Twitter Goodies


Slam the Online Scam


Jacob’s Ladder Using a 10kV Oil Transformer

Jacob's ladder using an Oil Furnace Transformer

Jacob’s Ladders are a staple experiment in any self-respecting mad scientist’s lair — err, a hacker’s workshop. And why not? High voltage, arcing electricity, likely more than enough to kill you even — brilliant! But in all their awesomeness, Jacob’s ladders really aren’t that complex.

In [Kevin Darrah's] latest tutorial he shows us how to make one out of a transformer taken from an oil furnace. Why exactly does an oil furnace even have a high voltage transformer in the first place? They’re actually used as the ignition source, like a pilot light!

The one [Kevin] has is a 110VAC to 10,000VAC transformer, which puts out about 20mA (probably enough to kill you). And to turn it into a Jacob’s Ladder, you’ll just need a two long stiff wires (copper is a good candidate). The wires are closest at the bottom where the transformer can easily arc — this arc then ionizes and heats the air causing it to rise, carrying the arc with it. As the arc continues up the ladder it gets longer and longer as the wires become farther apart, becoming more and more unstable until it breaks. When this happens the arc forms again at the lowest point of resistance — the bottom.

It’s certainly a fun experiment when done properly, just make sure you are being safe when working with any high voltage equipment — not like this guy who used a similar transformer to electrify some home-made wolverine claws.

Filed under: how-to

Can reading literary fiction make you more intelligent?

This is an episode from Braincraft explores the idea that reading literary fiction might actually make you more intelligent. In addition to the basics of learning about new people, places, things, and words, reading has been shown to actually increase your “emotional intelligence.” Basically, emotional intelligence is our ability to understand and connect with other people.

Hat Hash Hacking at DEFCON

You probably remember that for DEFCON I built a hat that was turned into a game. In addition to scrolling messages on an LED marquee there was a WiFi router hidden inside the hat. Get on the AP, load any webpage, and you would be confronted with a scoreboard, as well as a list of usernames and their accompanying password hashes. Crack a hash and you can put yourself on the scoreboard as well as push custom messages to the hat itself.

Choosing the complexity of these password hashes was quite a challenge. How do you make them hackable without being so simple that they would be immediately cracked? I suppose I did okay with this because one hacker (who prefers not to be named) caught me literally on my way out of the conference for the last time. He had snagged the hashes earlier in the weekend and worked feverishly to crack the code. More details on the process are available after the jump.

He and his compatriots really went all out on this. As a countermeasure against all the accounts getting hacked very quickly I made 8 different firmware images for the WR-703N router (which runs OpenWRT). To differentiate these I added themes. This first one is “Dune” but we also had Star Trek, Star Wars, and HitchHicker’s Guide to the Galaxy. Because of this, the hash crackers scraped a bunch of Dune themed website to build their own dictionary files. This turned out to be a red herring. I had tested dictionary passwords and cracked them in a matter of minutes. I didn’t think to use odd words like those from Frank Herbert’s books. That would have been a great idea.

The password generator I used was written in Python and can be found in this project log. I chose to use random loops to generate passwords that were 5-7 characters long and used lower case, lower case with numbers, lower case with upper case and numbers and all the punctuation on the top row of your keyboard. Even a brute force is time-consuming with 5-7 characters but limiting the character choices will get you there a lot faster. In the end, 5 of the passwords were cracked in around an hour (which was my target complexity) and about 15 more were discovered over night.

Once they had the cracked hashes they tracked me down, and without me realizing it, used ssh to get into the hat and leave their alias for the scoreboard. Furthermore they figured out that echoing to /dev/ttyUSB0 pushes messages to the hat. This means they figured out everything that could be done for this challenge.

Filed under: cons, Featured, security hacks

UPS data breach: Another one bites the dust

What can brown do for you? If you’re one of the unlucky customers, the answer might be that brown can compromise your credit card information. UPS revealed that it is the latest high-profile company to fall victim to a data breach resulting from a point-of-sale system compromise.

The data breach was announced August 20, but the initial compromise was traced back to January 20. The attack affected 51 of the 4,000-plus retail stores UPS operates, and was identified and remediated on August 11. If you happened to be a customer at one of those 51 stores, though, during the timeframe the compromise was active, there is a good chance your credit card information has been captured.

To read this article in full or to leave a comment, please click here

Bank of America’s Data Mapping Adds $1 Per Share

Bank of America uses Esri technology to cut costs while retaining customers.

TouchShare Web Optimized for Use of Esri Map & Feature Services, KML and More Bookmark and Share

TouchShare's browser application leverages GIS investments in Esri Mapping and Feature Services.

Eight in 10 Enterprises Turn to Citizen Developers for Innovation

Esri uses sites like GitHub, a repository for open-source code, to share and build apps for mobile, social, analytics and cloud technologies.

NASA’s Stardust Spacecraft May Have Identified Interstellar Particles

This image, taken from the scan, shows the structure and form of dust clouds within about 500 light-years of the sun. The bright band in this far-infrared image is the Milky Way’s spiral disk. Above that, you can see the cold dust arching upwards. Via NASA

This image, taken from the scan, shows the structure and form of dust clouds within about 500 light-years of the sun. The bright band in this far-infrared image is the Milky Way’s spiral disk. Above that, you can see the cold dust arching upwards. Via NASA

NASA’s Stardust spacecraft launched in 1999. Its mission was simple enough: Travel through space collecting interstellar dust particles. The vehicle headed towards Jupiter to collect and return comet samples. NASA scientists have been analyzing the payload since its return to Earth back in 2006. After careful analysis, the team has detected the first potential contemporary interstellar dust particles. These particles could date back to the formation of our solar system and, if confirmed, would be an incredible discovery.

The Stardust spacecraft encountered multiple comets on its seven year mission, and it returned to the Utah Testing and Training Range in 2006. The vehicle’s Sample Return Canister was transferred to a holding facility at Johnson Space Center where it has been kept for analysis. The Sample Return Canister is composed of a tennis-racket-shaped collection tray, with one half used to collect samples from comets and the other half used for interstellar collections. In 2004, the vehicle flew along a comet, gathering particles and locking them in a silica aerogel for storage. Upon return, the samples have been meticulously scrutinized and scientists have identified seven distinct particles that could have extrasolar origins. These particles may even have been forged in a supernova explosion, and altered by the harsh environment of outer space.

The area circled in red contains a grain of cosmic dust that could have extrasolar origins. Image Credit: NASA

The area circled in red contains a grain of cosmic dust that could have extrasolar origins. Image Credit: NASA

“These are the most challenging objects we will ever have in the lab for study, and it is a triumph that we have made as much progress in their analysis as we have,” said Michael Zolensky, curator of the Stardust laboratory at NASA’s Johnson Space Center in Houston and coauthor of the Science paper.

After careful analysis, scientists were surprised to discover the particles have a more diverse structure and chemical composition that originally predicted. There were different sizes of particles, each with a different history. The team noted that the larger, more massive particles were “fluffy” in nature, very similar to a snowflake. More detailed analysis is needed to determine if these particles truly come from outside of the solar system. If so, they will be able to answer many questions scientist currently have about how interstellar dust forms and also how it evolves over time.

Four of the seven particles identified were not discovered in the aerogel, but in the aluminum foils between the collection trays. Although the foils were not originally designed as collection receptacles, the foils proved very beneficial. Three of these four particles are only a few tenths of a micro thick and are composed of sulfuric compounds — compounds that are currently not associated with interstellar dust. Future analysis will be able to identify a larger sample of these particles to truly understand their origins.

With the help of some “Dusters”, a group of citizen scientists, two particles approximately two microns (mere thousandths of a millimeter) thick were isolated after their tracks and identified. The University of California Berkley volunteer group scanned over one million images in search of these particles. A third track was discovered, thought to be left behind by a particle moving so fast (approximately 15 kilometers per second), that it vaporized upon impact with the receptacle. Additionally, the volunteers have identified 29 other particles.

An artist's rendition of the Stardust spacecraft flying through the solar system, collecting cosmic dust particles. Image Credit: NASA

An artist’s rendition of the Stardust spacecraft flying through the solar system, collecting cosmic dust particles. Image Credit: NASA

So far, Johnson scientists have scanned half of Stardust’s collection panels at varying depths. The scans were then converted into video format and posted online for the Dusters to access and evaluate. If a particle is identified, the Duster tags the track and a team of scientists led by Andrew Westphal verifies the identifications. Of the one million framed scanned so far (each around half a millimeter square), the Dusters have identified 69 tracks with two of those verified by Westphal’s team. The team has named two of the particles Orion and Hylabrook. This dusty duo is will be studied in great detail in hopes of determining their oxygen isotope quantities and verifying their extrasolar origins.



How Badly Do You Need A Vacation?

It’s time to Treat. Yo. Self.


More problems emerge on the Community Health Systems network

More details have emerged concerning the state of security on Community Health System's (CHS) network. Research from Lookingglass, a security intelligence firm based in Arlington, Virginia, shows a pattern of un-patched systems and inadequate vulnerability management.

On Monday, CHS disclosed a data breach in an 8-K filing with the U.S. Securities and Exchange Commission.

In it, the company said that in April and June of 2014, attackers believed to be from China (a determination made by Mandiant after CHS hired them to do clean-up), compromised 4.5 million records.

To read this article in full or to leave a comment, please click here

3D Mapping Data’s Future: 8 Examples

Federal agencies, academia, communities, and the private sector are collaborating on advanced US mapping data as part of the 3D Elevation Program.

Money Midterms: The States Dominating 2014′s Political Cash War

Esri interactive maps feature the money spent on the 2014 midterm elections.

Super Nice CNC Router Build Leaves Little To Be Desired

Aluminum CNC Router
[Enzo] wrote in to tell us about his recently completed CNC Router (translated). This is an excellent high-quality, all-aluminum build with no cut corners. The work envelope is a respectable 340 by 420 mm with 80 mm in the Z direction. Linear ball bearings make for smooth travel and lead screws with both axial and radial bearings give a solid foundation of accurate and repeatable movements.

Aluminum CNC Router

We’ve had a bunch of CNC Router projects on Hackaday in the past, including other nicely made aluminum ones, but [Enzo] is the only one who spent just as much effort on his computer and machine control system as he did on the CNC machine itself. The computer, which is running Windows and Mach3, is an all-in-one style build that starts out with an old LCD screen from a broken laptop. Along with the reused screen, a very small ETX form factor motherboard was stuffed inside a custom made plexiglass enclosure. A Compact Flash card handles the storage requirements.

Underneath the monitor is another great looking custom made enclosure which houses the stepper motor drivers. There are 3 switches on the front panel to send main’s power out to the PC, spindle and an AUX for future use. On the back panel there are D-sub connectors for each stepper motor, the limit switches and the PC connection. Oh yeah, by the way [Enzo] designed his own bipolar motor drivers (translated) and sent the design out for fabrication. These boards use an A4989 IC and mosfets to control the motors. The schematics are on his site in case you’d like to make some yourself.

Aluminum CNC Router

Filed under: cnc hacks

City of London Police brings in Kaspersky to train officers to tackle cybercrime

City of London Police has enlisted internet security expert Kaspersky Lab to help train its officers to tackle all levels of cybercrime.

The training programme will provide officers with the skills and knowledge to identify and resolve cyber crimes ranging from an individual victim encountering fraud during an online shopping-spree, to a business losing thousands of pounds from a targeted attack.

City of London police said the scheme will be extended into further services and large enterprises across the UK, "aiming to upskill UK industry on ways to protect themselves against cyber attacks".

Coupled with theoretical knowledge, the week-long training programme allows for real hands-on experience, teaching vital skills such as inspecting network traffic, analysing hard-drive images and decompiling malicious software, using specialised training tools and methodology developed by Kaspersky Lab.

To read this article in full or to leave a comment, please click here

Fast & Furious 6 Pirate Sentenced to 33 Months Prison

During May 2013, TorrentFreak received an email from an individual in the UK who detailed serious problems he’d experienced in the preceding days.

On May 23 at 07:30, five unmarked cars containing 10 police officers and representatives from the Federation Against Copyright Theft tried to apprehend the man at this former address. That error was quickly corrected and within minutes three cars, four detectives and two FACT officers had made it to the correct location.

The police were looking for Philip Danks, a man from Walsall in the West Midlands. Their information was that the then 24-year-old had cammed Fast and Furious 6 at the local Showcase cinema before uploading it to the Internet.

“I was detained for 3 hrs 12 minutes, out of that I was questioned for approximately 40 minutes,” Danks told TorrentFreak at the time. “One police officer and two FACT officers conducted the interview. The police officer sat back and let FACT do all the questioning, so FACT were running the show.”

Danks was eventually released, but in September police were back, this time arresting both his sister and her former boyfriend. New allegations were made, this time in respect of the unauthorized camming and uploading of the movie ‘Epic’.

In March this year Danks told TF that the police weren’t going to take any action against him. However, after previously keeping us updated, Danks went quiet. Today his fate has been revealed.

Following a trial at Wolverhampton Crown Court, Danks was sentenced to 33 months in prison for recording, uploading and also selling physical copies of Fast and Furious 6.

In Court it was claimed that Danks’ uploading of Fast 6 resulted in more than 700,000 downloads costing Universal Pictures and the wider industry millions of pounds in losses.

It appears that Danks was also very easy to trace. When he contacted TF last year his email address betrayed his online nickname – ‘TheCod3r’ – a handle that is now easily linked to a KickassTorrents upload of the same movie. FACT say it was this username that led them to Danks.

Comments left by TheCod3r on KickassTorrentsfast6com

While 33 months is no doubt an extremely harsh sentence, there were important aggravating factors. FACT report that following his arrest in 2013, Danks continued to both sell and distribute illegal copies of movies. He was assisted with uploading by Michael Bell, his sister’s former boyfriend. The Court sentenced Bell to a 12 month community order with 120 hours unpaid work.

Both pleaded guilty to committing offenses under the Fraud Act 2006 and the Copyright, Designs and Patent Act 1988. 

Kieron Sharp, Director General of FACT said that his organization is grateful to West Midlands Police for their assistance in bringing Danks and Bell to justice.

“This is an important case and an important sentence. Danks was responsible for recording, uploading and distributing the film and was clearly unconcerned at the time about the consequences of his actions, perhaps believing that the internet gave him anonymity. We at FACT have shown that we will find and identify people committing criminal offenses and ensure that they are properly dealt with through the courts,” Sharp said.

The MPAA’s Chris Marcich said that holding pirates to account is vital if the creative industries are to flourish alongside the development of legal services.

“It is important that those making money on the back of other people’s hard work and creativity, paying nothing back into the creative economy, are held accountable and we welcome today’s verdict,” Marcich said.

“This is one important element of the wider strategy to tackle this issue which also includes educating consumers about legitimate online sources of content through schemes like Creative Content UK, working with advertiser and payment processors to cut off the revenue streams pirate sites rely on and blocking illegal sites through the courts.”

Yet again FACT have another very big headline under their belt which will prove useful in their quest to deter those contemplating a similar course of action to Danks. As previously noted, camming on its own is not considered an offense, but couple it with distribution and selling copies for profit and things can get very serious indeed.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

When Epic Timelapse Cinematography Meets…Marmot?!

Timelapse cinematography can be extremely powerful. It reveals the malleable timelessness of the natural world, the complex beauty of the cosmos, and it forces us into new and ever-widening perspectives. Consequently, we have covered a number of stunning videos at From Quarks to Quasars. In the end, nothing compliments a firm understanding of the universe like a deep-seated awe and appreciation of it.

But this particular video, captured by Greenpeace videorapher Mitch Wenkus, is definitely the most unique video that we’ve ever covered.

Here, the stunning beauty of the Rockies is (somewhat ungraciously) interrupted by an inquisitive little marmot. A marmot who, after obsessively licking the camera, topples the whole thing over. The first few moments of the video shows 25 minutes of clouds moving graciously across the sky, all sped up to cover a span of just 2 seconds. Then the video is brought back to normal speed as the marmot makes his glorious entrance. This is something you won’t want to miss.

WATCH: When Timelapse Meets Marmot

Wenjus offers more details about the technical aspects of the video:

As far as technical aspects, was pretty easy as far as timelapses go. I set up the GoPro Hero 3+ on 2K video resolution filming at 24 frames per second. (You can use any video setting on the GoPro to achieve this effect, I chose 2K because it allows room to crop without loosing quality). Then I imported the footage into Final Cut Pro X. I sped up the 25 minutes of clouds moving down to 2 seconds. Then when the marmot came in, I just let the video play at normal speed.

I cut the video shortly after the marmot knocked over the camera. I figured no one would be interested in watching an hour of the same rock ;)


To see FQTQ coverage on timelapse cinematography:

Timelapse of our Universe: The Mountain

Timelapse of Weather: Milky Way, Auroras & Thunderstorms

Timelapse From Orbit: Stunning Views From the ISS

Sparkfun Ships 2000 MicroViews Without Bootloaders


Everyone has a bad day right? Monday was a particularly bad day for the folks at Sparkfun. Customer support tickets started piling up, leading to the discovery that they had shipped out as many as 1,934 MicroViews without bootloaders.

MicroView is the tiny OLED enabled, Arduino based, microcontroller system which had a wildly successful Kickstarter campaign earlier this year. [Marcus Schappi], the project creator, partnered up with SparkFun to get the MicroViews manufactured and shipped out to backers. This wasn’t a decision made on a whim, Sparkfun had proven themselves by fulfilling over 11,000 Makey Makey boards to backers of that campaign.

Rather than downplay the issue, Sparkfun CEO [Nathan Seidle] has taken to the company blog to explain what happened, how it happened, and what they’re going to do to make it right for their customers. This positions them as the subject of our Fail of the Week column where we commiserate instead of criticize.

First things first, anyone who receives an affected MicroView is getting a second working unit shipped out by the beginning of November. Furthermore, the bootloaderless units can be brought to life relatively easily. [Nate] provided a hex file with the correct bootloader. Anyone with an Atmel AVR In-System Programming (ISP) programmer and a steady hand can bring their MicroView to life. Several users have already done just that. The bootloader only has to be flashed via ISP once. After that, the MicroView will communicate via USB to a host PC. Sparkfun will publish a full tutorial in a few weeks.

Click past the break to read the rest of the story.

So what went wrong? The crux of the problem is a common one to manufacturing: An incomplete production test. For many of their products, Sparkfun loads a single hex file containing the production test and the optiboot bootloader. The test code proves out the functionality of the device, and the bootloader allows the customer to flash the device with their own sketches. The problem is the bootloader normally connects to a PC host via USB. Enumerating a USB connection can take up to 30 seconds. That’s way too slow for volume production.

Sparkfun opted to skip the bootloader test, since all the pins used to load firmware were electrically tested by their production test code. This has all worked fine for years – until now. The production team made a change to the test code on July 18th. The new hex file was released without the bootloader. The production test ran fine, and since no one was testing the bootloader, the problem wasn’t caught until it was out in the wild.

The Sparkfun crew are taking several steps to make sure this never happens again.They’re using a second ATmega chip on their test fixture to verify the bootloader without the slow PC enumeration step. Sparkfun will also avoid changing firmware during a production run. If firmware has to change, they’re planning to beta test before going live on the production line. Finally, Sparkfun is changing the way they approach large scale production. In [Nathan's] own words:

Moving from low volume to mid-volume production requires a very different approach. SparkFun has made this type of mistake before (faulty firmware on a device) but it was on a smaller scale and we were agile enough to fix the problem before it became too large. As we started producing very large production runs we did not realize quality control and testing would need very different thinking. This was a painful lesson to learn but these checks and balances are needed. If it didn’t happen on Microview it would have happened on a larger production run someday in the future.

Everyone has bad days, this isn’t the first time Sparkfun has lost money due to a mistake. However, they’re doing the right thing by attacking it head on and fixing not only the immediate issue but the underlying thought process which allowed the problem to arise.

Filed under: Hackaday Columns, news

What are CISOs’ top security concerns and strategies?

Security is no longer just an IT issue, it’s a business priority issue. In the past year, we’ve experienced a handful of high profile data breaches that affected tens-to-hundreds of millions of individuals in each—Court Ventures in October 2013, Target in December 2013, P.F. Chang’s in June, and the untold number of sites that a Russian crime ring hacked just a couple of weeks ago.

[Survey results reveal both IT pros' greatest fears and apparent needs] 

To read this article in full or to leave a comment, please click here

Fraud and Embezzlement Drives Anti-Piracy Group into Bankruptcy

smaisguyAnti-piracy groups are often quick to label file-sharing sites as criminal organizations, but these outfits also have some rotten apples amongst their own.

A few months ago we reported on the President of the Lithuanian Anti-Piracy Association LANVA, who was jailed for two years for drug trafficking. The boss of Iceland’s anti-piracy group SMAIS is not doing much better, it seems, as he stands accused of fraud and embezzlement.

SMAIS is a local branch of Hollywood’s Motion Picture Association. The group recently failed to get The Pirate Bay blocked in Iceland, and has now run into the law itself.

The organization’s board filed for bankruptcy after it discovered a wide range of serious problems. The group’s financial statements were falsified, the books were not in order, and taxes haven’t been paid since 2007.

Making matters even worse, the board says that its CEO Snæbjörn Steingrímsson has admitted to embezzlement. This case is now under review by the Special Prosecutor, who has to decide whether a criminal investigation will be launched against the anti-piracy chief.

The last time SMAIS made international headlines was last year, when the group pulled its Facebook page offline after four days. According to Steingrímsson, SMAIS didn’t have enough resources to handle the constant flaming comments from the public.

What certainly didn’t help was that the launch of the Facebook page coincided with the news that SMAIS never paid for the film and game rating software they purchased from a Dutch company back in 2007. Considering the position the group is in now this is hardly a surprise.

Whether Hollywood has plans to install a new anti-piracy group in Iceland if the bankruptcy goes through is currently unknown.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Apple patches 12 Mac bugs in Flash, SSL

Apple on Tuesday patched 12 vulnerabilities in Leopard and Snow Leopard, including seven in Adobe Flash Player and one in the protocol used to secure Internet traffic.

Security update 2010-001 is the first from Apple this year, and noticeably smaller than the monster issued last November that fixed almost 60 flaws.

The seven fixes for Flash Player, Apple's first update to the popular media player since last September, brought the program up to version, the same edition that Adobe shipped on Dec. 8, 2009, for Windows and Linux. Adobe tagged six of the seven vulnerabilities as critical in its own security advisory last month.

To read this article in full or to leave a comment, please click here