«
Expand/Collapse
42 items tagged "input"
Related tags:
validation [+],
uri handler [+],
peripherals [+],
digital [+],
audio [+],
Skype [+],
vulnerability [+],
x freetype [+],
position error [+],
marc schoenefeld [+],
malicious user [+],
input devices [+],
font [+],
fivestar [+],
drupal [+],
device [+],
classic [+],
arduino [+],
twitter [+],
stack buffer [+],
source buffer [+],
sansa [+],
safer use [+],
multiple [+],
linux security [+],
integer overflow [+],
debian linux [+],
command execution [+],
clip [+],
byte [+],
based buffer overflow [+],
attacker [+],
arcane software [+],
application [+],
hacks [+],
zzuf [+],
y velocity [+],
wanna [+],
vintage car [+],
vintage [+],
value [+],
usb [+],
unit [+],
ultrasonic range finder [+],
trolltech qt [+],
trolltech [+],
trees [+],
toyota corolla [+],
tony stark [+],
tin foil [+],
ticker [+],
thutmose [+],
television remote control [+],
telegraph key [+],
telegraph [+],
tar gz [+],
tar [+],
tape decks [+],
tape [+],
stray magnetic fields [+],
stefan esser [+],
sound manipulation [+],
smarterstats [+],
slides [+],
simon inns [+],
simon frank [+],
sequences [+],
security vulnerabilities [+],
sean chen [+],
sanitization [+],
rra [+],
random bits [+],
rambler ambassador [+],
python [+],
props [+],
post [+],
playstation [+],
piezo sensor [+],
picaxe [+],
pic [+],
photoresistors [+],
particulars [+],
paper [+],
nos [+],
nice shoes [+],
nice [+],
nali [+],
n64 controller [+],
musical [+],
multouch [+],
mouse movements [+],
mouse [+],
morse code [+],
morse [+],
mister [+],
midi input [+],
midi connection [+],
midi [+],
microsystems ltd [+],
microsoft surface [+],
microcontrollers [+],
michael nash [+],
measurement [+],
matrix [+],
martin [+],
linux [+],
led [+],
larry [+],
labview [+],
kinect [+],
keyboard input [+],
keyboard [+],
kaossilator [+],
john [+],
jim [+],
iphone [+],
interaction [+],
input validation vulnerabilities [+],
input peripherals [+],
input connector [+],
home [+],
head [+],
handhelds [+],
hand input [+],
hand [+],
guts [+],
great stuff [+],
gloves [+],
gesture input [+],
free input [+],
flex sensor [+],
file [+],
fiberoptic [+],
evan levine [+],
entertainment [+],
electrical signals [+],
dumpster [+],
distance measurement [+],
distance [+],
dave [+],
dashboard [+],
cookie value [+],
controller [+],
communications protocol [+],
commodore 64 [+],
command line arguments [+],
click [+],
chyrp [+],
chris yerga [+],
chris harrison [+],
car [+],
cadmium sulfide [+],
cacti [+],
black hat [+],
ben [+],
audio input [+],
attiny [+],
attack trees [+],
attack [+],
asia [+],
arm band [+],
application input [+],
apple iie [+],
analog input [+],
amplifier [+],
adapter [+],
acquisition modules [+],
acoustic signatures [+],
ARM [+],
input validation [+]
-
-
10:01
»
Hack a Day
The Sansa Clip+ is a nice little MP3 player and recorder. But it doesn’t offer an input connector, instead relying on the built-in microphone. [Simon Frank] wanted to extend its functionality so he figured out how to add a standard audio jack for analog input. This is not the first time this has been done, [...]
-
-
20:31
»
Packet Storm Security Advisories
The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
-
20:31
»
Packet Storm Security Recent Files
The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
-
20:31
»
Packet Storm Security Misc. Files
The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
-
-
11:01
»
Hack a Day
In the interests of interface archaeology, [Martin] sent in the Tworse Key, a telegraph key that posts to Twitter using Morse code. It’s a fantastic build that nearly looks like something out of the 1900s. We’ve seen a ton of Morse keyboards over the years, but never one so well-engineered for a single purpose. The guts [...]
-
-
12:26
»
Hack a Day
Even though giant multouch display tables have been around for a few years now we have yet to see them being used in the wild. While the barrier to entry for a Microsoft Surface is very high, one of the biggest problems in implementing a touch table is one of interaction; how exactly should the [...]
-
-
15:35
»
Hack a Day
[Larsim] worked out the timing necessary to read button and joystick data from an N64 controller using an ATtiny85 microcontroller. The project was spawned when he found this pair of controllers in the dumpster. We often intercept great stuff bound for the landfill, especially on Hippie Christmas when all the student switch apartments at the [...]
-
-
7:03
»
Hack a Day
Workshop 88 member [Jim] got his hands on a couple of SanDisk Sansa Clip+ MP3 recorder/players from Woot, and was anxious to see what he could do with them. The first order of business was to install RockBox, an open source hardware package built for a wide range of MP3 players. He was impressed with [...]
-
-
9:01
»
Hack a Day
[Ben] needed an input device that would operate where electrical signals and magnetic fields wouldn’t be tolerated, so he ended up running fiberoptics instead of electricity to a mouse. [Ben] ran some glass fiber from the mouse to quadrature encoders to get the x and y velocity. Mouse clicks are read by modifying the existing buttons [...]
-
-
6:04
»
Hack a Day
[Stealth] put together a post explaining how he writes drivers for input peripherals. He’s using Python which makes the process fairly painless (we’ll get to that in a minute) but the value of his post is in the explanation surrounding how to interpret the data. Once you know how the communications are coming in from [...]
-
-
9:31
»
Hack a Day
This isn’t strictly a MIDI input hack; [Furrtek] pulled off an alternate input hack for the Kaossilator that he’s currently using with a MIDI connection. In its unhacked form the Kaossilator is a small touchpad-based sound manipulation tool. [Furrtek] sniffed out how the touchpad data is read and used on the little device. He then [...]
-
-
8:28
»
Hack a Day
[Nali] is fixing up a 1966 Rambler Ambassador and decided to give the audio a bit of an upgrade. Instead of replacing the head unit he added a connector for audio input. The method he used is simple, inexpensive, and allows the original unit to continue functioning as a radio. He cut the feed wires [...]
-
-
21:01
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-201 - Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library, it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797.
-
21:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-201 - Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library, it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797.
-
-
17:10
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2116-1 - Marc Schoenefeld has found an input stream position error in the way the FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code.
-
-
11:29
»
Hack a Day
[Julien] built an input device that uses reflected light detected by some photoresistors. Placing your hand above the device will reflect light from the LED back down onto the cadmium-sulfide sensors. The resistance of those sensors is read by four ADC pins on a Teensy microcontroller and translated to mouse movements. In the video after the [...]
-
-
11:00
»
Hack a Day
[Dave] pulled the head unit out of his dashboard to add an iPod input. He took a much more invasive route than the other hack we saw a few days ago. He actually patched into the audio lines going from the Dolby reader head chip to the amplifier. The first step was to trick the [...]
-
-
8:43
»
Hack a Day
Tape decks in cars? Yes, that used to be quite common before optical media took over road. [Nirav Patel's] 2004 Toyota Corolla had a deck that he used with a tape adapter in order to listen to music from his iPhone. But one day something happened and, although the adapter still worked, the cassette player started making [...]
-
-
10:42
»
Hack a Day
This is a concept input device that [Tech B] built for disabled users. The device uses an accelerometer along with a piezo sensor (right click) and a push button (left click) to function as a mouse. The Arduino that resides in a breadboard on the side of the hat communicates with the computer over a [...]
-
-
20:00
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2060-1 - Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.
-
-
11:00
»
Hack a Day
[Larry] put a different spin on a television remote control. He used an Arduino and an IR receiver to learn the codes from the factory remote. Now that he can use an IR LED to playback these signals he worked on an alternative to pressing buttons as the input. The ultrasonic range finder seen above [...]
-
-
13:00
»
Hack a Day
Props go to [Michael Nash] for establishing an interface between National Instrument’s labVIEW and an Arduino (an example video using a potentiometer is above). Personally, from the one time we were forced to use labVIEW, we hated every second of it. One reason it’s so terrible, is the Data Acquisition Modules cost well into the [...]
-
-
14:23
»
SecuriTeam
Due to a flaw in the current user input validation performed by Skype, it is possible to append additional command line arguments which are subsequently processed during the launch of Skype.exe.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
6:47
»
Hack a Day
Anyone who has tried their hand at RPG Maker 1 (or any text input with a controller) knows how difficult it can be typing long paragraphs into the console. [Thutmose] is here to save the day with Kupid 1.0 (2.0 in production). A PICAXE takes ps/2 keyboard input and converts it to a series of [...]
-
-
7:05
»
Hack a Day
This two handed glove input setup, by [Sean Chen] and [Evan Levine], is one step closer to achieving that [Tony Stark] like workstation; IE, interacting with software in 3D with simple hand gestures. Dubbed the Mister Gloves, the system incorporates accelerometer, push button, and flex sensor data over RF where an MCU converts it to [...]
-
-
7:41
»
Hack a Day
A hand input bootloader and a custom communications protocol are what bring the Apple IIe Twitter ticker to life. [Chris Yerga] bought the decades-old machine for $20 at a flea market. Having just completed his TweetWall he decided to adapt the idea for the 1 MHz machine. He manually input a 50 byte bootloader that [...]
-
-
6:10
»
Hack a Day
This one could be a game changer. [Chris Harrison] and a team of researchers are showing off a method of using your arm as an input device. An arm band worn by the user picks up acoustic signatures created by tapping on your arm with the other hand, or taping your fingers and thumb together [...]
-
-
5:26
»
SecuriTeam
Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:40
»
Hack a Day
USB is convenient and that makes it desirable in many many projects. [Simon Inns] has the process down and is sharing it with his recent PIC based USB tutorial. Prompted by requests for help on the matter after having published a post about his Commodore 64 interface, he set out to detail the particulars when [...]
-
-
9:29
»
Hack a Day
Here’s two input devices you can easily build with materials you already have on hand.
To the left, [John] built a 3×3 keypad matrix from paper and tinfoil. The rows and columns are made up of strips of tin foil on the front and back layers of paper. The layers are separated by spongy double-stick tape. [...]
-
-
19:00
»
Packet Storm Security Recent Files
This Metasploit module exploits an out-of-bounds array access in the Arcane Software Vermillion FTP server. By sending an specially crafted FTP PORT command, an attacker can corrupt stack memory and execute arbitrary code. This particular issue is caused by processing data bound by attacker controlled input while writing into a 4 byte stack buffer. Unfortunately, the writing that occurs is not a simple byte copy. Processing is done using a source ptr (p) and a destination pointer (q). The vulnerable function walks the input string and continues while the source byte is non-null. If a comma is encountered, the function increments the the destination pointer. If an ascii digit [0-9] is encountered, the following occurs: *q = (*q * 10) + (*p - '0'); All other input characters are ignored in this loop. As a consequence, an attacker must craft input such that modifications to the current values on the stack result in usable values. In this exploit, the low two bytes of the return address are adjusted to point at the location of a 'call edi' instruction within the binary. This was chosen since 'edi' points at the source buffer when the function returns. NOTE: This server can be installed as a service using vftpd.exe install . If so, the service does not restart automatically, giving an attacker only one attempt.
-
19:00
»
Packet Storm Security Exploits
This Metasploit module exploits an out-of-bounds array access in the Arcane Software Vermillion FTP server. By sending an specially crafted FTP PORT command, an attacker can corrupt stack memory and execute arbitrary code. This particular issue is caused by processing data bound by attacker controlled input while writing into a 4 byte stack buffer. Unfortunately, the writing that occurs is not a simple byte copy. Processing is done using a source ptr (p) and a destination pointer (q). The vulnerable function walks the input string and continues while the source byte is non-null. If a comma is encountered, the function increments the the destination pointer. If an ascii digit [0-9] is encountered, the following occurs: *q = (*q * 10) + (*p - '0'); All other input characters are ignored in this loop. As a consequence, an attacker must craft input such that modifications to the current values on the stack result in usable values. In this exploit, the low two bytes of the return address are adjusted to point at the location of a 'call edi' instruction within the binary. This was chosen since 'edi' points at the source buffer when the function returns. NOTE: This server can be installed as a service using vftpd.exe install . If so, the service does not restart automatically, giving an attacker only one attempt.
-
-
19:00
»
Packet Storm Security Tools
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution