Information Security

Hack Your Gmail: A Quick Start for Google App Scripting

Hack a Day - Thu, 01/17/2019 - 13:00

For many people, Gmail is synonymous with e-mail. Some people like having cloud access to everything and some people hate having any personal data in the cloud. However you feel about it, one thing that was nice about having desktop software is that you could hack it relatively easily. If you didn’t like how your desktop mail client worked, you had a lot of options: use a different program, write your own, hack the executable of your current program, or in the case of open source just fork it and make any changes you are smart enough to make.

Google provides a lot of features with all of its products, but however you slice it, all the code runs on their servers out of your reach. Sort of. If you know JavaScript, you can use Google Apps Script to add features to many Google products including Gmail. If you’ve used Office scripting, the idea is the same, although obviously the implementation is very different.

With scripting you can make sophisticated filters that would be very hard to do otherwise. For example,  monitor for suspicious messages like those with more than 4 attachments, or that appear to come from a contact between the hours of 2AM and 5AM.

For our example today, I’m going to show you something that is easy but also highly useful.

A Useful Example

How many e-mails do you get telling you about sales? If you are like me, plenty. Do you delete them all? Or can you go back in your mail and tell me what Harbor Freight had on sale in January 2003? I’ve often wished there was a well-known mail header that allowed mails to delete themselves because, honestly, at least half the mail I get is only good to some future date. Invitations, package tracking, sales, notifications about content that is new but on the web.

I started with a mostly manual process. I created a lot of filters that would mark incoming messages that I knew were in this category using a label “keep14”. Then — if I remembered — every two weeks or so I would search for the tag using the “older_than” predicate to find all the old messages with that label. The search string would be:

label:keep14 older_than:14d

Then you can delete the results all in one swoop. Assuming you remember to do it.

Perfect for Automation: Scripting and Triggering in Gmail

Google Script can easily do this. However, there are a few gotchas. The most obvious one is also the easiest one. If you think about it, having a script you have to run every two weeks is no better than doing it manually. Luckily, Google Script provides triggers that can run a script on different events and one of them, unsurprisingly, is time.

So with that detail out of the way, how do we make our keep14 script work?

  1. Go to Google Scripts dashboard and log in
  2. Create a new project (press New Script in the top left and change the untitled name up at the top)
  3. Paste the following:
// Things you might like to change var LABEL="keep14"; // needs to match the one below in autodelete! var DELAY=21; // give them 1 week grace period (21 days) function Install() { ScriptApp.newTrigger("autodelete") .timeBased().everyDays(1).create(); GmailApp.createLabel(LABEL); } function Uninstall() { var triggers = ScriptApp.getScriptTriggers(); var item; for each (item in triggers) { ScriptApp.deleteTrigger(item); } } function autodelete() { var threads; var item; var search = "label:" + LABEL + " older_than:" + DELAY +"d" var n=0; do { // Gmail will only do some at a time so let's do only a few // It is not clear how this works when you delete some of the first 500 threads=GmailApp.search(search,n,500); n=n+500; for each (item in threads) { // Logger.log("Delete %s", item.getFirstMessageSubject()); item.moveToTrash(); } // end for each } while (threads!=null && threads.length>0); } // end function

To understand this, you need to know the object model exposed by Google, of course. There’s documentation, although it sometimes leaves something to be desired, like most documentation. For now, skip to the bottom of the code and focus on the autodelete function.

In the Code

Look a the very top of the code. Those first two lines are just there to allow you to easily customize the label and delay time (in days; I decided to give it a week’s grace period).

The first real part of the algorithm inside autodelete is to build the search string just like we’d issue manually. If you knew you would not process a lot of mail, you could make this very simple by calling GmailApp.search to get an object that represents all the matching messages. The problem is, the script will choke if the search returns more than 500 items.

That might seem unrealistic, but if you go through and mark a message you have been getting once a day for years, it could easily be a lot more. To combat that, I do the search in a loop and restrict it to 500 items per pass. The documentation is a bit sparse about how good it is at remembering the query when it doesn’t start at zero. It is possible that deleting some messages in the first set of results will cause messages that started in the second set to be skipped because on the second call, they would be in the first set. I didn’t run tests to tell and the documentation is unclear. However, after a few times, it should get all the messages and once the script is running regularly (and you don’t add more messages from the past), you probably won’t process more than 500 at a time anyway.

You can assume that the results are all old enough to delete or they wouldn’t come back from the search. So a simple for each loop enumerates each message and a moveToTrash call deletes it.

Getting More Complex

There’s not very much to see in that example. Of course, you can do things that are as complicated as you like assuming the data and features you want are exposed through the object model. For example, you might want to skip deleting the e-mail if you’ve replied to it. You can change labels as activity occurs in a thread, or develop more nuanced “nudge” behavior than what Gmail has currently implemented. We’d love to hear what possible uses you can think of in the comments below.

You can also script most of Google’s other major applications, too. And keeping track of what you’ve automate d is fairly straightforward. If you go to the script dashboard, you’ll see a selection on the left side of the screen that says “My Triggers” that will show you what will run and when. The My Executions entry will show you when your scripts ran and what happened. Scripts can time out and there’s some limit on how much CPU time you can consume every day.

Is it as good as writing your own application or modifying their source code? No, of course not. But it is also a lot simpler. Because the script is on their server, the debugging is a little bare, but it does work and it is better a better way if you’ve been banging your head against the keyboard as you perform repetitive tasks to keep on top of that out-of-control inbox.

Cain and Abel error

Your hacking tutorial - Thu, 01/17/2019 - 12:44

I installed Cain and Abel and filtered it out of all my AVs but whenever I try to use the Wireless Passwords feature to crack my schools wifi it gives me an error saying unable start abel service.

submitted by /u/hiddenViolets01610
[link] [comments]
Categories: Information Security

People in my home keep stealing my USB drives - can you point me to a tutorial on how to make a USB into rubber ducky that does a specific function?

Your hacking tutorial - Thu, 01/17/2019 - 12:19

I am forced to live in a very communal environment and have had several USB drives stolen. I would like to make a couple as rubber ducky that install monero miner (or equivalent) on to the PC. Would such a thing be possible? I have set up a virtual lab but am not sure where to learn such a thing.

submitted by /u/PhilSimmsLovesOnions
[link] [comments]
Categories: Information Security

Using Custom Settings/Blue Light Filter to Detect Sunrise/Sunset

Tasker: Total Automation for Android - Thu, 01/17/2019 - 12:17

I'm trying to set up a profile to increase brightness close to max when BT connected to my car, Waze is open and it's daylight. The BT connected and Waze open is fine. I couldn't find an easy native way for Tasker to tell sunrise/sunset so I decided to try custom settings to check the value of the blue light filter to tell if it's daytime or not. If the blue light filter is on, do nothing, if it's off increase brightness. It's fine during the day but at night sometimes it brightens the screen and sometimes it doesn't and occasionally it will go back and forth on it's own. Should this method work? If so what should I look for that's going wrong? Is there a better way? I can't get the task from my phone at the moment to share it.

submitted by /u/SpecialFX99
[link] [comments]

Top GP: Medical app Your.MD's data security wasn't my remit

The Register - Thu, 01/17/2019 - 12:15
Prof Maureen Baker told tribunal info security and clinical safety are two separate things

The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails seen by a London tribunal have revealed.…

[Help] Can't get this to work!

Tasker: Total Automation for Android - Thu, 01/17/2019 - 12:05

js.zip

This is the script i'm trying to replicate but to no avail please help!

Description

js (27) A1: HTML Popup [ Code:<body> Actual Money Value: <input type="text" id="displayedresources" value="1990"> <br> Encrypted Money Value1 (Search): <br> <h1><label id="encval1">0</label></h1> Encrypted Money Value2 (Recommended to search for this first and use substract 4 from it's Address to get the first Value): <br> <h1><label id="encval2">0</label></h1> <input type="button" id="calculate" value="Calculate" /> </body> Layout:HTML Popup Timeout (Seconds):600 Show Over Keyguard:On ] A2: JavaScriptlet [ Code:function caclulateEncVal() { var orig = $('#displayedresources').val(); var i, buffer1, buffer2, enc1, enc2; for (i = 0; i < 32; i++) { buffer1 = i % 2 == 0 ? orig >>> i & 1 : 0; buffer2 = i % 2 == 0 ? 0 : orig >>> i & 1 ^ 1; enc1 = enc1 | buffer1 << i; enc2 = enc2 | buffer2 << i; } $('#encval1').text(enc1); $('#encval2').text(4294967296 + enc2); } $('#calculate').click(caclulateEncVal); Libraries: Auto Exit:Off Timeout (Seconds):45 ] A3: Variable Query [ Title:Value Variable:%orig Input Type:Normal Text Default: Background Image: Layout:Variable Query Timeout (Seconds):40 Show Over Keyguard:On ] A4: Variable Set [ Name:%converted To:%enc1

%enc2 Recurse Variables:Off Do Maths:Off Append:Off ] A5: Set Clipboard [ Text:%converted Add:Off ]

XML

<TaskerData sr="" dvi="1" tv="4.9u3m"> <Task sr="task27"> <cdate>1547716570199</cdate> <edate>1547745531847</edate> <id>27</id> <nme>js</nme> <pri>100</pri> <Action sr="act0" ve="7"> <code>941</code> <Str sr="arg0" ve="3"><body> Actual Money Value: <input type="text" id="displayedresources" value="1990"> <br> Encrypted Money Value1 (Search): <br> <h1><label id="encval1">0</label></h1> Encrypted Money Value2 (Recommended to search for this first and use substract 4 from it's Address to get the first Value): <br> <h1><label id="encval2">0</label></h1> <input type="button" id="calculate" value="Calculate" /> </body></Str> <Str sr="arg1" ve="3">HTML Popup</Str> <Int sr="arg2" val="600"/> <Int sr="arg3" val="1"/> </Action> <Action sr="act1" ve="7"> <code>129</code> <Str sr="arg0" ve="3">function caclulateEncVal() { var orig = $('#displayedresources').val(); var i, buffer1, buffer2, enc1, enc2; for (i = 0; i < 32; i++) { buffer1 = i % 2 == 0 ? orig >>> i & 1 : 0; buffer2 = i % 2 == 0 ? 0 : orig >>> i & 1 ^ 1; enc1 = enc1 | buffer1 << i; enc2 = enc2 | buffer2 << i; } $('#encval1').text(enc1); $('#encval2').text(4294967296 + enc2); } $('#calculate').click(caclulateEncVal);</Str> <Str sr="arg1" ve="3"/> <Int sr="arg2" val="0"/> <Int sr="arg3" val="45"/> </Action> <Action sr="act2" ve="7"> <code>595</code> <Str sr="arg0" ve="3">Value</Str> <Str sr="arg1" ve="3">%orig</Str> <Int sr="arg2" val="0"/> <Str sr="arg3" ve="3"/> <Str sr="arg4" ve="3"/> <Str sr="arg5" ve="3">Variable Query</Str> <Int sr="arg6" val="40"/> <Int sr="arg7" val="1"/> </Action> <Action sr="act3" ve="7"> <code>547</code> <Str sr="arg0" ve="3">%converted</Str> <Str sr="arg1" ve="3">%enc1

%enc2</Str> <Int sr="arg2" val="0"/> <Int sr="arg3" val="0"/> <Int sr="arg4" val="0"/> </Action> <Action sr="act4" ve="7"> <code>105</code> <Str sr="arg0" ve="3">%converted</Str> <Int sr="arg1" val="0"/> </Action> </Task> </TaskerData>

submitted by /u/PulangPepe
[link] [comments]

Oracle exec: Open-source vendors locking down licences proves 'they were never really open'

The Register - Thu, 01/17/2019 - 11:42
'They used to be seen as the good guys, and Oracle was the bad guy'. So that means... everyone is the bad guy now?

Open-source vendors that haven't already switched to less permissive licences will do so this year as the move to the cloud threatens their business models, a senior Oracle exec has said.…

Pixel 3 - Dim screen brightness and night mode

Tasker: Total Automation for Android - Thu, 01/17/2019 - 11:35

I have set up a tasker command to dim my screen to a lower brightness and turn on night mode at a specific time. I am having two issues with this:

When I set the screen brightness level to 1, the screen only dims to 50% of the maximum brightness. Going the other way, a value of 255 sets the screen to 100%. Is there a way to decrease the screen brightness beyond halfway?

Additionally, trying to toggle night mode on does not work at all.

I'm using a pixel 3 xl and am up to date on all app and software updates as far as I am aware. Any help would be appreciated. Thanks!

submitted by /u/blackeagle225
[link] [comments]

You’ll Never See the End of This Project

Hack a Day - Thu, 01/17/2019 - 11:30

…theoretically, anyway. When [Quinn] lucked into a bunch of 5 mm red LEDs and a tube of 74LS164 shift registers, a project sprang to mind: “The Forever Number,” a pseudo-random number generator with a period longer than the age of the universe. Of course, the components used will fail long before the sequence repeats, but who cares, this thing looks awesome!

Check out the gorgeous wire-wrapping job!

The core of the project is a 242-bit linear-feedback shift register (LFSR) constructed from (31) 74LS164’s. An XOR gate and inverter computes the next bit of the sequence by XNOR’ing two feedback bits taken from taps on the register, and this bit is then fed into bit zero. Depending on which feedback taps are chosen, the output sequence will repeat after some number of clock cycles, with special sets of feedback taps giving maximal lengths of 2N – 1, where N is the register length. We’ll just note here that 2242 is a BIG number.

The output of the LFSR is displayed on a 22×11 array of LEDs, with the resulting patterns reminiscent of retro supercomputers both real and fictional, such as the WOPR from the movie “War Games,” or the CM2 from Thinking Machines.

The clock for this massive shift register comes from – wait for it – a 555 timer. A potentiometer allows adjustment of the clock frequency from 0.5 to 20 Hz, and some extra gates from the XOR and inverter ICs serve as clock distribution buffers.

We especially love the construction on this one. Each connection is meticulously wire-wrapped point-to-point on the back of the board, a relic originally intended for an Intel SBC 80/10 system. This type of board comes with integrated DIP sockets on the front and wire-wrap pins on the back, making connections very convenient. That’s right, not a drop of solder was used on the board.

You can see 11 seconds of the pattern in the video after the break. We’re glad [Quinn] didn’t film the entire sequence, which would have taken some 22,410,541,156,499,040,202,730,815,585,272,939,064,275,544, 100,401,052,233,911,798,596 years (assuming a 5 Hz clock and using taps on bits 241 and 171 ).

Another LED/LFSR hack we featured used the pseudo-random stream to simulate a flickering candle.

[ News ] ONLINE SHOP WITH CRYPTO ( BITCOIN, ETHEREUM )

Cryptography - Thu, 01/17/2019 - 10:48

Website offering antminer S15 , antminer T15 , laptops , phones , camera , video games , Tablets and others electro with good prices Guaranteed! with ( bitcoins, ethereum ) and they have promotions of -15% of bulk orders , and shipping ( dhl ,ups , Fedex, Free Shipping ) worldwide.

Coupon code for bulk orders : SHOP15OFF

Website : https://electroshop.io/

submitted by /u/GwenGarci
[link] [comments]
Categories: Information Security

Campaigners get go-ahead to challenge exemption UK gave itself over immigrants' data

The Register - Thu, 01/17/2019 - 10:40
Sueball lobbed at Brit government over Data Protection Act

The High Court has agreed to hear a campaign group's case against the UK's Data Protection Act, which they say leaves immigrants with fewer rights over their data.…

Sharpest Color CRT Display is Monochrome Plus a Trick

Hack a Day - Thu, 01/17/2019 - 10:01

I recently came across the most peculiar way to make a color CRT monitor. More than a few oscilloscopes have found their way on to my bench over the years, but I was particularly struck with a find from eBay. A quick look at the display reveals something a little alien. The sharpness is fantastic: each pixel is a perfect, uniform-colored little dot, a feat unequaled even by today’s best LCDs. The designers seem to have chosen a somewhat odd set of pastels for the UI though, and if you move your head just right, you can catch flashes of pure red, green, and blue. It turns out, this Tektronix TDS-754D sports a very peculiar display technology called NuColor — an evolutionary dead-end that was once touted as a superior alternative to traditional color CRTs.

Join me for a look inside to figure out what’s different from those old, heavy TVs that have gone the way of the dodo.

High-End Tools, High-End Hardware

Electrical engineers depend on their oscilloscopes to see what’s happening inside a circuit. If you’ve ever tried debugging without one, you know what a difficult and frustrating experience it can be. Consequently, users expect these devices to provide accurate representations of electrical waveforms: to be an extension of their eyes. If asked to name the most important part of a scope, what would you say? The attenuator or amplifier? The timebase?  The ADCs? The probes? In today’s screens-everywhere world, probably not many would say the display. But, for a generation of engineers brought up on analog scopes, the display was of paramount importance. Hence, the designers wanted the display to be as sharp as possible: any fuzziness should be due to the signal (like my bandwidth-limited wrencher), not the instrument.

Testing out the Tektronix TDS-754D, you can see the labels, grid lines, and even the Hackaday waveform are spectacularly sharp (click image to embiggen)

Analog oscilloscopes were very sharp, and they were monochrome. This was in keeping with their original function: to plot voltage (y) vs time (t), or in some cases, voltage (y) vs voltage (x). Color doesn’t add much to such a display, although many scopes also had a z-input to modulate the trace intensity. And while dual-beam scopes existed (for displaying separate channels simultaneously), keeping three beams synchronized as they swept across the display to create a real-time color trace would have added a great deal of complexity and cost for little return.

When digital storage scopes arrived, and the display evolved from a simple graph to a full user interface, color took on new importance. Different colors could be used to disambiguate traces, visually link them to automated measurements, and distinguish text and UI elements. Later, with the advent of digital phosphor oscilloscopes (DPOs), which did a fancy digital simulation of a real-time analog scope, color could be used to reveal subtle features of the waveforms themselves. So, it made sense to add color displays.

But, if you were building high-end oscilloscopes in the early 1990s, your choices for color displays were limited: color CRTs and LCDs, and each presented problems in oscilloscope use.

Color CRT Issues

The traditional way to display color images on a CRT was to use three electron beams striking an array of primary color phosphor dots (or in some systems, stripes). Several technologies were developed over the years, but they all share a common mechanism: a perforated mask of some kind is interposed between the cluster of electron guns and the screen, producing pinhole images of the three beams, hopefully with each one hitting the intended phosphor dots. In reality, this didn’t always happen, so blurriness and impure colors were common display artifacts. The use of separate color dots also meant a loss of spatial resolution: the smallest possible pixel was a cluster of red, green, and blue points.

Shadow-mask color CRT system.

Focusing a single electron beam into a tight dot is not a problem; scanning electron microscopes can have beam widths less than a 1 nm, although admittedly, they scan over a much smaller area relative to their size. The true difficulty is in keeping three beams aligned with each other and with the phosphor mosaic. As a result, monochrome CRTs suffered fewer image quality issues.

Not only was color CRT display quality problematic, but the devices themselves were bulky, heavy, and sensitive to vibration and shock, which could knock them out of alignment. Although some oscilloscopes were made with traditional color CRTs, the technology was far from ideal.

Why Not LCD? NuColor display (left) renders pixels of any color as uniform dots (enlarged below). In contrast, even modern LCDs (right) use red, green, and blue sub-pixels which cause color fringing at the pixel level (also enlarged).

Some competing oscilloscopes at the time were the first to use LCD screens. But, color LCD screens from that era were a far cry from the excellent displays we enjoy today. They suffered from low contrast, poor color quality, and had abysmal viewing angles. These were the early twisted nematic (TN) displays, primitive compared to today’s version, as in-plane-switching (IPS) displays were still a few years off. Even today’s LCDs haven’t managed to fix one of the original problems: each display pixel is still composed of primary color sub-pixels. Although this can occasionally be used to advantage, for instance in sub-pixel anti-aliasing for rendering text, it can also impart a blurriness to individual pixels.

The Tektronix NuColor Display

Instead of using either of the these existing technologies, the engineers at Tektronix decided to leverage their extensive experience with monochrome CRTs to create a superior display. They started with a traditional monochrome CRT with a white phosphor, then added an ingenious system of switchable colored filters to create a field-sequential color display. In this system, instead of the primary color components being distributed in space, pointillist style, they are distributed in time, with successive frames showing red, green, and blue components of an image. To the eye, the result is the same: primary color components for each pixel get blended into a perception of different colors. The marketing department over at Tektronix dubbed the technology “NuColor.”

NuColor display slowed by high-speed video reveals individual color frames being drawn at 180 Hz.

The biggest advantage to this system over color CRTs, and even modern LCDs, is immediately apparent: each pixel remains the same tiny, single dot as rendered by the monochrome CRT, but now appearing in your choice of color. Tektronix used a 180 Hz frame rate on these displays, so the full RGB display was refreshed every 60 Hz. The downside is an occasional glimpse of the individual color frames if you look away from the display quickly. This effect can also be captured with a high-speed camera.

Compared to color LCDs of the day, the other key advantages were brightness and contrast. The NuColor display had an enormous dynamic range driven by the monochrome CRT at its heart, putting the very poor contrast of contemporary LCDs to shame.

Polarized Filters for Each Color

To make this new display, Tektronix placed an electronically-controlled color shutter system in front of the CRT face. These color shutters were created using a type of liquid crystal technology, but instead of switching individual pixels, they switched the entire display at once, like today’s active 3D shutter glasses or auto-darkening welding helmets. In these LCD applications, light is passed through a neutral polarizing filter, creating polarized light. This light then traverses a liquid crystal cell which can rotate the polarization of light passing through, depending on applied voltage. Finally, the light exits through a front neutral polarizing filter. Depending on the amount of rotation that the liquid crystal cell applies, a varying amount of light is transmitted through the front polarizer.

Frame sequential color CRT system from US Pat. 4,635,051.

In the NuColor display, instead of using neutral polarizing filters, Tektronix used color-selective polarizers. For instance, the first polarizer in their full-color system passed all three red, green, and blue colors of vertically polarized light, while allowing only green in the horizontal polarization. By combining three such polarizers, each with a different single-axis color, they were able to create a system that could selectively pass red, green, blue, or white light. Like DLP projectors which use a red/green/blue/white color wheel to produce brighter images than red/green/blue alone, these displays could have offered an expanded dynamic range, although this technique appears not to have been used on oscilloscopes.

Tektronix was granted at least 10 US patents on this technology. These ranged from a system that could display only red and green primaries (US Pat. 4,582,396), to one that could display three de-saturated primaries resulting in an all-pastel colored output (US Pat.4,674,841), to a full-color display with an expanded color gamut (US Pat. 4,635,051). In the patents and subsequent media coverage from the early 1990s, they touted the advantages of the new display technology in better resolution, lower power consumption, and smaller size and weight. They also estimated it would add only 2.5% to the cost of an oscilloscope, as opposed to 12.5% for a traditional color CRT.

Steady March of Display Technology

Of course, today’s devices don’t use field-sequential color CRTs. The technology behind the NuColor display just couldn’t compete with the size and weight advantages of LCDs. Once LCD quality evolved far enough, these displays came to dominate the digital oscilloscope market just as they did nearly every other screen. Although, with OLEDs on target to outpace LCDs in smartphones this year, that may be changing.

Obviously, the NuColor displays are not being produced any longer, so some enterprising types have started providing LCD replacements for the aging CRTs in these scopes. Luckily, these scopes also sport an analog VGA output port for an external monitor.

By the way, should you happen to find yourself in possession of a 500MHz TDS-754D like this one, note that it’s field-upgradeable to a 1 GHz TDS-784D by changing a few resistors and removing a few capacitors. If you dig through the thread on the eevblog,  you can figure out how. It works, although it’s nowhere near as easy as software-only upgrades like we covered for the Rigol DS1022C, Rigol DS1052ERigol DS1054Z, and Rigol MSO5000.

One last note. I used the osmo-fl2k code we featured back in April to render our favorite logo on the scope: originally an RF hack that turns certain cheap USB-to-VGA dongles into SDR transmitters, it also comes in pretty handy around the lab as a $5 3-channel arbitrary waveform generator.

I find Tasker tough to figure out, but, there are two things I think Tasker and some support could help me with....

Tasker: Total Automation for Android - Thu, 01/17/2019 - 09:44

I am looking to reset the google advertising ID on a regular basis (daily), and only have apps that use location have access to location services when in use.

Thanks in advance for any help that might be provided. I have an s9+ on pie.

submitted by /u/dave812812
[link] [comments]

Pages