Frequent Boing Boing contributor Sean O'Brien and his colleagues Laurin Weissinger and Scott J Shapiro built a Raspberry Pi-enabled smart pumpkin and then challenged their Yale cybersecurity students to hack it.
The exercise looks like lots of fun, and the instructors have documented their process on Github, along with sourcecode for your own "Pumpkin Pi."
The Pumpkin sat on a table in class, with the red and yellow LEDs simulating a candle. The objective I gave to students was to trigger the green lights, rather than just shutting the LEDs / the Pumpkin down (someone did anyway, which was interesting and followed by an explanation about objectives in hacking and security research...) Physical access was not allowed.
The first step was to figure out what we were trying to hack. Using "nmap", we tried to detect the operating system and other useful details. The students were then tasked to evaluate their target.
They quickly realised that this was a Raspberry Pi (MAC matching) running an up-to-date Linux. Therefore, it would be difficult to exploit.
As we all know, many administrators do use weak credentials, and luckily, the PumpkinPi administrator set a very weak and seasonal password. Using "hydra" and a wordlist, the students were able to brute force the password and gain access to the device.
However, this was not enough! As mentioned before, I set a specific objective while not denying the root user any rights. Indeed, one student just used the "shutdown" command and turned off the Pi. I then explained that in hacking and security research, it is important to know one's objectives and not simply "break things", while restarting the PumpkinPi.
The Pumpkin Pi Project [Sean O'Brien/Github]
I'm in the midst of couple of weeks' worth of lectures, public events and teaching, and you can catch me in Toronto (for Word on the Street, Seeding Utopias and Resisting Dystopias and 6 Degrees); Newry, ME (Maine Library Association) and Portland, ME (in conversation with James Patrick Kelly).
Octavia Butler (previously), the brilliant Afrofuturist, McArthur Genius Grant-winning science fiction writer, died far, far too soon, leaving behind a corpus of incredible, voraciously readable novels, and a community of writers who were inspired by her example.
EFF has just posted a job listing for a development director, seeking someone to "take charge of EFF's eleven-person Development Team in their efforts to raise over $13 million each year," starting late 2019 or early 2020.
On the one hand, nostalgia is “a corruption of the historical impulse,” according to William Gibson. On the other hand, “Super Mario Bros.” will never not be cool. Luckily, there’s a way to satisfy that retro gaming while still keeping an eye on the future: The GameShell Kit. This thing is simultaneously the last handheld […]
The field of data analytics can get intimidating, even for business professionals who constantly rely on it. But at its heart, its purpose is to simplify. To take mounds of information and distill their insights into a single clear picture. Currently, the go-to software for painting that picture is Tableau. And if you want to […]
If you’re in the market for a stable, durable camera fully suited for first-person video, there’s a good chance that you’re the adventurous type. So why settle on a familiar name like GoPro? The DJI Osmo Action 4K HDR Camera checks off all the same boxes on the action cam checklist as the GoPro 4K […]