Electronic-Geek.com

Posts Tagged ‘hack’

Designed by Hytekk.com.

If you've ever wondered whether two-factor authentication systems actually boost security, things that spit out pseudorandom numbers you have to enter in addition to a password, the answer is yes, yes they do. But, their effectiveness is of course dependent on the security of the systems that actually generate those funny numbers, and as of this morning those are looking a little less reliable. RSA, the security division of EMC and producer of the SecurID systems used by countless corporations (and the Department of Defense), has been hacked. Yesterday it sent out messages to its clients and posted an open letter stating that it's been the victim of an "advanced" attack that "resulted in certain information being extracted from RSA's systems" -- information "specifically related to RSA's SecurID two-factor authentication products."

Yeah, yikes. The company assures that the system hasn't been totally compromised, but the information retrieved "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA is recommending its customers beef up security in other ways, including a suggestion that RSA's customers "enforce strong password and pin policies." Of course, if security admins wanted to rely on those they wouldn't have made everyone carry around SecurID tokens in the first place.

[Thanks to everyone who sent this in]

RSA hacked, data exposed that could 'reduce the effectiveness' of SecurID tokens originally appeared on Engadget on Fri, 18 Mar 2011 08:49:00 EDT. Please see our terms for use of feeds.

Permalink   |  RSA  | Email this | Comments

As Kinect hacks go, this one's not going to bowl you over with its technical complexity, but the effect of what it does is quite dramatic. One of Microsoft's sensor-rich, camera-laden Xbox accessories has been repurposed to communicate with a Pufferfish spherical projection display -- via the magic of WPF and openni -- with its motion tracking algorithms serving to control the image on the giant ball. Naturally, the first thing the tweakers behind this mod thought up was a Tolkien-inspired eye that follows people around the room. Sadly, the single Kinect box isn't enough to provide 360-degree coverage, but it's probably just a matter of time until they splice an array of them together and creep us out completely. Video after the break.

Update: You asked for the eye of Sauron and now you've got it. Second video added after the break.

Continue reading Kinect meets a Pufferfish display, produces wonderfully creepy all-seeing eye (video)

Kinect meets a Pufferfish display, produces wonderfully creepy all-seeing eye (video) originally appeared on Engadget on Fri, 18 Mar 2011 04:17:00 EDT. Please see our terms for use of feeds.

Permalink   |  The Technology Studio  | Email this | Comments

They're getting ever more practical, these Kinect hacks. Two days ago it was creating 3D models in free-space, today it's letting the blind see. Well, not really see, but better navigate through and stay informed about their environment, at least. A Kinect is attached to a helmet and connected to a backpack-mounted Dell laptop. Also connected to the laptop is an Ardunio-controlled belt that has three separate regions of vibration and a Bluetooth headset of the "obnoxious guy talking loudly to his stock broker on the train" variety. Finally, thanks to a little C#, the whole package allows someone to walk down a hall and receive verbal and tactile notifications of obstacles in their path. Wearers can also receive navigation to different areas and, thanks to ARToolKit identifiers stuck on the walls, even have signs read to them. It's called NAVI (Navigational Aids for the Visually Impaired), created by Michael Zöllner and Stephan Huber at the University of Konstanz, and it's all demonstrated for you below. Dig that hat, man. Dig that hat.

Continue reading NAVI hack uses a Kinect to let the blind see, wear awesome headgear (video)

NAVI hack uses a Kinect to let the blind see, wear awesome headgear (video) originally appeared on Engadget on Thu, 17 Mar 2011 14:07:00 EDT. Please see our terms for use of feeds.

Permalink SlashGear  |  University of Konstanz  | Email this | Comments

Opening doors with wireless RFID cardkeys is old hat at this point, but opening those doors with a smartphone is rather more intriguing. Doing so without permission of the people who put the locks on the doors, well, that brings things up to a whole new level of awesomeness. That's what Caribou does, a little Android app that remotely connects to a server managing the locks at a supposedly secure location. The app then diddles the ports and security settings of that server until it finds the magic phrase and, in a couple of seconds, it's open sesame time. Doors are unlocked remotely and then, 30 seconds later, automatically locked again. How thoughtful.

We first saw this demonstrated a few days ago but weren't entirely convinced of its legitimacy. But now, after exchanging a few e-mails with Michael Gough, who discovered the exploit, and Ian Robertson, who wrote the app, we're convinced. They're actually working with US-CERT on this issue so that appropriate measures will be taken but, in the short-term, if you have a system like this and it's sitting out there, IP open to the internet and being caressed by every passing breeze, you might want to think about pulling that in behind your firewall. Lots more info at both source links below, though you can see it working for yourself right here in a video after the break, running on an HTC Incredible.

Continue reading Caribou Android app opens doors over the internet, needs neither permission nor keys (video)

Caribou Android app opens doors over the internet, needs neither permission nor keys (video) originally appeared on Engadget on Thu, 17 Mar 2011 10:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  CyberSecurityGuy, Hacker Hurricane  | Email this | Comments

It's not just desktop web browsers getting hacked at this year's Pwn2Own challenge -- mobile browsers have also been targeted for vulnerabilities, and a fairly big one has now been found in RIM's browser for BlackBerry OS 6. Apparently, there's a JavaScript-related bug that could let a "maliciously designed" website gain access to data stored on both the phone's media card and built-in storage, but not data stored in the storage portion for applications (such as email or contact information). For its part, RIM says that it hasn't actually seen any evidence of anyone exploiting the vulnerability, but it's nonetheless urging folks to disable JavaScript on affected devices, and it's now busy providing IT departments everywhere with guidelines on how to do so. If that proves to be complicated, it's suggesting that you simply disable the BlackBerry Browser altogether until it can be patched.

RIM issues PSA following Pwn2Own exploit: turn off JavaScript on your BlackBerry originally appeared on Engadget on Wed, 16 Mar 2011 18:59:00 EDT. Please see our terms for use of feeds.

Permalink   |  PC World  | Email this | Comments