[Oneironaut] sent us another IR hack. This time it is a writeup on the best ways to create IR light sources from regular lights. Since normal flashlight bulbs emit a broad enough spectrum to include visible light and IR light, this basically comes down to filtering. [Oneironaut] explores different light sources and different materials in depth, along with great pictures to show his results. This is a great resource if you’re needing to do some night vision for cheap.
[W1ndman] won’t win any security awards for this build, but it’s an interesting idea. On many Linux-based systems commands can be run with administrator privileges by prefacing them with the keyword ‘sudo’. Normally you’d be asked for a password but [W1ndman] used the Pluggable Authentication Modules (PAM) to authenticate via his own shell script. That script checks a code from this rotary dial for authentication. An Arduino takes care of listening for each digit that is entered and then sends the code via USB for comparison with a stored file. We’re not sure if that stored code is in a plain file or is otherwise protected, but at the very least this prevents you from using ‘sudo’ willy-nilly.
[Onironaut] over at lucidscience sent us a link to his latest project, some IR illumination panels. At first, we were mildly enticed by his usual high standard of photography and description. It was just an array of LEDs though. Still, we kept hitting the “next page” button because he goes into such great detail. Then we saw version two. Instead of simply being an array of IR LEDs mounted outside for his security camera, he has mounted 1536 IR LEDs inside an old flat panel monitor. That’s a fake monitor producing 180 watts of IR light, and we think that’s even at half power! He replaced the screen of the display with one way mirror, so you would have no idea that it isn’t just a normal screen sitting on his desk. Great job as usual [Onironaut].
Here’s a chance to learn a little bit about network security. This article walks us through some of the core concepts of network manipulation and packet sniffing using Linux tools. [Joey Bernard] discusses the uses for packages like tcpdump, p0f, and dsniff. They are capable of recording all network traffic coming through your computer’s connection, seeking out machines installed on the network, and listening to traffic for a specific machine. This isn’t going to give you a step-by-step for cracking modern networks. It will provide some insight on what is going on with your network and you should be able to purpose these tools to check that you’ve got adequate security measures in place.
This very informative talk given at Shmoocon 2011 has been posted over at IronGeek. Covering all kinds of angles that a person could attack someones computer through the USB port, this should be read by anyone who is security minded at all. No matter which side of the port you tend to be on, this article has great information. They cover some common attack methods such as keyloggers and fake keyboards as well as some common methods of securing your system against them. We’ve actually seen this in the news a bit lately as people have been using the keyboard emulation method in conjunction with android phones to hack into systems.
[thanks Adrian]
One of the most fun aspects of a LAN party was exploring the shared files of all the other users on the network. There were people that would show up, solely for the file swapping. That is exactly what this project is about. From the projects wiki, the Pirate box is a mobile p2p sharing and collaboration platform. Basically it is a wireless hotspot with a slick interface and a shared folder. It doesn’t connect to the internet, and it doesn’t log any connections. You can have a file swapping session simply by flipping it on and sharing its space with other people. They’ve included a step by step guide to setting up your own, but if you’re going to do some subversive file swapping we might suggest putting it in a less conspicuous enclosure. Imagine this as a portable verion of dead drops.
Concerns over privacy online are an ever growing theme. Every day we see people complaining about the policies of facebook and the like. [Mike Cardwell] points out another method of gleaning a bit of personal data from you that you may not have seen yet. By embedding a hidden image or using some really simple javascript, he can tell if you are currently logged into Gmail, Twitter, Facebook, or Digg. While this could possibly be used for more nefarious things, he points out that you could also use it for customizing your website to better suit the experience of the browser. For example, if the “reader” is already logged into Gmail, you could have any email links automatically open a gmail instance instead of the local mail client.
