Protect Against Kiosk-Propagated Viruses

Public kiosks, such as those used for photo printing, are exposed to thousands of USB drives and other media every month. Many of them are poorly secured and are using your media as a virus-propagation tool. Protect yourself with these simple steps.

Security blog Risky.biz reader Morgan wrote in to highlight how an unsecure photo kiosk at Big W—a Woolworth subsidiary—infected one of his flash drives with a virus.

Photo kiosks in Big W stores are allegedly infecting customers with USB-borne viruses.

The Windows-based Fuji photo kiosks located in the company’s stores apparently don’t run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers’ USB keys, according to Risky Business listener and blogger Morgan Storey.

On its own, an isolated incident of a photo kiosk infecting a USB device might not be newsworthy. But what makes this item stick out is Big W’s reply to Morgan after he notified the company of the issue:

You can visit the full article at the link below to see a screenshot of the entire email but the most notable quote in the their response should give you pause.

Please note that we are currently testing anti-virus software on our Fuji photo kiosks in a number of stores, and if it is successful, we plan on rolling it out to all stores in the future.

It could be debated whether or not the virus Morgan’s flash drive picked up came from that particular photo kiosk but the people in charge of the kiosk acknowledge that the kiosks have no virus protection. All it would take for each kiosk to become a virus propagating machine then—with access to thousands of USB drives, memory sticks, and SD cards a month!—is exposure to one infected flash drive.

Wii Headtracking Creates 3D Window Display

Johnny Chung Lee is the PhD student from Carnegie Mellon University who has been rocking Nintendo fanboy hearts pretty hard by making the Wiimote do some spectacular feats. We first saw him track his fingertips on the screen for a "Minority Report" type of interface. Then he created an interactive whiteboard. Now, he’s managed to create a headtracking simulation through the Wiimote, creating an amazing 3D window on the world.

The mod requires you to wear the sensor bar (or any IR-emitting headband, Lee makes some sweet goggles) and place the Wiimote by the screen (it’s hooked up to a laptop with a TV-out for this demonstration). Essentially, your head becomes the mouse peeking through a 3D room, and the gameplay implications would be incredible.

Anyone else thinking that Nintendo should pay this guy whatever he wants to make some awesome games? Or, you know, Sony and Microsoft could always grab him up, too. These ideas just use the Wiimote’s IR—technology that isn’t exactly cutting edge stuff.

Voyeurism in the Twitter age

Often when people tweet or post a Facebook status update from the road they accompany it with a picture or two.  These photos can range form the mundane to the fascinating with a bit of everything in between. While you may not be viewing the status updates yourself, the pictures are usually posted to a publically available service like Twitpic, yFrog, TwitrPix and others.

A site called PicFog grabs the links to these photos in real-time and presents them in a constantly updated webpage (see the photo). If you want to kill a few minutes just open up the site and let photos scroll by. Each photos has additional information associated with it, and clicking on the photo opens up a larger photo.

It’s all public although it tends to be a little creepy sometimes. That said, it’s definitely worth a look for a few minutes of mindless entertainment.

Play some classic Nintendo (NES) games in Javascript

The idea that somebody could program a Nintendo Entertainment System (NES) emulator completely in Javascript just blows my mind.

For those that don’t know, Javascript is a language of sorts that’s built into your browser. It’s usually used for doing such mundane tasks as button roll-overs, making simple screen transitions, verifying that you entered a valid e-mail address, etc. I don’t think that using it as a full-blown processor environment was ever part of the original conception.

You’ll want to use Google Chrome for this – competitor browsers aren’t quite fast enough to play this yet.

Yeah, there’s no sound on this emulator but for a quick arcade fix it’s pretty good. There are lots of other ways to play games like this, just use Google or Bing to find them.

Try the emulator here.

The Frankenstein MAME cabinet — it's alive!

It’s cool enough to build your own MAME (multiple arcade machine emulator) cabinet – imagine having thousands of classic games ready to play. Mix in a little monster-movie magic and some steampunk styling and you have yourself a fantastic toy, albeit a pretty large one.

The only thing I can think of that it’s missing are some Tesla coils – now that would be a show-stopper!

See the project at Frankencade (via Gizmodo).

ATM card skimming happening right in NYC

Previously on C.S.I… a man found an actual card skimmer in the wild, in the flesh. Today, Gizmodo reader Sean became the card skimmer/PIN camera’s latest almost-victim. Where? Chase Bank in Manhattan, East Village.

Sean Seibel was inside a local Chase bank where he inserted his ATM card into one of two side-by-side automatic teller machines. When the machine told him it could not read his card, it took him a bit of jiggling to get his card back. He tried it a couple more times and got the same results. Before trying the other machine, he inspected the slot of the current ATM he was using and realized that it had a false plastic cover attached to the slot. The amazing thing about the cover was that the translucent green plastic matched the card reader slot perfectly, meaning that it was made specifically for Chase ATMs. After snapping a few photos with his iPhone, he alerted the branch manager and explained what happened.

As he was leaving, Seibel remembered reading about card skimmers having small cameras in the proximity in order to read PIN pad activity, so naturally, he went back to the ATM to inspect, which is where he found an extra mirror attached to the vandalized machine that the other ATMs didn’t have. Drilled into the mirror was a tiny pinhole with a camera inside, directed at the PIN pad. Seibel alerted the branch manager again and asked Chase why they hadn’t inspected the ATM after he had warned them the first time. Chase honestly replied that they hadn’t thought of it because they had never encountered that sort of thing before.

From the crazy amounts of feedback we received last night after we posted the first story, it seems that card skimmers are a common crime everywhere from Thailand to Mexico. But actually hearing about it happening to our very own readers here in America makes us want to help get the word out. Seibel says it best: "Take this as a warning and please inspect every ATM machine you use, no matter how secure you think the environment is."

See the full article at Gizmodo.

Teens Capture Amazing Shots 20 Miles from Earth's Surface With a Balloon

Using a $77 Nikon Coolpix and a $60 latex balloon filled with helium, a team of teenage students captured these remarkable shots from 20 miles above the Earth’s surface.

Radio-synced to Google Earth, the team tracked the package as it soared 885 feet per minute into the sky, taking shots on a periodic timer. The balloon eventually failed around 100,000 before the system parachuted to the ground.

See more pictures and the full article at Gizmodo.

Casinos are warned about card-counting iPhone app

Nevada gambling regulators have warned casinos in the state about a card-counting program that works on Apple Inc.‘s iPhone and iPod Touch that illegally helps players beat the house in blackjack.

Card counting itself is not illegal under Nevada gambling laws, but it is considered a felony to use devices to help count cards.

The Nevada Gaming Control Board sent a memo to casinos last week warning them of the program.

See the full article at Yahoo! News.

How to hack those programmable road signs

Ever wanted to put your own message on one of those portable road signs along the highway? Well now you can with just a little tampering and a whole lot of illegal!

Read the full article at Gookologie

Million Dollar Border Security Machines Fooled with Ten Cent Tape

So much for biometrics and immigration security: A South Korean woman managed to fool a million-dollar fingerprint reading machine in Japanese border controls using a simple piece of tape stuck to her fingers. It happened at Tokyo airport. The woman has repeatedly entered Japan using the same trick without anybody noticing. Japanese officials say that they suspect many others have been doing the same things, demonstrating that the biometric systems they installed in 30 airports in 2007—to the tune of $45 million—are completely useless. The woman was deported in July 2007 for illegally staying in Japan as a bar hostess in Nagano, but she entered again with the system, using the tape and a fake passport allegedly provided by a South Korean broker.

Read the full article at Gizmodo