Reports the lockpicking blog Black Bag:

At first the police officers at HAR were a little reluctant to event try out the plastic key he printed. But he found another way to verify the key he printed was the correct one. I guess these officers never thought about wearing keys concealed, especially when talking with Mr. Handcuff himself. Given the megapixel camera's on the market today it was not so difficult to verify the key he printed was the correct one.
At the end of the day he talked the officers into trying the key on their handcuffs and ... it did work! At least the Dutch Police now knows there is a plastic key on the market that will open their handcuffs. A plastic key undetectable by metal detectors....

Nice. Combine that with your scramble suit and away you go!

Black Bag via BoingBoing

At first glance, HAR appears to be something like an outdoor rave or music festival, with its brightly-colored flags, tents, and ice cream stands. Except the entire outdooor area, packed with hundreds of campsites, is threaded with ethernet wires that terminate in blue port-a-potties. These toilets have been repurposed as computer network hubs dubbed Datenklo, German for data toilets. Switches furred with wire sit in neat stacks on top of toilet seats, and a wireless access point in the roof broadcasts a local wifi network too. As one of the network administrators explained to me, toilets are the perfect spot for outdoor data hubs – they are weatherproof, mobile, and can easily be locked to keep out drunken party-goers. Cables from the Datenklo lead to a hut called the NOC or network operations center, and are threaded through a window into a series of servers cooled with a portable air conditioner.

It's one of the more nicely-designed computer networks I've ever used, and it was set up in less than a week in the remote vacation village, called Vierhouten, where HAR was held. The group even laid a kilometer of donated fiber optic cable to bring high speed internet to the HAR campers' network. If you wanted to set up a server, there was also a pretty swank colocation facility located in a tiny hut, labeled ETH0 in duct tape.

Elsewhere, a group set up a DECT wireless phone network and sold phones with phone numbers usable only in camp. Another group built a free GSM mobile phone network, and handed out free phone numbers to anybody who promised to test the network, which ran on experimental software and hardware. For anybody who thinks of their cell phone as a device entirely controlled by Sprint or T-Mobile, connecting to the HAR GSM network is like visiting the future. A utopian future where mobile phones are run by community networks that offer free services – and whose operators live in a tent up the road labeled "GSM" just in case you need to ask a question. Imagine being able to control every aspect of your phone, including the very network where you make telephone calls. It seems bizarrely revolutionary.

During all four days of camp, from August 13 through 16, a full roster of speakers gave talks on everything from how to build your own home synchrotron particle accelerator (pictured in the gallery below), to the ways a wily criminal could forge SSL identity verification certificates to make her website appear to belong to a bank or other site online. There were also classes on lock picking, mobile phone hacking, soldering, and beer making. Groups like the anti-censorship organization Wikileaks presented information on how to foster free speech online, while several anonymous people discussed the pros and cons of pirating.

When you wanted to take a break, you could get a free tosti kaas (a toasted bread and cheese sandwich) from the people running the new .tk top level domain. You'd get a free .tk domain name too, to match your tosti kaas.

The nightlife at HAR is just as creative and technologically-mediated as the daytime experiments. The German hackers from Chaos Computer Club (CCC) brought a searchlight and a disco ball, which filled the enormous campground with flecks of spinning light. Glowing tents were full of music and computer equipment. And on Saturday night there was a silent nightclub, where everybody got headphones and could tune into one of three different DJ sets, dancing to the beats of their choice. Passing by the silent club, you could see hundreds of dancers bathed in colored light, their feet beating a rhythm to something inaudible. Once in a while, a group of them would burst into a snatch of song, responding to a directive from their earbuds.

Hung over the next day, people could wander through a lounge decorated with a giant unicorn, and into the HARcade, full of free pinball machines and videogames. One of the coolest was a racecar game where the cars would go only if you made "rrrrummmm" noises into a microphone. The louder the noise, the faster the car.

I had been hearing about these hacker camps for about eight years ago, back when the event had been called HAL, for "Hacking at Large." They grew out of a loose coalition of technical hobbyist groups and activist organizations, including the decades-old German hacker group CCC. Over the past few years, the "hacker space" movement has been growing, and dozens of hacker groups have started clubhouses of their own in the United States and across Europe.

What is the point of a hacker camp like HAR, or a hacker space like CCC in Berlin, or Noisebridge in San Francisco? It is, in the words of an early hacker space pioneer named Jens Ohlig, to create an alternative educational institution, a place where people can learn about technology and science outside the confines of work or school. It's where people build things because they want to, not because they need to make money. And it's a place, Ohlig said, where geeks can "come out" among like-minded people and "live as if you are in the future."

Want to find out more about hacker spaces in your area? There is a list on the hackerspaces wiki.

Free tostis and .tk domains!


Datenklo

Welcome to the network operations center.


Inside the NOC.
A remote-controlled game - log into this page, and control the fans to blow the duck around the maze.
Camp like a pirate!
The colocation facility where you can park your server.

Inside the ETH0 colo.

Open phone hardware.


Soldering class!


Software hacking.
CCC party tent.

Hacked-together UFO.



Game where cars are controlled by you making a loud RRRRRMMMM noise into a mic.

The road signs, which normally warn drivers about traffic conditions, displayed these warnings: "Zombies ahead . . . the end is near . . . run for cold climates!" Some signs also warned of Nazi zombies. While city officials claimed to FOX News that the tampering could lead to jail time, nobody is going to get in trouble for warning the world about zombies. The company that owns the signs, Sterling Construction, would have to file a complaint with police for any legal action to be taken. Sterling owner Wayne Haggard told local KVUE-TV, "It's Austin. We have a sense of humor. Let it go."

Though Austin officials claim that an act of direst hacking was required to tamper with the signs, sign-hackers say that isn't true. Most of these signs, including the ones owned by Sterling, have a default password. Anyone can walk up to the sign, type the default into the control panel, and reprogram it.

There is a reason why some say default passwords are a hacker's best friend. However, I would argue that our pranksters haven't really done an impressive hack until they've either brute forced a non-default password, or figured out a way to route internet traffic through the signs. Come back to me with your "sign hacking" when you've turned one of these road signs into a zombie computer, OK? That way, instead of flashing "Zombies ahead!" the sign would flash its normal message but send the "Zombies ahead" warning to your iPhone.

Not that I am advocating anything unlawful. I am just trying to suggest a better zombie warning system.

SOURCES:

Dallas News (with clip from KVUE-TV of the signs)

FOX News

The company made its announcement on a special website designed just for the occasion, called 2008 Breach. Though personal data seems unaffected, the people who created the malware and put it on Heartland's network may have been snarfing up millions of legit credit card numbers.

Another day, another datapocalypse.

Security expert Adam O'Donnell has the full story at Zero Day.

You've probably seen windows pop up in your browser that inform you when you are visiting a site whose certificates are not in order, or are outdated. With this new hack, those windows would never pop up. And it means that bad guys can pretend to be your bank site, your favorite commercial site, or wherever you like to plug in your credit card number - without anyone noticing until it's too late.

Yes, the web apocalypse is here - and John Markoff over at the New York Times has the full story about how a bunch of wily geek found collisions in the MD5 hash algorithm and ripped SSL apart.

Here's your hard drive. Stick that in your evidence case, authoritarian scum! In late September, Jason Rollette figured out the best way to preserve your Fourth Amendment right to privacy when the data police come knocking was to use the pyrotechnic mixture of aluminum powder and metal oxide known as thermite. Keep this in mind when the Terminators are coming too. Rollette writes:

Our goal was to completely destroy the drive while it was still in the computer case. The theoretical application is to destroy the disk at a moments notice so it won’t fall into the wrong hands. After testing multiple methods, placing about 1 pound of thermite in a clay flower pot and lighting from the drain hole in the bottom yielded the best results. This could easily be placed in the 5.25″ bays above the drive.

Good to know! Also, it just gives me a nice, visceral thrill to watch hard drives burn and explode after a long day slaving over a not-hot-enough keyboard.

How to: Thermite Hard Drive Destruction [via Hackaday]

The device was invented by eighteen-year-old Morris Mbetsa, who lives in Mombasa, Kenya, where auto theft is a tremendous problem. Mbetsa is a self-taught hardware hacker who presented his work at Barcamp Nairobi in June. Later, it was picked up in a television report (below). Mbetsa is currently looking for funding to mass produce his device and sell it. Once he adds AI to it, the Block&Track will be able to decide when you're doing something wrong in your own car, and quickly send surveillance tapes to the police which contain evidence of your crimes.

Image above via MAKE magazine.

Self-Taught Genius Invents Anti-theft Device [Afrigadget via Core77]

Crappiest new way the police or your mom can follow your every move without ever leaving the sofa: The groovy satellite navigation system in your car that tells you how to get to any address you type into it is also ratting you out. Most satnav systems keep records of every address you type into it, and the route you took to get there. If you sync it with your bluetooth phone, it also has records of phone calls and messages you've received. That's why police officers in the U.K. have started sucking data off the satnav systems of suspects to find out where they've been. Now the authorities can tail you without ever leaving their stations — and probably without getting a court's permission to follow you either. Plus, according to New Scientist, the hacks required to get this data off the satnav systems are widely known and can be used by anyone smart enough to look them up on various wikis or discussion boards. So your mom or your boyfriend could be snarfing up your location data too, checking to see whose house you're going to after work and where you go for lunch. That is seriously crap.

Here's how it works: When you press each key, it cycles through three colors. You press the color you want. When you've got your color pattern set, all the lights flash green and the door opens. Obviously, if you want to be safe, you'll want to figure out a way to shield the keypad while you're unlocking it (this is a good idea with number-based keypads too).

You can go through all the steps to make this lock, from circuit boards to LEDs, or you can buy a pre-made keypad here. You'll still have to program it, though!

How to Make an RGB combination door lock [via Hackaday]

Epileptics visiting the forum clicked on links to the images — which masqueraded as links to helpful medical websites — and were confronted with blinking images that induced migraines and seizures. Other posts contained the flashing images already. It's not yet known how many people were affected, but the FBI is now investigating and the website is being monitored. It is the first known example of a website attack that was also in essence a physical attack.

According to AP:

The hackers who infiltrated the Epilepsy Foundation's site didn't appear to care about profit. The harmful pages didn't appear to try to push down code that would allow the hacker to gain control of the victims' computers, for instance.

"I count this in the same category of teenagers who think it's funny to put a cat in a bag and throw it over a clothesline - they don't realize how cruel it is," said Paul Ferguson, a security researcher at antivirus software maker Trend Micro Inc. "It was an opportunity waiting to happen for some mean-spirited kid."

In a similar attack this year, a piece of malicious code was released that disabled software that reads text aloud from a computer screen for blind and visually impaired people.

Hackers Posts Cause Seizures [AP via PhysOrg]

Hackers Assault Epilepsy Patients via Computer [Wired]

Forbes reports:

In recent months, security researchers have emphasized long-standing security vulnerabilities in the Supervisory Control and Data Acquisition (SCADA) systems that control U.S. critical infrastructure systems ranging from power plants to dams to public transit . . . But [BT Counterpane CTO Bruce] Schneier suggests that security researchers shouldn't assume that SCADA was the weak link in the power system attacks revealed Friday. If, as the CIA suggests, the penetration involved "inside knowledge" of the system, it may have been performed by an employee with administrative access. "How much of this is a computer vulnerability, how much is a human vulnerability?" he asks. "I wouldn't jump to any conclusions."

Hackers Cut Cities' Power [Forbes]

Knowing the crystalline structure of this chunk of microporous aluminium carboxylate — a crazy-ass hybrid compound of organic and inorganic molecules — is great for future research into things like using special powders to absorb toxic spills, or building flexible glass. But, points out scientist Thierry Loiseau, it will also help tidy up lab cupboards:

Researchers can now bring forward samples left in their cupboards because the sizes had previously prevented their study. Now they will be able to elucidate the structures of these samples, with potentially great scientific advances on the horizon.

Oh, oui, oui! Lavez les laboratoires, mes choux choux scientifiques!Image by T. Loiseau, CNRS 2007.

Unveiling the structure of microcrystals [via Eurekalert]

Famous names: The gorgeous electronic score by Wendy Carlos proves (much as Jerry Goldsmith's did with Star Trek: The Motion Picture a few years earlier) that a good soundtrack can help compensate for narrative flaws.

Crunchy goodness: 5

Stunt casting: Pac-Man, at 45:21.

Memorable product tie-in: While the movie didn't do as well as expected (it wasn't a huge flop, but it wasn't the blockbuster Disney needed), the tie-in video game was a huge hit, grossing more than the movie itself.

Bang for your buck: Between the groundbreaking CGI environments and extensive rotoscoping work done on each 65mm frame set inside the computer and whole lot of other techniques and tricks, every penny is on the screen—though, admittedly, it wouldn't have hurt to have lost a few seconds of bells and whistles to pay for one more draft of the script, or at least a technical advisor to make sure the computer terminology being tossed around was remotely accurate.

Tron Sector

Famous names: The first film by Darren Aronofsky, who would go on to heretofore untold levels of squick with his followup, Requiem for a Dream.

Crunchy goodness: 5

Memorable product tie-in: Every techno DJ alive has the soundtrack.

Sights you'll never unsee: Drill plus cranium equals super happy mirror splatter!

Design breakthrough: Many pre-DV indie films were shot in black and white for budgetary reasons, but Pi's gorgeous, high-grain chiaroscuro cinematography is vital to the mood; though it's never mentioned in the dialogue, I've always suspected the character is color-blind, as it feels like we're seeing the world through his eyes.

Official Pi site

Famous Names: Martha Coolidge (Director) Val Kilmer, William Atherton, Jon Gries (Cast)

Crunchy Goodness: 3

Life Lesson: Always check your optics.

Most Painfully Dated Moment: The end credits, a feel-good slo-motion scene set to Tears for Fears' 'Everybody Wants to Rule the World.'

Memorable Product Tie-In: Real Genius may be the best-ever ad for Jiffy Pop, for reasons that a single watching will make abundantly clear.

A Guide to the Real Genius/Caltech Connection

Famous names: Matthew Broderick Dabny Coleman Michael Madsen Ally Sheedy

Crunchy goodness: 4.5

Life lesson: Tic Tac Toe is much more interesting when you play it with nukes.

Most painfully dated moment: An IMSAI tricked out with dual 8 inch floppies!

Deadliest spoiler: The only winning move is not to play, which isn't so much a "winning move," per se, because it's not a move and you don't win. But you get my point.

WarGames at The 80's Movie Rewind - Teaser, Review, Trivia & Behind the Scenes info