«
Expand/Collapse
20 items tagged "joe"
Related tags:
joe grand [+],
hardware hacking [+],
Hardware [+],
web [+],
type [+],
thai duong [+],
ruby [+],
rizzo tags [+],
risk [+],
new [+],
musical [+],
laws [+],
latin america [+],
hobbyist electronics [+],
hacker ethic [+],
hacker [+],
development frameworks [+],
crypto [+],
coffee [+],
chaos communication congress [+],
autonomous machines [+],
attack [+],
arduino [+],
apache myfaces [+],
Software [+],
workshop [+],
wedding [+],
wallet [+],
video [+],
tripod [+],
tool [+],
time [+],
test measurement equipment [+],
target [+],
tank wars [+],
tank [+],
table [+],
stuttgart [+],
spring clamp [+],
spring [+],
someone [+],
solder mask [+],
sniffer [+],
slave mode [+],
security [+],
safe lock [+],
robots [+],
rfid [+],
ram [+],
radio [+],
putting on a show [+],
pistol [+],
photo booths [+],
photo booth [+],
photo [+],
pcb [+],
ocarina of time [+],
ocarina [+],
mobile option [+],
misc [+],
microcontrollers [+],
micro controller [+],
makerfaire [+],
machine [+],
low cost [+],
low bandwidth [+],
lock [+],
leds [+],
led [+],
k.c [+],
joe colosimo [+],
joe bain [+],
iphone [+],
ipad [+],
human endeavours [+],
hexy [+],
hexapod project [+],
hexapod [+],
hack [+],
gun safe [+],
gun [+],
greg [+],
google [+],
good cup of coffee [+],
game [+],
fpga [+],
fingerprint scanner [+],
excavation [+],
excavate [+],
evan [+],
espresso machine [+],
espresso [+],
equipment [+],
engineering [+],
dop [+],
digital [+],
decent coffee [+],
cooking [+],
common misconception [+],
colosimo [+],
coffee table [+],
chiptunes [+],
chiptune [+],
cards [+],
card [+],
cameras [+],
business [+],
booth [+],
basement [+],
android [+],
afar [+],
additive synthesis [+],
adam [+],
hacks [+]
-
-
![Permalink for '[Slides] WORKSHOP - Hardware Reverse Engineering: Access, Analyze, and Defeat'](/themes/lilina/web//media/mark_off.gif.pagespeed.ce.FiDKaoEBZK.gif)
6:45
»
SecDocs
Authors:
Joe Grand Tags:
hardware hacking Event:
Black Hat DC 2011 Abstract: Electronics are embedded into nearly everything we use. Hardware products are being relied on for security-related applications and are inherently trusted, though many are completely susceptible to compromise. In this workshop, Joe will discuss the hardware hacking and reverse engineering processes, and then provide an open lab environment for you to probe, analyze, and hack. Joe will bring a variety of products to tinker with, though attendees are heavily encouraged to bring their own pieces of hardware to explore. Basic tools and electronics test/measurement equipment will be provided. You'll leave the workshop with new skills, ideas for further attacks, and maybe even some defeated hardware.
-
-
14:01
»
Hack a Day
Ah, chiptunes. One of the few remaining human endeavours where less RAM, less storage space, and fewer capabilities are actually considered an improvement. [dop3joe] over at the Stuttgart hackerspace Shackspace sent in a tiny chiptune playing circuit using the most bare-bones hardware we’ve ever seen. The Noiseplug, as [dop3joe] calls it, is based on a very, very [...]
-
-
8:01
»
Hack a Day
Although it could be debated as to whether or not this is a “hack,” since the equipment used is built for excavation, the scale of it seems deserving of a mention. In the linked article, [Joe] is quoted as saying, “the common misconception here is that the RC’s are not here to excavate my basement, [...]
-
-
13:01
»
Hack a Day
[Joe Colosimo] is putting on a show with his PCB business card project. The idea isn’t new, but his goal is to keep it simple and undercut the cost of all other PCB cards he’s seen. This is the third generation of the board design, and he’s just waiting on some solder mask solution before [...]
-
-
5:17
»
Hack a Day
I’ve always loved hexapods. Unfortunately, the cost to play with them can be rather daunting. Hexy is seeking to make a decent impact on that by being only $200. Yep, that $200 includes everything but the computer. You get the entire chassis, micro controller, servos, sensors, batteries, etc. I ran into [Joe] from arcbotics showing [...]
-
-
12:01
»
Hack a Day
RFID hacking has been around for years, but so far all the builds to sniff data out of someone’s wallet have been too large, too small a range, or were much too complicated for a random Joe to build in his workshop. [Adam]‘s RFID sniffer gets around all those problems, and provides yet another reason to [...]
-
-
10:01
»
Hack a Day
[Joe] sent us an email to show off his latest build. Tank Wars is the beginning of a video game/robot hybrid. You control the tank via an iPad, telling it where to go and how to fire. You have real life targets, in this case another robot. When you hit your target, the interface is [...]
-
-
9:11
»
Hack a Day
Admittedly this post is flirting with flamebait, but we think the concept of using a spring clamp as an iPhone tripod mount has a lot of hacking potential. Hear us out, and if we havn’t made our case you can rant about it in the comments. [Joe] wanted an easy way to mount his iPhone [...]
-
-
7:01
»
Hack a Day
[Joe] and [Evan] wanted to have some fun with their FPGA course at Cornell. When faced with what to do at the beginning of the semester, they figured additive synthesis was a worthy pursuit. They ended up building the Ocarina of Time for their final project. The guys started by recording a real ocarina and [...]
-
-
12:49
»
Hack a Day
For those of us that would like a good cup of coffee but don’t want to put up with the ‘burnt butt’ taste of Starbucks and don’t have a decent coffee shop nearby, we’ve had very few options. Most of us have been made to suffer with an el-cheapo espresso machine. [Joe] sent in a great [...]
-
-
4:08
»
Hack a Day
[Joe] was experimenting with his Arduino when he started thinking about how he could get it to communicate wirelessly with his Android phone. Bluetooth is an option, but it requires some extra components, and Google’s ADK works as well – just not wirelessly. Instead, he thought it would be neat to see if he could [...]
-
-
13:00
»
Hack a Day
[Greg] sent in his biometric pistol safe lock. He keeps his guide light on details so not every Joe can crack the system (there is a thread to sift through if you really wanted to), but the idea runs fairly simple anyway. [Greg] took an old garage door opening fingerprint scanner and wired it into [...]
-
-
10:00
»
Hack a Day
[Joe Bain] built a portable photo booth for his wedding. We’ve looked in on photo booths before, both as a robust feature in your apartment and as a mobile option. But making it part of a wedding reception is the best reason we’ve found to build one. [Joe's] electronics consist of a laptop, camera, screen, [...]
-
-
5:54
»
SecDocs
Authors:
Joe Grand Tags:
hardware hacking Event:
Black Hat EU 2010 Abstract: Society thrives on an ever increasing use of technology. Electronics are embedded into nearly everything we touch. Hardware products are being relied on for security-related applications and are inherently trusted, though many are completely susceptible to compromise with simple classes of attacks that have been known for decades. Bolstered by the flourishing hobbyist electronics/do-it-yourself movement, easy access to equipment, and realtime information sharing courtesy of the internet, hardware is an area of computer security that can no longer be overlooked. In this session, Joe will explore the hardware hacking process and share some recent high-profile attacks against electronic devices.
-
-
21:05
»
SecDocs
Authors:
Thai Duong Juliano Rizzo Tags:
web application cryptography cracking Event:
Black Hat EU 2010 Abstract: In 2009, we released a paper on MD5 extension attack ([1]), and described how attackers can use the attack to exploit popular web sites such as Flickr, Vimeo, Scribd, etc. The attack has been well-received by the community, and made the Top Ten Web Hacking Techniques of 2009 ([2]). In the conclusion of that paper, we stated that we have bexen carrying out a research in which we test-run a number of identified practical crypto attacks on random widely-used software systems. To our surprise, most, if not all, can be attacked by one or more of well-known crypto bugs. In this talk, we present the latest result of that research, where we choose another powerful crypto attack, and turn it into a new set of practical web hacking techniques. We show that widely used web development frameworks and web sites are using encryption wrongly that allow attackers to read and modify data that should be protected. It has been known for years in cryptography community that encryption is not authentication. If encrypted messages are not authenticated, data integrity cannot be guaranteed which makes systems vulnerable to practical and dangerous chosen-ciphertext attacks. Finally, we list several popular web development frameworks and web sites that are vulnerable to Padding Oracle attacks, including, but not limited to, eBay Latin America, Apache MyFaces, SUN Mojarra, Ruby On Rails, etc. These are all 0-day vulnerabilities. We show that even OWASP folks can't get it right, how can an average Joe survive this new class of vulnerabilities? We strongly believe that this is just the tip of the iceberg, and the techniques we describe in this research would uncover many more vulnerabilities for years to come.
-
2:13
»
SecDocs
Authors:
Thai Duong Juliano Rizzo Tags:
web application cryptography cracking Event:
Black Hat EU 2010 Abstract: In 2009, we released a paper on MD5 extension attack ([1]), and described how attackers can use the attack to exploit popular web sites such as Flickr, Vimeo, Scribd, etc. The attack has been well-received by the community, and made the Top Ten Web Hacking Techniques of 2009 ([2]). In the conclusion of that paper, we stated that we have bexen carrying out a research in which we test-run a number of identified practical crypto attacks on random widely-used software systems. To our surprise, most, if not all, can be attacked by one or more of well-known crypto bugs. In this talk, we present the latest result of that research, where we choose another powerful crypto attack, and turn it into a new set of practical web hacking techniques. We show that widely used web development frameworks and web sites are using encryption wrongly that allow attackers to read and modify data that should be protected. It has been known for years in cryptography community that encryption is not authentication. If encrypted messages are not authenticated, data integrity cannot be guaranteed which makes systems vulnerable to practical and dangerous chosen-ciphertext attacks. Finally, we list several popular web development frameworks and web sites that are vulnerable to Padding Oracle attacks, including, but not limited to, eBay Latin America, Apache MyFaces, SUN Mojarra, Ruby On Rails, etc. These are all 0-day vulnerabilities. We show that even OWASP folks can't get it right, how can an average Joe survive this new class of vulnerabilities? We strongly believe that this is just the tip of the iceberg, and the techniques we describe in this research would uncover many more vulnerabilities for years to come.
-
-
21:05
»
SecDocs
Authors:
Joe Grand Tags:
hardware hacking Event:
Black Hat DC 2010 Abstract: Society thrives on an ever increasing use of technology. Electronics are embedded into nearly everything we touch. Hardware products are being relied on for security-related applications and are inherently trusted, though many are completely susceptible to compromise with simple classes of attacks that have been known for decades. Bolstered by the flourishing hobbyist electronics/do-it-yourself movement, easy access to equipment, and realtime information sharing courtesy of the internet, hardware is an area of computer security that can no longer be overlooked. In this session, Joe will explore the hardware hacking process and share some of his favorite attacks against electronic devices.
-
-
14:27
»
Hack a Day
[Joe] tipped us off about his 112 LED coffee table. This 12-ups the LED matrix from Friday and 31-ups the Shiftbrite table. Driving this grid is an ATmega328 in i2c slave mode. It listens for display data from a second ATmega328 and uses that to set the array of TLC5940 driven LEDs appropriately. Separating the [...]
-
-
21:03
»
SecDocs
Tags:
robotics Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Unnoticed by average Joe we are currently experiencing the advent of autonomous machines. This development will undoubtedly result in epochal change of our way of live. Naturally this has the potential to cause enormous problems. Two key issues will be how to tame the risks these autonomous machines pose and how to deal with the impact their wide proliferation will have on societies. A few years ago these questions were only important in science fiction. Today “killer” applications are no longer an academic topic. Now it is on us to start thinking about this questions and to preemptively develop new practices. Curiously, what might be a large part of the solution has already been central to the hacker community for decades: hacker ethic. This talk will address the following topics: Emancipation of Machines 3 distinct types of machine: (1) directly augments human capabilities (2) machines that augment other machines (3) autonomous machines Type 3 machines do not need constant human supervision and do not directly improve human capabilities Type 3 machines can be as simple as a clock A crossbow attached to a clockwork on a busy marketplace demonstrates the resulting problems Over the past years type 3 machines have become more numerous and will soon be commonplace Risk mitigation is only in its infancy: dangerous machines are separated from humans No convincing solutions for autonomous machines. Asimov’s Laws outdated by “killer” applications. A Social Contract for Machines Autonomous machines are technologically feasible but held back by other factors How risk can be moderated by a system approach implementing developer ethics in a new Archimedes oath How financial instruments can be created to price residual risk and create a social contract for machines From Protestant to Hacker Ethic How to mitigate one of the biggest consequences of type 3 machine proliferation: work Current situation Protestant work ethic Changed situation: unemployment the norm/mechanic slaves Solution: hacker ethic?
-
-
21:02
»
SecDocs
Tags:
robotics Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Unnoticed by average Joe we are currently experiencing the advent of autonomous machines. This development will undoubtedly result in epochal change of our way of live. Naturally this has the potential to cause enormous problems. Two key issues will be how to tame the risks these autonomous machines pose and how to deal with the impact their wide proliferation will have on societies. A few years ago these questions were only important in science fiction. Today “killer” applications are no longer an academic topic. Now it is on us to start thinking about this questions and to preemptively develop new practices. Curiously, what might be a large part of the solution has already been central to the hacker community for decades: hacker ethic. This talk will address the following topics: Emancipation of Machines 3 distinct types of machine: (1) directly augments human capabilities (2) machines that augment other machines (3) autonomous machines Type 3 machines do not need constant human supervision and do not directly improve human capabilities Type 3 machines can be as simple as a clock A crossbow attached to a clockwork on a busy marketplace demonstrates the resulting problems Over the past years type 3 machines have become more numerous and will soon be commonplace Risk mitigation is only in its infancy: dangerous machines are separated from humans No convincing solutions for autonomous machines. Asimov’s Laws outdated by “killer” applications. A Social Contract for Machines Autonomous machines are technologically feasible but held back by other factors How risk can be moderated by a system approach implementing developer ethics in a new Archimedes oath How financial instruments can be created to price residual risk and create a social contract for machines From Protestant to Hacker Ethic How to mitigate one of the biggest consequences of type 3 machine proliferation: work Current situation Protestant work ethic Changed situation: unemployment the norm/mechanic slaves Solution: hacker ethic?
