Little Bobby Tables Just Registered a Company…

Sometimes along comes a tech story that diverges from our usual hardware subject matter yet which just begs to be shared with you because we think you will find it interesting and entertaining.

XKCD 327, Exploits of a Mom (CC BY-NC 2.5).
XKCD 327, Exploits of a Mom (CC BY-NC 2.5).

You will no doubt be familiar with the XKCD cartoon number 327, entitled “Exploits of a Mom”, but familiarly referred to as “[Bobby Tables]”. In it a teacher is ringing the mother of little [Robert’); DROP TABLE Students; –], whose name has caused the loss of a year’s student records due to a badly sanitized database input. We’ve all raised a chuckle at it, and the joke has appeared in other places such as an improbably long car license plate designed to erase speeding tickets.

It's nice to see that Companies House sanitise their database inputs.
It’s nice to see that Companies House sanitise their database inputs.

Today we have a new twist on the Bobby Tables gag, for someone has registered a British company with the name  “; DROP TABLE “COMPANIES”;– LTD“. Amusingly the people at Companies House have allowed the registration to proceed, so either they get the joke too or they are unaware of the nuances of a basic SQL exploit. It’s likely that if this name leaves Her Majesty’s civil servants with egg on their faces it’ll be swiftly withdrawn, so if that turns out to be the case then at least we’ve preserved it with a screenshot.

Of course, the chances of such a simple and well-known exploit having any effect is minimal. There will always be poor software out there somewhere  that contains badly sanitized inputs, but we would hope that a vulnerability more suited to 1996 would be vanishingly rare in 2016.

If by some chance you haven’t encountered it before we’d recommend you read about database input sanitization, someday it may save you from an embarrassing bit of code. Meanwhile we salute the owner and creator of this new company for giving us a laugh, and wish them every success in their venture.

Smile for the Raspberry Pi Powered Photo Booth

[Roo] was tasked with finding a better way to take corporate employee photos. The standard method was for a human resources employee to use a point and shoot camera to take a photo of the new recruits. The problem with this method is many people feel awkward trying to force a smile in front of other people. Plus, if the photo turns out poorly many people won’t ask to have it retaken so as not to feel vain or inconvenience the photographer. [Roo’s] Raspberry Pi powered photo booth solves this problem in a novel way.

The new system has the employee use their own mobile phone to connect to a website running on the Pi. When the employee tells the Pi to snap a photo, the system uses the Raspberry Pi camera module to capture an image. [Roo] actually 3D printed a custom adapter allowing him to replace the standard camera lens if desired. The photo can be displayed on an LCD screen so the user can re-take the photo if they wish.

The system is built into a custom case made from both 3D printed and laser cut parts. The front plate is a frosted white color. [Roo] placed bright white lights behind the front panel in order to act as a flash. The frosted plastic diffuses the light just enough to provide a soft white light for each photo taken. Once the photo is selected, it can then be uploaded to the company database for use with emails, badges, or whatever else.

[Roo] also mentions that the system can easily be changed to send photos via Twitter or other web applications. With that in mind, this system could be a great addition to any hackerspace or event. The code for an older version of the project can be found on the project’s github page.

Continue reading “Smile for the Raspberry Pi Powered Photo Booth”

Extra extra: Now legal to jailbreak iPhone

For those living under a rock, the latest ‘greatest’ news to hit hacking front page is the the Copyright Office granting Six Exemptions Regarding the Circumvention of Access-Control Technologies. Of the six the one of the two regarding iPhones is as follows,

“(2) Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.”

Which (along with section 3) really just means that you can unlock and crack cellphones and companies can no longer fine you $2,500. Not that many ever have but the threat was there. Apple however, can and still will void your warranty if you jailbreak.

The 4 other areas not involving phones are the ability to circumvent DVDs for portions of video, video games in order to better the security of said game, computer programs that require dongles but dongles are no longer available, and literary works that prevent read-aloud or rendering to a specialized format.

One tidbit I keep hearing about in these exemptions is the ability to now break DRM on music, as much as I wish this were true, I can’t seem to find any sources on it, sorry pirates.

Regardless, now that the world is one step closer to an open framework, whats changed? For me, I’ve been jailbroken for years so sadly nothing. If you agree with the ruling, disagree, or just want to tell about your now legal jailbreaking joys, please leave a comment.

Additional Sources: FOXNews and CNNMoney thanks to [Voyagerfan99], [Ryan Knight], and [Steve S.] respectively.

[Image credit: Fr3d.org]