I'm sure the higher-end treadmill models have better interfaces, but this one in particular uses a standard audio jack which uses encoded sounds to control the various speed and incline settings found on the treadmill. For example, playing the sound encoded for speed-3, incline-7 will set the treadmill accordingly. As you can imagine there are quite a few of these sounds. I was able to acquire these sounds after a little prying into the JavaScript for the treadmill application provided by the vendor.
Sound controlled interface?! Don't they realize that is how the Decepticons stole all our government secrets?
In response to all the Mass SQL Injection attacks this year, Microsoft approached HP and the Web Security Research Group (formerly SPI Labs) for assistance. While there was nothing they could patch, Microsoft wanted to provide tools to help developers find and fix these issues. After a month of development HP created Scrawlr.
Scrawlr (short for SQL Injector and Crawler) is a free tool that will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr was designed specifically to help protect against these mass injection attack which are using Google queries to find older web applications and automatically injection them. As such, Scrawlr crawls a websites using the same techniques as a search engine: it doesn’t keep state, or submit forms, or execute JavaScript or Flash. This Scrawl is finding and auditing the pages that would have been indexed by the search engines.
To reduce false positives Scrawlr provides proof of the vulnerability results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!
Firefox is coming to mobile. The innovation, usability, and extensibility that has propelled Firefox to 200 million users is set to do the same for Firefox in a mobile setting.
User experience is the most important aspect of having a compelling mobile product. Every bit of interaction and pixel of presentation counts when typing is laborious and screen sizes are minuscule. Many of the standard interaction models, like menus, always-present chrome, and having a cursor, don’t necessarily make sense on mobile. It’s a wickedly exciting opportunity but there are myriad challenges to getting it right.
One avenue for exploring this opportunity is through Mozilla Labs, which is about pushing the envelope towards better and brighter interaction horizons, as well as incorporating a winder community into the innovation process. This concept video explains one direction we are thinking in, and we’d love to inspire participation in thinking about other directions.
Today in Berlin HP announced the Voodoo Envy 133 notebook that was hinted at last week in the video teaser I posted. Voodoo is aiming to take on the MacBook Air and the Envy is ready for the bout. The Envy 133 has an LED backlit 13.3-inch screen, carbon fiber body (super lightweight), multi-touch trackpad (I just tried it out and it stinks. I’ll get a full demo later on, but there’s a short video after the jump. It pinches but doesn’t do the rotation.), built-in ethernet port into the power brick, removable battery, HDMI port, two USB ports, and an express card slot. The Envy’s starting price of $2,099 is less desirable, though. Another unique and cool feature for the Envy is Voodoo InstantOn, which allows the user to boot to a Linux screen with seconds of starting up while Vista boots in the background.
The Voodoo Envy 133 will be available for a starting price of $2,099.(1) Other key features include: • Voodoo Aura PowerConnect – establishes a one-to-one wireless connection between the Envy 133 notebook and an Ethernet connector located on the power supply, allowing users to roam free from the wired connection.(3) • Multiple gesture touchpad – more than a standard touchpad, the Envy 133 also provides capabilities such as a circular gesture called chiral scroll and pinch options. • Durability – the carbon fibre casing and fused composite glass covering the display provide surprising strength and durability. • External optical disk drive – an ID-coordinated external eSATA optical drive is included with every unit. • Professional backlit keyboard – reminiscent of old-school tactile desktop keyboards with just enough “click” to get even the most die-hard tech enthusiast smiling. • Ports – extensive usability via a variety of I/O ports, including headphone/microphone, HDMI, USB 2.0 (1x) and a shared e-SATA/USB (1x).
Bypassing Web Authentication and Authorization with HTTP Verb Tampering
Topic: Technology
2:06 pm EDT, May 29, 2008
This is a cool paper and all of you should read it for many reasons.
First, because it’s a perfect example of hacking. Hacking is just critical thinking and understanding how a system works. In this paper by understanding the nuances of web technologies the researchers found a very trivial way to bypass the authentication systems of many popular web frameworks!
Second, it’s a classic example how programmers with even a little security knowledge can make big mistakes.
Here is the paper in a nutshell:
Various web frameworks like Jave EE, ASP.NET, etc, allow you to configure the website so certain directories are only accessible to certain users with certain HTTP methods. So anyone can do a GET or POST to /public/ but only an admin can do a GET or POST to /admin/.
Enter the HTTP HEAD method. This is usually used to diagnostics and caching. If you send an HTTP HEAD instead of an HTTP GET to a URL, the website is supposed to do everything it would normally do when processing a GET, only it should only the HTTP response contains only header and no body. To make sure the same response (sans body) is sent for an HEAD as a GET, web servers simply handle the response as if it was a GET, and suppress the body when sending the response.
Do you see the trick yet?
HTTP HEAD method can be used to side-step authentication systems in many web applications. An attacker simply sends a HEAD to /admin/deleteUser?user=billy? instead of an GET. The authentication framework checks and sees that anyone can send HEADs to /admin/ and does not stop the processing of the request. The web server runs all the back end code that it normally runs for a GET, which deletes Billy as a user. The attacker does not see the body on the response, so it’s a blind attack. However the attacker can see the HTTP status code that is returned with the response to the HEAD and based on its value (200, vs 500) the attacker can tell if it worked.
This is exactly the reason why HTTP GET should be idempotent. In other works, GETs and HEADs should not modify the state of the web server so you can send multiple gets to the exact same URL and it should not cause problems. POSTs on the other hand are not idempotent. This is why e-commerce sites say things like “don’t click checkout again!” and your browser will say things like “You have already submitted POST data, are you sure you want to refresh and send this again?” (AMP, we aren’t doing this in our web frontend right?)
We even have an idea about how widespread this problem could be. In 2005 Google launched Google Web Accelerator. This was a browser plug in that pre-fetched links on the page you were looking to better utilize your bandwidth. Unfortunately, thousands of sites started breaking because developers all of the world were using simple hyperlinks (which issue a GET) to modify the state of the web app. There was lots of kicking and screaming, and I acquired a healthy dislike for Ruby on Rails developers who kept insisted that the rest of the world was wrong and they were right, but I digress.
In short, by knowing HTTP and understanding that a developer implemented a default “Allow All” feature, this very cool attack was discovered.
This is very cool. From way back in 1971 a professor Leon Chua at the University of California (Berkeley) wrote a paper describing four basic passive electrical components: resistors, capacitors, inductors, and memristors. Until this year, the last one of these was only theoretical in nature, but some bright folks have finally cracked it.
This is likely to crack open a whole boatload of new types of circuits and electronic applications. Very, very cool.
The Mail Logger is the only GPS Tracking Device specifically designed for tracking your mail. Simply mail it in an envelope and later review where your mail has been. Save time and money by evaluating your delivery service’s reliability and efficiency.
Discover Delays And Inefficiencies In Delivery With GPS Location The U.S. Postal Service delivers more than 212 billion pieces of mail annually and they are constantly looking for new ways to improve efficiency and eliminate delays. The answer? The GPS Mail Logger. At half of an inch thin, this GPS Mail Logger is the world’s only GPS Tracking Device that can be mailed in an envelope. Evaluate the effectiveness of your delivery service by pinpointing inefficiencies or delays in the delivery process.
Watch How The Micro GPS Mail Logger Works!
GPS Tracking Records Your Mail’s Exact Location, Speed, And Altitude The GPS Mail Logger records the global position of your mail throughout the delivery process. Once you receive your mail, plug in the GPS Mail Logger’s MicroSD card and find out where your mail has been in seconds. With time stamps and recorded downtime you can find out where your mail has been and if it was delayed or misrouted. With GPS you get your mail’s exact satellite location, how fast it was traveling, and even its altitude throughout the delivery process. With this data, the GPS Mail Logger can help you evaluate your delivery company’s effectiveness.
Never Lose Track of Your Mail Again – Test Your Mail Delivery’s Efficiency! With The GPS Mail Logger you will never wonder what took your mail so long to arrive. Why? Because this product tracks the GPS Location of your mail throughout the delivery process and stores the information on a removable MicroSD card.
Wonder what’s taking your mail so long to arrive? Test your delivery company’s efficiency by mailing out one hundred packages equipped with the GPS Mail Logger. Upon arrival, check the GPS record of where they have been. Maybe your delivery company misrouted 50% of these packages and that’s why they were late. Or maybe they sat in the warehouse for two days. Find out with the GPS Mail Logger!
1. Send out multiple packages equipped with the GPS Mail Logger. 2. Once the mail arrives, review where your mail has been. 3. Evaluate your delivery effectiveness.
Don't leave it up to the USPS to track your most sensitive mail properly. At just a fourth of an inch thin, the GPS Mail Logger ($695) is a GPS tracking device that can be mailed in an envelope, tracking the exact location, speed and altitude of your envelope, from the time it leaves you to the time it reaches Publishers Clearing House.
RE: Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
Topic: Technology
3:00 pm EDT, Apr 19, 2008
Key Design Points The most important design question for constructing the constraint formula is to figure out what instructions to include in the formula. We need to include all the instructions for an exploitable path for the solver to generate a candidate exploit. However, the number of exploitable paths is usually only a fraction of all paths to the new check. Should the formula cover all such execution paths, some of them, or just one? We consider three approaches to answering this question: a dynamic approach which considers only a single path at a time, a static approach which considers multiple paths in the CFG without enumerating them, and a combined dynamic and static approach.
This is a really good example of combining Static Analysis and Dynamic Analysis to find and verify security vulnerabilities. Come see my Summercon presentation for more on this topic.
