Wired Threat Level has posted an interview with the hacker who recently broke into several high profile twitter accounts, such as Fox News, and Barack Obama. Since we know how much you all love twitter, we thought you might want to learn more about it. Apparently he used a brute force method to get into a member of the support team. The password was “happiness” which was cracked pretty quickly. This might be a good time to review your own strategies to prevent brute force attacks.

Our wallets are filling up with SIM and RFID cards that contain hidden information. Using our latest project, the Bus Pirate universal serial interface, we can dump the memory from many common smart cards. In today’s How-to, we show you how to interface common smart cards, and walk you through the data stored on a FedEx Kinko’s prepaid value card.

Read the rest of this entry »

We’re always looking for people to contribute posts daily and help expand the site. We’ve added a handful of contributors in the last couple months, which you can see in our new How-tos.

This is a paid, freelancing position that requires professionalism, consistency, and reliability. We want to hear from people that are passionate about software/hardware hacking and growing Hack a Day. To apply, send the following to jobs@hackaday.com

• A short bio about yourself
• 3 example daily posts written in the style of Hack a Day
• 3 software or hardware how-tos you’d like to see. For examples of work we’ve done in the past, look here, here, here, and here.
• A couple sentences on how you would improve the site either through features or content
• Any additional reasons why you would make a good fit for Hack a Day

Do not send any attachments. Having your own blog you can show off is a definite plus.

[photo:fbz]

A few days ago a lone individual decided to crack [Governor Sarah Palin]’s private Yahoo! email account. He did this by navigating the password reset procedure. [Gov. Palin]’s birthday was publicly available and Wasilla only had two zip codes to guess. The follow up question “Where did you meet your spouse” required some more research. They met in high school so a few more guesses turned up “Wasilla high” as the answer. The original poster then read every single email only to discover that there really wasn’t anything of interest there. Frustrated, he posted the details to 4chan to let any wonk have at it. /b/ members began posting screenshots of the account, but very little came of it.

One screenshot of her inbox even revealed her daughter Bristol’s cell phone number. While there was no groundbreaking political information revealed, it is important to point out that it appears that Gov. Palin was using this private account to correspond to her assistants about potentially sensitive government information. This security breach should serve as a wake-up call to many public officials by showing how dangerous it can be to have a private e-mail account, especially when a free web-based service such as Yahoo! is used.

Fresh off the tips line, [Jake] sent in his portable NES project. We’ve seen quite a few portables, but we love that the entire thing is built into an old NES cartridge. It’s got 99 games and some clever control placement. Three N cells nestled in the former connector slot power the system. You can see more pic over at [Ben Heck]’s forum.

This is quickly becoming an unintentional “game controller Saturday”. We haven’t been covering the PSP much lately, so this is a treat. AcidMods forum member [Electro] put together a quick guide for adding two missing shoulder buttons to the PSP. The L2 and R2 buttons are used while playing Playstation 1 games and are usually mapped to directions on the joystick. This mod jumps the joystick’s contacts an relocates the buttons to the shoulders. The switches used in the post seem kind of bulky, but you’re free to use anything that fits.

[via Engadget]

Read the rest of this entry »

A fundamental problem with flash memory has just gone mainstream. A detective successfully recovered data from a refurbished iPhone purchased from Apple. Flash memory controllers write to blocks randomly so using standard secure erase techniques are no guarantee that all of the storage space will be written.

[Rich Mogull] has posted a method that should wipe out almost all remnants of your personal data. You start by restoring the iPhone in iTunes and turning off all the syncing options. Next you create 3 playlists large enough to consume all of the phone’s storage space. Sync each playlist in turn and your residual personal data should be obliterated. All that’s left to do is sit back and wonder when the first article about the MacBook Air SSD being impossible to securely erase will be published…

We haven’t made a regular habit of watching BoingBoing TV, but lately they’ve been covering topics we’ve been interested in… not the dolphin pr0n. In yesterday’s episode they talked to Jacob Appelbaum and members of the EFF about the cold boot encryption attack. The attack involves dumping the contents of memory to a storage device by power cycling the system. Cooling the memory chip with compressed air helps preserve the integrity of the data. The attacker can then search the data to find encryption keys protecting the contents of the hard drive. A fool proof solution to mitigate this attack hasn’t been developed yet. You can read more about cold boot attacks at the Center for Information Technology Policy. The BoingBoing TV episode, bizarre editing and all, can be downloaded directly here.

This will probably be more useful to custom speaker builders, but coil winding has always been a bit tedious. [iwicom] put together a simple coil winder using a hand drill, a magnet, a reed switch that triggers a pedometer. Aside from the coil winder, I love the idea of using the pedometer as a cheap event counter.