Frequent Boing Boing contributor Sean O'Brien and his colleagues Laurin Weissinger and Scott J Shapiro built a Raspberry Pi-enabled smart pumpkin and then challenged their Yale cybersecurity students to hack it.
The exercise looks like lots of fun, and the instructors have documented their process on Github, along with sourcecode for your own "Pumpkin Pi."
The Pumpkin sat on a table in class, with the red and yellow LEDs simulating a candle. The objective I gave to students was to trigger the green lights, rather than just shutting the LEDs / the Pumpkin down (someone did anyway, which was interesting and followed by an explanation about objectives in hacking and security research...) Physical access was not allowed.
The first step was to figure out what we were trying to hack. Using "nmap", we tried to detect the operating system and other useful details. The students were then tasked to evaluate their target.
They quickly realised that this was a Raspberry Pi (MAC matching) running an up-to-date Linux. Therefore, it would be difficult to exploit.
As we all know, many administrators do use weak credentials, and luckily, the PumpkinPi administrator set a very weak and seasonal password. Using "hydra" and a wordlist, the students were able to brute force the password and gain access to the device.
However, this was not enough! As mentioned before, I set a specific objective while not denying the root user any rights. Indeed, one student just used the "shutdown" command and turned off the Pi. I then explained that in hacking and security research, it is important to know one's objectives and not simply "break things", while restarting the PumpkinPi.
The Pumpkin Pi Project [Sean O'Brien/Github]
Burbank's amazing quarter-century institution Dark Delicacies is a horror book-, memoribilia- and clothing-store that is a community hub for genre creators, hosting a wonderful stream of events, signings, and even an annual chance to get your photo took with Krampus at a Christmas open-house.
Neil Gaiman says Edgar Allan Poe should be read aloud, and he's right: he recorded this video of him reading "The Raven" in 2016 as part of Pat Rothfuss's Worldbuilders charity drive. It's Poe's birthday today, and I can think of no better way to celebrate it than to listen to it again.
The next installment in the SFinSF reading series features Kim Stanley Robinson, Howard Hendrix, and Cecelia Holland; it's this Sunday, Jan 20, doors at 6, event at 6:30, $10 (no one turned away for lack of funds), at the The American Bookbinders Museum (355 Clementina).
Still determined to keep those New Year’s health resolutions? If you’re going to stick with the exercise plan, it’s enough of a challenge to budget your time. No need for your financial budget to take a hit, too. Here’s a more convenient – and cheaper – alternative to a gym membership or Peloton bike: Two […]
Want a career in web design? It’s true that these days, most anyone can throw up a page or two. But for true workhorse web design, you’ll sometimes need to match the platform to the project. Enter the Complete Front-End Developer Bundle, an educational grand tour around the best tools for the web. For beginners, […]
Things move fast in the world of social media, and they don’t slow down for marketers looking to make an impact. Whether you’re grabbing eyeballs for a major company or a local business, you’ll need to adjust your strategy for every platform. Don’t have a strategy to begin with? That’s where the Social Media Marketing […]