The Edge of I-Hacked

Last night I put out a post on twitter informing that the Shmoocon ATM had been compromised, and everyone who had used it should cancel & reissue their cards. This of course got retweeted a bunch, and then FINALLY some security people started commenting that we should have some evidence before they take action.

So some may have seen the ATMs in the hotel were “tagged” with this prank and thought that THIS was the compromise I was referring to.

Making Faces is illegal.

This was funny, and I have a pretty good idea who put it there. (and really if it was “them” I would think twice of touching that ATM anyways) But it was not a compromise.

@surbo and I were running late to the airport, and the taxi driver wouldnt take a card. Having spent all our cash the night before, we ran over to the ATM located in the main hallway of the Marriott (across from the hotel convenience store) and I tried the ATM. It was acting very odd, it was taking about 5 minutes to change screens, and it was NOT TAKING MY PIN on my card, and occasionally told me that it could not read the card. I got a very bad feeling, but I was in a hurry, so I tried another card. Same story — acting weird not taking my pin. I asked Surbo to give it a go, and this time it took his pin, but it was still acting weird.

Surbo then did something that made us both say “F&^K”. He pulled the facepanel down off the ATM exposing the internal computer and authentication “dialer”, someone had either picked or left the panel unlocked. (the safe panel ($$$$) remained locked). The electronics that control the authorization of funds were easily accessed. You can imagine what an person of “low moral standards” could have benefited from this situation.

Right about the time that Surbo pulled the front panel down, Mouse came strolling by and said “Boys! What are you doing!?” It didnt look good, and since we had already had some run-ins with hotel police we immediately put it back and made sure it was reported. We didnt take any pictures because we didnt want to be any more involved than we already were. I am sure you can understand that although we pull some harmless pranks here or there, ATM fraud is not up our alley.

So, Do I have evidence that if you used that ATM that your card numbers & pin were exposed and/or recorded? No, in-fact I did not see any suspicious looking equipment inside that would indicate that it had, however the security of the ATM was compromised and the potential was definitely there. Don’t risk it, if you used this ATM, please call your bank and get your card reissued.

Update: I have now learned that the ATMs were using the default admin password. (crap see comments below)

from news.cnet

The auto-suggest feature of Google’s new Chrome browser does more than just help users get where they are going. It will also give Google a wealth of information on what people are doing on the Internet besides searching.

from Yahoo! News

Intel on Thursday showed off a wireless electric power system that analysts say could revolutionize modern life by freeing devices from transformers and wall outlets.

Intel chief technology officer Justin Rattner demonstrated a Wireless Energy Resonant Link as he spoke at the California firm’s annual developers forum in San Francisco.

Electricity was sent wirelessly to a lamp on stage, lighting a 60 watt bulb that uses more power than a typical laptop computer.

Most importantly, the electricity was transmitted without zapping anything or anyone that got between the sending and receiving units.

“The trick with wireless power is not can you do it; it’s can you do it safely and efficiently,” Intel researcher Josh Smith said in an online video explaining the breakthrough.

YouTube - Google Earth Demo
Video demonstration of F-Secure’s WorldMap data in Google Earth.
http://www.f-secure.com/weblog/

from consumerist

The Consumerist’s 3-month sting operation snared a Geek Squad technician stealing porn from our hard drive, and we’ve got the work-safe video and logfiles to prove it.

from shacknews

 

A Sony Computer Entertainment representative has confirmed to Shacknews that developers can now take full advantage of the PSP’s CPU following the late May release of the system’s version 3.50 firmware. Rumors of the unlocking were initially reported by fansite PSP Updates via an unnamed source.

Previously, developers were only able to run the CPU at 266MHz rather than its full potential clock speed of 333MHz, though most games ran at only 222MHz. High Impact Games’ Ratchet & Clank: Size Matters, released in February, is said to run at 266MHz. Hackers long ago discovered methods to run the PSP’s CPU at full speed, the benefits of which include a smoother framerate for certain games, at the cost of reduced battery life. There is no word yet if this update enables previous PSP releases to run at 333MHz, something hacked PSP firmware has enabled in the past.

It is widely believed that the PSP CPU was underclocked to increase the portable’s battery life. Some speculate that the availability of the portable’s full CPU speed affirms recent rumors of an upcoming redesign, which supposedly includes a brighter screen, a slimmer profile, and increased battery life. Such a system would be better equipped to deal with the greater power demands of the unthrottled CPU.

from Engadget

Reports of MacBook Pros getting crazy-hot because of misapplied thermal grease have been floating around for a year now, and it doesn’t look like the recent bump to Santa Rosa has changed anything. A reader at the MacRumors forums noticed his week-old MBP getting a little hot, so he bravely decided to pull the unit apart to check things out and found what he estimated to be forty times too much paste applied to the logic board. There are also a few threads on the Apple support site with similar pics of MBP logic boards slathered in grease, so this doesn’t appear to be an isolated issue. Apple hasn’t commented yet, but seeing as it managed to cool things down last time with a firmware update, we wouldn’t expect too much fanfare when this finally gets resolved.

From New York Times

The Department of Energy estimates that in the average home, 40 percent of all electricity used to power home electronics is consumed while the products are turned off. Add that all up, and it equals the annual output of 17 power plants, the government says.

I started checking how much electricity my electronics were consuming when I wasn’t using them. I used a Kill A Watt EZ energy meter (available online for about $25) and began measuring. My PC was continuously drawing 134 watts all night.

The more devices I checked, the worse it got. My TiVo digital video recorder was sucking down about 30 watts when it was not playing or recording a show. A Comcast digital cable set-top box made by Motorola that I tested was drawing about 40 watts. My DVD player was drawing 26 watts while idle, and my audio system — which I rarely turned off — was using 47 watts. This was in addition to the numerous power adapters and chargers, each drawing 1 or 2 watts, not to mention several other devices sipping energy to keep clocks running or to be ready to turn on at the push of a button.

I am completely guilty!

Whether or not you think the Zunefairly ho-hum media device, the one thing that’s pretty agreeable is that its relatively subtle “doubleshot” casing — where the edges have a translucent or different color than the rest of the plastics — is unique, and the closest thing to an iconic aesthetic the Zune has right now. Potentially unfortunately for Microsoft, three days ago the USPTO published Apple patent application 20070048470, for “Housing of an electronic device formed by doubleshot injection molding”. Filed August 16, 2005 by, among others, Johnny “iPhone” Ive himself, the process details a multiwall plastic-injected enclosure which, among other things, can be useful for for “forming internal features on the inside surfaces” — like, say, alternate edge colors in the Zune, or the white and black-yet-clear plastics as seen in MacBooks and iMacs and iPods. So, in addition to that per-Zune tariff Microsoft pays to Universal, is Apple about to join the list?
Note: It’s not that known if this patent has actually been fully granted. It is, however, definitely published, and is still currently the only published patent in the USPTO database for the doubleshot plastic molding process.

 

from engadget.com

Oh no they didn’t! By now you already know it’s on, and the latest round in the iPhone v. iPhone dance-off comes from Apple spokesman Steve Dowling, who was quoted as saying the Cisco lawsuit is “silly” and that several companies are already using the term iPhone for VoIP products. He called Cisco’s trademark “tenuous at best” and noted his company was the first to ever use the name for a cellphone. He goes on to boast that Cisco is gonna totally get served: “if Cisco wants to challenge us on it, we’re very confident we’ll prevail.” Oh yeah — Apple to Cisco: let’s see you dance, sucka!