Circuit bending is the art of creatively short circuiting low voltage hardware to create interesting and unexpected results. It’s generally applied to things like Furbys, old Casio keyboards, or early consoles to create audio and video glitches for artistic effect. It’s often practiced with a random approach, but by bringing in a little knowledge, you can get astounding results. [r20029] decided to apply her knowledge of CD players and RAM to create this glitched out Sony Discman.
[Max] was happy to see that the PlayStation 3 Eye has support in the newer Linux kernels. Having sat in his closet for quite some time, this would give the camera another chance at usefulness. Unfortunately, the driver doesn’t include framerate selection and color correction so he set about writing a patch to control the color settings. As you can see above, his success greatly improves the image quality you get from the device.
We get the feeling that the camera peripherals for Sony’s gaming devices seem like a good idea but don’t have much staying power as a realistic gaming interface. With contributions like [Max’s], they can be re-purposed. The PS2 had its own, the EyeToy, which has long enjoyed driver support for Linux. The NUI Group does a lot of work with multi-touch and recommends the PS3 Eye for use with their projects because they’re inexpensive with high frame rates and decent picture quality.
Great work [Max]. It looks like he’s sent this patch upstream to be considered for incorporation into the kernel’s webcam module.
With all the noise about Conficker turning your computer into liquid hot magma on April 1st, there’s actually some positive news. Researchers from the HoneyNet Project have been following the worm since infections started in late 2008. They recently discovered an easy way to identify infected systems remotely. Conficker attempts to patch the MS08-067 vulnerability during infection. A flaw in the patch causes the machine to respond differently than both an unpatched system and an officially patched system. Using this knowledge, the team developed a proof of concept network scanner in python to find infected machines. You can find it in [Rich Mogull]’s initial post. [Dan Kaminisky] has packaged it as an EXE and has instructions for how to build the SVN version of Nmap, which includes the new signature. Other network scanner vendors are adding the code as well.
In conjunction with this detection code, the team has also released the whitepaper Know Your Enemy: Containing Conficker. It discusses ways to detect, contain, and remove Conficker. They’ve combined this with a tool release that covers Conficker’s dynamic domain generation among other things.
Now that the iphone-dev team has unlocked the iPhone 3G they’re moving onto jailbreaking the iPod Touch 2G. While they have a fully working jailbreak, it’s not yet in a user friendly format. [MuscleNerd] did a live video demo this afternoon to show what progress they had made. It starts with him showing the iPod on but not booting. He’s already patched the kernel, but it’s failing the signature check in iboot. He then uses the team’s recoverytool to exploit a hole in iboot and patch out the signature check. The ipod then boots normally and he shows non-App Store software like Mobile Terminal, Cydia, and an NES Emulator (which makes use of the iPod’s internal speaker).
The redsn0w jailbreak works, but it has to be applied via tether every time the iPod boots. The team won’t release anything until they’ve found a way around this problem. For more insight into the boot process, check out our coverage of their Hacking the iPhone talk at 25C3.
Earlier this year, our friend [Dan Kaminsky] discovered a major DNS issue that could allow hackers to compromise name servers and clients easily. The vulnerability involves cache poisoning, and [Kaminsky] plans to publish the full details of the vulnerability on August 6th. However, he has already begun his work to control it, alerting major authorities early on of the vulnerability.
As a result, engineers from many major technology vendors quickly began working on coordinated patches for DNS servers. The patches were all released today; vendors and a CERT advisory urge organizations to apply them today, before the vulnerability becomes common knowledge. More details on the DNS issue can be found in the executive overview (PDF file). [Rich Mogull] interviewed [Dan] for the Network Security Podcast. It doesn’t detail the attack but points out that services that use port randomization like OpenDNS are unaffected and that Bind8 is being deprecated.
UPDATE: Here’s the audio from this morning’s press conference.
[image: Flickr / d70focus ]
Here’s another bit of analog synth pr0n for you: Initially sold in 1972, the EMS Synthi AKS was a portable modular analog synthesizer with a built in keyboard and sequencer. The VCS 3 portion of the device had a unique routing matrix pegboard used to connect components together. [firegroove] has opened up his precious machine so that you can see all of the fine little bits that make it tick… and chirp.