Trim the fat from Gmail

Google’s Gmail is a highly viable option for email. With numerous features and options like widgets, a task list, labels, and chat, Gmail has a slight tendency to get overwhelming and might force us to loose focus on what it is really all about: email.

What can make Gmail better? For starters, how about no ads; they are cluttering and distracting. What about getting rid of the widgets and unnecessary features like labels and chat that we think are supposed to make us more productive but really only make us lose our focus to send, read and reply to email? Nobody knows Zen better than [Leo] at Zen Habits. We weren’t surprised that he and his friends (with Firefox and Greasemonkey) have found a way to trim all the unnecessary elements from Gmail and make it into an email powerhouse that focuses on a basic productive email client. The minimalist inbox for Gmail consists of Greasemonkey scripts for:

• Removing gadgets
• Hiding labels, chat and footer
• Removing ads
• Removing stars
• Getting rid of the Gmail logo and searchbar
• Removing menu navigation bar
• Cleaning up and removing unnecessary buttons

To get started focusing on email, and only email, head on over to ZenHabits for a list of associated scripts and what exactly they can do to help you on your road to the minimalist Gmail.

How to download books from Google

If you want books, but don’t want to pay for them, there is a better way than walking into your local book store and pocketing them. Try grabbing them online, from Google!

Everyone must be aware of the Google Books Library project by now. If you’re not, it’s basically a way for Google to ensure all of the world’s book content is accessible and searchable. Through the Book Project, Google works with libraries to scan and archive their older and out of print materials. Up until recently, viewers of books in the Google Library Project web space were limited to viewing books within the browser. Not any more. Google Book Downloader is a utility that rips books from Google and saves them as PDFs so you can view them with any device or desktop that can view this file format. Using Microsoft’s .NET framework, the Google Book Downloader application allows users to enter a book’s ISBN number or Google link to pull up the desired book and begin a download, fishing off with exporting the file to a PDF. Full setup instructions and download are available on Codeplex.

Slowloris HTTP denial of service

denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Global hackdays: tangible interfaces

Trackmate :: 5 ways to get started from adam kumpf on Vimeo.

June 6th is the date of the upcoming Global Hackday. This time, focusing on cheap tangible interfaces, mainly trackmate. They want as many people to join as possible, even if you’re not comfortable with code. We’ve covered the construction of the trackmate surface before, now build one and get in there and contribute.

sslstrip, hijacking SSL in network

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.

D-Link adds captcha to routers

D-Link is adding captcha support to its line of home routers. While default password lists have been abundant for many years, it was only recently that we started seeing the them implemented in malware. Last year, zlob variants started logging into routers and changing their DNS settings. It’s an interesting situation since the people who need the captcha feature are the ones who will never see it, since they won’t log in to change the default password.

Time’s poll hacked

Though Time won’t admit it, their poll on the most influential person was hacked. Moot, the founder of 4chan is rated #1. Not only that, but if you read the first letters of the poll results, you get “Marblecake also the game”. This refers to the IRC Chanel where many 4channers congregate as well as “the game” an internet meme. This article is very interesting as it delves into the details of the attack. Focusing mainly on what happened when the autovoting software was shut down due to reCaptcha. you’ve probably seen reCaptcha before. It presents you with two words, made difficult to read by strange kearning, warping, and squiggles. If you can read it, you’re most likely a human. Anon, a common name for 4channers, first tried to hack reCaptcha.

Their attempt at hacking reCaptcha relies on the process reCaptcha uses to identify words. It presents you with two words, one of which it already knows. The other is compared to a database of common responses to that word. Anon decided that if they entered “penis” enough times, they could flood the database allowing their autovoter to function again. This, though clever, was unsuccessful. They eventually settled on manual voting. This was taking too much time, they feared they would never reach their goals. To help with this, they built a simple interface that would preload several reCaptchas and cue up votes. This streamlining allowed them to squeak in the votes they needed to accomplish this.

It’s also worth noting that Time didn’t close the vote entries when the poll closed. They removed the poll from their site, but the streamlined vote software was still working. Anon is a powerful force of nature. If only we could harness it to cure cancer or HIV.

WaitLess bus tracking system

Bus systems on campus can often be frustrating. You’re standing at the stop waiting and you don’t know if it would just be faster to walk. If you have a WaitLess tracking system at your stop, you can see exactly where the bus is and make that decision much easier. The unit is self contained, solar, and equipped with wireless internet. With an Arduino at it’s core, it displays the current location of the bus by lighting an LED on a map. You can see a video of it in action after the break.

Defcon 17 Call for Papers

Notorious hacker conference Defcon has just published their Call for Papers. The 17th annual event will happen July 30th through August 2nd. Most of the announcement is the same boilerplate they’ve included for the past two years. Like last year, they’re not defining the specific speaking track themes and will come up with them based on submissions. New for this year is a half-day of workshops on the Thursday before Defcon for anyone that’s showing up early. This pre-con event is targeted at newbies. It certainly sounds like an interesting way to ease into Defcon instead of the usual delays and fire marshals. We’ve been attending every year since 2005 and love seeing new things. You should definitely consider presenting this year (we want to see more hardware!).

Automated protocol analysis

[I)ruid] from BreakingPoint Labs has been doing quite a bit of protocol reverse engineering as part of his work. He put together a post covering some of the tools that have been useful for this task. Text-based protocols have a lot of human readable characters that can help you identify fields. Binary protocols don’t have this luxury though. He recommends the Protocol Informatics Project for tackling these situations. It applies bioinformatics algorithms to network traffic. You give it a packet dump of the protocol and it compares them to find similarities the same way genetic sequences are compared. It can be confused by protocols that waste a lot of space, but it’s still a very clever approach to reversing.

Smart card emulator

Here’s a quick prototype from [Travis Goodspeed]. It’s a smart card built around an MSP430 microcontroller. We’ve used the MSP430 in the past because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like Java Card exist for running applets on smart cards, but a familiar microcontroller like the MSP430 could certainly make development much faster. Knowing [Travis], there’s a reader somewhere about to go through some serious fuzzing.

BackTrack 4 Beta released

The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.

Use the CPU cache to prevent cold boot? No.

Frozen Cache is a blog dedicated to a novel way to prevent cold boot attacks. Last year the cold boot team demonstrated that they could extract encryption keys from a machine’s RAM by placing it in another system (or the same machine by doing a quick reboot). Frozen Cache aims to prevent this by storing the encryption key in the CPU’s cache. It copies the key out of RAM into the CPU’s registers and then zeroes it in RAM. It then freezes the cache and attempts to write the key back to RAM. The key is pushed into the cache, but isn’t written back to RAM.

The first major issue with this is the performance hit. You end up kneecapping the processor when you freeze the cache and the author suggests that you’d only do this when the screen is locked. We asked cold boot team member [Jacob Appelbaum] what he thought of the approach. He pointed out that the current cold boot attack reconstructs the key from the full keyschedule, which according to the Frozen Cache blog, still remains in RAM. They aren’t grabbing the specific key bits, but recreating it from all this redundant information in memory. At best, Frozen Cache is attempting to build a ‘ghetto crypto co-processor’.

We stand by our initial response to the cold boot attacks: It’s going to take a fundamental redesign of RAM before this is solved.

Manual protocol analysis

As a followup to last week’s post on automated protocol analysis, [Tod Beardsley] has written up how to start analyzing a protocol manually. He walks through several examples to show how to pull out the interesting bits in binary protocols. His first step was sending 10 identical select statements and capturing the outbound packets. He used the Ruby library PacketFu to help with the identification. It compared the ten packets and highlighted one byte that was incrementing by four with each packet, probably a counter. Looking at the response indicated a few other bytes that were also incrementing at the same rate, but at different values. Running the same query on two different days turned up what could be a timestamp. Using two different queries helped identify which byte was responsible for the statement length. While you may not find yourself buried in HEX on a daily basis, the post provides good coverage of how to think critically about it.

Curiosity killed the twit, Twitter clickjacking

Twitter was flooded this morning with users posting “Don’t Click: http://tinyurl.com/amgzs6″. TinyURL has since terminated the URL. The original page doesn’t seem to be live either. It displayed a button that said “Don’t Click”. If the user happened to be logged into Twitter, it would automatically update their status. The instigator partially describes the method on his blog (translated). The page would load the user’s Twitter page in an invisible iframe. The status would be pasted in and the “Don’t Click” button is placed on top of the update button. You can find the code snippets here and the original author credits this post for the inspiration. Twitter has since added a JavaScript fragment to each page to break out of iframes.

if (window.top !== window.self) { window.top.location.href = window.self.location.href; } 

PDF redaction still not working

Facebook’s internal valuation was revealed this week thanks to shoddy PDF redaction. Court documents from a settlement between Facebook and ConnectU showed that Facebook values itself at $3.7 billion, much less than the $15 billion that was speculated during the Microsoft investment. The AP uncovered this by cutting and pasting from the redacted court document. It’s the same thing we showed in our PDF redaction screencast last summer… and it will never cease to be funny.

Paintball gun turret

[Jared Bouck] has been sending in his projects for a couple years now. We’ve enjoyed his heavy-duty DDR pads, LCD backlight repair, and ion cooling projects. His latest, an RC paintball gun turret, is our favorite though. He actually rates this as one of the easier projects he’s published; it just took a while to assemble. Several design decisions were made to keep the project simple. Two 32 Degrees Icon-E paintball guns were used. The guns already have electric solenoids for firing, so a special trigger mechanism didn’t have to be fashioned. Q-loaders were used to prevent any ball feed problems. The motors, driver boards, and RC components are all borrowed from combat robots for reliability. He’s hoping to produce a small number of kits based on this design.

Related: We’ve got quite a few sentry gun projects in the archive.