[Laxman] is back again with another hack related to Facebook photos. This hack revolves around the Facebook mobile application’s “sync photos” function. This feature automatically uploads every photo taken on your mobile device to your Facebook account. These photos are automatically marked as private so that only the user can see them. The user would have to manually update the privacy settings on each photo later in order to make them available to friends or the public.
[Laxman] wanted to put these privacy restrictions to the test, so he started poking around the Facebook mobile application. He found that the Facebook app would make an HTTP GET request to a specific URL in order to retrieve the synced photos. This request was performed using a top-level access token. The Facebook server checked this token before sending down the private images. It sounds secure, but [Laxman] found a fatal flaw.
The Facebook server only checked the owner of the token. It did not bother to check which Facebook application was making the request. As long as the app had the “user_photos” permission, it was able to pull down the private photos. This permission is required by many applications as it allows the apps to access the user’s public photos. This vulnerability could have allowed an attacker access to the victim’s private photos by building a malicious application and then tricking victims into installing the app.
At least, that could have been the case if Facebook wasn’t so good about fixing their vulnerabilities. [Laxman] disclosed his finding to Facebook. They had patched the vulnerability less than an hour after acknowledging the disclosure. They also found this vulnerability severe enough to warrant a $10,000 bounty payout to [Laxman]. This is in addition to the $12,500 [Laxman] received last month for a different Facebook photo-related vulnerability.
[Art Barrios] kept having night-time visitors who were raiding his dog’s food storage bin. It’s a plastic tub with a lid that latches but the critters were knocking it over and popping that lid off. He wanted to find out which animal was the culprit so he hacked together an automatic camera system using an old cellphone.
You can see the majority of the hardware he used in the image above. There’s an Arduino on the left. This monitors a switch which he added to the lid of the food storage container. It triggers the system when opened, switching on an LED light and snapping pictures.
The touchscreen button is used to trigger the shutter. That’s what all of that tin foil is about. Some experiments led [Art] to realize that a metal ‘finger’ could register on the screen if there was enough foil attached. To move the metal bracket he uses a solenoid. The last problem he faced was keeping the cellphone screen awake. He figured out that power cycling the charger does the trick. The Arduino manages this using a mains-rated relay.
The system successfully captured images of a family of raccoons feasting on the tasty morsels.
We think [Brian Delacruz] latched on to a good idea with this photo printer project. Instead of building a big photo booth for his party he developed a Raspberry Pi based WiFi photo printer. Right now it’s a prototype that lacks the kind of polish necessary to make a true user-friendly device. But the idea is solid and just waiting for you to improve upon it.
In addition to the RPi he’s using a quality photo printer and a small wireless router. The router simply provides WiFi capabilities for the RPi which is running a web server, mySQL, and FTP. This provides a wide range of upload options which he can work with. Watch the video after the break to see him print a smart phone photo wirelessly.
This can be simplified by using a package like hostapd to use a USB WiFi dongle as an access point. Or if the venue already has Internet access a server could be set up with a QR code to guide people to it. The party starts off with an empty bulletin board and guests would be invited to print and hang their own photos which will go into the host’s guest book/scrap book to remember the event.
[Metalfusion], built himself a nice looking CNC machine and has been experimenting with some out of the box uses for his new tool. One novel use he is particularly fond of is creating pictures with his machine (Google Translation). While you might imagine that he is simply using the CNC as an engraver, literally drawing images on the surface of his workpiece, what he is doing is far more interesting.
He developed a small application that takes an image (jpeg, gif, or png) and converts it to a set of pixels, which can then be tweaked and skewed to his liking. The application exports the halftone image to a DXF file which can be fed into the CAD application that he uses to control his CNC machine. The CNC does the rest, using a v-shaped router bit to cut holes into his workpiece, generating a physical halftone picture from his digital image.
Thought the process does take some time to complete, the resulting images are well worth it. If you are interested in trying this at home using your own CNC machine, the DXF Halftone application is available on his site for free.
Continue reading to see his halftone generating CNC in action.
Continue reading “Creating halftone pictures with a CNC machine”
Ever wanted to be able to launch a balloon into space, track its location via GPS, take some photographs of the curvature of the earth, and recover the balloon, all for the low low cost of $150? [Oliver Yeh] sent in his teams project, Icarus, which does just that. The group of MIT students found that they could use a weather balloon filled with helium to reach heights of around 20 miles above the earth; their particular balloon achieved 93,000 feet (17.5 miles). Then, utilizing only off the shelf components with no soldering, conjured up a GPS tracker using a Motorola i290 Prepaid Cellphone. They then used a Canon A470 loaded with the chdk open source firmware to take pictures. After seeing the results of their launch, the team hopes that this could rejuvenate interests in science and the arts.