Frequent Boing Boing contributor Sean O'Brien and his colleagues Laurin Weissinger and Scott J Shapiro built a Raspberry Pi-enabled smart pumpkin and then challenged their Yale cybersecurity students to hack it.
The exercise looks like lots of fun, and the instructors have documented their process on Github, along with sourcecode for your own "Pumpkin Pi."
The Pumpkin sat on a table in class, with the red and yellow LEDs simulating a candle. The objective I gave to students was to trigger the green lights, rather than just shutting the LEDs / the Pumpkin down (someone did anyway, which was interesting and followed by an explanation about objectives in hacking and security research...) Physical access was not allowed.
The first step was to figure out what we were trying to hack. Using "nmap", we tried to detect the operating system and other useful details. The students were then tasked to evaluate their target.
They quickly realised that this was a Raspberry Pi (MAC matching) running an up-to-date Linux. Therefore, it would be difficult to exploit.
As we all know, many administrators do use weak credentials, and luckily, the PumpkinPi administrator set a very weak and seasonal password. Using "hydra" and a wordlist, the students were able to brute force the password and gain access to the device.
However, this was not enough! As mentioned before, I set a specific objective while not denying the root user any rights. Indeed, one student just used the "shutdown" command and turned off the Pi. I then explained that in hacking and security research, it is important to know one's objectives and not simply "break things", while restarting the PumpkinPi.
The Pumpkin Pi Project [Sean O'Brien/Github]
On March 19, Tor Books will release my next book, Radicalized, whose four novellas are the angry, hopeful stories I wrote as part of my attempt to make sense of life in our current moment.
My most recent essay film, Visual Disturbances, premiered in the open access journal [in]Transition yesterday. This open access journal features peer reviewed academic video essays and showcases a wide variety of film and media analysis. Visual Disturbances uses some cutting-edge eye tracking visualizations to explore how film audiences both perceive and mis-perceive movies.
Electronic Grenade's "'Computer' Mouse" project fits a fully functional computer into a fully functional, 3D printed mouse; the computer is a Raspberry Pi Zero W, with a teeeny leeetle flip out keyboard and a tiny little itsy bitsy flip-out screen. (via Motherboard)
It’s a rude awakening for that rookie vacationer abroad when they try to plug in their gear for the night. Veteran jet-setters know that outlet shapes can vary wildly from country to country, which necessitates that most boring must-have for any world-traveler: A sackful of clunky power adapters. Awkward problem, elegant solution: The Twist Plus […]
Looking for a career in music behind the boards, either as a music producer or DJ? It’s a good bet that you’re going to be working with Ableton Live. Each new iteration of this powerful workstation gives the user more tools to create, and it’s just as well suited for the task of meticulous track […]
The graveyard of failed startups is littered with concepts that just got lost in translation. At its core, that’s what great front-end design is about: Making an app or website usable, translating its best ideas smoothly to the user. It’s a skill so broad there might be no one book or course that covers it […]