Smart Card Emulator

Here’s a quick prototype from [Travis Goodspeed]. It’s a smart card built around an MSP430 microcontroller. We’ve used the MSP430 in the past because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like Java Card exist for running applets on smart cards, but a familiar microcontroller like the MSP430 could certainly make development much faster. Knowing [Travis], there’s a reader somewhere about to go through some serious fuzzing.

Paintball Gun Turret

paintball_sentry

[Jared Bouck] has been sending in his projects for a couple years now. We’ve enjoyed his heavy-duty DDR pads, LCD backlight repair, and ion cooling projects. His latest, an RC paintball gun turret, is our favorite though. He actually rates this as one of the easier projects he’s published; it just took a while to assemble. Several design decisions were made to keep the project simple. Two 32 Degrees Icon-E paintball guns were used. The guns already have electric solenoids for firing, so a special trigger mechanism didn’t have to be fashioned. Q-loaders were used to prevent any ball feed problems. The motors, driver boards, and RC components are all borrowed from combat robots for reliability. He’s hoping to produce a small number of kits based on this design.

Related: We’ve got quite a few sentry gun projects in the archive.

Sslstrip, Hijacking SSL In Network

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.

ShmooCon 2009: Chris Paget’s RFID Cloning Talk

[googlevideo=http://video.google.com/videoplay?docid=-282861825889939203]

When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

Continue reading “ShmooCon 2009: Chris Paget’s RFID Cloning Talk”

Pirate Bay Trial Starts

piratebay

The first day of The Pirate Bay’s trial has concluded. The prosecution, representing many large media companies, is attempting to prove that the defendants are directly responsible for copyright infringement. The members of The Pirate Bay are treating the trial as a reality TV farce. From TorrentFreak’s coverage, it sounds like it’s off to a great start: “For several minutes, listeners of the live audio could hear mouse-clicks as Roswall [the prosecutor -Ed.], who earlier claimed to be an expert on computer crimes, tried to get his PowerPoint presentation on the screen.”

[via Waxy]

PDF Redaction Still Not Working

facebook

Facebook’s internal valuation was revealed this week thanks to shoddy PDF redaction. Court documents from a settlement between Facebook and ConnectU showed that Facebook values itself at $3.7 billion, much less than the $15 billion that was speculated during the Microsoft investment. The AP uncovered this by cutting and pasting from the redacted court document. It’s the same thing we showed in our PDF redaction screencast last summer… and it will never cease to be funny.

[photo: Bryan Veloso]