June 2007

Bingo Shooting Device 100 years old

A Bingo Shooting Device going off

A lot of the traps my friend Jay and I design use little mousetrap-like devices that go bang when opened, usually sold under names like “exploding toilet seats,” or as the main mechanism in exploding pens. It consists of a hinge that is closed over a spring-loaded hammer. When the hinge is allowed to open, the hammer is released and strikes a percussion cap, causing a loud bang. Not too long ago I discovered the history of this wonderful invention, which was originally called the Bingo Shooting Device and was invented exactly 100 years ago this year.

The inventor of the device was one Sam S. Adams, who in 1907 was trying to follow up on his previous year’s successful invention of sneezing powder (a coal-tar product sold under the name “Cachoo”). Copy-cats were underselling his sneezing powder, and so he moved on with the Bingo Shooting Device, and installed the device in decks of cards, cigar boxes and “books with saucy titles” (to quote a 1941 article about Adams’ success).

Adams went on to invent some of the best-known gags of the last century, including the Snake Jam Jar (a jam-jar in which a spring-loaded snake jumps out), Racket Wireless Message (an envelope that rattles when opened, now sold as “Rattlesnake Eggs”), the Dribble Glass, a telescope that gives the user a black eye, soap that stains your hands, and of course the world-famous Joy Buzzer — basically every well-known joke but the Whoopie Cushion. His company, now called S.S. Adams Company, still exists and sells novelty items to this day.

Bingo Shooting Device 100 years old Read More »

Russian hacker-zine analysis of Skype anti-reverse-engineering measures

Russian hacker magazine Xakep Online has posted an interesting analysis of all the measures Skype goes to to avoid reverse-engineering of their protocol and code. If you can’t read the original Russian you can get the gist (as I did) from the Google translation. A few highlighted techniques:

  • Binary file is fully encrypted and dycrypted as it’s dynamically loaded into memory.
  • Eliminated almost all static function calls, and critical procedures are called via a dynamically-obtained pointer determined via obfuscated code. That makes figuring out what’s going on in a debugger difficult.
  • Recognizes the Windows kernel-mode debugger SoftICE and refuses to run when it sees it.
  • Measure how long it takes to execute certain sections of code to try to detect whether it’s being run in emulation. (I’m not sure how this would work, given the range of CPUs it has to run on…)
  • Do a checksum of the resulting decrypted code.

The article also goes into all the ways Skype routes around firewalls by looking for open ports, and suggests that along with encrypted traffic and peer-to-peer distribution it’s the perfect tool to deliver a worm, trojan or virus payload under the radar of virus checkers and firewalls… if only you can find a way to get the target client to run your code. Essentially you’re left with just one level of protection, namely Skype itself. I’m not convinced this is any more problematic than the Swiss-cheese that is Windows security already, but it’s something to think about as we go forward.

(Thanks to Sergey for the link and summary of the Russian!)

Russian hacker-zine analysis of Skype anti-reverse-engineering measures Read More »

Big meteor shower Sept 1st 2007

This coming September 1st (Saturday of Labor Day weekend) at about 11:36 ± 20 minutes UT (4:36 am PDT) the Earth will be passing through the dust trail of Comet Kiess, the only known case of crossing the dust trail of a known long-period comet in our lifetime. It’ll create an impressive meteor shower called the Aurigids, since the meteors will appear around the constellation Auriga. The shower will be visible from California, Oregon, Hawaii and the Eastern Pacific, with best viewing towards the East and NorthEast.

Wonder if it’d be visible from Black Rock City?

Big meteor shower Sept 1st 2007 Read More »