The Null Device

A group of hackers in Germany have built a device disguised as a wall-mounted power supply which connects to wireless networks, intercepts packets and subtly changes the content of pages from news websites:

The Newstweek uses ARP spoofing to change the text displayed on several news sites. After doing some field research, placing and configuring the device, there’s a simple web frontend that configures the man-in-the-middle hack. Right now, the Newstweek only allows a few news sites to be targeted, but the team is working on allowing anyone to add their own targets.

Meanwhile, Charlie Stross extrapolates on more serious applications of such technologies:

This sort of gadget is, in bulk, extremely cheap — I bet you could order them for well under $100 in batches of a thousand and up. Say you're a repressive regime, but not so repressive that you can just haul random dissidents off to the torture chamber without paying lip service to due process. How hard would it be to plant these things in your targets' homes, so that you can gaslight them by interfering with the news they're reading? Call it a digital agent provocateur. Say you're the DHS and you want a steady stream of clueless Al Qaida wannabes to arrest and show on CNN to keep everyone afraid enough to go along with your PATRIOT Act extension? Plant these in the homes of young muslim males who hang out at the wrong mosques, crank up the volume of hateful news, and see who snaps ...

¶ disinformation détournement hacks linux pranks 0 Share

Want to use a Steadicam on your next film but can't afford a real one? Try using a live chicken instead.

¶ animals chickens cyborgs hacks 0 Share

The Chipophone is an instrument for live chiptune performance (i.e., playing live music on a keyboard in the style of music generated by 8-bit computers and game consoles), made from microcontrollers and housed in the chassis of a 1970s-vintage electronic organ by a Swedish chap named Linus Akesson. There is a video of Akesson demonstrating the unit and its features, and playing some classic chiptunes live, here.

¶ awesome chiptunes diy hacks music retrocomputing 0 Share

13-year-old Hibiki Kono built a machine allowing him to climb walls; the rig consists of a backpack with two small vacuum cleaners strapped to it, suction pads attached to the nozzles; the pull seems to be strong enough to allow him to climb as high as the power cord lets him. (Meanwhile, some commenters here claim that Kono merely copied somebody else's design without improving or modifying it.)

¶ awesome diy hacks tech 0 Share

Security researchers are now working on ways of generating machine code that looks like English-language text (PDF).

In this paper we revisit the assumption that shellcode need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shellcode that is superficially similar to English prose. We argue that this new development poses significant challenges for inline payloadbased inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shellcode injection attacks altogether.

(via Schneier) ¶ hacks language security steganography tech 0 Share

Seen at Maker Faire: Two guys from ARM (the people who designed the CPU in your mobile phone and probably a dozen other devices you own) have designed an amazingly elegant new microcontroller prototyping board, for making electronic gadgets even more easily than with the Arduino. Called mbed, it consists of a board with a USB port and 40 pins. The pins do the usual things (analogue/digital I/O, USB, Ethernet, &c.), but that's not the impressive thing about it; the impressive part is the design of the whole system, which brings web-style agile development to microcontroller-based gadgets.

When you get an mbed, you plug it into your computer (which may be a Windows PC, a Mac, a Linux box or anything else which can mount USB drives); it then appears as a USB disk, containing one file: a web link. You go to the web link, which directs you to mbed's web site, where you log in or create an account; from then on, you have an integrated development environment in your browser, with source navigation, syntax highlighting and a compiler. Your code is hosted online on mbed's servers (the system uses the Subversion version control system as a store). Create a new project, and you get a "Hello World" program (written in C++) which, by default, flashes one of the mbed board's built-in LEDs. Hit the Compile button, and your browser soon prompts you to download a .bin file of the compiled program. Save it to the mbed card's drive, hit the reset button on it, and your program runs.

That's not all, though; the mbed card can work with a plethora of hardware modules, from Nokia-style LCD displays to GPS units, Bluetooth modems and more. Which is where the next bit of elegance comes in. There exists an ecosystem of modular classes for driving these various devices. To attach a supported device, all you have to do is add the class for it to your project (by pasting the URL of its Subversion repository into a dialog box; the IDE does the rest for you), instantiate it as an object and call its methods. For example, here is code for drawing on a Nokia-style LCD display:

MobileLCD lcd(p5,p6,p7,p8,p9);  // the I/O pins
lcd.background(0xffff99);
lcd.foreground(0x000000);
lcd.locate(2,2);
lcd.printf("Hello world\n");
lcd.fill(0,64,128,128, 0xffffff);

mbed is somewhat more expensive than the Arduino (the price quoted was about £45 for the mbed board itself, whereas Arduino-compatible boards go for £13 or so). However, the elegance of the design, its ease of use and sheer niftiness could make it worth the price.

¶ arm diy hacks mbed programming tech 3 Share

When the Chumby One internet widget terminal was being assembled, the company noticed that one batch of memory cards, from Kingston, had a lot of defective cards. (The Chumby One's internal storage is a MicroSD card, like the ones used in mobile phones.) Kingston refused to replace them, as they had been programmed, and it looked like Chumby were out of luck. However, Chumby had an ace up their sleeve: one of their vice presidents is Andrew "Bunnie" Huang, i.e., the guy who cracked the XBox, and not someone one should count on being able to pull one over.

Anyway, Bunnie noticed some irregularities in the cards' markings and decided to conduct a thorough forensic investigation, examining the cards' serial numbers and manufacturing dates (where he found more inconsistencies; a lot of cards with implausibly low serial numbers and mismatched manufacturers' IDs) and then dissolving the cards' casings to examine their construction, and unearthed some answers:

First, the date code on the irregular card is uninitialized. Dates are counted as the offset from 00/2000 in the CID field, so a value of 00/2000 means they didn’t bother to assign a date (for what it’s worth, in the year 2000, 2GB microSD cards also didn’t exist). Also, the serial number is very low — 0×960 is decimal 2,400. Other cards in the irregular batch also had similarly very low serial numbers, in the hundreds to thousands range. The chance of me “just happening” to get the very first microSD cards out of a factory is pretty remote. The serial number of the normal card, for example, is 0×9C62CAE6, or decimal 2,623,720,166 — a much more feasible serial number for a popular product like a microSD card. Very low serial numbers, like very low MAC ID addresses, are a hallmark of the “ghost shift”, i.e. the shift that happens very late at night when a rouge worker enters the factory and runs the production machine off the books. Significantly, ghost shifts are often run using marginal material that would normally be disposed of but were intercepted on the way to the grinder. As a result, the markings and characteristics of the material often look absolutely authentic, because the ghost material is a product of the same line as genuine material.

Ghost shifts, and unlicensed extra items made on the side, are not unique to the memory card industry; this article describes several cases of contract manufacturers churning out extra copies of goods on the side, often in quantities large enough to flood markets, including a case involving shoe company New Balance.

Of course, you probably won't find ghost-shifted iPhones (as opposed to actual fake pseudo-iPhones, with built-in FM radios and entirely different firmware styled to look more or less iPhone-like) on the market any time soon, as Apple play hardball with their contractors, insisting on draconian security measures, dividing the manufacturing process up between different companies, and using nonstandard components.

(via MeFi) ¶ forensics hacks scams tech 1 Share

An unemployed sysadmin in Russia hacked into a video billboard and reprogrammed it to show a pornographic video, causing a traffic jam as drivers on a nearby road stopped to gape at the video and record it with their mobile phones.

The hacker, from Novorossiisk, used a server in Chechnya in an attempt to cover his tracks, though was unsuccessful; the Interior Ministry managed to track him down. (I wonder whether he'd have had more luck had he chosen a less politically fraught staging point.) He is now facing two years imprisonment; meanwhile, security rules for video billboards have been tightened.

I'm thinking something like this would make a good plot device; imagine a gang of assassins/bank robbers planting logic bombs in a few strategically placed billboards; at a preset time, they start showing porn, causing instant traffic jams and trapping their victim/blocking their pursuers. Or international jewel thieves hack video screens in an exclusive reception to show Goatse-style shock porn; as the attendees are momentarily stunned by the shock, unable to react, the bandits (dressed as waiters, naturally) act quickly, snatching the valuables and making their escape. Police have a hard time piecing together what happened afterward.

(via Boing Boing) ¶ crime détournement hacks porn pranks russia security 2 Share

An Armenian-born programmer recounts how, during his childhood in the USSR, he stumbled across the KGB's technique for listening in on conversations in any home.

Some time in 1981, I think, a relative from the U.S. comes to visit us for the first time since he left the country many years before that. He was going to stay in our house for a couple of weeks. My parents told me that such visits were always "monitored" by KGB, and so I should be careful with expressing any kind of anti-soviet ideas (which I was known for in the school). In the end though, nobody was going to take this seriously: neither the possibility of KGB agents freezing in cold outside watching us through the windows, nor any kind of bugs installed in our house.

Something strange, however, had happened when our relative had finally arrived. Our phone went crazy. First of all, it was practically impossible to call or to take calls during that period. And besides, the phone's ringer started giving a single "ding" twice a day, exactly at 9 in the morning and 9 in the evening.

(via Schneier) ¶ hacks security surveillance tech ussr 0 Share

A Russian CCTV surveillance company has allegedly stumbled along an ingenious way of reducing operating costs and boosting profits: by replacing surveillance camera feeds with prerecorded video. The alleged fraud was uncovered during a routine check of cameras in Moscow; the director of the surveillance company, who has been detained by police, denies the claims, claiming it's a setup by rivals.

(via /.) ¶ cctv crime fraud hacks russia security 0 Share

US troops in Iraq now have an iPhone app for tracking insurgents; well, for displaying tactical maps in real time. Meanwhile, the insurgents have found a Russian-designed program which can be bought for $26 and which allows them to watch the video feeds of Predator drones, which happen to be unencrypted. (Oops!) The military is planning to fix this, though it's harder to do than it sounds due to the expensive proprietary design of the aging drones.

¶ fail hacks iphone security tech war 0 Share

Boing Boing has a post on innovative ways of gaming airlines' pricing and air-miles schemes:

I love hanging out in airmile hacker forums -- these folks are insane. My favorite is the British Airways "Lisbon Loop." BA wants to court continental passengers, so trips overseas that originate from continental Europe are much cheaper. BA flight hackers claim that they buy a BA ticket that goes Lisbon-London-NYC-London-Lisbon, and a one-way cheap EasyJet ticket to Lisbon so they can board it. On the way home, they just get off in London, saving a bundle (you can't skip the Lisbon-London leg, or BA will cancel your tickets).

¶ air travel gibson's law hacks unintended consequences 0 Share

An electronic composer in Vienna has developed a means of reproducing the human voice on a piano. Recordings of speech are analysed and converted to frequency data, which is turned into MIDI notes. When played on a grand piano (using a system consisting of 88 pencil tops pushed by electromagnets or motors), it sounds intelligible, though otherworldly.

¶ awesome computer music hacks music video 0 Share

Users of criminal hacking forums have apparently been offering ridiculous sums of money for one type of low-end mobile phone. Certain Nokia 1100 handsets, manufactured in Bochum, Germany, are said to have a firmware bug which allows them to be reprogrammed to use another user's phone number, and thus intercept text messages containing bank transaction authentication codes, which is why the going price for them has gone as high as €25,000. Nokia have denied knowing of either such a flaw or of the phones for going for more than €100.

Though if criminals want a handset that can bypass GSM network security and intercept other users' messages, surely there'd be cheaper ways to go about this. Given that criminal gangs somehow managed to compromise a Chinese factory that made point-of-sale terminals and "enhance" the terminals with GSM-based card skimmers, surely it wouldn't be so hard to get one of the numerous Chinese mobile phone manufacturers to intentionally weaken security in one of their units to allow it to be used to spoof numbers, and then buying up a few boxloads of them. Bonus points for getting one that looks almost like an iPhone.

(via Engadget) ¶ crime gibson's law hacks mobile phones scams tech 1 Share

In Brazil, the street finds its own uses for obsolescent US military satellites. For over a decade, Brazilians, from long-haul truck drivers and villagers out of the reach of the mobile phone networks of the cities to illegal loggers and organised crime factions, have been bouncing radio signals off a US Navy satellite system using jury-rigged off-the-shelf amateur radio equipment. The satellite system, known as FLTSATCOM to its owners, is colloquially referred to as "Bolinha", or "little ball".

To use the satellite, pirates typically take an ordinary ham radio transmitter, which operates in the 144- to 148-MHZ range, and add a frequency doubler cobbled from coils and a varactor diode. That lets the radio stretch into the lower end of FLTSATCOM's 292- to 317-MHz uplink range. All the gear can be bought near any truck stop for less than $500. Ads on specialized websites offer to perform the conversion for less than $100. Taught the ropes, even rough electricians can make Bolinha-ware.

Truck drivers love the birds because they provide better range and sound than ham radios. Rogue loggers in the Amazon use the satellites to transmit coded warnings when authorities threaten to close in. Drug dealers and organized criminal factions use them to coordinate operations.

When real criminals use these frequencies, it's easy to tell they're hiding something, but it's nearly impossible to know what it is. In one intercepted conversation posted to YouTube, a man alerts a friend that he should watch out, because things are getting "crispy" and "strong winds" are on their way. Sometimes loggers refer to the approach of authorities by saying, "Santa Claus is coming," says Brochi.

The crackdown, called "Operation Satellite," was Brazil's first large-scale enforcement against the problem. Police followed coordinates provided by the U.S. Department of Defense and confirmed by Anatel, Brazil's FCC. Among those charged were university professors, electricians, truckers and farmers, the police say. The suspects face up to four years and jail, but are more likely to be fined if convicted.

In February of last year, FCC investigators used a mobile direction-finding vehicle to trace rogue transmissions to a Brazilian immigrant in New Jersey. When the investigators inspected his radio gear, they found a transceiver programmed to a FLTSAT frequency, connected to an antenna in the back of his house. Joaquim Barbosa was hit with a $20,000 fine.

(via Boing Boing) ¶ anarchy brazil cyberpunk gibson's law hacks tech 0 Share

An interesting interview with a former Windows adware author, by all accounts a very smart guy (albeit of, shall we say, above-average ethical flexibility), exposing both the security exploits used by Windows malware, the arms races in the malware underground and the dodgy business models of the industry:

The good distributors would say, ‘This is ad-supported software.” Not-so-good distributors actually did distribute through Windows exploits. Also, some adware distributors would sell access. In their licensing terms, the EULA people agree to, they would say “in addition, we get to install any other software we feel like putting on.” Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say “Hey! I’ve got 4 million machines. Do you want to pay 20 cents a machine? I’ll put you on all of them.” At the time there was basically no law around this. EULAs were recognized as contracts and all, so that’s pretty much how distribution happened.

So we’ve progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that’s encrypted– really more just obfuscated– to an executable that doesn’t even run as an executable. It runs merely as a series of threads. Now, those threads can communicate with one another, they would check to make sure that the BHO was there and up, and that the whatever other software we had was also up.

There was one further step that we were going to take but didn’t end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers. It turns out that in Windows, you can get access to the interrupt handler pretty easily. In fact, you can register with the OS a chunk of code to handle a given interrupt. Then all you have to do is arrange for an interrupt to happen, and every time that interrupt happens, you wake up, do your stuff and go away. We never got to actually do that, but it was something we were thinking we’d do.

There was also of course Scheme. Eventually, we got sick of writing a new C program every time we wanted to go kick somebody off of a machine. Everybody said, “What we need is something configurable.” I said, “Let’s install a Turing-complete language,” and for that I used tinyScheme, which is a BSD licensed, very small, very fast implementation of Scheme that can be compiled down into about a 20K executable if you know what you’re doing.

Eventually, instead of writing individual executables every time a worm came out, I would just write some Scheme code, put that up on the server, and then immediately all sorts of things would go dark. It amounted to a distributed code war on a 4-10 million-node network.

The author's advice to anyone wanting to avoid adware is "um, run UNIX".

(via /.) ¶ evil hacks malware security windows 0 Share

Got an iPhone you want to get unlocked? The software unlocks for the 3G might not be out yet, though you could always go to Vietnam, where they do things the hardcore way:

First, a technician opened up the phone and stripped it to the motherboard. In his skillful hands, the device seemed much easier to dismantle than I expected.

The technician then extracted the baseband chip, the component that controls the connection between the phone and the mobile network, from the motherboard. (This is a painstaking task as the chip is strongly glued to the phone's motherboard. A mistake during this process could brick the phone completely.)

Once the chip was extracted, it was Tuan Anh's turn. He used a chip reader to read information into a file. He then used a Hex editor to remove the locking data from the file, and after that, the chip got reprogrammed with the newly altered file. Now it was no longer programmed to work with only a specific provider.

The chip then got reassembled into the motherboard, another painstaking process.

(via Boing Boing Gadgets) ¶ apple hacks iphone vietnam 1 Share

Several researchers at UIUC have written a paper on how one could insert general-purpose back doors into a CPU, allowing those in the know to pwn any machine running on it, almost undetectably:

We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one specific attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more flexible, and harder to detect than an initial analysis would suggest.

Our memory access mechanism provides hardware support for unprivileged malicious software by allowing access to privileged memory regions. Malicious software triggers the attack by forcing a sequence of bytes on the data bus to enable the memory access circuits. This sequence can be arbitrarily long to avoid false positives, and the particular sequence must be agreed upon before deployment. Once the sequence is observed, the MMU in the data cache ignores CPU privilege levels for memory accesses, thus granting unprivileged software access to all memory, including privileged memory regions like the operating system’s internal memory. In other words, loading a magic value on the data bus will disable protection checking. We implement this technique by modifying the data cache of our processor to include a small state machine that looks for the special sequence of bytes, plus some additional logic in the MMU to ignore privilege levels when malicious software enables the attack.

Using the shadow mode mechanism, we implement a malicious service that acts as a permanent backdoor into a system (Figure 2). To initiate the attack, an attacker sends an unsolicited network packet to the target system and the target OS inspects the packet to verify the UDP checksum. The act of inspecting the packet (necessary to decide if it should be dropped) triggers the trojaned hardware, and the malicious service interprets the contents of the packet as new firmware that it loads into the processor invisibly. The target operating system then drops the unsolicited packet and continues operation, oblivious to the attack.

And if civilian security researchers have just discovered this, it's not unlikely that ones in intelligence agencies have had such techniques for a while. I wouldn't be surprised if the NSA had similar back doors in all US-designed CPUs likely to end up on the export market, just in case, or if the Chinese government had similarly altered CPUs (or other strategic components) being manufactured on Chinese production lines, or indeed if other intelligence agencies had managed to get their own hooks into the silicon.

(via Schneier) ¶ hacks security skulduggery tech 1 Share

One of the things I enjoy doing is creating electronic music, for which I use a Macintosh laptop, some music software and various plugins. For the past few years, the software which I used has been Apple's Logic Express, to which I switched from Cubase VST when moving from MacOS 9 to OSX. As Logic didn't come with a drum machine program back then, I found myself buying Linplug's RMIV drum machine, which I have over the years used extensively.

RMIV is an excellent and comprehensive drum machine, which contains both analogue-style drum synthesisers and sample playing capabilities, as well as filters and effects. However, it has one downside; when you import sounds into it, it has the annoying tendency of saving those in its own proprietary format (rather than using a standard format such as, say, AIFF or WAV, both of which are good enough for other software including Apple's own samplers).

Recently I have started using Ableton Live, and have found it very impressive. While Live will happily load all my AudioUnit plugins, it also contains its own drum sample player, Drum Rack, which integrates more tightly with it. Drum Rack allows you to drag your favourite samples to various pads and play them. The hitch is that the samples must be in a standard format; if most of your drum samples are in RMIV's .D4T format, then you have a problem. Guess where most of my samples were?

Anyway, not being one to give up easily, I took it upon myself to examine the D4T format, and come up with a way of converting my samples to an open format. Luckily, I had some samples sitting around in both formats; after examining them with hexdump(1) and a Python interpreter, I soon determined that D4T is a fairly simple format, consisting of a short header and the samples in 32-bit float format.

The header turned out to be a bit more work; there were what looked like magic numbers in it, as well as some values roughly proportional to the file size, though bizarrely unrelated to actual sizes. After creating a few oddly-sized AIFF files, importing them into RMIV and examining the imported versions, I determined that RMIV's format used a bizarre way of encoding integers: it would encode them in binary-coded centimal. Which is to say, as a series of bytes, each containing a value from 1 to 99, representing a pair of decimal digits. Why they settled on this peculiar and inefficient encoding, I can only guess; it seems too feeble to be an attempt to thwart reverse engineering.

Anyway, the point of this anecdote is that I have now written a Python script which converts from RMIV's .D4T sample files to AIFF files. (One could change it fairly trivially to make WAV files, though that's left as an exercise to the reader.) The script, named "dermiv", is here.

¶ audio code computer music hacks mac python 1 Share

14-year-old "electronics genius" in Lódz, Poland, built a remote control for the city's tram system (apparently out of a TV remote control, though presumably they mean that he housed it in a TV remote control case ) and used it to change points, forcing trams onto the wrong tracks, until he was arrested.

"He had converted the television control into a device capable of controlling all the junctions on the line and wrote in the pages of a school exercise book where the best junctions were to move trams around and what signals to change.

Problems with the signalling system on Lodz's tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.

¶ hacks poland pranks risks security trams 0 Share

One useful feature which Facebook, the social network site of the moment, lacks is the ability to compartmentalise information. Whereas on LiveJournal you can define filters and make posts visible to only some of them, on Facebook, every piece of information you published is visible to all your contacts. (Except for those who can only see a limited profile, who are forever stuck in a purgatory of sort-of being "friends" with you whilst being left out of all the fun.)

Being able to compartmentalise your information is useful; there are undoubtedly things you want to tell some of your friends whilst not letting the rest know, other things you're happy sharing with a different (though possibly overlapping) subset, and others you're happy letting anyone know. Think, for example, of talking about work without pissing off coworkers, or confiding about your lovelife, or discussing health issues without overwhelming others with "too much information". As social software becomes an integral part of the social support networks of today's compulsively multitasking, digitally connected population, such controls become more a necessity than a luxury.

Fortunately, Facebook's users have come up with a workaround: creatign members-only groups in lieu of privileged posts. So next time you see a group with an otherwise uncompelling name like "Emma has a new phone number", you'll know what's going on.

(via confused in calcutta) ¶ facebook gibson's law hacks privacy social software 0 Share

Some enterprising hackers have reverse-engineered the firmware on a range of Canon digital cameras (based on the DiGIC II chip) and written their own firmware enhancement. Named CHDK, it offers features including RAW images (disabled in non-professional models), live histograms, depth-of-field calculations and a scripting language (based on BASIC, though we can't have everything) that can be used for automating your camera. There are some sample scripts here, which do things from setting bracketing to specialised modes for unusual photographic conditions to automating HDR photography.

What's more, the replacement isn't a new firmware per se, but rather a patch which boots from the memory card and runs from the camera's RAM (apparently making use of the original firmware's functions), so you won't brick your camera.

I wonder, though, what the performance tradeoffs of using it is; I don't imagine that compact cameras would have large amounts of RAM to spare that can be loaded up with third-party software that they were never intended to run in production.

(via Boing Boing Gadgets, Engadget) ¶ cameras canon chdk digic ii hacks 0 Share

This guy attached a digital camera (a specially modified keychain camera) to his cat's collar and recorded the sequences of images as the cat (named Mr. Lee) went about his daily journeys. The images vary in quality (as one might expect), and include a lot of obscure nooks and crannies of the sorts cats frequent, and quite a few meetings with other neighbourhood cats.

The author of the page, J. Perthold, also sells cat-mountable digital cameras of his design for people who want to photograph what their cats are seeing. The next step, I imagine, would be to integrate wireless networking capabilities of some sort into the unit and set up a catlog.

(via alecm) ¶ cats hacks nifty photography 1 Share

Security researchers have found that it is trivially easy to transmit false traffic reports to in-car navigation units. The units look for messages transmitted as digital data piggybacked onto FM radio signals using a protocol known as RDS, and it seems not to have occurred to whoever designed the RDS system that anyone might tamper with these messages; as such, they are transmitted in the clear, and without any sort of authentication. The units also scan the entire FM spectrum, looking for anything that looks like a radio station with a RDS channel containing traffic information. The rest is left as an exercise to the reader:

Through trial and error, they discovered that transmitting certain code numbers translates into certain warnings that are displayed on the satellite navigation system. Some were amusing. One code number alerts users that there's a bull fight in progress. Another one indicates delays due to a parade. But some weren't so funny. One tells users that there has been a terrorist incident. Another indicates a bomb alert and another an air crash.

(via /.) ¶ hacks navigation oops rds security 0 Share

A web site on hacking the AppleTV, Apple's new TV set-top box, which appears to be a low-power Intel-based machine running a customised distribution of otherwise standard OSX. Unlike the iPhone, it seems that it doesn't require executable code to be cryptographically signed. So far, there are instructions on enabling SSH for logging into the AppleTV, installing DivX decoders and the VLC media player and copying things like Apache from an Intel Mac to the AppleTV.

(via /.) ¶ apple appletv hacks osx tech 0 Share

Cognitive neuroscience researcher Ogi Ogas describes how he used techniques from neuroscience to win a quiz show, getting questions he did not consciously know the answer to:

Cognitive models developed by my advisor Gail Carpenter suggest that a more effective way to evaluate an intuition is to consider its mnemonic associations. If you can mentally trace some of the cognitive links of an intuition (through a process similar to priming), these links may suggest whether the intuition is meaningfully connected to the correct answer or whether the link is trivial, incidental, or wrong. For example, given the question "Bucharest is the capital of what European country?", you might have an intuition that the answer is Hungary, because the actual capital of Hungary--Budapest--sounds like "Bucharest" and is thus unconsciously linked. In this case, naively following your unexamined intuition would lead you away from the correct response: Romania.

My $250,000 question presented me with a case of pure intuition. "The department store Sears got its start by selling what specific product in its first catalog?" Since pop culture esoterica and business origins are outside my domains of interest, I did not know the answer. But for some reason, even before the four possible answers appeared, I thought of watches. When "watches" turned up as one of the choices, I reflected on it further. I did not feel any certainty. But why did my brain come up with "watches?" ... As I concentrated on my watch intuition, I began to think about railroads. My brain's memory pattern of watches was somehow linked to a memory pattern of railroads, and my railroad memory also evoked a memory of Sears. Though I still could not work out the explicit connection between watches and Sears, I satisfied myself that "watches" had some deep mnemonic relationship to both railroads and Sears--perhaps at some point in my life I had read that Sears originally delivered their watch catalogs by railroad?

Later, in the tranquility of my apartment, I discovered that 23-year old railroad station agent Richard Sears sold watches to other station agents along the Minneapolis and St. Louis Railway for a full year before meeting up with Alvah C. Roebuck. I never did discover how this obscure factoid had left its faint trace upon my brain.

(via mindhacks) ¶ cogsci hacks mind neuroscience psychology 0 Share

Rock, Paper, Scissors may sound to the casual observer like a perfect game of chance; however, with the human mind being what it is, there are many ways to play it to win:

In RPS circles a common mantra is "Rock is for Rookies" because males have a tendency to lead with Rock on their opening throw. It has a lot to do with idea that Rock is perceived as "strong" and forceful", so guys tend to fall back on it. Use this knowledge to take an easy first win by playing Paper. This tactic is best done in pedestrian matches against someone who doesn't play that much and generally won't work in tournament play.

When playing with someone who is not experienced at the RPS, look out for double runs or in other words, the same throw twice. When this happens you can safely eliminate that throw and guarantee yourself at worst a stalemate in the next game. So, when you see a two-Scissor run, you know their next move will be Rock or Paper, so Paper is your best move. Why does this work? People hate being predictable and the perceived hallmark of predictability is to come out with the same throw three times in row.

When playing against someone who asks you to remind them about the rules, take the opportunity to subtly "suggest a throw" as you explain to them by physically showing them the throw you want them to play. ie "Paper beats Rock, Rock beats scissors (show scissors), Scissors (show scissors again) beats paper." Believe it or not, when people are not paying attention their subconscious mind will often accept your "suggestion". A very similar technique is used by magicians to get someone to take a specific card from the deck.

(via Make) ¶ hacks psychology 0 Share

Today's novel use of technology: using the vibration detectors in PC hard disks around the world to detect earthquakes and predict tsunamis:

As part of their operation, hard disks measure vibrations in order to keep the read-write head of the disk on track. These measurements can be read from some hard disks. The Tsunami Harddisk Detector captures this vibration data and shares it with computers in other locations connected via a peer-to-peer network to determine whether an earth tremor is occurring.

(via /.) ¶ environment hacks tech 0 Share

Apparently it's possible to modify a digital camera to take infrared photographs, by removing the infrared filter and replacing it with one that blocks out everything but infrared (made from material obtainable from photographic retailers). It's not recommended that you do this to any camera you'd mind destroying if the procedure fails, but if you are successful, you get something that takes photos like these:

(via Make) ¶ art hacks howto infrared photography 1 Share

An enterprising hacker, noticing that his Nokia 6230i mobile phone has both an imaging sensor and Bluetooth, much like a wireless mouse, has written a Java applet that uses the phone as a mouse. It's not perfect (the imaging sensor is not designed for focussing so closely, so it needs a high-contrast surface), and currently requires a special custom driver on the computer, though he is working on making it behave like a standard Bluetooth mouse.

The hacker, going by the name of "Pyrofer", also has a number of other projects up, including a 1541-emulating memory card reader for the C64 DTV.

(via /.) ¶ bluetooth commodore 64 hacks nokia 0 Share