Hiding Executable Javascript in Images That Pass Validation

Here’s an interesting proof-of-concept that could be useful or hazardous depending on the situation in which you encounter it. [jklmnn] drew inspiration from the work of [Ange Albertini] who has documented a way to hide Javascript within the header of a .gif file. Not only does it carry the complete code but both image and the Javascript are seen as valid.

With just a little bit of work [jklmnn] boiled down the concept to the most basic parts so that it is easy to understand. Next, a quick program was written to automate the embedding of the Javascript. Grab the source code if you want to give it a try yourself.

Let’s get back to how this might be useful rather than harmful. What if you are working on a computer that doesn’t allow the browser to load Javascript. You may be able to embed something useful, kind of like the hack that allowed movies to be played by abusing Microsoft Excel.

Echo, the First Useful Home Computer Intelligence?

We’re familiar with features like Siri or Microsoft’s Cortana which grope at a familiar concept from science fiction, yet leave us doing silly things like standing in public yowling at our phones. Amazon took a new approach to the idea of an artificial steward by cutting the AI free from our peripherals and making it an independent unit that acts in the household like any other appliance. Instead of steering your starship however, it can integrate with your devices via bluetooth to aide in tasks like writing shopping lists, or simply help you remember how many quarts are in a liter. Whatever you ask for, Echo will oblige.

Screen Shot 2014-11-06 at 2.57.14 PMThe device is little more than the internet and a speaker stuffed into a minimal black cylinder the size of a vase, oh- and six far-field microphones aimed in each direction which listen to every word you say… always. As you’d expect, Echo only processes what you say after you call it to attention by speaking its given name. If you happen to be too far away for the directional microphones to hear, you can alternatively seek assistance from the Echo app on another device. Not bad for the freakishly low price Amazons asking, which is $100 for Prime subscribers. Even if you’re salivating over the idea of this chatting obelisk, or intrigued enough to buy one just to check it out (and pop its little seams), they’re only available to purchase through invite at the moment… the likes of which are said to go out in a few weeks.

The notion of the internet at large acting as an invisible ever-present swiss-army-knife of knowledge for the home is admittedly pretty sweet. It pulls on our wishful heartstrings for futuristic technology. The success of Echo as a first of its kind however relies on how seamlessly (and quickly) the artificial intelligence within it performs. If it can hold up, or prove to hold up in further iterations, it’s exciting to think what larger systems the technology could be integrated with in the near future… We might have our command center consciousness sooner than we thought.

With that said, inviting a little WiFi probe into your intimate living space to listen in on everything you do will take some getting over… your thoughts?

Continue reading “Echo, the First Useful Home Computer Intelligence?”

Content Centric Networking and a tour of (Xerox) PARC

You may be used to seeing rack mounted equipment with wires going everywhere. But there’s nothing ordinary about what’s going on here. [Elecia White] and [Dick Sillman] are posing with the backbone servers they’ve been designing to take networking into the era that surpasses IPv6. That’s right, this is the stuff of the future, a concept called Content Centric Networking.

Join me after the break for more about CCN, and also a recap of my tour of PARC. This is the legendary Palo Alto Research Company campus where a multitude of inventions (like the computer mouse, Ethernet, you know… small stuff) sprang into being.

Continue reading “Content Centric Networking and a tour of (Xerox) PARC”

Using Facebook Ads to Prank your Friends

Most tech savvy individuals are well aware of the vast amounts of data that social networking companies collect on us. Some take steps to avoid this data collection, others consider it a trade-off for using free tools to stay in touch with friends and family. Sometimes these ads can get a bit… creepy. Have you ever noticed an ad in the sidebar and thought to yourself, “I just searched for that…” It can be rather unsettling.

[Brian] was looking for ways to get back at his new roommate in retaliation of prank that was pulled at [Brian’s] expense. [Brian] is no novice to Internet marketing. One day, he realized that he could create a Facebook ad group with only one member. Playing off of his roommate’s natural paranoia, he decided to serve up some of the most eerily targeted Facebook ads ever seen.

Creating extremely targeted ads without giving away the prank is trickier than you might think. The ad can’t be targeted solely for one person. It needs to be targeted to something that seems like a legitimate niche market, albeit a strange one. [Brian’s] roommate happens to be a professional sword swallower (seriously). He also happens to ironically have a difficult time swallowing pills. naturally, [Brian] created an ad directed specifically towards that market.

Sword Swallowing Ad

The roommate thought this was a bit creepy, but mostly humorous. Slowly over the course of three weeks, [Brian] served more and more ads. Each one was more targeted than the last. He almost gave himself away at one point, but he managed to salvage the prank. Meanwhile, the roommate grew more and more paranoid. He started to think that perhaps Facebook was actually listening in on his phone calls. How else could they have received some of this information? As a happy coincidence, all of this happened at the same time as the [Edward Snowden] leaks. Not only was the roommate now concerned about Facebook’s snooping, but he also had the NSA to worry about.

Eventually, [Brian] turned himself in using another custom Facebook ad as the reveal. The jig was up and no permanent damage was done. You might be wondering how much it cost [Brian] for this elaborate prank? The total cost came to $1.70. Facebook has since changed their ad system so you can only target a minimum of 20 users. [Brian] provides an example of how you can get around the limitation, though. If you want to target a male friend, you can simply add 19 females to the group and then target only males within your group of 20 users. A pretty simple workaround

This prank brings up some interesting social questions. [Brian’s] roommate seemed to actually start believing that Facebook might be listening in on his personal calls for the purposes of better ad targeting. How many other people would believe the same thing? Is it really that far-fetched to think that these companies might move in this direction? If we found out they were already doing this type of snooping, would it really come as a shock to us?

The Hackaday Antiduino Browser Plugin

ArduinoArduinoArduino

Hackaday – and the projects featured on Hackaday – get a lot of flak in the comments section simply for mentioning an Arduino. The Arduino complainers are, of course, completely wrong; everyone here is trying to make something, not make something in the most obscure possible way.

The Arduino is a legitimate tool, but still there are those among us who despise anything ending in ~duino. This browser plugin is for them. It’s a Chrome extension that selectively replaces or removes Arduino content from Hackaday depending on the user’s preference.

There are three settings to the plugin: See No Evil replaces images of Arduinos with serious business. Hear No Evil removes all occurrences of the word ‘Arduino’ and replaces them with something of your choosing. Speak No Evil removes all posts in the Arduino Hacks category.The last option also removes the ability to comment on any post in the Arduino Hacks category, so obviously the quality of the comments here will drastically increase by tomorrow.

You can grab the plugin on the gits. It’s Chrome only, but if someone wants to port it to Firefox, we’ll gladly put up another post.

There you go, Internet. You’re free now, and the biggest problem in your life has now been solved. Go give [SickSad] a virtual pat on the back, or tell him he could have done the same thing with a 555. Either of those are pretty much the same thing at this point.

Pokáde: Twitch Plays Pokemon, Reborn On Vintage Hardware

poke Early this year, Twitch Plays Pokemon, a webstream of tens of thousands of people playing the same game of Pokemon via web chat. It was certainly an interesting sociological phenomenon, but as in any system where thousands of people try to do a single thing, progress was exceedingly slow at points. This was compounded by the fact the Twitch stream delayed the chat by about 30 seconds.

At the time, there was some talk about setting up an alternative to the emulator-based Twitch stream. Ideas were floated, but until now, no one has yet come up with a workable solution. Now we have Pokáde: real Pokemon games (Red and Blue) running on real hardware (two Super Game Boys, two super Nintendos, and two Game Genies), streamed live to the Internet with an IRC-like chat function.

Simply for the ease of capturing the video of the stream, [Johannes], the guy behind all of this, is using a pair of Super Nintendos and Super Game Boys connected to USB video capture dongles. The Super Game Boys are modded to enable trading between the Red and Blue versions of the game, and controls are handled with a USB connection to the PC running the server.

Anyone can play the game, simply by going to the Pokáde Chat, entering the chat, and clicking on random buttons on the brick Game Boy GUI. The game ROMs have been slightly modified to disable the option of starting a new game, but this is still the classic Twitch Plays Pokemon experience: people all around the globe mashing buttons and creating a religion around a fossil pokemon.

Control This Pedestrian Walk Signal Online!

Capture

[Jon Bennett] is an electrical engineer who specializes in embedded systems software. He was the first employee of Pebble Technology and the lead developer of the inPulse Smart Watch. He has studied at the University of Waterloo during which he completed several interesting internships, including working on Bluetooth and WiFi embedded software for the iPhone (Apple, 2007). Now, he has hooked up this pedestrian walk signal — picked up at an electronics surplus store — to the internet.

The web-enable project utilizes a Spark Core Wifi Module, which is an Arduino-like micro-controller with more power, to wirelessly connect to the device. With the click of a button, the hand signal can be flashed. The walking illuminated man can be triggered with another press. Messages can be sent scrolling across the LED’s flashing by in sets of two simply by hitting enter.

All the source code has been posted on Github in case anyone wants to create their own.

Capture

[Jon]’s previous work can be found in a few of our featured articles from a couple of years ago. There’s the Thrift Shop Wifi Router Robot he made that could be controlled through the internet. He also built this interactive bubble music visualizer, and this programmable RC car that can be driven by a computer.

What will he think of next??