Let’s start off this weekend’s links post with some advertising. We like targeted ads (mostly because we don’t have pooping problems and are tired of hearing about Activia). So we applaud IBM for finding our number with this commercial which produces a stop-motion animation using single atoms as pixels. Wow! [via Reddit and Internet Evolution]
Speaking of commercials, here’s some snake-oil which lets you touch a boob without being in the same room with the person [Thanks Michael].
Moving right along we’ve got a trio of trackpad hacks. There’s one that lets you use the keyboard and trackpad of a MacBook as a standalone USB input device [via Reddit]. Or you could take a Toshiba laptop to the tablesaw to turn it into a USB trackpad. But maybe your Acer C7 Trackpad doesn’t work very well and you just need better grounding.
[Nick McGill] is a member of the team developing an upper body exoskeleton as an assistive technology. This made the rounds on tech websites but the lack of in-depth build info on the project site kept it from getting its own feature here.
If you have a router capable of running DD-WRT here’s a method of setting up a PPTP VPN for free.
And finally, you may remember hearing about the original Prince of Persia source code being discovered and released about a year ago. Well [Adam Green] figured out how to compile it into the original Apple II floppy disks. [Thanks Arthur]
We ran into a friend a while back who was logging into her employer’s Virtual Private Network on the weekend. She caught our attention by whipping out her keys and typing in some information from a key-fob. It turns out that her work uses an additional layer of protection for logging into the network. They have implemented a username, pin number, as well as a hardware token system called SecurID.
The hardware consists of a key-fob with an LCD screen on it. A code is displayed on the screen and changes frequently, usually every 60 seconds. The device is generating keys based on a 128-bit encryption seed. When this number is fed to a server that has a copy of that seed, it is used as an additional verification to the other login data.
This seems like a tech trickle-down of the code generating device from GoldenEye. It does get us thinking: with the problems free email services have been having with account theft, why aren’t they offering a fee-based service that includes a security fob? With the right pricing structure this could be a nice stream of income for the provider. We’re also wondering if this can be implemented with a microcontroller and used in our home network. As always, leave comments below and let us know if you’ve already built your own system using these principles.
Update: Thanks to Andre for his comment that tells us this type of security is available for Apache servers. The distribution includes a server side authentication system and a Java based token generator that can run on any handheld that supports Java.
Capture the Flag (CTF) is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. Every team gets an identical virtual machine image. The VM has a set of custom written services that are known to be vulnerable. The teams work to secure their image while simultaneously exploiting services on the machines of other teams. A scoring server monitors the match as it progresses and awards points to teams for keeping their services up and also for stealing data from their competitors.
The Chaos Communication Congress in Berlin December 27-30, 2008 will host a CTF competition. Most CTF matches are done head to head in the same room. While 25C3 will have local teams, it will also be wide open for international teams to compete remotely. Remote teams will host their own images on a VPN with the other competitors. Now is a good time to register and familiarize yourself with the scoring system. It will certainly be interesting to see how this competition plays out now that teams that can’t make the trip can still compete.