Cenzic 232 Patent
Paid Advertising
web application security lab
« Man in the Middle
iPhone SSL Warning and Safari Phishing »

Pushing The Limits of Tech

Before I begin this post, let me just say, I’ve always been a huge huge fan of technology. I’ve got more insane tech than almost anyone I know (I know a HD Moore, though, so I don’t win that geek war, but I’m close). And I also like to think I’ve got a firm grasp of the web, but every once in a while something strikes me as just simply stunning. Go here, and watch it - I suggest making it full screen: the new GE smart grid website. Go visit it before you read the rest of this.

I admit it, I’m amazed. It’s very very cool tech. It’s the wave of the future, and as much as I’d like to pretend I think it’s a terrible idea, I don’t. It’s just amazing. Annnnd just as I’m getting ready to set up my printer, get my camera ready, install a plugin and give it complete access to my camera… I pause, as my security brain finally wakes up from it’s amazement. I think we’re soon reaching an inflection point, and in many ways have just simply skipped way past it. What’s the point of the web? Is it to delight and amaze? Is it to allow better consumerism? Is it for communication? Is it to impart information? Is it to download porn? Is it all of those things?

How can we possibly secure ourselves when amazing applications are finally on the horizon that make even hardened security folks want to drop all their guards to join in the party? Am I becoming a Scrooge? “Cool tech - bah humbug!” GE’s application is a wiretapper’s dream application yet I’m compelled to join in and be amazed. *sigh* I guess I’ll just have to watch it again and pretend I don’t want to install it.

This entry was posted on Sunday, March 8th, 2009 at 5:32 pm and is filed under Webappsec, Random Security. Responses are currently closed, but you can trackback from your own site.

20 Responses to “Pushing The Limits of Tech”

  1. Manuel Says:
    March 8th, 2009 at 8:05 pm

    Wow, nice!!
    I had the same ugly feeling while testing Boffswana’s Papervision [*]. They don’t use a special plugin, but you have to allow they flash application to access your webcam. I hope nobody were behind that application looking the amazed, shocked and happy look on my face.

    [*] http://www.boffswana.com/news/

  2. fuzion Says:
    March 8th, 2009 at 9:18 pm

    Gee… I wonder how much they spent on that admittedly cool, but still quite useless bit of tech… My guess would be somewhere in the millions (including the cost of having it featured on CH). Now take a look at their stock prices for the last 3 years and ask yourself how much this little bit of viral-to-be marketing is going to help…

  3. Jawdy Says:
    March 9th, 2009 at 2:11 am

    What an awesome site - and the system that it uses looks like it’s the ARToolkit http://www.hitl.washington.edu/artoolkit/
    That said, I’ve never seen it used in a website, and across such generic hardware - so kudos to them!

    Not sure of the security implications, but I guess that’s why I read your site!

  4. Clerkendweller Says:
    March 9th, 2009 at 4:03 am

    Thanks for highlighting this.

    Super cool yes. I can’t wait for the version asking you to photocopy your credit card onto a sheet of paper and hold it up to your webcam… zip zap indeed.

    Source code and further examples at http://www.libspark.org/wiki/saqoosha/FLARToolKit/en

  5. GFCM Says:
    March 9th, 2009 at 4:52 am

    Isn’t it the same technology used at the PS3 game Eye of Judgement?

    Cards turned into 3d monsters.. pretty geek thought..

  6. laZee Says:
    March 9th, 2009 at 5:20 am

    I’ve seen something like that implemented as a PS3 Battle Card game: http://www.youtube.com/watch?v=Si0RT2p3pjM

  7. quadszilla Says:
    March 9th, 2009 at 6:56 am

    Wow - that’s fucking cool!

    So in 6 weeks we’ll have post here on how to XSS into people’s machines and make it so any time a they are on a web cam with, say, a ralph lauren logo no their shirt, an animation pops up to sell the person on the other side acai berries or an online dating site?

    I’ll be looking forward to that :)

  8. Zac B Says:
    March 9th, 2009 at 7:07 am

    Seems that GE guys have been looking for cool stuff … and have implemented the idea in a very cool way.

    http://www.vimeo.com/1320756 - could this be what the GE guys found?

  9. Jawdy Says:
    March 9th, 2009 at 7:53 am

    I just got linked to this one:
    http://www.viddler.com/explore/engadget/videos/319/0.696/
    Seems very similar, but uses Baseball cards instead of a printed sheet.

    This is all very cool stuff - and it _did_ come from the ARToolkit, like I thought… albeit via an offshoot version :-D

  10. DoctorDan Says:
    March 9th, 2009 at 9:19 am

    That technology probably isn’t quite as complicated or advanced as some might think, although it is very neat when put into practice. The thought of it being used on a website was a great one, albeit scary.

  11. Anonomus Coward Says:
    March 9th, 2009 at 12:47 pm

    Just curious, Did anyone notice on the link from RSnake that at the end the paper he was holding rendered a 3D image while not on his computer screen but from the actual camera angle filming it? I ran it back and forth a few times from various sources and their original flat image seems to jump off the page (~ 3sec from end). Also the GE site didn’t have a scare-crow……. Or am I just being parinod?!?

    AC out.

  12. rvdh Says:
    March 9th, 2009 at 1:42 pm

    @DoctorDan

    If it’s a static rendered 3D animation, then indeed it isn’t that hard. Matter of detecting the black square and play the animation opaque over it, it would be way harder to generate a 3d animation on the fly from nothing, because that requires way to much processor cycles.

  13. Gorka Says:
    March 9th, 2009 at 5:38 pm

    That is something I had seen before. Some guys did it with a piece of paper they moved around the table showing a sort of 3D monster.
    I’ve been thinking on doing a similar application where you interact via flash video with the interface. No more mouse nor keyboards, a simple “human reactant” interface.
    That is the future gentlemen.
    Cheers,
    Gorka

  14. underworld Says:
    March 10th, 2009 at 11:08 am

    very simple but nice idea, but yeah social engineering is still far stronger and the force is strong in this one…just makes you think!

  15. crazy_lil_white_guy Says:
    March 11th, 2009 at 1:02 am

    Then there is this stuff
    http://www.ted.com/index.php/talks/pattie_maes_demos_the_sixth_sense.html

  16. donwalrus Says:
    March 11th, 2009 at 12:01 pm

    Come on, you know you clicked on it :)

    Too cool to pass up….I actually freaked a guy out showing this to him…thanks for the entertaining link

  17. thrill Says:
    March 11th, 2009 at 10:27 pm

    How funny.. some of the younger crowd seems to think this is something new.. from my perspective this is nothing more than VRML meets AJAX with some motion detection software thrown in.. thanks for calling, please come again! ;)

    –thrill

  18. Dick C. Flatline Says:
    March 15th, 2009 at 10:00 am

    Pretty soon now, just about everybody is going to give up the last vestiges of their privacy and their freedom for one or another kind of high-tech costume jewelry.

    The vast majority of the populace have the IQ of a hamster, and all it will take is a shiny enough wheel.

    ACCESS YOUR CAMERA??? Did somebody suck out your brains with a freaking straw??

  19. dotnet_1 Says:
    March 21st, 2009 at 6:03 pm

    this is fucking awesome, it’s the first time i see that!
    thanx RSnake for the post :)

  20. Kyo Says:
    March 24th, 2009 at 12:28 am

    @Anonomus Coward
    I did notice that too, and I too played that part a couple of times. Weird.