Slider

4955 Articles

The Smallest Google Street View In Miniatur Wunderland

January 17, 2016 by 10 Comments

The world’s largest model railway exhibit — on display in Germany of course — is quite the attraction. The huge Miniatur Wunderland features towns and trains from Germany, Switzerland, Austria, and even a little America. And it’s all on Google Maps.

[Frank] accepted the challenge to build a tiny Google Streetview train, capable of traversing the entire Wunderland. It features a fish-eye camera on both the front and rear car, and is powered by an Arduino — the Wattuino Nanite 85. He upgraded the train to use tiny stepper motors to allow for precise movement along the tracks to get all the shots in perfect Streetview fashion.
Continue reading “The Smallest Google Street View In Miniatur Wunderland”

Shmoocon 2016: Phishing For The Phishers

January 16, 2016 by 24 Comments

After years of ignoring the emails it’s finally time to get into a conversation with that Nigerian prince you keep hearing from. Robbie Gallagher — an Application Security Engineer with Atlassian in Austin, TX — wanted to find out where perpetrators of phishing emails actually live. Of course you can’t count on the headers of the emails they send you. A better way to track them down is to actually draw them into a conversations, and this means making yourself a juicy target.

Robbie gave an excellent talk on his project Honey-Phish at this year’s Shmoocon. Part of what made it stand out is his narrative on each step of exploring the social engineering technique. For instance, there is already a vibrant community that specializes in forming relationships with scammers. Those who frequent 419 Eater have literally made it into a sport called Scambaiting. The ultimate goal is to prove you’ve baited a scammer is to get the person to take a picture of themselves balancing something on their head. Now the image a the top of this post makes sense, right?

Writing personal emails to your scammer is a great system if you have a lot of time and only want to track down one scammer at a time. Robbie wants to catalog geographic locations for as many as possible and this means automation. Amusingly, the solution is to Phish for Phishers. By automating responses to phishing emails, and enticing the people originating those phishing scams to click on a link, you can ascertain their physical location.

Continue reading “Shmoocon 2016: Phishing For The Phishers”

Shmoocon 2016: Computing In A Post Quantum World

January 16, 2016 by 50 Comments

There’s nothing more dangerous, so the cryptoheads say, than quantum computing. Instead of using the state of a transistor to hold the value of a bit as in traditional computers, quantum computers use qubits, or quantum information like the polarization of a photon. According to people who know nothing about quantum computers, they are the beginning of the end, the breaking of all cryptography, and the Rise of the Machines. Lucky for us, [Jean-Philippe Aumasson] actually knows a thing or two about quantum computers and was able to teach us a few things at his Shmoocon talk this weekend, “Crypto and Quantum and Post Quantum”

This talk is the continuation of [Jean-Philippe]’s DEF CON 23 talk that covered the basics of quantum computing (PDF) In short, quantum computers are not fast – they’re just coprocessors for very, very specialized algorithms. Quantum computers do not say P=NP, and can not be used on NP-hard problems, anyway. The only thing quantum computers have going for them is the ability to completely destroy public key cryptography. Any form of cryptography that uses RSA, Diffie-Hellman, Elliptic curves is completely and totally broken. With quantum computers, we’re doomed. That’s okay, according to the DEF CON talk – true quantum computers may never be built.

The astute reader would question the fact that quantum computers may never be built. After all, D-Wave is selling quantum computers to Google, Lockheed, and NASA. These are not true quantum computers. Even if they’re 100 Million times faster than a PC, they’re only faster for one very specific algorithm. These computers cannot simulate a universal quantum computer. They cannot execute Shor’s algorithm, an algorithm that finds the prime factors of an integer. They are not scalable, they are not fault-tolerant, and they are not universal quantum computers.

As far as true quantum computers go, the largest that has every been manufactured only contain a handful of qubits. To crack RSA and the rest of cryptography, millions of qubits are needed. Some algorithms require quantum RAM, which nobody knows how to build. Why then is quantum computing so scary? RSA, ECC, Diffie-Hellman, PGP, SSH and Bitcoin would die overnight if quantum computers existed. That’s a far scarier proposition to someone hijacking your self-driving car or changing the display on a smart, Internet-connected thermostat from Fahrenheit to Celsius.

What is the verdict on quantum computers? Not too great, if you ask [Jean-Philippe]. In his opinion, it will be 100 years until we have a quantum computer. Until then, crypto is safe, and the NSA isn’t going to break your codez if you use a long-enough key.

Wolfenstein In 600 Lines Of Code

January 15, 2016 by 62 Comments

What’s more impressive, the fact that this Wolfenstein-like game is 600 lines of code, or that it’s written in AWK?

AWK is a language primarily used for text processing. But if you can write code the world bows to your wishes. [Fedor Kalugin] leverages the ability of a Linux terminal’s color options to draw his game. The 3D aspect is produced through ray-casting which generates a 2D image from 3D coordinates.

Trying out the game is extremely simple, install gawk, clone the repo, and play:

Continue reading “Wolfenstein In 600 Lines Of Code”

Software Controlled Hard Drive Solenoid Engine

January 15, 2016 by 18 Comments

[Fabien-Chouteau] submitted his interesting solenoid engine. In an internal combustion, steam, or pneumatic piston engine, the motive force is produced by expanding gas. In [Fabien]’s little engine it is produced by the arm of a hard drive. Solenoid engines are usually just for show, and come in all shapes and sizes. If you want to move something using electricity an axial motor is probably a better bet. But if you want a challenge and a learning experience, this is hard to beat.

[Fabien] had some problems to solve before his motor made its first revolution. Just like a piston engine the timing needed to be exact. The arm firing at the wrong time could cause all sorts of trouble, the equivalent of backfire in a combustion engine. A STM32f4 discovery board was coupled with a Hall-effect sensor and a MOSFET. When the board read that the arm has moved back to the most efficient position for firing it sent a pulse through the coil. Just like a regular engine, getting the timing right makes all the difference. Once [Fabien] got it tuned up his motor could spin around at a steady 3000 rpm.

Continue reading “Software Controlled Hard Drive Solenoid Engine”

Failaffle

Fail Of The Week: Not All Mold Releases Release All Molds.

January 15, 2016 by 20 Comments

I’m writing a series of articles on resin casting as an extension to my experiences with the instructions found in the wonderful Guerrilla Guide. However, mistakes were made. Having run out of my usual mold release I went to a back-up jar that was lying around from a casting project long, long ago in a workshop far, far away.

GLUE
Never much for readin’ the nutrition facts myself.

I’m refining a technique of making a mold the quick and dirty way. Everything was going well, the sprues looked good and the master released from the silicone. It was time to do the second half of the mold. As usual I applied a generous amount of mold release. Since it was the first time this mold was to be used I went ahead and did all the proper steps. Rubbing off the dried release and applying a few more coats just to be sure.

I was completely unaware that I was applying mold release designed for urethane molds only. In other words I thoroughly covered my silicone mold in silicone bonding agents. I remained unaware until trying to separate the halves of the mold and found them thoroughly joined. After going through the stages of grief I finally figured out where it all went wrong.

Oh well. I’m ordering some of my regular pick, Stoner A324, and that should do the trick. There’s also Mann- Ease Release 200. While having probably the best name a release agent can have, it doesn’t work as well and needs approximately 100 years to dry. After this setback I’d rather just, grudgingly, learn my lesson and order the correct thing.

I wonder if the smooth-on description can say URETHANE RUBBER a few more times.
Oh. Yes I see. Urethane… Urethane…

So now that we know the right way to fix this is to order the right product, is there a hack to get around it? Does anyone have a homebrew trick for release agent that can be used in a pinch? Leave your comments below.

My Payphone Runs Linux

January 14, 2016 by 28 Comments

For the 20th anniversary of the Movie “Hackers” [Jamie Zawinski], owner of DNA Lounge in San Francisco, threw an epic party – screening the movie, setting up skating ramps and all that jazz. One of the props he put up was an old payphone, but he didn’t have time to bring it alive. The one thing he didn’t want this phone to do was to be able to make calls. A couple of weeks later, he threw another party, this time screening “Tank Girl” instead. For this gathering he had enough time to put a Linux computer inside the old payphone. When the handset is picked up, it “dials” a number which brings up a voice mail system that announces the schedule of events and other interactive stuff. As usual, this project looked simple enough to start with, but turned out way more complicated than he anticipated. Thankfully for us, he broke down his build in to bite sized chunks to make it easy for us to follow what he did.

This build is a thing of beauty, so let’s drill down into what the project involved:

Continue reading “My Payphone Runs Linux”