Paintball Gun Turret

February 26, 2009 by Eliot 39 Comments

[Jared Bouck] has been sending in his projects for a couple years now. We’ve enjoyed his heavy-duty DDR pads, LCD backlight repair, and ion cooling projects. His latest, an RC paintball gun turret, is our favorite though. He actually rates this as one of the easier projects he’s published; it just took a while to assemble. Several design decisions were made to keep the project simple. Two 32 Degrees Icon-E paintball guns were used. The guns already have electric solenoids for firing, so a special trigger mechanism didn’t have to be fashioned. Q-loaders were used to prevent any ball feed problems. The motors, driver boards, and RC components are all borrowed from combat robots for reliability. He’s hoping to produce a small number of kits based on this design.

Related: We’ve got quite a few sentry gun projects in the archive.

Sslstrip, Hijacking SSL In Network

February 23, 2009 by Eliot 21 Comments

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.

ShmooCon 2009: Chris Paget’s RFID Cloning Talk

February 16, 2009 by Eliot 13 Comments

[googlevideo=http://video.google.com/videoplay?docid=-282861825889939203]

When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

Continue reading “ShmooCon 2009: Chris Paget’s RFID Cloning Talk” →

Pirate Bay Trial Starts

February 16, 2009 by Eliot 41 Comments

piratebay

The first day of The Pirate Bay’s trial has concluded. The prosecution, representing many large media companies, is attempting to prove that the defendants are directly responsible for copyright infringement. The members of The Pirate Bay are treating the trial as a reality TV farce. From TorrentFreak’s coverage, it sounds like it’s off to a great start: “For several minutes, listeners of the live audio could hear mouse-clicks as Roswall [the prosecutor -Ed.], who earlier claimed to be an expert on computer crimes, tried to get his PowerPoint presentation on the screen.”

[via Waxy]

PDF Redaction Still Not Working

February 12, 2009 by Eliot 20 Comments

Facebook’s internal valuation was revealed this week thanks to shoddy PDF redaction. Court documents from a settlement between Facebook and ConnectU showed that Facebook values itself at $3.7 billion, much less than the $15 billion that was speculated during the Microsoft investment. The AP uncovered this by cutting and pasting from the redacted court document. It’s the same thing we showed in our PDF redaction screencast last summer… and it will never cease to be funny.

[photo: Bryan Veloso]

Curiosity Killed The Twit, Twitter Clickjacking

February 12, 2009 by Eliot 24 Comments

Twitter was flooded this morning with users posting “Don’t Click: http://tinyurl.com/amgzs6”. TinyURL has since terminated the URL. The original page doesn’t seem to be live either. It displayed a button that said “Don’t Click”. If the user happened to be logged into Twitter, it would automatically update their status. The instigator partially describes the method on his blog (translated). The page would load the user’s Twitter page in an invisible iframe. The status would be pasted in and the “Don’t Click” button is placed on top of the update button. You can find the code snippets here and the original author credits this post for the inspiration. Twitter has since added a JavaScript fragment to each page to break out of iframes.

if (window.top !== window.self) { window.top.location.href = window.self.location.href; }

BackTrack 4 Beta Released

February 10, 2009 by Eliot 101 Comments

backtrack

The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.