Categories
Apple Security

Apple Suspects Hardware Espionage

From 9to5Mac:

At least part of the driver for this is to ensure that the servers are secure. Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the matter. At one point, Apple even assigned people to take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there. Building its own servers with motherboards it designed would be the most surefire way for Apple to prevent unauthorized snooping via extra chips.

I can’t say this is terribly surprising. There’s been reports of this sort of thing happening to Cisco hardware among others.

Categories
Hardware

How To Improve The PC As A Gaming Platform

Bruno Ferreira wrote a good article on how to improve the PC as a gaming platform. As someone who is a PC gamer, I couldn’t agree more with what he says. It’s extremely difficult to build a system for PC gaming, and very difficult to buy games since the metrics used are so difficult to work with.

In my opinion once every 12-18 months the platform should create a new standard based on the latest and greatest. It’s assigned a number, likely the year. A software profiler would then establish what standard your computer meets. Don’t buy any game that exceeds that number. A game can support “minimum” and “optimal” but would just put the number below vs. spelling out all the specs. Profiler could then advise on how to upgrade. For example if you upgrade you’re weak GPU and add more RAM you’d meet the requirements for 2013. Or just leave it at 2012 standards if that’s good enough for your needs.

Categories
Hardware

MakerBot Replicator 2

MakerBot Replicator™ 2

The MakerBot Replicator™ 2 is pretty amazing when you think about it. I’m pretty certain there is a future in 3D printing. It may eventually even be the successor to physical mail in many cases. Simply order and print out your product. Perhaps the order will reimburse you the material used to output your product. Instant delivery not even Amazon could beat with the warehouse model.

It’s hard to justify the purchase of one today, but make no mistake, these things have a future somewhere.

Categories
Photo A Day 2011

Project 365 Week 39

Categories
Photo A Day 2011

Project 365 Week 28

I can’t believe it’s already 28 weeks.

Categories
Photo A Day 2011

Project 365 Week 27

Categories
Software

On Square Skimmer Security Risks

There’s an “open letter” going around about the alleged security hole created by SquareUp, a startup that gives out free credit card readers for smart phones. To quote the meat of it:

In less than an hour, any reasonably skilled programmer can write an application that will “skim” – or steal – a consumer’s financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.

Allow me to debunk the hell out of this:

  • To skim a card you need physical possession of the card. The numbers are printed on the front. No reader needed.
  • Skimming is normally done by attaching a device in front of a legitimate reader (such as an ATM) so it passively collects data. Not via cell phone. Stealing a credit card, walking to a back ally and skimming doesn’t make any sense.
  • Credit cards numbers are worth almost nothing on the black market. They are sold in bulk. This process is to slow to be viable for even the most brain-dead of criminals to want to bother with.
  • There are easier methods than the above including phishing attacks, becoming a waiter (the best job for credit card thieves), or just hacking one of the many insecure ecommerce sites on the net. An ATM skimmer attached to an ATM is much more profitable and harder to get caught since you can leave and come back later.
  • Square’s dongle doesn’t encrypt data because it goes directly to the phone. You’d need to extensively modify the device to intercept anything. The connection from your phone to Square seems to be encrypted.
  • Oh yea… They have their logo on top, but never link to their homepage or explain who they are. VeriFone is a vendor of credit card scanners. A direct competitor of Square. They also sell wireless scanners that would compete directly with Square. They cost a lot.

How’d I do?

Bonus:

VeriFone sells “contactless” point of sale systems. I’ve mentioned several times over the past few years how poorly thought out these seem to be. WREG recently did a great story on how easy it is to scan/clone one of these cards to a hotel key (full disclosure: WREG is an affiliate of my employer).

Conclusion:

If someone steals your credit card swiping it on their own scanner, reads the numbers off, or just running to the nearest store and buying things, it doesn’t make a difference. Square isn’t the security hole here.

I’ve got a square reader on hand and can say it’s cheaply made (obviously), but no reason at all to think it’s any less secure than any other terminal. The owner/operator of the terminal is the chief point of failure.

Categories
Hardware

Building A PC Headset Adapter For IP Phones

Building a PC headset adapter for a Nortel 1120E actually turned out to be dead simple. The headset port is actually a pretty standard 4P4C port (also known as RJ9 or RJ10 apparently). For about $5 I was able to put together a fully working adapter to use any standard PC headset.

I suspect this will work just fine with most phones even non-IP phones however your mileage may vary. Obviously this is at your own risk.

Parts:

If you have an cable from a phone receiver you could easily reuse that, just cut one end. Those are just 4P4C cables.

The stereo connection jacks are rated 5,000 cycles, though they feel a little flimsy to me. For the price however they or not bad, just proceed with caution. If you build this and intend to plug/unplug often you may want to consider another one. For me, if they break I’ll swap them out.

I was originally going to solder and tape it up to save space rather than use a board. The board was for prototyping and I’d just reuse it for something else later. At least for now however I’ll just leave it all taped to the board, it seems pretty stable if you leave the headset plugged in. I just taped it to the base of my monitor. I really wanted a breadboard, but there were surprisingly none in stock at RadioShack. No breadboards at RadioShack is like a McDonald’s without burgers. The PC board however worked for the task.

Pinning

To summarize how it’s connected, a 4P4C cable has two conductors for speaker and two for microphone. It’s simply a matter of connecting them to the correlating jack with the correct polarity and you’re done. The following diagram (from Wikipedia) illustrates the pinning:
4P4C Pinning

On the SJ1-3523NG jacks, this corresponds as follows:

Audio out:
  Pin | Wire
    3 | Green
    2 | Red
Audio in:
  Pin | Wire
    1 | Black
    3 | Yellow

A little testing showed that the presence of a microphone is how the Nortel 1120E can tell if the port is connected or not. That means you can’t just use the headphone for example to listen in on a call. A microphone must be connected (muting works fine however).

Final Product

I grabbed a Logitech ClearChat Style Headset which retails for under $20. Works perfect for the task and has inline controls for easy mute/volume control.

As a result I put this together using only a few dollars of parts and using only tools found in my cube (wire strippers, wire cutters, scissors).

There you have it. It only costs a few dollars and is dead simple to wire. Now I can code while on calls without having to decide between speakerphone, which echos when several of us are on the same call or risk neck pain trying to balance a phone receiver.

IP Phone Headset Adapter

In practice, I have tape holding the jacks to the board. I removed it for the photo shoot to better show how the wiring is done.

Categories
Hardware Software

Email Alarm System

I’ve been in the mood for some hardware hacking for a while. Recently at work I thought it would be nice to have a way to know if an important (emergency) email came in that required attention. These fire-drills are just part of the job. I have multiple computers and screens so an on-screen alert isn’t always effective. Audible alerts don’t work either because speakers are only connected to one computer at a time and often headphones are plugged in. I need something more independent.

My solution was to build a USB alarm system: Two rotating LED lights to get attention visually as well as a 76 db piezo buzzer which chirps when the system is activates to help get attention. The buzzer only chirps and only when the system first invokes so it’s not an annoyance. It’s enough to get attention, but not enough to bother others. It has multiple chirps so that I can potentially setup multiple alert types.

Now we can really be on the ball!
P1 Bug Report Alarm
Obligatory goofy office signage

Categories
Apple Hardware

Apple To Use Micro USB?

I mentioned back in September 2007 that cell phone manufacturers were looking to replace their varied connectors with Micro USB meaning most cell phones would use the same chargers and accessories. MacRumors points to a Reuters report that Apple has also agreed to go Micro USB in Europe, which presumably means the US as well.

I personally doubt Apple will just ditch the 30 pin dock connector in favor of Micro USB. I suspect Apple will either bundle a Dock to Micro USB adapter instead or add a Micro USB port next to the Dock connector. Among the many reasons:

  • The dock is essentially “USB+ Firewire + Audio + Video + other”. Take a look at the pinout. It’s much more complicated to get USB audio working than to read line out. For the intents and purposes the dock is as good if not better interface.
  • The dock connector has an extensive list of implementations including many accessories and car audio systems. “Designed for iPod/iPhone” is preferred by Apple over “Designed for mp3 players”.
  • The dock is a proprietary interface, Apple collects a licensing fee for its use in accessories.

Since the dock connector is really “USB+ Firewire + Audio + Video + Other”, a USB adapter is obviously cheap and easy to produce (they already ship a USB cable with all products). Hence I suspect there will be either a Micro USB adapter, or Apple will add the port to the bottom of the iPod/iPhone since Micro USB is very small.

There is still an advantage to having Micro USB. For one charging will become more universal across cellphones. This means car manufacturers, and even airplanes can offer Micro USB to let people charge phones easily via a single ubiquitous low powered interface.

It’s also more environmentally friendly since you’ll be able to buy your own separate higher quality power adapter. No more cheap bundled power bricks known for their phantom loads. Or just charge off your computer. You’ll also be able to use the same charger and accessories with more phones.

I’m glad to see this finally happening.

Edit [6/29/2009 @ 10:00 PM EST]: Pocket-lint says Apple stated to them it will be an adapter.