hack - Dave's Blog

eclecticmethod:

You don’t use the same password over and over right? Let’s be honest this is the day and age of the hacker. Eclectic Method brings you “Hackers” , Hollywood’s celebration of basement dwelling 128 bit encryption masters. They’ll shut down before you can trace them, hack into the mainframe…

Hack the planet!

This is essentially an AV exploit against Super Mario World that results in running the end game code. Watch the video. “…there’s a glitch that’s been known for a while, where Yoshi can end up in the “I have an item in my mouth” state, but not actually have an item in his mouth. When he spits out this nothingness, the game crashes. …That address did not contain code, and so the system crashed. But wait a second. What if, by some sheer coincidence, that address did contain code? The specific address dropped him in somewhere amongst various data for the game’s internal random number generator, and the random number generator can be manipulated in a TAS. Could the game be coerced into running arbitrary code?…”

Zelda Starring Zelda (by Kenna W)

Original NES Legend of Zelda ROM modified to swap Zelda and Link: play as Zelda saving Link.

CodeHackerz (by campusmoviefest)

According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.

The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.

A python script that d3crypt5 the input pipe’s ASCII content from ASCII garbage slowly into the correct output.

wired:

cnet:

Mp3 playing retainer transmits music through your teeth:

Bone conduction audio, retainers, and shiny hip-hop teeth grills aren’t new inventions, but tech hacker Aisen Caro Chacin had the clever idea to put them all together.

The Play-A-Grill MP3 player prototype fits in your mouth like a retainer, shines on the outside like a precious metal rap grill, and plays music through bone conduction through your teeth.

Read more

Oh man, this would have made puberty just a touch cooler. Maybe. 

NICT Daedalus Cyber-attack alert system #DigInfo (by Diginfonews)

Someone has been watching too much Ghost in the Shell. I’d say someone has been watching too much Hackers but this actually looks cooler than their visualizations and also you can never watch too much of Hackers.

Very interesting - both technically as well as looking into the moral justifications the botnet operator provides. But equally interesting  is the discussion on Hacker News: http://news.ycombinator.com/item?id=3960034. Especially the discussion on the Verified by Visa (3D Secure) system and how the goal is basically to move liability onto the consumer and off of the merchant or credit card company.

Web apps really make obvious the lack of URI APIs in the DOM or JavaScript.  This blog post goes over using DOM API side effects to resolve relative URIs and parse URIs.  An additonal benefit of this mechanism is that you avoid security issues caused by mismatched behavior between the browser’s URI parsing and your app’s URI parsing.

Specifically Twitter has said that they will only used these assigned patent rights defensively to protect themselves against hostile actions. And further that any company that acquires these patent rights from Twitter will need the inventor’s consent to use them in an offensive action. Twitter has also provided the inventor with certain rights to license the patent to others for defensive purposes. You can read the entire set of provisions on GitHub.

Implied HTML elements, CSS before/after content, and the link HTTP header combines to make a document that displays something despite having a 0 byte HTML file.  Demo only in Opera/FireFox due to link HTTP header support.

First hand account of security researcher reporting security issues to Google and details on the security issues.