Group items tagged

A new chink has been found in the cryptographic armor that protects bank transactions, credit-card payments, and other secure Internet traffic. And although programmers have devised a patch for it, clever hackers might still be able to break through. The hack, presented in March at a computer security conference in Dresden, Germany, involves lowering the input voltage on a computer’s cryptography chip set and collecting the errors that leak out when the power-starved chips try and (sometimes) fail to encode messages. Crooks would then use those errors to reconstruct the secret key on which the encryption is based. More important, say the hack’s creators, the same attack could also be performed from afar on stressed systems, such as computer motherboards that run too hot or Web servers that run too fast.

The past week or so there have been two stories about very secure system protocols being able to be successfully hacked by researchers. The first concerned the report by the AP that Christopher Tarnovsky, a former U.S. Army computer-security specialist and who now runs the Flylogic security company, was able to crack open (literally) a Trusted Platform Module or TPM and obtain its cryptographic keys. This hadn't been done before, or at least admitted to publicly.

When the Arduino Duemilanove microcontroller appeared in 2005, it featured a set of female pin headers exposing most of the pins of the ATmega168 for easy hacking and for connecting accessory boards known as 'Shields'. The purpose of a shield is to provide new plug-and-play functionality to the host microcontroller, such as circuit prototyping, motion control, sensor integration, network and radio communication, or gaming interfaces, without worrying too much about the hardware implementation details. Seven years after the birth of the original Arduino, new shields keep coming out and are being cataloged on http://shieldlist.org/, a testament to the versatility of the design. It is also simple to build a DIY shield when nothing out there will meet your needs or when you want to understand how the shield concept works from the ground up.

Piotr Zalewa has created a really great playground, jsFiddle, for testing sample code and playing with the Web. With an area for the holy trinity of the Web (HTML, CSS, JS) and an output region, you can get right to hacking. It goes beyond this though. You can also add resources, an Ajax echo backend, and auto load from a slew of JavaScript frameworks. You can also check out the examples and see great stuff such as Processing in action. And the finishing touch, share and embed. Piotr wrote all of this using CodeMirror and MooTools. Nice! Having worked on Bespin, and developed a playground like this (looking forward to show a new mobile one soon!) I appreciate the work!

The German government's Bundesamt für Sicherheit in der Informationstechnik (BSI) (or in English, the Federal Office for Information Security) is reported to have told German citizens to avoid all versions of Microsoft Internet Explorer (IE) until security flaws that are suspected to allowing Google and other companies in China to be successfully hacked are fixed.

Taylor Veltrop used a Kinect to read his arm movements which were then carried out by a robot. The robot was programmed using Willow Garage's open-source robot operating system (ROS). As Kit Eaton suggest, this quick experiment provides an illustration of the path towards robotic avatars.