Slam the Online Scam

Twitter Goodies

Categories

Archives

Cosplaying as HAL 9000

2001: A Space Odyssey is one of the greatest films of all time, but unlike every other masterpiece of SciFi, you’re not going find many people cosplaying as characters from the movie. Going as a monolith to a con would be hilarious, but [jacqueslelezard] had an even better idea in mind: a HAL 9000 costume.

The costume itself is just bits of painted cardboard, shiny material (we’d go with aluminum tape), some black mosquito netting to see out of, and in a stroke of brilliance, a tablet that will display HAL’s unblinking eye to con attendees. If you’re extraordinarily clever, it might be possible to sample lines from the movie and play them through the tablet. This is, unfortunately, the best way to replicate the voice of HAL, at least until someone gets the money to have [Douglas Rain] sit in for some voice work.

The only drawback to the costume is the propensity for the wearer to hit their head on doorways and low thresholds. This problem could be solved simply by increasing the size of the costume, but then you’re back in monolith territory. So, what do you want to be, a murderous computer or a galactic swiss army knife?


Filed under: wearable hacks

Electronic cigarettes exploited in the wild to serve malware

In a discussion started on the Reddit news media website it has discussed the case of a malware implanted by using electronic cigarettes connected over USB.

Hackers are able to exploit any electronic device to serve a malware of to compromise a poorly protected network, electronic cigarettes have become the latest vector to serve spread for malicious software.

Despite the idea could appear hilarious, many electronic cigarettes can be charged over USB, using a special cable or by inserting one end of the cigarette directly into a USB port.

electronic cigarettes charger

A report posted on the social news Reddit website reported a strange case occurred to a particular executive that discovered a malware in his system without immediately identify its source.

“One particular executive had a malware infection on his computer from which the source could not be determined,” reported a Reddit user “After all traditional means of infection were covered, IT started looking into other possibilities.

Investigating on the case, the man discovered that the electronic cigarettes were provided by a malware hardcoded into the charger, once the victim will connect it to the computer the malicious code will contact the C&C server to drop other malicious code and infect the system

“The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”

I have no further news regarding the authenticity of the news, anyway I consider that attack scenario plausible. We have seen recently how to turn in a hacking tool an apparently harmless USB device and in the past security experts discovered other cases in which a battery charger could be used to infect a PC or a mobile device.

The Guardian reported that opinion of Rik Ferguson, a security consultant for Trend Micro, which also consider plausible the story reported on Reddit.

“Production line malware has been around for a few years, infecting photo frames, MP3 players and more,” he says. In 2008, for instance, a photo frame produced by Samsung shipped with malware on the product’s install disc.

Referring also the recent case BadUSB, in which researchers released an attack code to reprogram USB sticks and use them as an undetectable hacking instrument, Ferguson explained that “a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.”

“For consumers it’s a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat.”

The Guardian reported also the opinion of the London’s Vape Emporium, Dave Goss remarked that there are no risks for vapers that buy from reliable manufacturers such as Aspire, KangerTech and Innokin.

“Any electrical device that uses a USB charger could be targeted in this way, and just about every one of these electrical devices will come from China,” Goss added.

Pierluigi Paganini

(Security Affairs –  electronic cigarettes, hacking)

The post Electronic cigarettes exploited in the wild to serve malware appeared first on Security Affairs.

Skype Audio Recorder easily records all Skype calls and voice conversations to mp3 files.

Skype Audio Recorder is the best automatic recording software to record VoIP voice conversations. It supports almost all VoIP software such as Skype, Yahoo Messenger, ICQ, Viber, Facebook, Hangouts, etc. You can use it to record your own voice chat on your computer, also you can use it to monitor other people (such as your child) who use your computer. Another advantage is this software can record both sides voice even if you take a earphone.

You need to set the process names to specify which software you want to record. Following are some process names of frequently-used VoIP software: Facebook – FacebookVideoCalling.exe, Hangouts – chrome.exe, Viber – Viber.exe, ICQ – icq.exe, Skype – Skype.exe, Yahoo Messenger – YahooMessenger.exe.

A 4-bit Computer From Discrete Transistors

Anyone reading this uses computers, and a few very cool people have built their own computer out of chips, [zaphod] is doing something even cooler over on hackaday.io: he’s building a computer from discrete transistors.

Building a computer from individual components without chips isn’t something new - Minecraft players who aren’t into cheaty command blocks do it all the time, and there have been a few real-life builds that have rocked our socks. [zaphod] is following in this hallowed tradition by building a four-bit computer, complete with CPU, RAM, and ROM from transistors, diodes, resistors, wire, and a lot of solder.

The ROM for the computer is just a bunch of 16 DIP switches and 128 diodes, giving this computer 128 bits of storage. the RAM for this project is a bit of a hack – it’s an Arduino, but that’s only because [zaphod] doesn’t want to solder 640 transistors just yet. This setup does have its advantages, though: the entire contents of memory can be dumped to a computer through a serial monitor. The ALU is a 4-bit ripple-carry adder/subtractor, with plans for a comparison unit that will be responsible for JMP.

The project hasn’t been without its problems – the first design of the demux for the ROM access logic resulted in a jungle of wires, gates, and connections that [zaphod] couldn’t get a usable signal out of because of the limited gate fan-out of his gates. After looking at the problem, [zaphod] decided to look at how real demuxes were constructed, and eventually hit upon the correct way of doing things – inverters and ANDs.

It’s a beautiful project, and something that [zaphod] has been working for months on. He’s getting close to complete, if you don’t count soldering up the RAM, and already has a crude Larson scanner worked out.


Filed under: misc hacks

Doing Unsafe Things With A Laser Watch

[Pierce Brosnan]-era James Bond had a beautiful Omega wristwatch. Of course as with any Bond gadget, it couldn’t just tell time; it needed to do something else. This watch had a laser, and [Patrick] figured he could replicate this build.

This is apretty normal 1.5W laser diode build, stuffed into a wrist-mountable device that will kill balloons. This is really a watch, though: press a button and this thing will tell time.

In the video below, [Patrick] goes over what damage this watch can do. He manages to pop some black balloons, burn holes in a CD case, light a few matches, cut cellotape, and put tiny burn marks in his wall. The battery won’t last long – just a few minutes – but more than enough to propel [Patrick] into Youtube stardom.

There are no plans or tutorials for the build, but the teardown [Patrick] shows is pretty impressive. To stuff a laser diode, battery, and clock into a watch-sized compartment, [Patrick] needed to turn down the metal buttons to fit everything into his watch case.

Because the comments for this post will invariable fill up with concern trolls, we’re just going to say, yes, this is incredibly unsafe, no one should ever do this, and it probably kills puppies.

 


Filed under: laser hacks

Honing in On An Exoplanetary Magnetic Field

Artist rendering of an exoplanet (Credit: NASA,ESA and G. Bacon (STScI)

Artist rendering of an exoplanet (Credit: NASA,ESA and G. Bacon (STScI)

Scientists developed a new method which allows to estimate the magnetic field of a distant exoplanet, i.e., a planet, which is located outside the Solar system and orbits a different star. Moreover, they managed to estimate the value of the magnetic moment of the planet HD 209458b.The group of scientists including one of the researchers of the Lomonosov Moscow State University (Russia) published their article in the Science magazine.

In the two decades which passed since the discovery of the first planet outside the Solar system, astronomers have made a great progress in the study of these objects. While 20 years ago a big event was even the discovery of a new planet, nowadays astronomers are able to consider their moons, atmosphere and climate and other characteristics similar to the ones of the planets in the Solar system. One of the important properties of both solid and gaseous planets is their possible magnetic field and its magnitude. On the Earth it protects all the living creatures from the dangerous cosmic rays and helps animals to navigate in space.

Kristina Kislyakova of the Space Research Institute of the Austrian Academy of Sciences in Graz together with an international group of physicists for the first time ever was able to estimate the value of the magnetic moment and the shape of the magnetosphere of the exoplanet HD 209458b. Maxim Khodachenko, a researcher at the Department of Radiation and computational methods of the Skobeltsyn Institute of Nuclear Physics of the Lomonosov Moscow State University, is also one of the authors of the article. He also works at the Space Research Institute of the Austrian Academy of Sciences.

Artist rendering of HD 209458b, or Osiris (Credit: NASA/ESA)

Artist rendering of HD 209458b, or Osiris (Credit: NASA/ESA)

A Terrible Vacation Destination:

Planet HD 209458b (Osiris) is a hot Jupiter, approximately one third larger and lighter than Jupiter. It is a hot gaseous giant orbiting very close to the host star HD 209458. HD 209458b accomplishes one revolution around the host star for only 3.5 Earth days. It has been known to astronomers for a long time and is relatively well studied. In particular, it is the first planet where the atmosphere was detected. Therefore, for many scientists it has become a model object for the development of their hypotheses.

Scientists used the observations of the Hubble Space Telescope of the HD 209458b in the hydrogen Lyman-alpha line at the time of transit, when the planet crosses the stellar disc as seen from the Earth. At first, the scientists studied the absorption of the star radiation by the atmosphere of the planet. Afterwards they were able to estimate the shape of the gas cloud surrounding the hot Jupiter, and, based on these results, the size and the configuration of the magnetosphere.

“We modeled the formation of the cloud of hot hydrogen around the planet and showed that only one configuration, which corresponds to specific values of the magnetic moment and the parameters of the stellar wind, allowed us to reproduce the observations” explained Kristina Kislyakova.

To make the model more accurate, scientists accounted for many factors that define the interaction between the stellar wind and the atmosphere of the planet: so-called charge exchange between the stellar wind and the neutral atmospheric particles and their ionization, gravitational effects, pressure, radiation acceleration, and the spectral line broadening.

Image of particles being deflected by Earth's magnetic field (not to scale). Via NASA

Image of particles from the Sun being deflected by Earth’s magnetic field (not to scale). Via NASA

At present, scientists believe that the size of the atomic hydrogen envelope is defined by the interaction between the gas outflows from the planet and the incoming stellar wind protons. Similarly to the Earth, the interaction of the atmosphere with the stellar wind occurs above the magnetosphere. By knowing the parameters of an atomic hydrogen cloud, one can estimate the size of the magnetosphere by means of a specific model.

Since direct measurements of the magnetic field of exoplanets are currently impossible, the indirect methods are broadly used, for example, using the radio observations. There exist a number of attempts to detect the radio emission from the planet HD 209458b. However, because of the large distances the attempts to detect the radio emission from exoplanets have yet been unsuccessful.

What They Concluded:

This artist's rendering illustrates the evaporation of HD 189733b's atmosphere in response to a powerful eruption from its host star. NASA's Hubble Space Telescope detected the escaping gases and NASA's Swift satellite caught the stellar flare. (Credit: NASA's Goddard Space Flight Center)

Rendering of an interaction between HD 189733b and its Sun. (Credit: NASA’s Goddard Space Flight Center)

“The planet’s magnetosphere was relatively small beeing only 2.9 planetary radii corresponding to a magnetic moment of only 10% of the magnetic moment of Jupiter” — explained Kislyakova, a graduate of the Lobachevsky State University of Nizhny Novgorod. According to her, it is consistent with the estimates of the effectiveness of the planetary dynamo for this planet.

“This method can be used for every planet, including Earth-like planets, if there exist an extended high energetic hydrogen envelope around them” – summarized Maxim Khodachenko.

Notice: This is a press release from Lomonosov Moscow State University.

The post Honing in On An Exoplanetary Magnetic Field appeared first on From Quarks to Quasars.

Serial Surgery Saves Wacom Tablet from Landfill

Years ago, [Greg] got a Wacom Artpad II graphics tablet through Freecycle. What’s the catch, you ask? The stylus was long gone. When he found out how expensive a direct replacement would be, the tablet was laid to rest in his spare parts box. Fast forward a few years to the era of the phone-tablet hybrid and [Greg]‘s subsequent realization that some of them use Wacom stylii. Eight bucks later, he’s in business, except that the tablet is serial. Wacom no longer supports serial tablets, so he had to convert it to USB.

With the help of the WaxBee project and a Teensy 2.0, he would be able to emulate an Intuous2 tablet by sniffing and re-encoding the packets.  Things got a little hairy when he went under the hood to remove the ADM202 TTL-to-RS232 chip with a Dremel—he accidentally gouged some of the pads it sat on as well as a few of the traces. Feeling frustrated, [Greg] took some high-res pictures of the board and posted them to a message board. As it turns out, those pictures helped him recreate the traces and get the tablet running. A little big of glue and tape later, he was in business. [Greg] even gave himself access to reprogram the Teensy.


Filed under: tool hacks

See A Real Life “Lightsaber” In Action

All Star Wars fans, and pretty much everyone else in existence, would like to get their hands on a real-life lightsaber. And although this device certainly isn’t the exact same as such a device, it’s still pretty awesome. Here, we have a kind of “do-it-yourself “ lightsaber.

Drake Anthony posted this video of his homemade lightsaber burning through various objects. “I usually try to refrain from using the term ‘lightsaber’ when referring to my lasers but there really isn’t much else out there to describe this laser,” the 17-year-old explained in the video’s description. It was created with a laser diod and powered by two 18650 lithium-ion batteries,

See the lightsaber in action in this video below:

The post See A Real Life “Lightsaber” In Action appeared first on From Quarks to Quasars.

Solving Arduino’s stk500_getsync() error

[psgarcha] took a year-old Arduino Uno on an international trip and upon returning found something was wrong. Every time he would try to upload, he would get the dreaded avrdude error, ‘stk500_getsync(): not in sync resp=0×00′. The Rx light would blink a few times during the attempted upload, but the tx light did not. Somehow, something was terribly wrong with the ‘duino, and [psgarcha] dug deep to figure out why.

To test the quality of the Arduino’s serial connection, [psgarcha] performed a loopback test; basically a wire plugged into the Tx and Rx pins of the Arduino. Sending a short message through the serial port showed the problem wasn’t the USB cable, the ATmega16u2 on the ‘duino, or any traces on the board. This would require more thought.

The main reason for the error would then be no communication between the computer and the ‘duino, the wrong COM port selected, the wrong board selected in the Arduino text editor, or timing errors or a corrupt bootloader. The first three errors were now out of the question, leaving timing errors and a corrupt bootloader. Troubleshooting then moved on to ordering a new programmer, and still this didn’t work with the broken Uno.

Frustrated with one of the greatest failures to become an Arduino tinkerer, [psgarcha] took a good, long look at the Uno board. He glanced over to an Arduino Mega board. Something looked different. On the Uno, the resonator had blown off. Problem found, at least.

Replacing the blown part with a hilariously large can crystal oscillator, [psgarcha] was back in business. This isn’t how you would fix 99% of getsync() errors, and it’s difficult imagining a situation where a this part would randomly blow, but if you’re ever looking at a nearly intractable problem, you need to start looking at what really shouldn’t fail.

Resonator my fix (1)

Awesome rework, though.

 


Filed under: Arduino Hacks, repair hacks

Cloning a Board from Pictures on the Internet

[Andrew] was a pretty cool guy in the early 90s with an awesome keyboard synth that did wavetable synthesis, sampling, a sequencer, and an effects processor. This was a strange era for storage; a reasonable amount of Flash memory was unheard of, and floppy disks ruled the land. [Andrew]‘s synth, though, had the option to connect SCSI drives. Like all optional add ons for high-end equipment, the current price for the Ensoniq SCSI card is astronomical and [Andrew] figured he could build one of these cards himself.

Poking around eBay, [Andrew] found the card in question – just a few passives, some connectors, a voltage regulator, and an odd chip from AMD. This chip was a 33C93A, a SCSI controller, and a trip down the Chinese vendor rabbit hole netted him one for $7. Can’t do better than that.

With the datasheet for the chip in hand and a few reasonable assumptions on how the circuit worked, [Andrew] tried to figure draw the schematic. After doing that, he found another hobbyist that had attempted the same project a few years earlier. All the nets were identical, and all that was left to do was sending a board off to the fab.

A quick trip to Front Panel Express got [Andrew] a mounting bracket for the card, and after plugging it in to the synth revealed a new option – SCSI. It worked, and with an ancient SCSI CD-ROM drive, he had boatloads of offline storage for his synth. Great work, and something we’d love to see more of.

 


Filed under: classic hacks, musical hacks

Can We Build A Real Lightsaber?

Image Credit: Wookieepedia

Image Credit: Wookieepedia

If you watched Star Wars when it first aired back in the 1970s, chances are, you’ve desperately wanted a light saber for the three decades. Admittedly, they do sound rather appealing: A blazing line of light that, in your righteous abandon, you use to exterminate your foes…who wouldn’t want that? The major problem with this, of course, is that you are using a blazing line of light to exterminate your foes. Unlike traditional weapons, like a sword or axe, light doesn’t just stop. It doesn’t come to a nice, clear end.

Light goes on and on.

Consequently, one of the problems with lightsabers is confining the beam of light so that you don’t destroy, well, everything that it intersects with. Of course, this is just the beginning of the problems that we’ll need to surmount if we are to ever build a real lightsaber. There are many more (for example, the handle would probably be hot enough to burn your hand off). In this video, Dr. Michio Kaku, professor of theoretical physics, attempts to address these issues and create his own lightsaber using modern technology.

WATCH: Can We Make Lightsabers?

The post Can We Build A Real Lightsaber? appeared first on From Quarks to Quasars.

DoubleDirect MitM Attacks are targeting users worldwide

Security experts at Zimperium discovered a new MITM attack technique dubbed DoubleDirect that is targeting iOS, Android and Mac users worldwide.

DoubleDirect is the name of a new Man-in-the-Middle (MitM) attack discovered by security researchers that is targeting mobile devices running either iOS or Android and potentially Mac OS X systems.

The DoubleDirect MitM attack allows attackers to hijack the victim’s traffic of major websites such as Facebook, Google and Twitter to a device controlled by the attacker.

As explained by security experts at mobile security firm Zimperium, once the attackers has redirected the victim’s traffic, it could be able to steal victims’ sensitive data, including personal data and login credentials, or serve malicious code on the targeted device.

In the blog post recently published by Zimperium the experts revealed that threat actors worldwide are already exploiting the DoubleDirect technique across 31 countries. Bad actors redirected users of several IT companies, including Facebook, Google, Hotmail, Live.com and Twitter.

doubledirect MITM attack

The DoubleDirect technique exploits the ICMP (Internet Control Message Protocol) redirect packets in order to change the routing tables of a host used by routers to provide information on the best path to the destination.

“With the detection of DoubleDirect in the wild we understood that the attackers are using previously unknown implementation to achieve full-duplex MITMs using ICMP Redirect” states the post.

As explained by experts Windows and Linux users are immune to the DoubleDirect attack because most of GNU/Linux and Windows desktop operating system do not accept ICMP redirect packets that is exploited by attackers to carry the malicious traffic.

An attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP,” Zimperium warned. “As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device.

Once redirected, the attacker can compromise the mobile device by chaining the attack with an additional Client Side vulnerability (e.g.: browser vulnerability), and in turn, provide an attack with access to the corporate network.

Zimperium has provided a Proof-of-Concept (PoC) for the DoubleDirect Attack, the code allows full-duplex ICMP redirect attack by predicting the IP addresses the victim tries to connect to. The IP addresses are predicted by sniffing the DNS traffic of the target, once discovered that attackers send an ICMP redirect packet to all IP addresses.
“We have investigated the attacks and also created a POC tool to prove that it is possible to perform full-duplex ICMP Redirect attacks. ICMP Redirect attacks are not easy to emulate because the attacker must know beforehand which IP address the victim has accessed” 
The experts at Zimperium also explained how to manually disable ICMP Redirect on their Macs to remediate the issue.

Zimperium is releasing this information at this time to increase awareness as some operating system vendors have yet to implement protection at this point from ICMP Redirect attacks as there are attacks in-the-wild,” the post reads.

Pierluigi Paganini

(Security Affairs –  DoubleDirect attack,MITM)

The post DoubleDirect MitM Attacks are targeting users worldwide appeared first on Security Affairs.

Five Dollar RF Controlled Light Sockets

This is tens of thousands of dollars worth of market research I’m about to spill, so buckle up. I have a spreadsheet filled with hundreds of projects and products that are solutions to ‘home automation’ according to their creators. The only common theme? Relays. Home automation is just Internet connected relays tied to mains. You’re welcome.

[Todd] over at Fabricate.io found an interesting home automation appliance on Amazon; a four-pack of remote control light sockets for $20, or what we would call a microcontroller, an RF receiver, and a relay. These lamp sockets are remote-controlled, but each package is limited to four channels. Terrible if you’re trying to outfit a home, but a wonderful exploration into the world of reverse engineering.

After cracking one of these sockets open, [Todd] found the usual suspects and a tiny little 8-pin DIP EEPROM. This chip stores a few thousand bits, several of which are tied to the remote control. After dumping the contents of the EEPROM from the entire four-pack of light sockets, [Todd] noticed only one specific value changed. Obviously, this was the channel tied to the remote. No CRC or ‘nothin. It doesn’t get easier than this.

With the new-found knowledge of what each lamp socket was looking for, [Todd] set out to clone the transmitter. Tearing this device apart, he found a chip with HS1527 stamped on it. A quick Googling revealed this to be an encoder transmitter, with the datasheet showing an output format of a 20-bit code and four data bits. This was a four-channel transmitter, right? That’s where you put each channel. The 20-bit code was interesting but not surprising; you don’t want one remote being able to turn of every other 4-pack of lamp sockets.

With all the relevant documentation, [Todd] set out to do the obvious thing – an Arduino transmitter. This was simply an Arduino and a transmitter in the right frequency, loaded up with bit of carefully crafted code. [Todd] also figured out how to expand his setup to more than four lamp sockets – by changing the 20-bit code, he could make his Arduino pretend to be more than one transmitter.

With Arduino-controlled lamp sockets, the world is [Todd]‘s oyster. He can add Ethernet, WiFi, Bluetooth LE, and whatever trendy web front end he wants to have a perfect home automation setup. It’s actually a pretty impressive build with some great documentation, and is probably the cheapest way to add Arduino/Internet-enabled relays we’ve ever seen.

 


Filed under: home hacks, radio hacks

Astronomy Photo of the Day: 11/22/14 — Hydra A

Image Credit: Credits: X-ray: NASA/CXC/U.Waterloo/C.Kirkpatrick et al.; Radio: NSF/NRAO/VLA; Optical: Canada-France-Hawaii-Telescope/DSS

Image Credit: X-ray: NASA/CXC/U.Waterloo/C.Kirkpatrick et al.; Radio: NSF/NRAO/VLA; Optical: Canada-France-Hawaii-Telescope/DSS

The subject of this image could easily be confused for a nebula, when in fact, you are looking at the Hydra A galaxy cluster, which lurks 840 million light-yeas from Earth in the constellation of Hydra.

Its resemblance to a nebula is a consequence of the wavelength at which we are viewing it. This composite was put together for the purpose of highlighting the region’s emission. Radio emission is seen in pink from the Very Large Array. X-ray data from Chandra is marked in blue. Optical data comes from the Canada- France-Hawaii telescope and the Digitized Sky Survey.

From NASA:

“Detailed analysis of the Chandra data shows that the gas located along the direction of the radio jets is enhanced in iron and other metals. Scientists think these elements have been produced by Type Ia supernova explosions in the large galaxy at the center of the cluster. A powerful outburst from the supermassive black hole then pushed the material outwards, over distances extending for almost 400,000 light years, extending beyond the region shown in this image. About 10 to 20 percent of the iron in the galaxy has been displaced, requiring a few percent of the total energy produced by the central black hole.”

“Outbursts from the central, supermassive black hole have not only pushed elements outwards, but have created a series of cavities in the hot gas. As these jets blasted through the galaxy into the surrounding multimillion-degree intergalactic gas, they pushed the hot gas aside to create the cavities. A relatively recent outburst created a pair of cavities visible as dark regions in the Chandra image located around the radio emission. These cavities are so large they would be able to contain the entire Milky Way galaxy, but they are dwarfed by even larger cavities — too faint to be visible in this image – created by earlier, more powerful outbursts from the black hole. The largest of these cavities is immense, extending for about 670,000 light years.”

The post Astronomy Photo of the Day: 11/22/14 — Hydra A appeared first on From Quarks to Quasars.

Mustache



Welcome to Facial Hair Week here at OPOD. We will be looking at different styles of beard's and mustaches that have occurred over the years. I think men are a little intimidated about sporting beards and mustaches, and many would dream of letting their beards grow wild, but are intimidated by social pressures. So, this week I hope the women will express their preferences on men's facial hair styles, and I hope men will describe their thoughts on beards and mustaches. This guy has a pretty interesting look going with the combination of hair and mustache.

PlayStation Network and Widows Live alleged hacks. Why experts afraid attacks on gaming platforms?

Latest report indicates that the alleged hack on Sony’s PlayStation Network, Windows Live and 2k games studio by Derp Tolling could be a hoax.

News going round that Derp Trolling hacked Sony’s PlayStation Network(PSN), Microsoft’s Windows Live and 2k games studio freaked out millions of users, but now security experts says the alleged hack could be a hoax meant to attract attention to the hackers’ group.

In a post on twitter and on the anonymous’ text sharing site, Pastebin, Derp Trolling claimed to be in possession of tens of thousands of Usernames and passwords for PlayStation Network , Windows Live and 2k games studio accounts.

“Dear Internet, the following is a very small portion of Lord Gaben and the rest of his crews glorious raids across the high seas of the Internet,” bragged Derp Trolling  adding that they had over 7m account details including 1.2 million credentials from CIA domains “Let this be a warning to all. Nothing is safe from Derp.”

In time we are writing the Twitter account  used by the Derp Trolling was suspended, meanwhile the account Derp Trolling used in the past doesn’t provide any update.

Derp Trolling Tweet

However, a cross-examination of the leaked details has questioned the credibility of the alleged hack. Security Experts who to tried to verifying some of the usernames and passwords dumbed on Pastebin were met by a response saying

“Not a valid e-mail address. Please try again,”

a clear indication that the accounts were never signed up on PlayStation Network in the first place.

“Looking through the list, there’s certainly an awful lot of crossover with data from previous breaches, in particular the Adobe one,” Rik Ferguson, vice president of security research at Trend Micro told the guardian. “The random sample cross-referencing I have done certainly show that the majority of data listed here has shown up already in previous breaches with a very few exceptions which seem to appear only in this particular paste.”

Last weekend, Derp trolling owned up to causing Denial of service (DDoS) on Blizzard’s servers among a host of other attacks done in the past.

“You heard about Anonymous knocking the entire .Mil domain offline? Well that was us! You hear of RedHack launching DDoS attacks against Turkey’s government? That was us as well! You heard about LulzSec knocking gaming servers and websites offline? Well that was us too,” said Derp trolling adding that the hackers’ group meant business this time. “Most people only see the Gaming side of us! We can be very serious hackers.”

Ironically, Derp Trolling claims it hacks to help companies fortify their networks by identifying their security flaws.

“Derp Trolling in no way wants to harm our children by leaking such damaging data. It’s only a warning to the companies,” claims Lord Gaben.

In a statement, Microsoft said

“We are investigating this issue and will take the necessary steps to protect customers as needed.” Sony on its part says there is “no evidence that there was any intrusion into its network,” adding that the company is taking the threats “very seriously and will continue to monitor its network closely.”

We must consider that the number of cyber attacks against gaming platforms is constantly increasing, last year Nintendo and Ubisoft we among the numerous victims of data breach … an it is just the tip of the iceberg.

Gaming platforms are a privileged targets for criminal crews and state-sponsored hackers. Cyber criminals are mainly attracted by possibility to steal sensitive information, including user data and credit card numbers, to sell in the underground market. State-sposored hackers are mainly interested into exploitation of gaming platforms for cyber espionage purposes or to abute of their resources to run cyber attacks.

Playstation network

Apparently, we live in world where cyberattacks including phishing scams and password matching is an everyday reality. In such a precarious environment, the next hack is just a click away.  Whether the latest hack was genuine or Derp Trolling was just bluffing, every day is good day to change your password.

Written by: Ali Qamar, Founder/Chief Editor at SecurityGladiators.com & Pierluigi Paganini

Author Bio:
Ali Qamar is a cyber-security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at SecurityGladiators.com, an ultimate source for worldwide security awareness having supreme mission of making the internet more safe, secure, aware and reliable. 

(Security Affairs –  Gaming, PlayStation Network ,Widows Live)

The post PlayStation Network and Widows Live alleged hacks. Why experts afraid attacks on gaming platforms? appeared first on Security Affairs.

Creating a Scanning Monochromator

If you need a specific wavelength of light for research purposes, the naïve way of obtaining that is a white source light, a prism, and a small slit that will move across your own personal Dark Side of the Moon album cover. This is actually a terrible idea; not only won’t you have a reference of exactly what wavelength of light you’re letting through the optical slit, the prism itself will absorb more of one wavelength of light than others.

The solution is a monochromator, a device that performs the same feat of research without all the drawbacks. [Shahriar] got his hands on an old manual monochromator and decided to turn it into a device that performs automatic scans.

The key of a monochromator is a diffraction grating, a mirrored surface with many fine parallel grooves arranged in a step pattern. Because of the surface of the diffraction grating, it’s possible to separate light according to its spectrum much like a prism. Unlike a prism, it’s effectively a first surface mirror meaning all wavelengths of light are reflected more or less equally.

By adding a stepper motor to the dial of his monochromator, [Shahriar] was able to automatically scan across the entire range of the device. Inside the monochromator is a photomultiplier tube that samples the incoming light and turns it into a voltage. By sampling this voltage and plotting it with MATLAB, [Shahriar] was able to plot the intensity of every wavelength of light within the range of the device. It’s all expertly explained in the video below.


Filed under: tool hacks

Windows Unicorn vulnerability exploited in the wild

Security companies have started detecting attacks that leverage a critical remote code execution (RCE) vulnerability in Windows, which Microsoft patched last week.

On November 11th Microsoft has released that exploit the Unicorn (CVE-2014-6332) critical remote code execution vulnerability in Windows systems, which Microsoft patched on November 11th.

The Unicorn vulnerability is addressed in one of the 14 security bulletins released by Microsoft on November 11, MS14-064 is one of the most important.

The bulletin addresses a Windows OLE RCE bug (CVE-2014-6352) and another Windows Object Linking and Embedding (OLE) automation array RCE flaw (CVE-2014-6332).

The CVE-2014-6332 vulnerability allows a remote attacker to execute arbitrary code via a crafted web site, the flaw is also known as “Windows OLE Automation Array Remote Code Execution Vulnerability”, WinShock or Unicorn. The Unicorn flaw was reported to Microsoft in May by researchers from IBM and experts discovered that it has existed for at least 19 years.

“The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine — even sidestepping the Enhanced Protected Mode (EPM) sandbox in IE 11 as well as the highly regarded Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool Microsoft offers for free,” IBM reported in the blog post.

The CVE-2014-6352 allows a remote attacker to execute arbitrary code via a crafted OLE object, in October Microsoft issued the security advisory 3010060 to warn its customer of the Zero-Day vulnerability that affects all supported versions of Windows OS except, Windows Server 2003.

Microsoft warned that the flaw is already being exploited in limited targeted attacks by threat actors in the wild.

“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the advisory explained.”At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint.” confirming the voice that bad actors are already exploiting the zero-day in limited cases.

Recently a Chinese researcher released proof-of-concept (PoC) code for the exploitation of the Unicorn vulnerability concurrently with the release of the official patch by Microsoft. The day after the disclosure of the flaw, it was also available a Metasploit module that exploit the Unicorn flaw. On November 17th, NSS Labs uncovered attacks exploiting CVE-2014-6332 through a JavaScript hosted on a South Korean website, the script was used to discriminate the visitors and serve the appropriate exploit. If a mobile device running Android is detected, an APK file is served, meanwhile if a PC is detected, a malware is dropped via the exploit published by the Chinese expert.

unicorn exploit

Below the Timeline of the events

  • Nov 11, 2014 – Microsoft releases the patch for CVE-2014-6332.
  • Nov 11, 2014 – A Chinese researcher identified by the Twitter handle @yuange releases the proof of concept (PoC) exploit.
  • Nov 12,2014 – Metasploit Module is created for CVE-2014-6332.
  • Nov 17, 2014 – NSS Labs observes the first attacks exploiting CVE-2014-6332 in the wild via the Cyber Advanced Warning System.

“The malware is a little different to that which is typically dropped from regular exploit kits and malware campaigns. The difference lies in the way in which this malware is packaged, and in its method of operation,” NSS Labs wrote in a Nov. 20 blog post. “The packer used within this malware is NSPack, the malware carries an embedded copy of itself for the purpose of dissemination.”

Also the experts at ESET firm have discovered an attack leveraging the Unicorn vulnerability through the website of a major news agency in Bulgaria.

“Scouring our data, we found several blocked exploitation attempts while our users were browsing a major Bulgarian website. As you might have guessed, the compromised website was using CVE-2014-6332 to install malware on the computers of its unsuspecting visitors.” reports ESET in a blog post.

Also in this case the hackers exploited the PoC released by the Chinese expert to serve a multi-use malware.

Pierluigi Paganini

(Security Affairs –  Unicorn vulnerability,Windows)

The post Windows Unicorn vulnerability exploited in the wild appeared first on Security Affairs.

hack.summit(); // a virtual dev conference

If you’d like to spend four days learning from and picking the brains of a big group of well-known developers and open-source wizards for the low, low cost of absolutely free, keep reading.

The hack.summit() conference is a live, global event put on by the  fine folks behind real-time programming assistance service hack.hands(). From December 1 to December 4, a wide range of speakers will present and answer democratically popularized questions over Crowdcast via Google+ Hangouts. Speakers in attendance include wiki inventor and Design Patterns pioneer [Ward Cunningham], Codeacademy founder [Ryan Bubinski], Google Glass creator [Tom Chi], Python Software Foundation’s [Alex Gaynor], and even the inimitable [Jon Skeet].

The goals for this conference are simple and admirable: to educate developers of all stripes about best practices, to encourage mentorship in the programming community, and to spread the joy of coding by supporting coding non-profits.

You can register for free simply by spreading the word through social media, but making a donation to the coding non-profit of your choice is definitely encouraged. There are many to great organizations to choose from such as  CoderDojo (an easy choice for us). A tidy summary of the event is available at the hack.summit() FAQ(PDF).


Filed under: cons

uRex Video Converter Platinum offers you abundant formats with excellent quality and fast video conversion.

uRex Video Converter Platinum offers a powerful and professional video converting solution which can convert almost all the popular video formats on your PC to various formats like AVI, MP4, DivX, MPEG, H264, WMV, MKV, MOV, VOB, ASF, DV, 3GP, HD format, like HD VOB, HD MKV, HD TS, HD AVI, HD MPEG, HD MP4, HD ASF, HD WMV, HD MOV and audio MP3, WMA, WAV… Also, it makes you to enjoy movie on your PSP, PS3, iPod, iPhone, iPhone 5, Apple TV, Xbox, Google phones, iPad, iPad2, the new iPad and other digital multimedia devices with ease.

Feature Highlights:

  • Supports all popular video and audio formats, even HD videos like AVI, TS, H.264/AVC, MKV;
  • Convert to popular formats like AVI, MPEG, WMV, MP4, DivX, MOV, and FLV;
  • Supports almost all multimedia devices such as PS3, iPhone, iPhone 5, iPod, the new iPad, iPad/iPad2, Apple TV, Xbox, Wii, Google phones;
  • Supports NVIDIA CUDA and ATI Stream technology;
  • Edit, split and merge video while converting.