Slam the Online Scam

Twitter Goodies



STEAM Carnival Hacker Preview Day

Carney For LifeLast week we wrote about the guys over at TwoBitCircus and their upcoming STEAM Carnival. This Thursday we managed to make it down to the Hacker Preview day where they showed us all the toys and games that will be exhibited over the weekend.

The preview day went pretty well until the evening, when unexpected power problems occurred and the site lost power for a little while. But this is why you have a preview day right? Organizer [Brent Bushnell] even commented that he should have put a BETA badge on the ticket. Thankfully the outage coincided with the food truck arriving so everyone stopped for a burger.

Sadly all the fire based pieces were not active on the preview day since they didn’t have the appropriate safety measures in place yet, but they did get to show us most of their games. My personal favorites were the Hobby Horse Racing, and the Laser Foosball.

Here’s a quick run down of some of the stand out pieces.

Hobby Horse Racing

Hobby Horse Racing

This consisted of 5 hobby horses made from old saw horses! Each horse contained an accelerometer on a microcontroller board, connected to a PC over USB. There was a simple push button on the right rear side of each horse so you could spur your mare on to a win!

The use of saw horses really made this for me.

Human MeteorsHuman Meteors

The name threw me for a minute, but this is actually a giant game of Asteroids projected on the floor using a laser projector.

There’s a Wiimote strapped to the front of the chair which is used for detecting movement and acts as your fire button.


Laser FoosballLaser Foosball

This was produced by one of TwoBitCircus’s intrepid interns. The idea is simple and genius at the same time. You rotate the mirrors to redirect laser beams to make it into your opponent’s goal. Some of the mirrors have blocking panels on them enabling you to play defence, but obviously this impacts your offense too.

Giant HexacadeGiant Hexacade

This six player game involves moving giant trackballs around to control your characters in a number of different video games projected onto the floor. Each controller is a 30″ exercise ball on 3 rollers, with an inverted optical mouse below.


Treadmill SynthesizerTreadmill Synthesizer

A scrolling felt score lets you add velcro backed dots to play notes in a constantly rolling player piano style synthesizer. OpenCV and a webcam are used to track the position and color of the notes which is then converted into output by the synthesizer.

IMG_3009Punching Bag?

We didn’t catch the official name for this, but we had fun with it anyway. It takes a snapshot of you when you punch the dummy.

This makes for an awful lot of weird and amusing faces.



Laser BurstLaser Burst

In this game you would throw balls at the laser projected bubbles on the display. A Microsoft Kinect would track the balls and then award you points appropriately. Using a Kinect meant you could actually track multiple balls at a time. This went down incredibly well with the kids.


There were a lot more interactives at the event. Some were non-operational for the evening, like the Reubens Tube hooked up to a theremin, the Immolation Dunk Tank and the Laser Maze. Others were working but we just got distracted by other shiny things, like the re-imagining of Musical Chairs, Giant Wacky Wire and the Intel Edison based game of tag!

If you’re in the LA area this weekend (25th-26th October) then I highly recommend you checkout the STEAM Carnival. Use the code HACKADAY for a $5 discount! If LA is too far for you then stay tuned to TwoBitCircus since they’re hoping to bring this digital circus on a tour of the USA soon.

Pedal powered fine dining. Giant trackball marble maze Sculptures from cut up steel bars Really pretty metalwork IMG_2915 The Hexacade popular as ever Morph into a celebrity Twister crossed with whackamole Airsoft cannon! An interesting sequencer Laser Burst Hobby Horse Racing Giant Wacky Wire! This thing was scary A cross between tempest and whackamole Intel Edison based Tag controllers NAO robot from Aldebaran Close up of your eye anyone? Treadmill Synthesizer Strobe frozen water Collaborative giant PinBall! Not sure what this was Musical Chairs Pendulums!
Filed under: misc hacks

Brain Barrier Opened For First Time, New Way To Treat Tumors And Alzheimer’s

Image Credit: Sebastian Kaulitzki / Shutterstock

Image Credit: Sebastian Kaulitzki / Shutterstock

Our brains have a number of built in defense systems. One of the most prominent (and sometimes frustrating) is the blood-brain barrier. This barrier is actually a network of cells whose purpose is to separate the brain from the rest of the body. This may seem strange, but such a blood barrier is necessary in order to stop harmful toxins and chemicals in the blood stream from entering brain tissue. Unfortunately, this mechanism also acts like a roadblock, of sorts, making it very difficult to deliver drugs to the brain for the treatment of neurodegenerative disorders and cancer.

Previously, doctors have managed to open this barrier in animals, but never humans. Until now.

A medical company called CarThera, which is located in France, has managed to opened and close this barrier in humans, and (notably) they were able to operate this mechanism on demand. Ultimately, the company was able to achieve this with the help of an ultrasound brain implant and (surprisingly) an injection of microbubbles. The findings were presented last week at the Focused Ultrasound symposium in the United States by Michael Canney, who is a neuroscientist at CarThera.

In order to conduct this study, and see how well the procedure assisted doctors, they used four individuals seeking  treatment for glioblastoma, which is the most aggressive form of brain cancer. Typically, patients with glioblastoma need surgery to remove the tumor, after which they are given chemotherapy drugs to destroy any remaining cancerous cells. However, this is a bit of a problem, as the blood-brain barrier becomes “leaky” when a tumor is present, so only a small amount of the drugs are able to enter the brain.

“If more of the chemotherapy drugs could get through, they’d do a better job of killing cancer,” Canney told Chris Weller from Medical Daily.

In order to preform this procedure, doctors first inserted the medical implant, and then they then injected microbubbles in order to counter the ultrasound imaging. This worked because, when the ultrasound’s pulses collided with the bubbles, it caused them to vibrate, pushing apart the cells of the blood-brain barrier. To confirm the observations, an MRI scan showed that the microbubbles were effectively crossing the blood-brain barrier.

This means that the chemotherapy is likely doing the same thing—that this (very necessary) drug is also going through at an increased rate and actually entering the necessary parts of the brain. The team estimate that the novel approach keeps the barrier open for up to six hours, allowing enough time to deliver high dosages of the drugs.

Moreover, previous studies in animals have indicated that, simply by opening up the barrier, it can reduce the protein plaques in an Alzheimer’s patient. Canney and his colleagues will now look at these interactions, and study the role of the immune system in these observations.

The post Brain Barrier Opened For First Time, New Way To Treat Tumors And Alzheimer’s appeared first on From Quarks to Quasars.

Have you Checked For Google Results That Could Harm or Destroy you?

TweetWe all know this, people will Google you, and in particular, if you happen to be in the search for a new job, a contract, or other employment related position, the chances are very high (estimated at 75%) that the … Continue reading

Dottie the Flip Dot Clock


What is it that we like so much about inefficient, noisy clocks made with inappropriate technology? Answer the question for yourself by watching the video (below) that [David Henshaw] sent us of Dottie, the flip-dot clock.

But besides the piece itself, we really like the progression in the build log, from “how am I going to do this?” to a boxed-up, finished project.

Another stunning aspect of this build is just how nice an acrylic case and a raft of cleverly written software can make a project look. You’d never guess from the front that the back-side was an (incredible) rat’s nest of breadboards and Ethernet wires. Those random switching patterns make you forget all the wiring.

And the servo-steered, solenoid-driven chimes are simply sweet. We’re sure that we’d love to hear them in real life.

We tracked down the referenced electronics.stackexchange post with the circuit diagram, and we’re guessing that the diodes actually allow a simplification of the driver circuit. Perhaps our readers will be up for the challenge. Not that we’d be in any hurry to even touch those breadboards…

Filed under: clock hacks

Smart Stategies for Managing Lidar Data

Watch a free online seminar on November 6 to learn how to manage the massive size of lidar data while meeting the need for quick and easy dissemination.

First Ever Heart Transplant Using “Dead Heart”

heart transplant with dead heart

Image Credit: St. Vincent’s Hospital

In an amazing medical breakthrough, doctors and scientists recently transplanted two hearts that were (circulatory) dead. Both hearts had stopped beating. Yet, scientists were still able to successfully transplant them into patients. The operation was preformed at St Vincent’s Hospital in Sydney, Australia. Notably, both patients have a bright outlook and are recovering well.

The reason that these operations are so important is, currently, “alive” donor hearts are the only organs that can be used for heart transplants. This means that they must be taken from brain dead patients whose hearts are still beating. Obviously, there are very few people at any given time who are in this brain dead state, so it greatly limits the number of hearts available for transplant.

Amazingly, the hearts that were used in these breakthrough transplants had been dead for at least 20 minutes. They were successfully revived using a ground-breaking preservation fluid, before being transplanted into patients with heart failure.

Bob Graham, the executive director of the Victor Chang Cardiac Research Institute, who led the research team, told reporters that this will mean around 30 percent more people will be able to have heart transplants.

Michelle Gribilar, who is currently 57 years-old, had the first transplant of this kind a few months ago. She is well on her way to recovery. The second recipient is Jan Damen; she had the surgery a few weeks ago, and she is also recovering as doctors had hoped. Both had suffered congenital heart failure.

The scientists developed a special preservation solution that works on a “heart in a box” to keep the dead heart healthy even without blood flow.

Doctor’s who preformed this procedure explained how the breakthrough works:

We can take the heart out and we can put it on a console where we connect it up with blood going through the heart and providing oxygen. Gradually the heart … starts beating again, and we can keep it warm and we can transport it on this console and we also give it a preservation solution that allows it to be more resistant to the damage of lack of oxygen. So those two things coming together almost like a perfect storm have allowed this sort of donation, this sort of transplantation of a heart that has stopped beating to occur. Before that it wasn’t possible.

Of course, this procedure won’t save the life of everyone who has heart problems, but it will save many many lives.

The post First Ever Heart Transplant Using “Dead Heart” appeared first on From Quarks to Quasars.

Hacklet 20 – Halloween Hacks


Hey, did you know that is continuously being updated and improved? One of the coolest features this week is the new LaTeX based equation editor. That’s right, you can now put symbols, equations, and all sorts of other LaTeX goodies into your posts. Check out [Brian Benchoff's] LaTeX demo project for more information.

Every holiday is a season for hacks, but Halloween has to be one of the best. From costumes to decorations, there are just tons of opportunities for great projects. We know that with an entire week left before the big day, most of you are still working on your projects. However a few early bird hackers already have Halloween themed projects up on We’re featuring them here – on the Hacklet!

pumpkin1[philmajestic] is in the Halloween spirit with his AVR Halloween Pumpkin. [Phil] created a motion activated Jack-o’-lantern with an ATmega328 as its brain. The AVR monitors a PIR motion sensor. When motion is detected, it flashes Jack’s LED eyes and plays spooky sound files from a WTV-020-16sd audio player. This is a great example of how a bit of work can create something cooler and infinitely more flexible than a store-bought decoration. Nice work [Phil]!

littlebitsPortraitThe littleBits crew have been working overtime on Halloween hacks this year. We definitely like their Halloween Creepy Portrait. A motion trigger, a servo, and a few glue bits are all it take to turn a regular portrait into a creepy one. When the motion detector is triggered, the servo moves a paper behind the portrait’s eyes. The replacement eyes look like some sort of demon or cat. Definitely enough to give us nightmares!

ironman[jeromekelty] helped his friend [Greg] build an incredible Animatronic Iron Man MKIII suit. The suit features RFID tags which trigger suit features. Since we’re talking about an Iron Man suit, “features” are things like shoulder rockets, boot thrusters, and a helmet that lifts up to reveal “Tony Stark”. No less than four Arduinos handle the various I/O’s. The suit even features an Adafruit WaveShield for authentic sounds! The electronics are just one piece of the puzzle here. [Greg] is a card-carrying member of the Replica Prop Forum. His MKIII suit is incredibly detailed. We especially like the weathering and battle damage!

tenticlesFinally, [Griff's] son is going to be wearing a Crochet Cthulhu Mask, with Arduino controlled tentacles for Halloween this year. [Griff] is an experienced crochet hobbiest. He’s mixing his love of needlework with his love of electronics to build the animated Cthulhu mask for his 4-year-old son. The mask is based on a free crochet pattern from ravelry, though [Griff] is making quite a few changes to support his application. The mask will be smaller to fit a 4-year-old, and will contain servos to move the tentacles. We haven’t heard from [Griff] in a while, so if you see him, tell him to post an update on the mask!

If you haven’t started working on your Halloween hacks, get busy! But don’t forget to upload them to! If we get enough, we’ll run a second Hacklet with even more great projects. Until then, you can check out our Halloween Projects List!

That’s about it for this frightful episode The Hacklet. As always, see you next week. Same hack time, same hack channel, bringing you the best of!

Filed under: Hackaday Columns

The Science of Magnetism

Photo Credit: Katie Waldeck

(Photo Credit: Katie Waldeck)

Ancient humans have been aware of the magnetic force ever since at least 600 BC, back before Newton developed this laws of motion, and before we had any grasp of the four fundamental forces  of nature. Despite the fact that we didn’t completely understand what magnetism was, we still used compasses back then. Imagine what it must have felt like to use such a device, without knowing the science behind it (though, of course, many of us still use technologies far more sophisticated than a compass, without having a basic idea of how things work).

Some light was shed on this mystery accidentally in 1820 by Hans Christian Ørsted — a Danish physicist born in 1777. While preparing a lecture, he discovered that a compass needle would deflect when brought close to a live electrical wire. People alive at that time already knew the electric force existed, but the connection between electricity and magnetism was revolutionary. Indeed, it took another 45 years until we developed a full explanation of this phenomenon; when James Clerk Maxwell produced the electromagnetic theory of light.

How Magnetism Works:

Maxwell showed that a magnetic field is produced by moving electrical charges. This perfectly explains Ørsted’s observation with the needle and live electrical wires. Simply put, this happens because an electric current is simply the movement of electrical charges. Now, we have used this phenomena to create electromagnets,or  long wires wounded to a coil. This way, the magnetic field produced by a single wire is multiplied by the number of turns. Electromagnets have the advantage of being able to be turned on or off anytime we like.

Photo Credit:

Photo Credit:

But what about permanent magnets (like bar magnets, refrigerator magnets, etc.)? They obviously don’t have electric currents flowing through them. They are a bit more difficult to explain, but, to summarize, the magnetic field from one of these objects is created by three things:

  • The first is the orbit of the electron around the nucleus. Although this model that the electron orbits the nucleus has long been proven wrong, it is still a good approximation, and can still be used to explain certain properties of the atom, which is important in the other factors below..
  • The second thing that creates a magnetic field is the spin magnetic moment. This is just a technical term that means an  electron, in and of itself, also acts as a magnet. The spin magnetic moment is also a fundamental property of matter, like charge and mass.
  • The third factor, which doesn’t really affect the magnetic property of the material, is nuclear spin.

With all this in mind, why don’t all objects posses magnetic properties? After all, all objects have orbiting electrons, and these electrons all have a spin magnetic moment, right? Well, we have to consider the fact that there are a lot of electrons even in a small amount of material, and the magnetic fields created by these electrons most of the time cancels out.

How Magnets Are Made:

In order to manufacture a magnet, companies melt iron and place it within a strong magnetic field until it cools. This way, the magnetic fields created inside the iron — which would normally get cancelled out — can freely align themselves with the outside magnetic field. This is called magnetic induction. Magnetic induction is a process where a magnetic field is induced in a non-magnetic material by an outside magnetic field. Surprisingly, you can do this at home. If you stroke an iron nail with a bar magnet many times, you can induce a magnetic field in the iron nail, turning it into a magnet.

How magnets are made (Image Credit: Kacie Mills - Edited For Readability)

How magnets are made (Image Credit: Kacie Mills – Edited For Readability)

You can also “destroy” a magnet. By that, I mean, you can take away its magnetic properties. If you heat the magnet up and then strike it with a hammer, the magnetically aligned atoms easily dislodge from their arrangement because of the heat, cancelling out the magnetic fields once again.

The most amazing thing for me, about magnetism is how closely linked it is to the electricity. Maxwell, using his equations, unified these two seemingly unrelated forces to one force: electromagnetism. Maxwell showed mathematically how a changing magnetic field creates a changing electric field (and vice versa). Therefore, magnetism is very important because we use it to create electrical energy. In fact, most of the energy that we use today comes from rotating magnets (see below).

WATCH: Magnetism: Motors and Generators

The post The Science of Magnetism appeared first on From Quarks to Quasars.

What Your Zip Code Says About You

Esri's "Tapestry Segmentation" database mines socioeconomic and demographic data to create a picture of who lives in each zip code.

Astronomy Photo of the Day (APotD): 10/24/14 — Siding Spring Travels Past Mars



This composite NASA Hubble Space Telescope Image captures the positions of comet Siding Spring and Mars in a never-before-seen close passage of a comet by the Red Planet, which happened at 2:28 p.m. EDT October 19, 2014. The comet passed by Mars at approximately 87,000 miles (about one-third of the distance between Earth and the Moon). At that time, the comet and Mars were approximately 149 million miles from Earth. —

The comet image shown here is a composite of Hubble exposures taken between Oct. 18, 8:06 a.m. EDT to Oct. 19, 11:17 p.m. EDT. Hubble took a separate photograph of Mars at 10:37 p.m. EDT on Oct. 18.

The Mars and comet images have been added together to create a single picture to illustrate the angular separation, or distance, between the comet and Mars at closest approach. The separation is approximately 1.5 arc minutes, or one-twentieth of the angular diameter of the full Moon. The background starfield in this composite image is synthesized from ground-based telescope data provided by the Palomar Digital Sky Survey, which has been reprocessed to approximate Hubble’s resolution. The solid icy comet nucleus is too small to be resolved in the Hubble picture. The comet’s bright coma, a diffuse cloud of dust enshrouding the nucleus, and a dusty tail, are clearly visible.

This is a composite image because a single exposure of the stellar background, comet Siding Spring, and Mars would be problematic. Mars is actually 10,000 times brighter than the comet, and so could not be properly exposed to show detail in the Red Planet. The comet and Mars were also moving with respect to each other and so could not be imaged simultaneously in one exposure without one of the objects being motion blurred. Hubble had to be programmed to track on the comet and Mars separately in two different observations.

 The images were taken with Hubble’s Wide Field Camera 3.

(via NASA)

The post Astronomy Photo of the Day (APotD): 10/24/14 — Siding Spring Travels Past Mars appeared first on From Quarks to Quasars.

FTDI Screws Up, Backs Down


A few days ago we learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. The new driver worked perfectly for real FTDI chips, but for counterfeit chips – and there are a lot of them – the USB PID was set to 0, rendering them inoperable with any computer. Now, a few days later, we know exactly what happened, and FTDI is backing down; the driver has been removed from Windows Update, and an updated driver will be released next week. A PC won’t be able to communicate with a counterfeit chip with the new driver, but at least it won’t soft-brick the chip.

Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked. The affected versions of the FTDI driver are 2.11.0 and 2.12.0, released on August 26, 2014. The latest version of the driver that does not have this chip bricking functionality is, released on January 27th. If you’re affected by the latest driver, rolling back the driver through the Device Manager to will prevent counterfeit chips from being bricked. You might want to find a copy of the 2.10.0 driver; this will likely be the last version of the FTDI driver to work with counterfeit chips.

Thanks to the efforts of [marcan] over on the EEVblog forums, we know exactly how the earlier FTDI driver worked to brick counterfeit devices:


[marcan] disassembled the FTDI driver and found the source of the brick and some clever coding. The coding exploits  differences found in the silicon of counterfeit chips compared to the legit ones. In the small snippet of code decompiled by [marcan], the FTDI driver does nothing for legit chips, but writes 0 and value to make the EEPROM checksum match to counterfeit chips. It’s an extremely clever bit of code, but also clear evidence FTDI is intentionally bricking counterfeit devices.

A new FTDI driver, presumably one that will tell you a chip is fake without bricking it, will be released next week. While not an ideal outcome for everyone, at least the problem of drivers intentionally bricking devices is behind us.

Filed under: hardware, news

US ICS-CERT testing medical devices for alleged flaws

The US Government is working with manufacturers and vendors of medical devices and equipment to identify and fix vulnerabilities.

Every day we read about more or less sophisticated attacks against any kind of computing systems that allows threat actors to compromise targeted devices. What do you think if your life depends on the proper functioning of these devices? Security of medical devices is a critical topic approached many times by US authorities, last in order of time is related to an investigation run by the U.S. Department of Homeland Security on two dozen cases of suspected cybersecurity flaws in medical components and hospital equipment.

The devices and equipments under investigation cover a wide range of systems, including medical imaging equipment and hospital networking systems.

The authorities suspect that hackers have exploited flaws in these systems to run cyber attacks, according to the revelation of a senior official at the agency Reuters. The US  ICS-CERT is assessing several products, including an infusion pump from Hospira Inc and implantable heart devices commercialized by Medtronic Inc and St Jude Medical Inc.

Rumors refers that in one case is involved an alleged vulnerability in a type of infusion pump discovered by Billy Rios who declined to provide the name of the manufacturer.

“Two people familiar with his research said the manufacturer was Hospira.” states the Reuters in a blog post.

Billy Rios hacking medical devices

Despite there is no official news related to cyber attacks against these devices, the US Government fears that ill intentioned, could run a remote attack causing malfunction with dramatic consequences.

The US ICS-CERT is working with manufacturers of medical devices to identify to expose confidential data or attack hospital equipment.

“These are the things that shows like ‘Homeland’ are built from,” said the official, referring to the U.S. finction spy drama in which the fictional vice president of the United States is killed by a cyber attack on his pacemaker. “It isn’t out of the realm of the possible to cause severe injury or death,” added the official.

In time I’m writing the US ICS-CERT hasn’t disclosed the name of the company under investigation, and Hospira, Medtronic and St Jude Medical declined to comment the events.

Late 2012 the US Government Accountability Office (GAO) produced a report highlighting the necessity to secure medical devices such as implantable cardioverter defibrillators or insulin pumps. The recommendation was directed to the Food and Drug Administration (FDA) that was invited to approach the problem urgently considering incidents intentionally caused to some devices.

The U.S. Food and Drug Administration, recently released guidelines for manufacturers and healthcare providers to improve the security of medical devices, also in this case the fear is that relate to intentional threats.

“The conventional wisdom in the past was that products only had to be protected from unintentional threats. Now they also have to be protected from intentional threats too,” said William Maisel, chief scientist at the FDA’s Center for Devices and Radiological Health. He declined to comment on the DHS reviews.

The researcher Billy Rios explained that he wrote a program that could remotely control the supply of the amount of drug for insulin pump, forcing them to inject a lethal dose.

“This is a issue that is going to be extremely difficult to patch,” said Rios, that shared the results of his analysis with the DHS.

The DHS is also investigating on alleged vulnerabilities affecting implantable heart devices from Medtronic and St Jude Medical, according to two people familiar with the matter. Both companies have declined comments and confirmed that they are considering security as a serious issue.

Pierluigi Paganini

(Security Affairs –Medical devices, US ICS-CERT)

The post US ICS-CERT testing medical devices for alleged flaws appeared first on Security Affairs.

Disaster as CryptoWall encrypts US firm’s entire server installation

"Here is a tale of ransomware that will make your blood run cold," announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn't exaggerating.

One of his firm's customers contacted him on Oct. 14 for advice on how to buy Bitcoins after all seven of its servers containing 75GB of data had been encrypted by a recent variant of the hated CryptoWall ransom Trojan.

An admin had clicked on a phishing link which was bad enough. Unfortunately, the infected workstation had mapped drives and permissions to all seven servers and so CryptoWall had quickly jumped on to them to hand the anonymous professional a work day to forget.

To read this article in full or to leave a comment, please click here

Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users

A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.

The group behind the attack campaign has been operating since at least 2007 according to researchers from Trend Micro, who published a research paper on Wednesday about the attacks they dubbed Operation Pawn Storm.

The Pawn Storm attackers have used a variety of techniques over the years to compromise their targets, including spear-phishing emails with malicious Microsoft Office attachments that installed a backdoor-type malware program called SEDNIT or Sofacy, or selective exploits injected into compromised legitimate websites.

To read this article in full or to leave a comment, please click here

The ‘Backoff’ malware linked to data breaches is spreading

The number of computers in North America infected by the Backoff malware, which is blamed for a string of payment card breaches, has risen sharply, according to research from network security company Damballa.

The company detected a 57 percent increase between August and September in devices infected with Backoff, which scrapes a computer's RAM for leftover credit card data after a payment card has been swiped, said Brian Foster, Damballa's CTO.

Damballa based its finding on data it collects from its ISP and enterprise customers, who use its traffic analysis products to detect malicious activity.

Damballa sees about 55 percent of internet traffic from North America, including DNS requests, though for privacy reasons it doesn't know the IP addresses of most of those computers, Foster said.

To read this article in full or to leave a comment, please click here

Building A Magnetic Levitating Quadcopter

hover Three days ago on October 21, 2014 it was announced to the world the Back to the Future hoverboard was real. It’s a Kickstarter, of course, and it’s trending towards a $5 Million dollar payday for the creator.  Surprisingly for a project with this much marketing genius, it’s a real, existing device and there’s even a patent. From the patent, we’re able to glean a few details of how this hoverboard/magnetic levitation device works, and in our post on the initial coverage, we said we’d be giving away some goodies to the first person who can clone this magnetic levitation device and put it up on

[jellmeister] just won the prize. It’s somewhat cheating, as he’s had his prototype hoverboard working in July, and demoed a more advanced ‘upside-down quadcopter’ device at the Brighton Mini Maker Faire in September. Good on ‘ya [jelly]. You’re getting a gift card for the hackaday store.

hoverLike the Kickstarter hoverboard, [jelly] is using an array of magnets rotating in a frame above a non-ferrous metal. For the initial test, eight neodymium magnets were arranged in a frame, suspended over 3/4″ aluminum plate, and spun up with a drill. With just this simple test, [jelly] was able to achieve 2kg of lift at 1cm and 1kg of lift at 1 inch of separation. This test also provided some valuable insight on what the magnets do to the aluminum or copper; the 3kg aluminum plate was nearly spinning, meaning if this device were to be used on small plates, counter-rotating pairs of magnetic lifters would need to be used.

The test rig then advanced to two pairs of rotors with standard hobby brushless motors, but stability was a problem; the magnetic rotors provided enough lift, but it would quickly fall over. To solve this problem, [jellmeister] took a standard quadcopter configuration, replaced the props with magnetic rotors, and successfully hovered it above a sheet of aluminum at the Brighton Maker Faire.

Since [jellmeister] has actually built one of these magnetically levitating hoverboards, he has a lot more data about how they work than an embargoed press release. The magnetic rotor hoverboard will work on aluminum as well as copper, but [jell] suspects the Kickstarter hoverboard may be operating right at the edge of its performance, necessitating the more efficient copper half pipe. The thickness of the non-ferrous plate also makes a difference, with better performance found using thicker plates. No, you bojo, hoverboards don’t work on salt water, even if you have pow-ah.

So there ‘ya go. That’s how you build a freakin’ hoverboard. [jellmeister]‘s design is a little crude and using a Halbach array for the magnetic rotors should improve efficiency. Using a 3D printed rotor design is a stroke of genius, and we’ll expect a few more quad-magnetic-levitating-things to hit the tip line in short order.

Demos of [jellmeister]‘s work below.

Oh. These things need a name. I humbly submit the term ‘Bojo’ to refer to any device that levitates though rotating magnets and eddy currents.

Filed under: misc hacks

Savannah, Georgia

We wrap up King Cotton Week with this picture of Cotton Bales being loaded onto a steamer. the picture was taken in 1904 in Savannah Georgia. Not sure where the cotton was going, but looks like a big job to get it loaded.

NGA Update: New Director’s Mission; Ebola; and Gamification Software to GitHub

During the last two weeks, there has been a flurry of news from the National Geospaial-Intelligence Agency (NGA) starting with new director Robert Cardill's intentions for the agency. Cardillo stated: Our business has never been more complex. Our profession has never been more... Continue reading

HuddleLamp turns Multiple Tablets into Single Desktop


Imagine you’ve got a bunch of people sitting around a table with their various mobile display devices, and you want these devices to act together. Maybe you’d like them to be peepholes into a single larger display, revealing different sections of the display as you move them around the table. Or maybe you want to be able to drag and drop across these devices with finger gestures. HuddleLamp lets you do all this.

How does it work? Basically, a 3D camera sits above the tabletop, and watches for your mobile displays and your hands. Through the magic of machine vision, a server sends the right images to each screen in the group. (The “lamp” in HuddleLamp is a table lamp arranged above the space with a 3D camera built into it.)

A really nice touch is that the authors also provide JavaScript objects that you can embed into web apps to enable devices to join the group without downloading special software. A new device will flash an identifying pattern that the computer vision routine will recognize. Once that’s done, the server starts sending the correct parts of the overall display to the new device.

The video, below the break, demonstrates the possible interactions.

If you want to dig deeper into how it all works together, download their paper (in PDF) and give it a read. It goes into detail about some of the design choices needed for screen detection and how the depth data from the 3D camera can be integrated with the normal image stream.

Filed under: tablet pcs hacks

NAT-PMP Protocol Vulnerability affects more than 1.2 Million SOHO devices

Security researchers at Rapid7 have discovered a serious NAT-PMP Protocol vulnerability that puts 1.2 Million SOHO routers at risk.

Another serious security flaw is threatening more than 1.2 million SOHO Routers worldwide, the vulnerability is related to the “improper NAT-PMP protocol implementations and configuration flaws“, as explained by Jon Hart, a researcher at Rapid7.

Hart explained the that the security issued  was discovered by the researchers after a scan of the public Internet as part of Project Sonar, which is an ongoing  study on public Internet-facing websites and devices.

The exploitation of the vulnerability allows an attacker to conduct many malicious activities, most serious and dangerous among them being the ability to redirect traffic to a website controlled by the attackers.

In reality, as reported by Rapid7 CSO HD Moore, the Metasploit framework already includes modules to run attacks exploiting NAT-PMP vulnerabilities, the principal problem according to the expert is that the scan did not help Rapid7 to identify the specific products affected by the flaw.

nat-pmp metasploit

As anticipated the options are different, threat actors could cause a denial-of-service condition of the targeted device, could provide the access to the device settings and to the internal NAT client services.

What is the NAT-PMP?

NAT-PMP is technologies that allows, among other things, Internet applications to configure SOHO routers and gateways, bypassing manual port forwarding configuration. NAT-PMP runs over UDP port 5351 and automates the process of port forwarding. It is used by many networking devices to allow external users access to resources behind a NAT.

nat-pmp protocol

The NAT-PMP protocol is widespread due to its simplicity, but as highlighted by Hart it requires careful configuration to avoid serious problems. During the scanning activity, the experts noticed nearly 1.2 million devices on the public Internet that responded to their external NAT-PMP solicitations. The responses provided represent two categories of security vulnerabilities:

  • malicious port mapping manipulation.
  • information disclosure about the NAT-PMP device.

The analysis published by Hart detailed the following specific security:

  • Interception of Internal NAT Traffic: ~30,000 (2.5% of responding devices)
  • Interception of External Traffic: ~1.03m (86% of responding devices)
  • Access to Internal NAT Client Services: ~1.06m (88% of responding devices)
  • DoS Against Host Services: ~1.06m (88% of responding devices)
  • Information Disclosure about the NAT-PMP device: ~1.2m (100% of responding devices)

Moore explained that the interception of external traffic is a very serious issue:

“That will allow someone running a malware command and control kit or something like that to turn your system into a reverse proxy serving malicious traffic, start hosting malicious site on your router’s IP,” said Moore,  “The way they do that is from the malicious system to flip the mapping back to you from all these vulnerable routers. And because of the way the protocol works, you don’t have to actually know where these devices are. You can literally spray them out across the ether.”

Hart explained vulnerable devices are not compliant with the RFC 6886 specification, which states that a NAT gateway must not be configured to accept mapping requests for the external IP address it has on the Internet.

“The NAT gateway MUST NOT accept mapping requests destined to the NAT gateway’s external IP address or received on its external network interface.  Only packets received on the internal interface(s) with a destination address matching the internal address(es) of the NAT gateway should be allowed.” the specification says. 

Hart also added that traffic meant for the device running NAT-PMP internal interface is less likely at risk yet it can be redirected off the network to a service controlled by the attackers.

“This attack can also be used to cause the NAT-PMP device to respond to and forward traffic for services it isn’t even listening on,” Hart wrote. “For example, if the NAT-PMP device does not have a listening HTTP service on the external interface, this same flaw could be used to redirect inbound HTTP requests to another external host, making it appear that HTTP content hosted on the external host is hosted by the NAT-PMP device.”

Security researchers close the post with a series of recommendations for vendors, ISPs and final users.

” Vendors producing products with NAT-PMP capabilities should take care to ensure that flaws like the ones disclosed in this document are not possible in normal and perhaps even abnormal configurations. ISPs and entities that act like ISPs should take care to ensure that the access devices provided to customers are similarly free from these flaws.  Lastly, for consumers with NAT-PMP capable devices on your network, your should ensure that all NAT-PMP traffic is prohibited on un-trusted network interfaces.”

Pierluigi Paganini

(Security Affairs – NAT-PMP, hacking)

The post NAT-PMP Protocol Vulnerability affects more than 1.2 Million SOHO devices appeared first on Security Affairs.