Tuesday, February 28, 2006

FedEx Kinkos ExpressPay Vulnerability

A new vulnerability was found in the ExpressPay system in use at FedEx Kinkos to pay for things like copies, etc. Basically the vulnerability allows you to get things for free, or even get cash from the system. The problem stems from the fact that the value of the SmartCard in use by the system is stored on the card itself, protected by a 3-digit code. If you can get this 3-digit code, then you can reprogram the card with whatever value you want. Worse yet, the 3-digit code is supposedly the same on all cards, making this what is called a BORE attack, or Break Once Repeat Everywhere. Once the 3-digit code is known (which it presumably already is by now) it can be used on any device. While the initial attack to get the code is complex and requires expensive equipment (a logic analyzer), with sufficient motivation and the potential for BORE someone was bound to do it eventually. This is what product manufacturers need to realize.

Thursday, February 16, 2006

Matchbox-sized Projector

These guys have created a projector the size of a matchbox that runs on less than 1.5W of power based on lasers. You have to read this article to see how cool this is. Infinite focus, low power, small enough to be embedded in a CELL PHONE, this could revolutionize how electronics use displays. Instead of trying to watch that movie on your video iPod, how about you project it on the wall wherever you are?

Sunday, February 12, 2006

Howlin' Good Time


It's a full moon tonight. At least, off our balcony it is.

Real-world Transformer

Here's a real world transformer in action. Crazy!