I’m back in Los Angeles but I thought I’d leave you with one last image from ShmooCon. Larry Pesce from PaulDotCom has been been bringing new ShmooBall guns to the conference for the past few years. ShmooBalls are foam balls given to the conference attendees so they can throw them at speakers they disagree with.
This year Larry brought a turret mounted to a Power Wheels. You can see the 2008 and 2009 versions on Hack a Day.
Michael Ossmann gave a really interesting talk on bluetooth keyboard security at ShmooCon. He specifically covered the bluetooth HID profile from 2003 and the bluetooth 1.2 spec from the same time, which all current keyboards on the market implement. He covered many attacks on the system that take advantage of bluetooth not authenticating its devices.
As was bound to happen, I put the finishing touches on my GPU post and immediately ran into David Hulton (h1kari) at Pico Computing’s ShmooCon booth. As the organizer of ToorCon, he was the person that originally introduced me to the power of the FPGA.
For having to fill a last minute ShmooCon opening, dragorn delivered a very provoking talk. You may know him for his indispensable wifi tool, Kismet. He blew through 100 slides in 20 minutes and I’m sure I’ll miss the finer points but it really turned out to be something potentially incredible (and destructive). He laid the ground work by discussing how open public wifi hotspots are so heavily used. Many of us understand the risk but he set out to show even more unexplored territory.
I’m at the ShmooCon hacker conference in D.C. this weekend and will be posting about some of the more interesting talks. The Friday round of talks are limited to 20 minutes and cover a wide variety of topics. Collin Brack opened with a subject I’m thoroughly interested in: GPU based cracking.
Hackers working on the Barnes & Noble Nook have gotten a huge gimmee. nookDevs member poutine took the back off of his and discovered that the device’s filesystem is stored on a 2GB microSD card instead of onboard flash. Mounting the card revealed three ext3 partitions. You can find a listing of the files here. It’s mostly a stock Cupcake build with a few additions like ./system/app/instorewifi-release.apk. The debug interface, adb, is included so its a matter of adding it to the startup script to begin talking to the device over USB.
When the nook was announced, I was interested because it’s an Android device but worried that it would be too locked down to be fun. This is an amazing discovery and being able to modify the filesystem directly will surely make hack development much easier. The back is just screwed on so it isn’t that difficult to remove and since it’s under an external cover I can imagine people keyholing it to get easy access to the card. Veteran Android hackers like JesusFreke have already jumped in to help out. You can find them actively working in #nookdevs on Freenode.
US wireless carriers have started selling femtocells to their customers. A femtocell is a device that essentially acts as a mini cellphone tower. It connects to the user’s broadband connection and their cellphone connects wirelessly just like it would to a regular tower. The call is trunked over the broadband connection and the customer gets a much better signal than they normally would. If the caller leaves range of the femtocell, it will be handed off seamlessly to a normal tower.
I was reading about AT&T’s MicroCell, which they’re testing in a couple markets, and saw this interesting note:
When an application sends an update to Twitter it can specify the ’source’. The screenshot above shows an update where I used ‘foursquare’ as the source even though it wasn’t sent by Foursquare. No, I don’t think this is a security issue; it can be funny though. (more…)
UPDATE: @SanMo is now using Chris Finke’s implementation in Python.
@SanMo is a Twitter based service I launched in late January. It’s designed specifically for Twitter users in the Santa Monica area. Anyone can send a message starting with @SanMo and the bot will retweet it. The idea is that locals who want to participate will follow @SanMo and then respond to the inquiries. (more…)
I finally got around to looking at the Python tutorial today. I didn’t make it past page one because I was shocked to discover that Python is named after Monty Python instead of… you know… THE SNAKE. I figured this fact would be more obvious had O’Reilly chosen a more appropriate beast for their cover, so I decided to throw this cover together for them. Apparently Perl books have similar issues.
Eliot Phillips claims to hate people and writing, but somehow succeeds with both. He is the Head Editor Emeritus for the hacking empire: Hack a Day.
