When Responsible Disclosure Isn’t Enough

January 8, 2015 by Rick Osgood 37 Comments

Moonpig is a well-known greeting card company in the UK. You can use their services to send personalized greeting cards to your friends and family. [Paul] decided to do some digging around and discovered a few security vulnerabilities between the Moonpig Android app and their API.

First of all, [Paul] noticed that the system was using basic authentication. This is not ideal, but the company was at least using SSL encryption to protect the customer credentials. After decoding the authentication header, [Paul] noticed something strange. The username and password being sent with each request were not his own credentials. His customer ID was there, but the actual credentials were wrong.

[Paul] created a new account and found that the credentials were the same. By modifying the customer ID in the HTTP request of his second account, he was able to trick the website into spitting out all of the saved address information of his first account. This meant that there was essentially no authentication at all. Any user could impersonate another user. Pulling address information may not sound like a big deal, but [Paul] claims that every API request was like this. This meant that you could go as far as placing orders under other customer accounts without their consent.

[Paul] used Moonpig’s API help files to locate more interesting methods. One that stood out to him was the GetCreditCardDetails method. [Paul] gave it a shot, and sure enough the system dumped out credit card details including the last four digits of the card, expiration date, and the name associated with the card. It may not be full card numbers but this is still obviously a pretty big problem that would be fixed immediately… right?

[Paul] disclosed the vulnerability responsibly to Moonpig in August 2013. Moonpig responded by saying the problem was due to legacy code and it would be fixed promptly. A year later, [Paul] followed up with Moonpig. He was told it should be resolved before Christmas. On January 5, 2015, the vulnerability was still not resolved. [Paul] decided that enough was enough, and he might as well just publish his findings online to help press the issue. It seems to have worked. Moonpig has since disabled its API and released a statement via Twitter claiming that, “all password and payment information is and has always been safe”. That’s great and all, but it would mean a bit more if the passwords actually mattered.

Measuring The Planck Constant With Lego

January 8, 2015 by Brian Benchoff 47 Comments

For nearly 130 years, the kilogram has been defined by a small platinum and iridium cylinder sitting in a vault outside Paris. Every other unit of measurement is defined by reproducible physical phenomenon; the second is a precise number of oscillations of a cesium atom, and a meter is the length light travels in 1/299792458th of a second. Only the kilogram is defined by an actual object, until NIST and the International Committee of Weights and Measures defines it as a function of the Planck constant. How do you measure the Planck constant? With a Watt balance. How do you build a Watt balance? With Lego, of course.

A Watt balance looks like a double-armed scale where one weight can be compared to another weight of known mass. Instead of using two arms, a Watt balance only has one arm, brought into balance by a current flowing through a coil. The mechanical power in the balance – brought about by whatever is on the balance plate – can then be compared to the electrical power, and eventually the Planck constant. This will soon be part of the formal definition of the kilogram, and yes, a machine to measure this can be made out of Lego.

The only major non-Lego parts in the Lego Watt balance are a few coils of wire wound around a PVC pipe and a few neodymium magnets. These are placed on both arms of the balance, and a pair of lasers are used to make sure both arms of the balance are level. Data are collected by measuring the coils through a few analog pins on a Labjack and a Phidget. Once the voltage and current induced in each coil is measured, the Wattage can be calculated, then the Planck constant, and finally how close the mass on the balance pan is to a real, idealized kilogram. Despite being made out of Lego, this system can measure a gram mass to 1% uncertainty.

The authors have included a list of Lego parts, most of which could be found in any giant tub of Lego in an 8-year-old’s closet. The only really expensive item on the BOM is a 16-bit USB DAQ; apart from that, it’s something anyone can build.

Thanks [Matt] for the tip.

Best Of The Dinosaur Den 2014

January 7, 2015 by Kristina Panos 3 Comments

If you haven’t been watching The Dinosaur Den, shame on you. This joint enterprise between [Fran Blanche] and our very own [Bil Herd] premiered in July and it is, simply put, the duck’s guts. In spite of being introduced to each other just a few months before the first episode, they banter like old friends. When they’re not riffing off each other, they’re giving a show and tell of all kinds of vintage technology. Most importantly, they’re always wearing really cool t-shirts.

Hot on the heels of their excellent holiday special comes this Best of the Dinosaur Den 2014 highlight reel. Some of our favorite bits are from said holiday special, because they spent the whole hour talking about their best-loved toys from holidays past, most of which started them on their paths to greatness. Come for the t-shirts, stay for the Zaxxon tabletop arcade and the toy that probably inspired LittleBits. Check out the best-of after the break, and then cook a Hot Pocket or something and watch them all. You’re pretty much guaranteed to learn something cool and/or useful.

Continue reading “Best Of The Dinosaur Den 2014” →

“Superfan” Gaming Peripheral Lets You Feel Your Speed

January 7, 2015 by Matt Freund 15 Comments

Virtual reality has come a long way but some senses are still neglected. Until Smell-O-Vision happens, the next step might be feeling the wind in your hair. Perhaps dad racing a sportbike or kids giggling on a rollercoaster. Not as hard to build as you might think, you probably have the parts already.

Off-the-shelf devices serve up the seeing and hearing part of your imaginary environment, but they stop there. [Jared] wanted to take the immersion farther by being able to feel the speed, which meant building his own high power wind generator and tying it into the VR system. The failed crowdfunding effort of the “Petal” meant that something new would have to be constructed. Obviously, to move air without actually going on a rollercoaster requires a motor controller and some fans. Powerful fans.

A proponent of going big or going home, [Jared] picked up a pair of fans and modified them so heavily that they will launch themselves off of the table if not anchored down. Who overdrives fans so hard they need custom heatsinks for the motors? He does. He admits he went overboard and sensibly way overbudget for most people but he built it for himself and does not care.

Continue reading ““Superfan” Gaming Peripheral Lets You Feel Your Speed” →

Global Space Balloon Challenge

January 7, 2015 by Elliot Williams 20 Comments

Looking for a reason to put up a balloon and payload into near-space? Not that one’s necessary, but the Global Space Balloon Challenge has got a variety of good reasons for you to do so, in the form of prizes and swag from their sponsors. Go for highest altitude, best photograph, longest ground track, best on-board science payload, or a bunch more. Have a look through the gallery to check out last year’s winners, including teams that dropped a 3ft paper airplane or floated an R2D2 replica.

Basically all you need to do is register on their website and then go fly a high-altitude balloon between April 10th and 27th. Last year 60 teams took part, and this year they’ve already got 90 teams from 31 countries.

And if you’re just getting into the (hobby? sport?) of high-altitude ballooning, be sure to check out their tutorials and forum. Of course Hackaday has been covering folks’ near-space balloon efforts for a while now too, so you’ve got plenty of reading.

So what are you waiting for? Helium’s not getting any cheaper and spring is on its way. Start planning your balloon launch now.

Repairing And Reviewing A 1976 PONG Clone

January 7, 2015 by Rick Osgood 15 Comments

Hackaday alum [Todd] has been searching for an old PONG clone for the last two years. This variant is called, “The Name of the Game”. [Todd] has fond memories of playing this game with his sister when they were young. Unfortunately, being the hacker that he is, [Todd] tore the game apart when he was just 14 to build his own Commodore 64 peripherals. He’s been wanting to make it up to his sister ever since, and he finally found a copy of this game to give to his sister last Christmas.

After opening up the box, [Todd] quickly noticed something strange with the power connector. It looked a bit charred and was wiggling inside of the enclosure. This is indicative of a bad solder joint. [Todd] decided he’d better open it up and have a look before applying power to the device.

It was a good thing he did, because the power connector was barely connected at all. A simple soldering job fixed the problem. While the case was still opened, [Todd] did some sleuthing and noticed that someone else had likely made repairs to several other solder joints. He also looked for any possible short circuits, but everything else looked fine. The system ended up working perfectly the first time it was started.

The end of the video shows that even after all this time, simple games like this can still capture our attention and be fun to play for hours at a time. [Todd] is working on part 2 of this series, where he’ll do a much more in-depth review of the system. You can watch part 1 below. Continue reading “Repairing And Reviewing A 1976 PONG Clone” →

CES: Building Booths And Simulating Reality

January 7, 2015 by Mike Szczys 15 Comments

My first day on the ground at CES started with a somewhat amusing wait at the Taxi Stand of the McCarran International Airport. Actually I’m getting ahead of myself… it started with a surprisingly efficient badge-pickup booth in the baggage claim of the airport. Wait in line for about three minutes, and show them the QR code emailed to you from online registration and you’re ready to move to the 1/4 mile-long, six-switchback deep line for cabs. Yeah, there’s a lot of people here for this conference.

It’s striking just how huge this thing is. Every hotel on the strip is crawling with badge-wearing CES attendees. Many of the conference halls in the hotels are filled with booths, meaning the thing is spread out over a huge geographic area. We bought three-day monorail passes and headed to the convention center to get started.

Building the Booths

Emotive Insights headsets

Slot-car “brain racing” with scoreboard

[Sophi] knows [Ben Unsworth] who put his heart and soul into this year’s IEEE booth. His company, Globacore, builds booths for conferences and this one sounds like it was an exceptional amount of fun to work on. He was part of a tiny team that built a mind-controlled drag strip based on Emotive Insight brainwave measuring hardware shipped directly from the first factory production run. This ties in with the display screens above the track to form a leader board. We’ll have a keen eye out for hacks this week, but the story behind building these booths may be the best hack to be found.

Oculus

Oculus Gear VX uses a Galaxy Note 4 as the display

Sophi Kravitz trying out Oculus Gear VR

[Ben] told us hands-down the thing to see is the new Oculus hardware called Crescent Bay. He emphatically mentioned The Holodeck which is a comparison we don’t throw around lightly. Seems like a lot of people feel that way because the line to try it out is wicked long. We downloaded their app which allows you to schedule a demo but all appointments are already taken. Hopefully our Twitter plea will be seen by their crew.

In the meantime we tried out the Oculus Gear VR. It uses a Galaxy Note 4 as the screen along with lenses and a variety of motion tracking and user controls. The demo was a Zelda-like game where you view the scene from overhead. This used a handheld controller to command the in-game character with the headset’s motion tracking used to look around the playing area. It was a neat demo, I’m not quite sold on long gaming sessions with the hardware but maybe I just need to get used full-immersion first.

Window to another Dimension

The midways close at six o’clock and we made our way to the Occipital booth just as they were winding done. I’ve been 3D scanned a few times before but those systems used turntables and depth cameras on motorized tracks to do the work. This uses a depth-camera add-on for an iPad which they call Structure Sensor.

It is striking how quickly the rig can capture a model. This high-speed performance is parlayed into other uses, like creating a virtual world inside the iPad which the user navigates by using the screen as if it were a magic window into another dimension. Their demo was something along the lines of the game Portal and has us thinking that the Wii U controller has the right idea for entertainment, but it needs the performance that Occipital offers. I liked this experience more than the Oculus demo because you are not shut off from the real world as you make your way through the virtual.

We shot some video of the hardware and plan to post more about it as soon as we get the time to edit the footage.

Find Us or Follow Us

We’re wearing our Hackaday shirts and that stopped [Josh] in his tracks. He’s here on business with his company Evermind, but like any good hacker he is carrying around one of his passion projects in his pocket. What he’s showing off are a couple of prototypes for a CANbus sniffer and interface device that he’s build.

We’ll be at CES all week. You can follow our progress through the following Twitter accounts: @Hackaday, @HackadayPrize, @Szczys, and @SophiKravitz. If you’re here in person you can Tweet us to find where we are. We’re also planning a 9am Thursday Breakfast meetup at SambaLatte in the Monte Carlo. We hope you’ll stop by and say hi. Don’t forget to bring your own hardware!