magnetic and RFID cards, and attacking the MTBA’s network. Judge Douglas P. Woodlock has issued a gag order, stopping the trio from giving the presentation at Defcon or disclosing sensitive information for ten days. However, the MIT school newspaper, The Tech, has published a PDF of the slides online. The research culminated in the trio warcarting the MTBA’s headquarters and being driven off by police.

French reporters at Black Hat crossed the line when they sniffed fellow reporters’ login info on the designated “safe” wired network. Proud of their handiwork, they were nabbed when they tried to get their spoils posted on the wall of sheep, which is used to publicly post attendees credintials. It turns out that monitoring communications without informing one of the parties involved is a felony, so although it is legal to sniff convention goers’ login info with their knowledge, hacking reporters covering the event is a no-no. An FBI agent we ran into commented that in his experience, they’d probably just turn it over to the local US attorney’s office to see if they wanted to proceed with an investigation.

We’re in the Defcon press room today and there’s still a buzz about these “sleazy” French reporters. We’re tunneling through our cell connection like any sane person at a security conference.