Trim the fat from Gmail

Google’s Gmail is a highly viable option for email. With numerous features and options like widgets, a task list, labels, and chat, Gmail has a slight tendency to get overwhelming and might force us to loose focus on what it is really all about: email.

What can make Gmail better? For starters, how about no ads; they are cluttering and distracting. What about getting rid of the widgets and unnecessary features like labels and chat that we think are supposed to make us more productive but really only make us lose our focus to send, read and reply to email? Nobody knows Zen better than [Leo] at Zen Habits. We weren’t surprised that he and his friends (with Firefox and Greasemonkey) have found a way to trim all the unnecessary elements from Gmail and make it into an email powerhouse that focuses on a basic productive email client. The minimalist inbox for Gmail consists of Greasemonkey scripts for:

• Removing gadgets
• Hiding labels, chat and footer
• Removing ads
• Removing stars
• Getting rid of the Gmail logo and searchbar
• Removing menu navigation bar
• Cleaning up and removing unnecessary buttons

To get started focusing on email, and only email, head on over to ZenHabits for a list of associated scripts and what exactly they can do to help you on your road to the minimalist Gmail.

How to download books from Google

If you want books, but don’t want to pay for them, there is a better way than walking into your local book store and pocketing them. Try grabbing them online, from Google!

Everyone must be aware of the Google Books Library project by now. If you’re not, it’s basically a way for Google to ensure all of the world’s book content is accessible and searchable. Through the Book Project, Google works with libraries to scan and archive their older and out of print materials. Up until recently, viewers of books in the Google Library Project web space were limited to viewing books within the browser. Not any more. Google Book Downloader is a utility that rips books from Google and saves them as PDFs so you can view them with any device or desktop that can view this file format. Using Microsoft’s .NET framework, the Google Book Downloader application allows users to enter a book’s ISBN number or Google link to pull up the desired book and begin a download, fishing off with exporting the file to a PDF. Full setup instructions and download are available on Codeplex.

Slowloris HTTP denial of service

denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Global hackdays: tangible interfaces

Trackmate :: 5 ways to get started from adam kumpf on Vimeo.

June 6th is the date of the upcoming Global Hackday. This time, focusing on cheap tangible interfaces, mainly trackmate. They want as many people to join as possible, even if you’re not comfortable with code. We’ve covered the construction of the trackmate surface before, now build one and get in there and contribute.

sslstrip, hijacking SSL in network

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.

D-Link adds captcha to routers

D-Link is adding captcha support to its line of home routers. While default password lists have been abundant for many years, it was only recently that we started seeing the them implemented in malware. Last year, zlob variants started logging into routers and changing their DNS settings. It’s an interesting situation since the people who need the captcha feature are the ones who will never see it, since they won’t log in to change the default password.

Time’s poll hacked

Though Time won’t admit it, their poll on the most influential person was hacked. Moot, the founder of 4chan is rated #1. Not only that, but if you read the first letters of the poll results, you get “Marblecake also the game”. This refers to the IRC Chanel where many 4channers congregate as well as “the game” an internet meme. This article is very interesting as it delves into the details of the attack. Focusing mainly on what happened when the autovoting software was shut down due to reCaptcha. you’ve probably seen reCaptcha before. It presents you with two words, made difficult to read by strange kearning, warping, and squiggles. If you can read it, you’re most likely a human. Anon, a common name for 4channers, first tried to hack reCaptcha.

Their attempt at hacking reCaptcha relies on the process reCaptcha uses to identify words. It presents you with two words, one of which it already knows. The other is compared to a database of common responses to that word. Anon decided that if they entered “penis” enough times, they could flood the database allowing their autovoter to function again. This, though clever, was unsuccessful. They eventually settled on manual voting. This was taking too much time, they feared they would never reach their goals. To help with this, they built a simple interface that would preload several reCaptchas and cue up votes. This streamlining allowed them to squeak in the votes they needed to accomplish this.

It’s also worth noting that Time didn’t close the vote entries when the poll closed. They removed the poll from their site, but the streamlined vote software was still working. Anon is a powerful force of nature. If only we could harness it to cure cancer or HIV.