Overclockers are always trying to come up with new, colder, and quieter ways to keep their PCs cool. [gigs] was so dedicated to this, he decided to lay 6 meters of copper pipe to use as a radiator in his new house’s foundation. As of now, the foundation is laid (copper pipes and all), and the forum posts come complete with finished slab pics, though there is no house to speak of yet.
[via Slashdot]
We’ve heard about the idea of using browsers as distributed computing nodes for a couple years now. It’s only recently, with the race towards faster JavaScript engines in browsers like Chrome that this idea seems useful. [Antimatter15] did a proof of concept JavaScript implementation for reversing hashes. Plura Processing uses a Java applet to do distributed processing. Today, [Ilya Grigorik] posted an example using MapReduce in JavaScript. Google’s MapReduce is designed to support large dataset processing across computing clusters. It’s well suited for situations where computing nodes could go offline randomly (i.e. a browser navigates away from your site). He included a JavaScript snippet and a job server in Ruby. It will be interesting to see if someone comes up with a good use for this; you still need to convince people to keep your page open in the browser though. We’re just saying: try to act surprised when you realize Hack a Day is inexplicably making your processor spike…
[via Slashdot]
An anonymous Slashdot reader asked today what was the best digital television to analog converter box. He was looking for one with the best hacking potential. We actually purchased a Zenith DTT900 HD converter box this summer specifically wondering about the hacking potential. We did a teardown and you can find a full gallery on Flickr. Our conclusion was this: there’s not much there. You’re talking about a box that takes a digital RF signal and turns it into a crappier looking analog signal over composite. There isn’t much you can do outside of its designed use. Do you have any ideas what else can be done with it?
Slashdot commenter [timeOday] did mention a Tivax brand box that features a serial port. You can use it to issue remote commands to the box.
Not much has been said about the actual coupons. We’ve got a scan of them embedded below. The $40 coupons are essentially credit cards. We ran ours through a magstripe reader confirming this. Even though the card isn’t stamped with the recipient’s name, it is stored on the magstripe.
Frozen Cache is a blog dedicated to a novel way to prevent cold boot attacks. Last year the cold boot team demonstrated that they could extract encryption keys from a machine’s RAM by placing it in another system (or the same machine by doing a quick reboot). Frozen Cache aims to prevent this by storing the encryption key in the CPU’s cache. It copies the key out of RAM into the CPU’s registers and then zeroes it in RAM. It then freezes the cache and attempts to write the key back to RAM. The key is pushed into the cache, but isn’t written back to RAM.
The first major issue with this is the performance hit. You end up kneecapping the processor when you freeze the cache and the author suggests that you’d only do this when the screen is locked. We asked cold boot team member [Jacob Appelbaum] what he thought of the approach. He pointed out that the current cold boot attack reconstructs the key from the full keyschedule, which according to the Frozen Cache blog, still remains in RAM. They aren’t grabbing the specific key bits, but recreating it from all this redundant information in memory. At best, Frozen Cache is attempting to build a ‘ghetto crypto co-processor’.
We stand by our initial response to the cold boot attacks: It’s going to take a fundamental redesign of RAM before this is solved.
[via Slashdot]
Apparently, Apple has decided that extending DRM to your Nike accessories will keep hackers at bay. Sick of people cutting the sensors out of their Nike shoes for use on other apparell, they have applied for a patent. Ever noticed the warning that it’s illegal to pull the tag off of a mattress? Did that stop you?
[via Slashdot]
With each passing day the rate we acquire digital media increases (we don’t even bother unpacking our CDs when we move anymore). Large publishers have started moving away from DRM, which means we’ll be buying even more digital media in the future. Acquiring all of this nonphysical property puts importance on not just making it easily accessible, but also protecting it from destruction. Slashdot asked for reader suggestions of what NAS to buy; we’ve compiled some of the options below and want to know what you use.
Yesterday, Slashdot reported a privilege escalation vulnerability in OSX. Using AppleScript you can tell the ARDAgent to execute arbitrary shell script. Since, ARDAgent is running as root, all child processes inherit root privleges. Intego points out that if the user has activated Apple Remote Desktop sharing the ARDAgent can’t be exploited in this fashion. So, the short term solution is to turn on ARD, which you can do without giving any accounts access privileges. TUAW has an illustrated guide to doing this in 10.4 and 10.5.
Not even a week ago we asked what we should do with our OLPC XO. InformIT’s [Seth Fogie] has written a great two part article that covers turning it into a hacker toolkit. Part one is an overview of the OLPC, how to upgrade it, and do some usability tweaks. Part two covers installing Nessus, Metasploit, and doing some wireless sniffing. We’ll be building our own little green monster based on this and let you know how it goes.
[via Slashdot]
Imagine how surprised we were to discover that by accidentally bricking our router we were executing a brand new attack: Phlashing Denial Of Service (PDOS). This week at EUSecWest, researcher [Rich Smith] will present the theoretical PDOS attack. Instead of taking over control of an embedded system, the attacker turns it into a nonfunctioning brick by flashing it with a broken firmware. Anyone who has flashed a device knows the danger of interrupting the procedure.
Hack a Day serves up fresh hacks each day, every day from around the web and a special How-To hack each week.
Powered by WordPress
