The Edge of I-Hacked

So if you have not heard about Square yet, it is a really good idea enabling pretty much everyone the ability to take credit cards. It is a small device (about the size of a headphone splitter) that connects to your smartphone and allows you to swipe cards for payments.

square payment

So these devices have some amazing potential. Imagine not having to carry cash ever again. Want to pay a street vendor? Swipe. Pay your buddy back for beers last night.. Swipe. You get the point.

However, I have some questions about the security of these devices. Sure, we can all scoff at the apparent lack of security people are already doing with these, sense they are uploading 1080p videos of them swiping their cards on youtube (I will let you figure out why 1080p + creditcards + pause + photoshop = disaster for that poor soul)

But I am also curious on the transmission path and residual “noise”. Anyone who has fired up Karmetasploit knows that iphones are pretty easy prey — they love connecting to any wifi spot they come across. I wonder what safeguards are put in place to stop me from “middling” them?

Hey @square guys, send me a couple of squares — I would love to do a free security audit of them. I think you got a great product, I would love to help make it better (secured). Feel free to contact me on twitter!

via Boing Boing Gadgets

Apple says it’s had “pretty interesting ideas” for a Mac netbook, but it’s everyday users who’ve already taken action. Most of the popular netbooks can run OS X, but there are plenty of caveats: non-functioning components which lack drivers, need to be replaced, or which simply can’t be gotten working at all.

The short answer: get a HP Mini 1000 or a Dell Mini 9/Vostro A90.

via iPod and iPhone Firmware Download.

For those of you who dont want to pay for the $9.99 Update to your Ipod Touch.. You can download the firmware from here.

Simply select your model of ipod, and download the firmware image. After downloading the desired firmware, you can shift-click PC or option-click Mac the Restore or Update buttons in iTunes. A file dialog will open and let you choose the downloaded ipsw-file.

via MacBook Pro 13″ Unibody Teardown.

We got our hands on a MacBook Pro 13″ Unibody and decided to compare it to a MacBook Unibody — from the inside! Follow us on twitter to get all the latest updates as we're doing the teardown!

From victor kruger via the CCCKC Mailing List

If anyone decided to purchase a Palm Pre (besides me) I’m happy to say
people have already found several interesting items in order to hack
the Pre.

One of the more funny findings is how to enable the dev mode on the
phone. you first go to the app menu/launcher and type
“upupdowndownleftrightleftrightbastart” .

From Engadget:

We couldn't believe it either, but as it turns out, from the launcher screen of your Pre, simply type in the phrase “upupdowndownleftrightleftrightbastart” — which if you parse with spacing might be more easily recognizable as the infamous Contra / Konami code look it up — and up comes a hidden app called “Developer Mode Enabler.” Looks like it was discovered via the leaked ROM from earlier this evening. It's apparently used to connect a Pre to a machine running Palm's Mojo SDK for webOS, and we have confirmed its legitimacy. In fact, if you want proof and you don't have a Pre of your own, head on after the break for a video we put together, just for you.

Another more interesting find is the recovery tool in case you screwed
up an update for the phone and it is also used for switching ROMs on
the phone which includes the normal consumer ROM and the Developer ROM
for the upcoming SDK. This recovery tool is in the form of a jar file
which even includes the complete linux file structure for the phone.

People have already modifying their pres to do things like increase
length of the vibration when you receive a text message to gutting out
a non essential app on the phone (I.E. Sprint Nascar App) and putting
in a hello world app inside.

http://forums.precentral.net/web-os-development/184378-ok-rom-comes.html

fun times ahead….fun times…

via Hack In The Box :: .

According to this thread at the MyDellMini Forums, the just-released Mac OS 10.5.7 update breaks hackintoshed machines like the Dell Mini 9/Vostro A90 netbook.

This shouldn’t come as too much of a surprise and most self-respecting hackintoshers know better than to install any old update on their netbook willy nilly. If you do arbitrarily install 10.5.7 on your netbook you’ll be in for all kinds of trouble including garbled screens, shutdown troubles, beach balls and no finder.

via adafruit industries blog.

Tweet-a-Watt kits are now available! A few months ago, using “off-the-shelf hardware”, we modified a Kill-a-Watt(TM) power meter to “tweet” (publish wirelessly) the daily KWH consumed to the user’s Twitter account (Cumulative Killowatt-hours). We released this project as an “Open source hardware” project – in other words, anyone can make these, modify them and make a commercial product from the ideas and methods.

After we released this project we entered it in the Greener Gadgets design contest and won first place, we donate the winnings to “Engineers without borders“.

You can see the “Tweetawatt” account on twitter here!

via PaulDotCom: Archives.

One of the great things about Shmoocon is the ability to provide instant feedback to the presenter, while the presentation is happening. Ever been to a conference or presentation where you just knew there was something “rotten in Denmark”, or you wanted to make a point about some minute, but essential overlooked detail? Shmoocon enables and encourages every attendee to tall the speaker to task: They provide a foam stress ball (aka a Shmooball) at registration for each attendee (and offer more for sale, proceeds going to charity). The organizers encourage you to throw them at the presenters when you have a point to make, or when you think that you’re being sold a bill of goods.

As a result, the closing ceremony of the conference has typically found the Shmoo group founder, Bruce Potter, amidst a barrage of shmooballs. Why? Because the attendees could.

In 2007, a group of folks unveiled their Shmooball cannon at closing ceremonies and unloaded at Bruce. It was multi-shot, made from PVC and a 2-stroke leaf blower. It was a great concept, but it was smelly and not incredibly efficient.

This is when I had thoughts of doing better. In 2008, I created a version that was much like a shoulder fired grenade launcher. In 2009, I decided I needed to take it up a notch.

This is the story of the building of the 2009 Shmooball cannon.

If you are in the Kansas City area and are interested in forensics, I would HIGHLY suggest checking out this new offering from SANS. We dont get any kickbacks for advertising this, but the instructor (Dave Hull) is a good friend of I-Hacked’s and is well known in the forensics world. This would be a great opportunity to either gain new or polish your existing forensics skills!

SANS is bringing Security 508: Computer Forensics, Investigation, and Response to your local community in our popular Mentor hands-on format!
Beginning on May 14, SANS Mentor Dave Hull will be leading this class in Kansas City, Kansas. For complete course details, please click on http://www.sans.org/info/34748.

Why Choose the Mentor Program?
The Mentor Program, http://www.sans.org/info/34753, consists of small, locally run, 10 week classes utilizing the same great SANS courseware presented at the larger conferences. This unique program opens SANS training up to students with family or work commitments necessitating a more flexible option. Mentored students report several major benefits of this format including: cost savings, time to digest the material, convenient evening classes, small groups, a Mentor “coach”, and community networking.

From JestinStoffel.com

For any of you who saw the labywiinth at the HacDC party, here is a GREAT post on the difficulties we had getting it to work as well as it did. Make sure you pay attention to the time-stamps in the email. Just FYI the setup at HacDC started at 6pm on Friday. (PLENTY OF TIME!!)

Anyone who has been reading this blog will know that I have been working on a labyrinth game that is controlled by a Nintendo Wii Balance Board. We made a YouTube video that got a few hits when we released it, and it gained some recognition in the hacker/diy community. Fellow member of my local hackerspace, hevnsnt, had inquired about taking the device to the Shmoocon convention in Washington D.C., but ended up deciding to leave it here in Kansas City. Well, the Tuesday before the conference, hevnsnt had a change of heart:

from hevnsnt
to Jestin Stoffel, SomeoneKnows
date Tue, Feb 3, 2009 at 2:35 PM

I am starting to regret our discussion at last thursday’s meeting where I said I didnt want to take the labyrinth to shmoocon (D.C.), and I would like to talk it out with you.