This project has two demonstrations on their site. The first is dubbed the RTS-2 (Racial Targeting System). This system is essentially a camera which follows faces and is able to analyze and interpret the person's race. The second is SOLA. This system is able to quickly scan someone and calculate their body mass index then publish this information to the web. Both systems achieve their goal by blatantly pointing out a line in which more surveillance does not equate to more security. They also show the wealth of personal data that can be obtained about a person by a simple camera.
While at The Last HOPE this year, we were fortunate enough to see Wiremap, a volumetric display made from thread. Using a projector and 256 individual strands of cotton thread, [Albert Hwang] produces 3D effects. The result is a visually stunning piece of work.
The DShield project is hoping to change how we protect our networks from malware with predictive blacklisting. Using a method similar to Google's PageRank, DShield collects logs from network administrators to help develop a score based on maliciousness. They combine this score with information about where the malware has already hit to determine an overall threat level.
Similar to antivirus programs, the system still relies on networks being attacked to rate the threat level. They have shown though, that the predictive method is consistently more effective than manual blacklisting. The system has been available for free for the past year. Those utilizing the system have been reporting positive results. They do note that there are a few people whose network infrastructure doesn't match up with the predictions very well. If you would like to participate, go to their site and sign up.
YouTomb is a research project designed by the MIT Free Culture group to track video take downs on YouTube. To succeed, the team needed to track every single video on YouTube... which is close to impossible. Instead, they built several "explorer" scripts to track what videos were interesting. One explorer tracks all of YouTube's lists: recommended, featured, most active, and more. Another explorer picks up every video submitted to YouTube, and a third crawls Technorati.
The explorers just find the videos; a separate group of scanner scripts checks the current status of videos. It checks both the new videos and ones that have been killed to see if they return. YouTomb archives every video it finds. They display the thumbnail of the video under fair use, but they're still determining whether they can display each video in full.
In today's webcast, [Dan] covered how he felt about the handling of the vulnerability and answered a few questions about it. He started out by talking about how he stumbled across the bug; he was working on how to make content distribution faster by using DNS to find the server closest to the client. The new attack works because DNS servers not using port randomization make it easy for the attacker to forge a response. You can read the specifics of the attack here.
We've been tracking Metasploit commits since Matasano's premature publication of [Dan Kaminsky]'s DNS cache poisoning flaw on Monday knowing full well that a functional exploit would be coming soon. Only two hours ago [HD Moore] and [I)ruid] added a module to the Metasploit Project that will let anyone test the vulnerability (with comment: "ZOMG. What is this? >:-)"). [HD] told Threat Level that it doesn't work yet for domains that are already cached by the DNS server, but it will automatically wait for the cached entry to expire and then complete the attack. You can read more about the bailiwicked_host.rb module in CAU's advisory. For a more detailed description of how the attack works, see this mirror of Matason's post. You can check if the DNS server you are using is vulnerable by using the tool on [Dan]'s site.
We're really sorry to have missed GLOW. It was a unique all-night art and music event that took place the evening of July 19, 2008, in Santa Monica, and lasted until dawn. We were most intrigued by [Shih Chieh Huang]'s haunting robotic sculptures. They were eerily beautiful, and appeared to be alive and "breathing". He took some unusual materials - plastic bags and bottles, computer fans and circuit boards, among others, and combined them all to give the creatures otherworldly auras. Simultaneously familiar and strange, the sculptures are designed to evoke marine life, yet they're completely different, in both materials and structure. More coverage and pictures of the event can be found at LAist, NOTCOT, and on Flickr.
Hacking At Random 2009 has recently been announced. It's brought to you by the same people who held the outdoor hacking event What The Hack, which we covered in 2005. Date, location, and many other details are still up in the air. They're looking to host 3000 attendees and we're guessing it will be similar in nature to last Fall's incredible Chaos Communication Camp near Berlin. 2009 will also feature the beta run of outdoor hacker event ToorCamp near Seattle. Two great events we're certainly looking forward to.
[Hungry_Myst] has put together this fantastic device to annoy your friends. It randomly emits high pitched sounds, then stops for a while to make it very hard to locate. He has added an extra level of annoyance by putting the noise in vicinity of 17KHz thus making it almost undetectable by people over the age of 30. The fact that not everyone in the room can hear it makes people go even crazier trying to find it.
The parts list is fairly short, and the directions concise. One thing that is fantastic about this article is that he encourages people to improve it. That alone is not a huge deal, but he mentions in several areas specific additions that would make it more user friendly: on/off, pitch control, and delay control.
We here at Hack a Day are really interested in power suits, so the ReWalk suit for paraplegics immediately caught our attention. By using unique robotic control algorithms, the suit works with the user rather than for the user. This allows the user to experience the sensation of walking autonomously and a chance at a normal life. Argo, the design company, also claims that a suit like this will end up saving the user money considering the high price of medical and transportation equipment. The core design is not entirely new. It has a batterypack and DC motors placed at the joints. The wearer uses crutches and the sensors and software monitor upper body movement to predict when and where the user wants to move their leg.
Against all previous indications-including being called The Last HOPE-the conference will not only be returning in 2010, it will be at the Hotel Pennsylvania. We're looking forward to The Next HOPE, which will probably followed by The Last HYPE, which in turn will be followed by: We're Super Serious This Is The Last HOPE.
[Dave Fayram] has put out two videos covering the interface of the FreeRunner from OpenMoko. For those unfamiliar, we've covered it a fewtimes before. It is an opensource mobile platform that includes a full X server. They encourage people to make their own software and even release the CAD files for chassis modification.
He points out some glaring faults and compares it to his iPhone. Some of the major faults he has listed and shown are:
Bezel around screen makes input difficult.
Extremely slow interface
Can't play mp3s.
On screen keyboard is tiny.
It is marketed at around $400 so the comparison to an iPhone seems legitimate. We do need to keep in mind, however, that the FreeRunner is opensource. The more support we show to them, the better it will get. The thought of an opensource handheld platform, comparable to an iPhone is quite enticing. At this point though, the comparison is pretty one sided. Hopefully more software development and support from the community will make this device something to get very excited about.
[Virgil] presented the next version of Wikiscanner at The Last HOPE today. To build the original, he scanned the monthly database dump of anonymous edits and compared that against a purchased list of known company IP addresses. The 34.5 million edits account for nearly 21% of all edits. The idea was to unearth businesses and groups white washing critical pages. This only handles anonymous edits though. Users could log in to avoid having their IP reversed.
In the new version, [Virgil]'s team developed a "Poor Man's CheckUser". If you spend too much time editing a talk page, your session could end and when you hit save it attaches your IP. Most regular users will then log in and remove their IP. They found 13,000 username/IP address pairs by searching for IPs being removed and replaced with usernames. These are some of the most active users. Using this list, they could potentially uncover sockpuppets or potential collusion by top editors.
Many a computer gamer has scowled at the thought of trying to control an FPS with thumb sticks. When you're used to the precision and speed of a mouse, the analog stick feels, well... just wonky. XIM360 has built, what is hopefully a big step forward in inputs for the 360. The device is an add on to the XFPS, and supposedly delivers an experience that is "what you've always hoped to get".
The project came into existence when people, let down by the poor performance of the XFPS started augmenting it to try to get desired results. They used a board called XIM to get better control. The new board, XIM2 was built from the ground up to achieve the best possible experience. The XIM2 is now available for pre-order.
More information can be found on their website, as well as a large user forum of modders and hackers.
In the aftermath of [Terry Childs], the jailed disgruntled software engineer who created a God password and effectively locked San Francisco officials out of their own computer system, IT Grind unveils its Techie Hall of Shame. The Hall of Shame highlights figures who give computer professionals a bad name. From [Roger Duronio], the systems administrator who wasn't satisfied with his raise, to [Kenneth Kwak], who installed spyware on his boss' computer in order to gossip, the wrath of the IT professional can wreak thousands to millions of dollars of damages for companies and corporations to clean up. As much as these figures seem to be singular figures, we think they also serve as cautionary tales. Always have backup. If you suspect you've got a disgruntled employee, you should probably at the very least keep another expert eye on him. And hire more than one person to manage your systems. [Deb Perelman] asks her readers who else they think would be worthy of the Hall of Shame. We're curious to know what you think, too.
