Fingerprints are not security

Fingerprints are not security

Jan Krissler, known in hacker circles as Starbug, was already known for his high-profile stunt of cracking Apple TouchID sensors within 24 hours of the iPhone 5S release. In this case, he used several easily taken close-range photos of German defense minister Ursula von der Leyen, including one gleaned from a press release issued by her own office and another he took himself from three meters away, to reverse-engineer her fingerprint and pass biometric scans.

The same conference also demonstrated a “corneal keylogger”. The idea behind the attack is simple. A hacker may have access to a user’s phone camera, but not anything else. How to go from there to stealing all their passwords?

One way, demonstrated on stage, is to read what they’re typing by analyzing photographs of the reflections in their eyes. Smartphone cameras, even front-facing ones, are now high-resolution enough that such an attack is possible.

“Biometrics are not secrets… Ideally, they’re unique to each individual, but that’s not the same thing as being a secret.”

https://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands

PIX for Windows is back!

PIX for Windows is back!

PIX is a performance tuning and debugging tool for game developers – that hadn’t been updated in years for the desktop. It survived on in three generations of Xbox consoles, but there was no desktop love. No longer! Microsoft just announced PIX beta is now available for analyzing DirectX 12 games on Windows.

PIX on Windows provides five main modes of operation:

  • GPU captures for debugging and analyzing the performance of Direct3D 12 graphics rendering.
  • Timing captures for understanding the performance and threading of all CPU and GPU work carried out by your game.
  • Function Summary captures accumulate information about how long each function runs for and how often each is called.
  • Callgraph captures trace the execution of a single function.
  • Memory Allocation captures provide insight into the memory allocations made by your game.

Go to the Microsoft blog to download it for free.

 

See-through Engine in 4K Slow-Motion

See-through Engine in 4K Slow-Motion

Ever want to see what is really going on inside a combustion engine like your car? Warped Perception built a custom transparent acrylic head for a four-stroke engine so we can see what internal combustion looks like as it happens. He fed the engine with different types of fuel then captured the results in slow-motion.

0:58 is when the magic starts. 🙂

How to see a Museum

How to see a Museum

Nick Gray of Museum Hacks gives hundreds of museum tours. As someone that likes to travel, museums can be a huge time suck and exhaust you. He’s come up with a system that sounds pretty awesome.

I’ll have to give it a try on my next trip…

Animated Sculptures of John Edmark

Animated Sculptures of John Edmark

John Edmark‘s sculptures wiggle and twist before your eyes. It’s hard to believe that what you’re seeing is a real physical object—but we assure you it is, with a bit of trick photography and some heady mathematics thrown in for good measure. Blooms 2 (a year in the making) is the latest collection of wild strobe-animated sculptures that begin life as computer programs written in Python before being 3D printed and set in motion on a table, but the patterns you see are created, in a sense, by nature itself.

 

BLOOMS: Strobe Animated Sculptures Invented by John Edmark from Pier 9 on Vimeo.

Who would others say you are?

Who would others say you are?

“It is not our abilities that show what we truly are. It is our choices.” –Dumbledore

If you were stripped of all your talents, who would others say you are based on your choices? Generous? Kind? Selfish?

scp without entering a password each time

scp without entering a password each time

Lets say you want to copy between two hosts host_src and remote_machine. host_src is the host where you would run  scp, ssh or rsyn, irrespective of the direction of the file copy.

  1. On host_src, run this command as the user that runs scp/ssh/rsync$ ssh-keygen -t rsaThis will prompt for a passphrase. Just press the enter key. If you assign a password to the key, then you’ll need to enter it each time you scp. It will then generate a private key and a public key. ssh-keygen shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub:

    Your public key has been saved in <your_home_dir>/.ssh/id_rsa.pub

  1. Transfer the id_rsa.pub file to host_dest by either ftp, scp, rsync or any other method.
  1. On remote_machine, login as the remote user which you plan to use when you run scp, sshor rsync on host_src.
  2. Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys
    $ cat id_rsa.pub >>~/.ssh/authorized_keys
    $ chmod 700 ~/.ssh/authorized_keys

If this file does not exists, then the above cat command will create it. Make sure you remove permission for others to read this file via chmod. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.

Optional – allowing root to ssh:

  1. ssh by default does not allow root to log in. This has to be explicitly enabled on remote_machine. This can be done by editing /etc/ssh/sshd_config and changing the option of PermitRootLogin from no to yes.
  2. Don’t forget to restart sshd so that it reads the modified config file.
  3. Do this only if you want to use the root login.

Thats it. Now you can run scp, ssh and rsync on host_src connecting to remote_machine and it won’t prompt for the password. Note that this will still prompt for the password if you are running the commands on host_dest connecting to host_src. You can reverse the steps above (generate the public key on remote_machine and copy it to host_src) and you have a two way setup ready!

Teddy Roosevelt on armchair critics

Teddy Roosevelt on armchair critics

“It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.” – Teddy Roosevelt, from a speech delivered April 23rd, 1910 in Paris.