search-console

Fooling Google Search Console With Tricky PHP

July 17, 2015 by 42 Comments

When [Steve] received a notice from Google that a new owner had been added to his Google Search Console account, he knew something was wrong. He hadn’t added anyone to his account. At first he thought it might be a clever phishing tactic. Maybe the email was trying to get him to click a malicious link. Upon further investigation, he discovered that it was legitimate. Some strange email address had been added to his account. How did this happen?

When you want to add a website to Google’s services, they require that you prove that you own the actual website as a security precaution. One method to provide proof is by uploading or creating an HTML file to your website with some specific text inside. In this case, the file needed to be called “google1a74e5bf969ded17.html” and it needed to contain the string “google-site-verification: googlea174e5bf969ded17.html”.

[Steve] logged into his web server and looked in the website directory but he couldn’t find the verification file. Out of curiosity, he tried visiting the web page anyways and was surprised to find that it worked. After some experimentation, [Steve] learned that if he tried to load any web page that looked like “googleNNNNNNN.html”, he would be presented with the corresponding verification code of “google-site-verification: googleNNNNNNNN.html”. Something was automatically generating these pages.

After further investigation, [Steve] found that some malicious PHP code had been added to his website’s index.php page. Unfortunately the code was obfuscated, so he couldn’t determine exactly what was happening. After removing the new code from the index.php file, [Steve] was able to remove the hacker’s email address from [Steve’s] Google account.

This is a very interesting hack, because not only did it allow this one hacker to add himself to [Steve’s] Google account, but it would also have allowed anyone else to do the same thing. This is because each new hacker would have been able to fool Google’s servers into thinking that they had uploaded the verification file thanks to the malicious PHP code. It makes us think that perhaps Google’s verification system should use a separate randomized string inside of the verification file. Perhaps one that can’t be guessed or calculated based on known variables such as the file name.

Sea Rendering

Project Sea Rendering Autonomously Renders Sea Bottoms

May 25, 2015 by 21 Comments

[Geir] has created a pretty neat device, it’s actually his second version of an autonomous boat that maps the depths of lakes and ponds. He calls it the Sea Rendering. The project is pretty serious as the hull was specially made of fiberglass. The propulsion is a simple DC motor and the rudder is powered by an RC servo. A light and flag adorn the top deck making the small craft visible to other larger boats that may be passing by. Seven batteries are responsible for all of the power requirements.

Sea Rendering

The craft’s course is pre-programmed in Mission Planner and uses ArduPilot loaded on an Arduino to steer to the defined way points. An onboard GPS module determines the position of the boat while a transducer measures the depth of the water. Both position and depth values are then saved to an SD card. Those values can later be imported into a software called Dr Depth that generates a topographic map of the water-covered floor.

[Geir] has sent this bad boy out on an 18 km journey passing through 337 way points. That’s pretty impressive! He estimates that the expected run time is 24 hours at a top speed of 3 km/h, meaning it could potentially travel 72 km on a single charge while taking 700 depth measurements during the voyage.

Continue reading “Project Sea Rendering Autonomously Renders Sea Bottoms”

College Researcher Makes Supercomputer From 420 PS3s

December 28, 2014 by 64 Comments

Noting that funding for science has run dry for many researchers, [Gaurav] has built a supercomputer from 200 Playstation 3 consoles housed and chilled inside an old refrigerated shipping trailer. His mission at UMass Dartmouth from the National Science Foundation is simulating black hole collisions with an eye on learning something about gravitational waves.

Dr. [Gaurav Khanna] is no stranger to using PS3 supercomputers to do meaningful science. Seven years ago he proposed a 16-PS3 supercomputer running Linux and managed to convince Sony to donate four consoles. The university kicked in funding for another 8 and [Gaurav] ponied up for the last four out of his own pocket. He dubbed it the “PS3 Gravity Grid” and received international attention for the cluster. For equivalent performance, it cost him only 10% the price of a real supercomputer. This led to published papers on both hacked supercomputers and gravity waves. But that rig is looking a little old today. Enter the Air Force.

Dr. [Khanna] was not the only one using PS3s to crunch data – back in 2010 the US Air Force built the “Condor Cluster” of 1,760 PS3s to perform radar imaging of entire cities and do neuromorphic AI research. With their hardware now expired, the Air Force donated 200 of the PS3s to [Gaurav] for his new build. Now that he has wired them up, the Air Force is donating another 220 for a not-snicker-proofed total of 420.

For those sceptical that the now 8-year-old hardware is still cost-effective, even with free consoles it is marginal. RAM is an issue and modern graphics cards are each equivalent to 20 PS3s. Ever the popular target these days, Sony has the PS4 OS locked down from the get go – thanks Sony. The next cluster planned will be with PCs and graphics cards. For now, [Gaurav] has plenty of calculations that need crunching and a queue of colleagues have formed behind him.

Santa’s Autonomous Helping Hands Let The Jolly Ol’ Fellow Kick Back This Season

December 20, 2014 by 6 Comments

For those skeptical about the feasibility of Santa’s annual delivery schedule, here’s an autonomous piece of the puzzle that will bewilder even the most hard-hearted of non-believers.

The folks over at the Center of Excellence Cognitive Interaction Technology (CITEC) in Germany have whipped together a fantastic demo featuring Santa’s extra pair of helping hands. In the two-and-a-half minute video, the robot executes a suite of impressive autonomous stocking-stuffing maneuvers: from recognizing the open hole in the stocking, to grasping specific candies from the cluster of goodies available.

On the hardware-side, the arms appear to be a KUKA-variant, while on the software-side, the visualizations are being handled by the open source robot software ROS‘ RVIZ tool.

If some of the props in the video look familiar, you’ll find that the researchers at CITEC have already explored some stellar perception, classification, and grasping of related research topics. Who knew this pair of hands would be so jolly to clock some overtime this holiday season? The entire video is set to a crisp computer-voiced jingle that serves as a sneaky summary of their approach to this project.

Now, if only we could set these hands off to do our other dirty work….

Continue reading “Santa’s Autonomous Helping Hands Let The Jolly Ol’ Fellow Kick Back This Season”

Morse Decoder’s Lean And Sexy Search Algorithm

November 15, 2014 by 27 Comments

Often the Morse Code centered projects that we feature are to help you practice transmitting messages. This one takes a tack and builds an automatic decoder. We think [Nicola Cimmino’s] project is well worth featuring simply based on his explanation of the Digital Signal Processing used on the signal coming in from the microphone. Well done. But he’s really just getting warmed up.

What makes this really stand out is a brilliant algorithm that allows conversion from Morse to ASCII using a lookup table of only 64 bytes. This provides enough room for A-Z and 0-9 without chance of collision but could be expanded to allow for more characters. Below is a concise description of how the algorithm works but make sure you take the time to read [Nicola’s] project description in its entirety.

The algorithm can be decribed as follows. Have an index inside the lookup string inizialied to zero. Have an initial dash jump size of 64. At every received element (dot or dash) halve the initial dash jump and then increase by 1 the index inside the lookup string if a dot was received and by dash jump size if a dash was received. Repeat until a letter separator is reached, at that point the index inside the lookup string will point to the ASCII corresponding to the decoded morse.

Have you heard of this technique before? If so, tell us about it in the comments below. Before you jump all over this one, realize that Magic Morse uses a different technique.

Mouse Brain with neurons exhibiting GFP expression

UC Davis Researchers Use Light To Erase Memories In Genetically Altered Mice

October 13, 2014 by 23 Comments

Much like using UV light to erase data from an EPROM, researchers from UC Davis have used light to erase specific memories in mice. [Kazumasa Tanaka, Brian Wiltgen and colleagues] used optogenetic techniques to test current ideas about memory retrieval. Optogenetics has been featured on Hackaday before. It is the use of light to control specific neurons (nerve cells) that have been genetically sensitized to light.  By doing so, the effects can be seen in real-time.

For their research, [Kazumasa Tanaka, Brian Wiltgen and colleagues] created genetically altered mice whose activated neurons expressed GFP, a protein that fluoresces green. This allowed neurons to be easily located and track which ones responded to learning and memory stimuli. The neurons produced an additional protein that made it possible to “switch them off” in response to light.  This enabled the researchers to determine which specific neurons are involved in the learning and memory pathways as well as study the behavior of the mouse when certain neurons were active or not.

Animal lovers may want to refrain from the following paragraph. The mice were subjected to mild electric shocks after being placed in a cage. They were trained so that when they were put in the cage again, they remembered the previous shock and would freeze in fear. However, when specific neurons in the hippocampus (a structure in the brain) were exposed to light transmitted through fiber optics (likely through a hole in each mouse’s skull), the mice happily scampered around the cage, no memory of the earlier shock to terrify them. The neurons that stored the memory of the shock had been “turned off” after the light exposure.

Continue reading “UC Davis Researchers Use Light To Erase Memories In Genetically Altered Mice”

Robo Squid Will Take Over the Seas!

Robotic Octopus To Take Over The Seas

October 3, 2014 by 12 Comments

Much of robotics has been advanced by recreating animals movements – Why reinvent the wheel when nature got it right first? But have you seen many aquatic creatures movements re-imagined with mechanical linkages? The Foundation for Research and Technology-Hellas (FORTH) has recently presented their robotic octopus at the International Conference on Intelligent Robots and Systems.

The eight armed (or is it legged?) roboctopus was based on of a real octopus which have a really cool method of propulsion which allows them to move at speeds of up to 40km/h. The researchers in Greece created slim silicon arms to recreate this movement, allowing their robot to propel itself at speeds of around 10cm/s — after adding webs to the arms, they were able to almost double its top speed to 18cm/s, or one-half its body length per second.

The cool thing about the bot is that other marine wild-life seem relatively unperturbed by it, which could open up many possibilities in underwater research!

Continue reading “Robotic Octopus To Take Over The Seas”