We just wanted to give a heads up to everyone to remind them that the annual layerOne hacking and security conference is coming up soon. They have announced their speaker line-up which includes talks on home monitoring, lockpicking, mobile malware and tons more. The event is located in Anaheim California on May 28-29.

They sent us sort of a press release with some information on the event and some details on the badge. You can read their email after the break.

The annual LayerOne hacking and security will be held on May 28-29,
2011 in Anaheim, CA. As always, there’s a great speaker lineup
(http://www.layerone.org/?page_id=85) at Layer One 2011. Some
highlights include John Norman talking about DIY Access Control
Systems (http://www.layerone.org/?page_id=85#arclight), Sam Bowne
talking about Layer 7 DDoS attacks
(http://www.layerone.org/?page_id=85#bowne), and Jimmy Shah talking
about For-profit malware on mobile devices
(http://www.layerone.org/?page_id=85#shah).

LayerOne includes a full fledged Lockpicking Village
(http://www.layerone.org/?page_id=105) and Hardware Hacking Village
(http://www.layerone.org/?page_id=103), both of which will have
demonstrations and training for those interested in picking locks,
cracking safes, making blinky lights, or learning how to surface mount
solder. This year will also be LayerOne’s first Tamper Evident Contest
(http://www.layerone.org/?page_id=45#tamper), where teams compete to
see who can best defeat mechanical, adhesive, and electronic tamper
indicating technologies while leaving no trace of their attacks.

This year’s badge will be a custom PCB that can be worked on in the
Hardware Hacking Village to make a mini synthesizer. Designed by
Charliex of Null Space Labs (http://www.nullspacelabs.com), it is
based on the open source meeblip (www.meeblip.com) and the AVR Synth
(http://www.elby-designs.com/avrsynth/avrsyn-about.htm). (The meeblip
is a reworked version of the AVR synth.) It has a 16 bit output with a
DAC that’s loaded 8 bits at a time. To cut down costs and assembly
time we used a simple R2R ladder and dropped off the amp stage, since
R2R’s pretty much rock.

The design was changed to surface mount (from through-hole); we don’t
have any through hole soldering equipment and it’s not 1980. The CPU
was switched to the ATMEGA64 or ATMEGA128 for those needing next-level
beats and more hackability. The MIDI interface is on a seperate mini
PCB that connects to the badge so you can play Rockband’s pro keyboard
or guitar. The pots were changed to linear slide and the switches to
momentary to save cost and space. Our intial meeblip version we
reworked at NSL worked out about half the cost of the original —
this one is even less than that. Both ISP and JTAG are broken out,
since the ATMEGA64/128 is one of the bastard children of the ATMEL
series. Finally, 20 charlieplexed LED’s were added because blinky
things are a must have at any premier security conference.

Speakers will have their own top-secret 4-layer PCB badges designed by
Krs (http://www.layerone.org/?page_id=85#krs), who is also giving a
short talk on their design and her experiences going from EE newbie to
designing complex PCBs in less than a year.

The crew at Defcon is hard at work getting things ready for this year’s event, taking place over the first weekend in August. While the typical call for papers has been out for almost two months now, the extra space afforded by the RIO hotel has given the organizers a chance to shake things up a bit and try something new.

Along side the call for papers, they have issued a call for workshops. Since they have about 8 spare rooms on hand, they have decided to allow people who consider themselves a leader, ‘leet hacker, or ninja in their particular field to share their knowledge in a small (30 person) workshop setting.

The organizers are not strict on content, though it should be compelling. They cite examples such as teaching people to build an impenetrable Linux installation, PS3 hacking, or even helping people prep for a Ham radio license exam.

If you have something interesting to share with the community, be sure to swing by the Defcon site and get your application started!

Sometimes it helps to have an entire set of tools with you to tackle a problem, and sometimes it helps to take the discreet route. [StenoPlasma] took the latter of these approaches, and stuffed a USB hub, a 16 GB flash drive, and an Atheros based USB wireless adapter into a regular looking USB mouse to make a Linux bootable system in a mouse. Because he chose the Atheros adapter, he is also capable of doing packet injection with tools like Aircrack-ng, which can invaluable in a security audit or (white hat) hacking situation.

This is the only photo we have, so it could be possible that the mouse is no more than a mouse, however we know all of what [StenoPlasma] claims is 100% possible, so we’ll give him the benefit of the doubt, and hope this inspires others to hack up your own mouse kits. Be sure to check out the full parts list after the break.

Parts:

• Targus USB 2.0 4-Port Bend-a-Hub (Stripped and re-soldered)
• Belkin USB 10′ Extension Cord (with the extension USB in place to make it easy for me to change cable lengths)
• IOGEAR Atheros Wireless B/G Injectable Cracking Adapter
• Corsair Voyager Mini 16 GB Thumb Drive
• Logitech MX310 Wired Optical Mouse

These assumptions can be inconvenient for some of us, when we have to explain that, “Yes, I made this myself. No, it isn’t dangerous”. The real tragedy is when fears like this are imposed onto children and students who have an interest in building something of their own. Recently there was a story about a middle school student from San Diego who built a motion detector into a bottle. He attended a technically-oriented school, and decided that he would bring in his project to show his friends. After a teacher spotted this “Suspicious looking bottle with wires coming out of it”, the device was confiscated, a bomb squad was called out, and the school was evacuated. After using a robot to X-ray and examine the bottle thoroughly the bomb squad finally declared the project safe. Instead of listening to the student from start, thousands of dollars were wasted bringing out the bomb squad and an entire day of school was interrupted because the administrators gave in to fear of something they didn’t know about. The worst part of all of this is that while the student wasn’t formally punished, the school district recommended that he should undergo counseling to correct his behavior.

This isn’t an isolated incident either. Back in 2007 an engineer who had built one of Adafruit’s MintyBoost kits was stopped in airport security because the kit “Looked like an IED”. In that case the engineer in question stood his ground, calmly explained what it was he had, and why it wasn’t dangerous. Luckily, the police that were called in were of a more rational mind, and after proving that the kit performed as promised (lighting up a USB LED lamp), told the TSA to let him go, kit and all. While this does bring up questions towards the arbitrary rules used in TSA screening, that is not the point of this story. Airline troubles have even extended to our friends over at MakerBot, who had their luggage searched on the way to CES. The important message to get across is how important it is for makers, hackers, circuit benders, and anyone else who creates or modifies something to share their projects with friends, family, and the internet.

Until people start to realize that not all electronics come from a store, stories like these will keep happening. Education is the only effective tool against fear, and without people like our readers sharing their creations and taking time to talk to people about what the hardware hacking scene is, the general population can’t be expected to know any better. This responsibility to educate is even more important for people like parents, teachers, and organizations such as the TSA and the police because of the influential nature of who they are.

I want to thank anyone who has shared their projects with us, and urge all of you to continue. Our mission here at Hack a Day is to share the amazing projects that are out there, and to help spread the word and interest of hardware and software creation and modification. This mission extends both to experts as well as people who have never seen anything like this before. The knowledge you all share with us helps us spread the word of hacking to as many people as we can get to listen.

I can’t wait to see what else you all have in store for us.

[James].

SecurityTube is a site which has recently caught our attention. The site has quite a variety of videos from various sources related to security and hacking. Videos range from DEFCON talks, to documentaries, step by step how tos, and even proof of concept vulnerability videos. It’s certainly a great resource for anyone looking for something a bit more involved then a plain text writeup, and offers a way for you to catch those hacker conference talks you missed. Many of the videos come with a bit of a background information as well, so it’s far more informative then your regular YouTube videos. This site is certainly going to become a very valuable resource for many people, and is certainly a great way to kill an afternoon while still learning something.

Hacking at Random, an international technology and security conference, has just announced the dates for their 2009 event. The four day outdoor technology camp will be held August 13-16 near Vierhouten, Netherlands. HAR2009 is brought to you by the same people who held What the Hack, which we covered in 2005. They’ve done this every four years for the last 20. We’ll be sure to attend. We loved CCCamp in Germany last year and plan on attending ToorCamp in Seattle this year too.

[photo: mark]

The Guardian’s technology department hosted its first Hack Day last Thursday. Developers were freed from the drudgery of their everyday jobs to make fun toys and tools. Many of the hacks that developed played around with the website, like the Guardian commenter blocker, or the Guardian Button integrated into the Google Toolbar. We liked the Guardian Politics Page LED Swingometer, created by [Tom Armitage], which scanned the Guardian’s politics RSS feed for mentions of “Conservative” or “Labour” to yield the “swing” of a page to an Arduino. We wanted to see more of the Java-enabled Robot Dude. You can track Fhe Guardian’s Hack Day activity on Twitter with the tag #ghack1 or check out their photos on Flickr.

If you want to participate in a Hack Day, Last.fm is hosting one this December.

[David Kernell], the 20-year-old son of Democratic politician [Mike Kernell], turned himself in for hacking into Vice Presidential nominee Governor [Sarah Palin]‘s Yahoo! email account. He was indicted on one felony count of violating the 1986 Computer Fraud and Abuse Act. Although the charge would normally be a misdemeanor, the indictment invokes another statute, the Stored Communications Act to beef up its claim. Some lawyers are of the opinion that the U.S. Department of Justice overreached in charging [Kernell] with a felony. They claim that the government’s justification is flawed and relies on “circuitous logic”. [Kernell] has been released without bond, and instructed not to have any contact with [Governor Palin], her family, or any witnesses to the case. If convicted fully, he faces a maximum sentence of five years in prison and a fine of up to $250,000. We also discovered that this isn’t [Kernell]‘s first time in trouble. In high school, he received detention for guessing the password of the school server and obtaining access to some lesson plans.

This is a paid, freelancing position that requires professionalism, consistency, and reliability. We want to hear from people that are passionate about software/hardware hacking and growing Hack a Day. To apply, send the following to jobs@hackaday.com

• A short bio about yourself
• 3 example daily posts written in the style of Hack a Day
• 3 software or hardware how-tos you’d like to see. For examples of work we’ve done in the past, look here, here, here, and here.
• A couple sentences on how you would improve the site either through features or content
• Any additional reasons why you would make a good fit for Hack a Day

Do not send any attachments. Having your own blog you can show off is a definite plus.

[photo:fbz]

Helix 2.0 has been released.  Helix is a collection of various tools for electronic forensics.  Just like on TV, you can use this to find all kinds of information on a computer.  Some of the useful tools added were Winlockpwn a tool for breaking windows security, Volitility which processes data out of the raw memory, and several other tools that are beyond our comprehension.

You’ve undoubtedly noticed that the title says Helix V2.0, but the image and header of the Helix site say 3.  We have no idea why. Look at the download info to see that it says V2.0.

[Via Midnight Research labs]

The Israeli hacker [Ehud Tenenbaum], known as “the Analyzer”, was arrested along with 3 Canadians for allegedly hacking into a Calgary-based financial services company and withdrawing almost CDN $2 million. The arrests were the results of a months-long investigation by both the Canadian police and the U.S. Secret Service.  In 1998, [Tenenbaum] was accused of hacking into unclassified computer systems owned by NASA, and the Pentagon, among others. He is in custody without bail, although the three other suspects have been released on bond.

[thanks vor]

[Jonathan Zdziarski], a data forensics expert and iPhone hacker, will demonstrate in a live O’Reilly webcast on September 11, 2008, how to bypass the iPhone passcode lock security. Although the presentation is targeted towards law enforcement, it will probably viewed by a lot of hackers and geeks, who could use the information for good or evil. It also doesn’t strike us as very good security if the iPhone passcode is easily bypassed. Then what’s the point of having one?

[via Gizmodo]

[Jason Scott] curated a nice collection of links related to [Phil Lapsley]‘s work on phone phreaking. [Lapsley]‘s book, The History of Phone Phreaking, will be released in 2009. Meanwhile phone phreak enthusiasts can peruse his site and bone up on some interesting material, including documents that revealed the inner workings of the telephone switchboard(PDF), and the Youth International Party Line (YIPL)/Technological American Party (TAP) FBI files(PDF), which is really intriguing for the various doodles and conversations that were documented. If you have some spare time, we definitely recommend sifting through it.

[via Waxy]

[photo: silas216]