Author: Bob Baddeley

94 Articles

Directional Booklight Invisible To Everyone But You

February 27, 2016 by 15 Comments

Consistent contributor [Ken] has cooked up another contraption with his directional booklight. Combining an LED strip and privacy screen filter inside a wooden enclosure, this handy tool is made for someone who wants to read in bed without disturbing anyone else. The booklight sits on top of the page, the LEDs light up just the given area, and because the privacy screen only allows light to come straight off the page, only the reader can see any light and any other viewing angle is obscured.

[Ken] thought of everything. Rather than have the light stay on while the booklight is lifted to turn the page and possibly flash an unsuspecting slumberer, a tactile switch on the underside turns the light on only when it is pressed against the page, allowing very little light to escape.

Future upgrades include another switch on top to detect when the book is closed, and an accelerometer to detect when the reader may have fallen asleep.

We’ve reported a few of [Ken]’s projects before, like his 3D popup cardsunique weather display, and semi-real-life Mario Kart

Continue reading “Directional Booklight Invisible To Everyone But You”

Linux Mint Hacked Briefly – Bad ISOs, Compromised Forum

February 22, 2016 by 34 Comments

On February 20th, servers hosting the Linux Mint web site were compromised and the site was modified to point to a version of Mint with a backdoor installed. Very few people were impacted, fortunately; only those who downloaded Mint 17.3 Cinnamon on February 20th. The forum user database was also compromised.

What is most impressive here is not that Linux Mint was compromised, but the response and security measures that were already in place that prevented this from becoming a bigger problem. First, it was detected the same day that it was a problem, so the vulnerability only lasted less than a day. Second, it only affected downloads of a specific version, and only if they clicked a specific link, so anyone who was downloading from a direct HTTP request or a torrent is unaffected. Third, they were able to track down the names of three people in Bulgaria who are responsible for this hack.

As far as the forum compromise, the breech netted usernames, emails, and encrypted passwords, as well as personal information that forum users may have entered in signatures or private messages. It’s always nice to see when compromised sites are not storing passwords in plain text, though.

There is one security measure which should have protected against this and failed for a couple of reasons, and that’s the signature. Normally, the file download is accompanied by a signature which is generated from the file, like an MD5 or SHA checksum. By generating the checksum of the downloaded ISO file and comparing it to the reported signature on the web site, one can confirm that the file has downloaded correctly and that it is the same file. In this case anyone downloading the bad ISO should have caught that the downloaded file was not the official one because the signatures did not match. This can fail. Most people are too lazy to check (and there is no automated checking process). More importantly, because the attackers controlled the web site, they could change the site to report any signature they wanted, including the signature for the bad ISO file.

If you are affected by this, you should change your password on the forum and anywhere you use the same email/password. More importantly, as great as the verification signature is, shouldn’t there be a better way to verify so that people use it regularly and so that it can’t be compromised so easily?

$3 Smartphone From India

February 18, 2016 by 49 Comments

The release of the Ringing Bells Freedom 251 means exciting things for India, and if it goes well possibly the hacker community, too. This $3 device comes with all the things you’d expect from your standard smartphone. Considering any of the individual components alone (4″ IPS screen, cell modem, 1450 mAh battery, 1.3 GHz quad-core processor, 3.2 MP front and 0.3 MP rear cameras) could cost more than the whole thing put together, some skepticism is warranted.

There is speculation about how this is possible given Ringing Bells’ claims of no government subsidies. Considering the prototype presented to the media was from Chinese company Adcom, this may be a big scam in the making. The BBC does an examination of the many ways this seems sketchy, including the lack of appropriate government approvals (like the Indian equivalent of the FCC), and the experience of the company selling it (established in 2015).

Still, consider us curious and hopeful that we may have a new tool as useful and cheap as the ESP8266 has been. That said, it will be interesting to see if the company can maintain stock and limit hardware sales to their intended market or will a curious world electronics ecosystem make them a scarce stock item.

[via BBC]