DNA Lounge: Wherein we have a new sign.

Check it out, we now have a sign for the Above DNA door. Jeremy put this together out of left-over parts from the DNA Pizza sign (the cut-out bits that became negative space on that sign).

If you can see the error in the sign... you're probably me. Because nobody else will ever see it.

We also replaced the "371" number on the building with "375". I think that since our lot merger, there's not actually a "371" any more, but it might be that the official designation of these two buildings is "371-375" or something silly like that. (Where's 373? I think that was probably the back building, before the two buildings on the DNA Pizza lot were merged into one by dropping a small shanty-town on top of them to serve as the second floor.)

New Years Eve went great! We did a huge number of presales, and still managed to get all those people in the building before midnight, even though they all decided to show up late. That was actually how we decided how many tickets to sell: "How quickly do we think we can get those bodies inside, so that nobody ends up hearing the midnight countdown on the sidewalk and whining at us for a refund because they showed up at 11:45 like a crazy person."

We had more people than at DNA Halloween, but not as many as at Bootie Halloween. Still, a pretty respectable turnout, by which I mean, ka-ching!

Now we only need to do like 20 more events as profitable as that one and we'll have mostly dug out way out of the nigh-bottomless financial hole created by opening DNA Pizza and Above DNA...

This won't be happening in January and February, which are looking very thin compared to our surprisingly-busy December.

Please come drink our booze, ok?

The Emperor would like you to know that he's not dead yet:

@NortonI: Someone should inform the management at the DNA Lounge that We are not exactly deceased, but feel free to attend this: http://www.dnalounge.com/calendar/2013/01-08d.html

(Yes, you should come to that, it will be awesome.)

Also I posted my mixtape 124: thirty-one music videos corresponding to my favorite albums of the year. I don't usually announce those here, but maybe I should.


Sauron's Nipples

Previously, previously.

Tags: , , ,

Today in Echidna News

Previously, previously.

Tags: , , ,

Bypass full-disk encryption and passwords on any powered-on computer via Firewire.

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA.

The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any machine you have physical access to. [...] It is primarily intended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. [...]

Inception's main mode works as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device. The tool now has full read/write access to the lower 4GB of RAM on the victim. Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system's password authentication modules. Once found, the tool short circuits the code that is triggered if an incorrect password is entered. [...]

The problem is old, but it is not entirely fixable with a driver update, a patch or a new OS version. The problem is in the Firewire specs. All OS vendors that want to include Firewire drivers that are OHCI compliant and works out of the box with SBP-2 devices are vulnerable in some degree. [...]

You can use any interface that expands the PCIe bus, for example PCMCIA, ExpressCards, the new Thunderbolt interface and perhaps SD/IO to hotplug a FireWire interface into the victim machine. The OS will install the necessary drivers on the fly, even when the machine is locked.

So that's, you know, bad.


Tags: , , , ,

SOMA Nature Walk

I chatted with the crane operator: he says this hole is going to be 80' deep, and the drill itself is 200' long. It's currently being disassembled in New York, and will be traveling here by boat, arriving some time in March.

Tags: , , ,

  • Previously