What do you do to someone you want to make suffer, slowly? Specifically, at around 70% speed. To [Stephen], the answer is clear, you hit them where it really hurts: YouTube.
Creatively named “Chrome Engine,” [Stephen]’s diabolical Chrome extension has one purpose: be annoying. Every day, it lowers playback rate by 1% on YouTube. It’s a linear progression: 100% the first day, 99% the second day, 98% the third day, etc. It only stops 30 days later, once it hits its target rate of 70% the original speed. This progression is designed to be slow enough not to be noticed. Its icon is nothing more than the standard Chrome icon as [Stephen] firmly believes in the tactic of hiding in plain sight.
But that’s not all, it’s the minute details that drive the ball home. For instance, rather than using local storage to keep track of playback speed, the Chrome sync storage is used. This ensures that, as long as the extension is installed, playback rate will be synchronized between all of your friend’s(if you can even call them that) devices. It even targets casual YouTube users: [Stephen] has specifically designed their extension so that it won’t drop playback by more than 1% at a time. If the victim goes on vacation, the playback speed won’t drop when they’re away and will resume as soon as they’re back.
The last feature, the one [Stephen] is the proudest of, is that the extension manages to keep the YouTube speed controls working as intended. If the victim tries to play at half speed, their videos will be at half speed … of the slower playback rate set by the extension. And it gets even better! You may not know this if you don’t dally around with playback rates, but the audio tends to stop playing when videos are reduced below 50% of their original speed. Fear not! [Stephen] has accounted for this idiosyncrasy! If the victim selects a speed at or above 0.5x, a minimum cap is added so that the actual playback rate will be equal to or above 0.5x. If they select slower than this, they don’t expect sound anyway, so all bets are off.
Check it out here, may your friends (frenemies?) beware. We’re adding it to our April Fools arsenal, even if it is a bit early.
Remember those times we all said that we wouldn’t mind it if the iPod was three times as thick but could store a lot more songs and the battery lasted forever? Well, the I-Sore will let us truly consider our stance on the subject.
The iSore would have definitely made some of us the coolest kids on the yard in Jr. High (or at the engineering office) in the 00’s. At first glance we assumed it would be one of those fancy single board computers packaged with a big hard drive masquerading as an iPod. We were surprised to discover that [jimbone] was performing a classic iPod hack.
The ipod’s back is pried off and discarded. A ZIF to SATA adapter connects it to a significantly larger hard drive. The basic battery is replaced with an 8Ah pack. The USB ports are broken out. For the case there are a few options. There’s a 3D printed case, a wooden case, and even one that looks like a Lovecraftian horror.
[jimbone] claims 100 hours of playtime on a single charge. He hasn’t claimed bulking up a bit from carrying it around, but we can make our guesses.
If you use Inkscape to lay out your laser cutter designs you might want to look into this box maker extension. Inscape is [Elliot’s] drawing software of choice since it’s easy to use, and it’s open source. After having to lay out the tabs for a box he decided it was worth his effort to develop a tool to do this automatically. The extension works inside of Inkscape, letting you start your projects with a set of automatically generated box sides.
The input window for the extension leaves you plenty of options for the joint design. In addition to the size of the box (inside or outside measurements can be selected), you need to enter the thickness of the material, the kerf size (how wide the cut will be), and how much clearance you want between the teeth. The width of the teeth is also configurable.
Our feature of a laser cut replacement case is what prompted [Elliot] to tip us off about his extension. That project used a web-based parts generator to do the joint design.
Often, software hackers are the activists that push software giants towards updating vulnerable applications. In todays example, [Eric Butler] is pushing Facebook, Twitter, Flickr, and more all at the same time. By creating a user script-kiddie friendly extension for Firefox, he has allowed just about anyone to sniff unsecured connections on public Wi-Fi access points and log into these unprotected accounts.
Right now the extension is available for Windows and Mac, with a Linux port coming soon. Temporarily, the best way for a user to avoid getting taken advantage of would be to not use these social networking sites on a public connection, or to implement a secure proxy for these connections that would keep your data safe. Hopefully these websites will have a quick rebuttal that allows for security without workarounds. With all of the bad press they are recieving, they certainly have incentive to.
Are there any software or security buffs out there? We would love to see someone port this to an iPhone or Android app that could check and log open Wi-Fi points. We’ll leave the foot work to the experts out there, but do be sure to give us a heads up if anyone manages to make it happen, okay?
One of the best tools we saw at LayerOne was the Exploit-Me series presented by [Dan Sinclair]. Security Compass created these tools to help developers easily identify cross site scripting (XSS) and SQL injection vulnerabilities.
Continue reading “Exploit-Me Firefox XSS and SQL scanning addon”