We all have awesome hardware projects to show off. Great photos of them are how you unlock the excitement others see in your work. Whether you’re using a DSLR or the camera in your smartphone, it’s not difficult to capture an amazing picture of the project you pour so much effort into. We want you to unleash your photography skills for the Beautiful Hardware contest. Show us your epic hardware photos and win prizes.
The only real barrier between us and superb hardware photos is having an eye for framing your shots, and a few simple tricks to get everything else right. Think about good lighting, shooting with an interesting background, framing off to the side and at an angle (as just one example) for more interest, and spending a few moments with an image editor to complement what the camera captured. With this contest, we want you to take those tricks for a spin on your own workbench.
There are three top prizes of $100 cash waiting for you. Just start a new project on Hackaday.io and upload the finest photos you can take of some fun hardware. In the left sidebar of that project use the “Submit project to…” menu to enter it in the Beautiful Hardware contest.
[Laxman] is back again with another hack related to Facebook photos. This hack revolves around the Facebook mobile application’s “sync photos” function. This feature automatically uploads every photo taken on your mobile device to your Facebook account. These photos are automatically marked as private so that only the user can see them. The user would have to manually update the privacy settings on each photo later in order to make them available to friends or the public.
[Laxman] wanted to put these privacy restrictions to the test, so he started poking around the Facebook mobile application. He found that the Facebook app would make an HTTP GET request to a specific URL in order to retrieve the synced photos. This request was performed using a top-level access token. The Facebook server checked this token before sending down the private images. It sounds secure, but [Laxman] found a fatal flaw.
The Facebook server only checked the owner of the token. It did not bother to check which Facebook application was making the request. As long as the app had the “user_photos” permission, it was able to pull down the private photos. This permission is required by many applications as it allows the apps to access the user’s public photos. This vulnerability could have allowed an attacker access to the victim’s private photos by building a malicious application and then tricking victims into installing the app.
At least, that could have been the case if Facebook wasn’t so good about fixing their vulnerabilities. [Laxman] disclosed his finding to Facebook. They had patched the vulnerability less than an hour after acknowledging the disclosure. They also found this vulnerability severe enough to warrant a $10,000 bounty payout to [Laxman]. This is in addition to the $12,500 [Laxman] received last month for a different Facebook photo-related vulnerability.
[Wallace] sent in this awesome project built by [Julius Von Bismarck]. The “Image Fulgurator” is the result of mating an optical slave flash with a camera body turned projector. The result is the ability to project ghost images onto a picture being taken by anyone using a camera with their flash. Check out the demo video after the break or hit the project site for more.