< Back to JetLib.com

jetlib.sec

« Expand/Collapse

Recent items

Skip to page: 1 2 3 4 ... 898

May 21, 2019
16:00
Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration
» ‎ Packet Storm Security Misc. Files

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.
Tags:

15:44
JavaScriptCore LICM Uninitialized Stack Variable
» ‎ Packet Storm Security Exploits

JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.
Tags:

15:44
JavaScriptCore LICM Uninitialized Stack Variable
» ‎ Packet Storm Security Recent Files

JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.
Tags:

15:44
JavaScriptCore LICM Uninitialized Stack Variable
» ‎ Packet Storm Security Misc. Files

JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.
Tags:

15:22
JavaScriptCore AIR Optimization Incorrectly Removes Assignment To Register
» ‎ Packet Storm Security Advisories

JavaScriptCore AIR optimization incorrectly removes assignment to register.
Tags:

15:22
JavaScriptCore AIR Optimization Incorrectly Removes Assignment To Register
» ‎ Packet Storm Security Recent Files

JavaScriptCore AIR optimization incorrectly removes assignment to register.
Tags:

15:22
JavaScriptCore AIR Optimization Incorrectly Removes Assignment To Register
» ‎ Packet Storm Security Misc. Files

JavaScriptCore AIR optimization incorrectly removes assignment to register.
Tags:

13:22
PHP PHP_INI_SYSTEM Ineffective Controls
» ‎ Packet Storm Security Exploits

Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
Tags:

13:22
PHP PHP_INI_SYSTEM Ineffective Controls
» ‎ Packet Storm Security Recent Files

Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
Tags:

13:22
PHP PHP_INI_SYSTEM Ineffective Controls
» ‎ Packet Storm Security Misc. Files

Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
Tags:

13:00
Solving The Final Part Of The iClicker Puzzle
» ‎ Hack a Day

The regular Hackaday reader might remember the iClicker from our previous coverage of the classroom quiz device, or perhaps you even had some first hand experience with it during your university days. A number of hackers have worked to reverse engineer the devices over the years, and on the whole, it’s a fairly well understood system. But there are still a few gaps in the hacker’s map of the iClicker, and for some folks, that just won’t do.

[Ammar Askar] took it upon himself to further the state of the art for iClicker hacking, and has put together a very detailed account on his blog. While most efforts have focused on documenting and eventually recreating how the student remotes send their responses to the teacher’s base station, he was curious about looking at the system from the other side. Specifically, he wanted to know how the base station was able to push teacher-supplied welcome messages to the student units, and how it informed the clients that their answers had been acknowledged.

He started by looking through the base station’s software update tool to find out where it was downloading the firmware files from, a trick we’ve seen used to great effect in the past. With the firmware in hand, [Ammar] disassembled the AVR code in IDA and got to work piecing together how the hardware works. He knew from previous group’s exploration of the hardware that the base station’s Semtech XE1203F radio is connected to the processor via SPI, so he started searching for code which was interacting with the SPI control registers.

This line of logic uncovered how the radio is configured over SPI, and ultimately where the data intended for transmission is stored in memory. He then moved over to running the firmware image in simavr. Just like Firmadyne allows you to run ARM or MIPS firmware with an attached debugger, this tool allowed [Ammar] to poke around in memory and do things such as simulate when student responses were coming in over the radio link.

At that point, all he had to do was capture the bytes being sent out and decode what they actually meant. This process was complicated slightly by the fact the system uses to use its own custom encoding rather than ASCII for the messages, but by that point, [Ammar] was too close to let something like that deter him. Nearly a decade after first hearing that hackers had started poking around inside of them, it looks like we can finally close the case on the iClicker.

Tags: classic hacks
11:30
Bringing Battle Bots into the Modern Classroom
» ‎ Hack a Day

With the wide array of digital entertainment that’s available to young students, it can be difficult for educators to capture their imagination. In decades past, a “volcano” made with baking soda and vinegar would’ve been enough to put a class of 5th graders on the edge of their seats, but those projects don’t pack quite the same punch on students who may have prefaced their school day with a battle royale match. Today’s educators are tasked with inspiring kids who already have the world at their fingertips.

Hoping to rise to that challenge with her entry into the 2019 Hackaday Prize, [Misty Lackie] is putting together a kit which would allow elementary and middle school students to build their very own fighting robots. Thanks to the use of modular components, younger students don’t have to get bogged down with soldering or the intricacies of how all the hardware actually works. On the other hand, older kids will be able to extend the basic platform without having to start from scratch.

The electronics for the bot consist primarily of an Arduino Uno with Sensor Shield, a dual H-bridge motor controller, and a wireless receiver for a PS2 controller. This allows the students to control the bot’s dual drive motors with an input scheme that’s likely very familiar to them already. By mapping the controller’s face buttons to digital pins on the Arduino, additional functions such as the spinner seen in the bot after the break, easily be activated.

[Misty] has already done some test runs with an early version of the kit, and so far its been a huge success. Students were free to design their own bodies and add-ons for the remote controlled platform, and it’s fascinating to see how unique the final results turned out to be. We’ve seen in the past how excited students can be when tasked with customizing their own robots, so any entry into that field is a positive development in our book.

The HackadayPrize2019 is Sponsored by:

Tags: robots hacks

10:13
Emerson Network Power Cross Site Scripting(XSS) Vulnerability
» ‎ Full Disclosure

Posted by Kubilay Onur Gungor on May 21
I. VULNERABILITY
-------------------------
httpGetSet/httpGet.htm on
Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.

II. CVE REFERENCE
-------------------------
CVE-2019-12167

III. VENDOR
-------------------------
Emerson Network Power

IV. TIMELINE
-------------------------
13/05/2019 Vulnerability discovered

V. CREDIT
-------------------------
Kubilay Onur Gungor from Cyber Struggle

VI....

Tags:
10:11
Blackhole for Bad Bots WordPress Plugin 2.5 - Detection Bypass
» ‎ Full Disclosure

Posted by gionreale on May 21
Blackhole for Bad Bots protects your site against bad bots, spammers, scrapers, scanners, and other automated threats.

Version 2.5 fails to avoid fingerprinting by including predictable data within the "blackhole_trigger" . Giving
attackers the ability to detect and avoid this system.

Discovered by Gionathan Armando Reale

Tags:
10:11
Epic Web Honeypot 2.0a - Fingerprinting Vulnerability
» ‎ Full Disclosure

Posted by gionreale on May 21
The Epic Web Honeypot Project aims to lure attackers using various types of web vulnerability scanners by tricking them
into believing that they have found a vulnerability on a host.

Version 2.0a fails to avoid fingerprinting by including predictable data and size within index.html(the main file).
Giving attackers the ability to detect and avoid this system.

Discovered by Gionathan Armando Reale

Tags:
10:11
Re: GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability
» ‎ Full Disclosure

Posted by gionreale on May 21
CVE-2019-12163.

Tags:

10:01
Who Really Has The Largest Aircraft?
» ‎ Hack a Day

We were all glued to our screens for a moment a few weeks ago, watching the Scaled Composites Stratolaunch dual-fuselage space launch platform aircraft make its first flight. The six-engined aircraft represents an impressive technical feat by any standard, and with a wingspan of 385 ft (117 m) and payload weight of 550,000 lb (250 t), is touted as the largest ever flown.

Our own Brian Benchoff took a look at the possibility of hauling more mundane cargo as an alternative (and possibly more popular) use of its lifting capabilities. And in doing so mentioned that “by most measure that matter” this is the largest aircraft ever built. There are several contenders for the title of largest aircraft that depend upon different statistics, so which one really is the largest? Sometimes it’s not as clear as you’d think, but finding out leads us into a fascinating review of some unusual aeronautical engineering.

The Antonov 225 in flight. Alex Beltyukov [CC BY-SA 3.0]The history of flight has been marked by a succession of achievements and broken records ever since a pair of Frenchmen climbed aboard a Montgolfier balloon in 1783. Sometimes there have been parallel achievements, and credit can go to different people depending on where in the world you live. But it has been rare for one record to be broken alone. Multiple competing efforts have always spurred the development of rivals, so any given crown will always have a number of contenders for it.

So, back to the Stratolaunch. It has the largest wingspan of any aircraft flown, but is it really the largest aircraft? The answer’s a little complex, and depends on how you classify your aircraft.
What Does Large Even Mean?
Until this month, asking a Hackaday reader what the largest aircraft was would have elicited a straightforward answer. The Antonov AN225 Mriya was produced in the 1980s as the ultimate progression of a string of large Soviet transport aircraft. It was conceived as a transporter for the Soviet space programme and also with an eye for use as an aerial launch platform, and has a distinctive split tailplane to accommodate the turbulence caused by a load such as a Buran spacecraft mounted upon its roof. The Antonov company now has its home in modern-day Ukraine, and the sole completed AN225 now serves as a commercial aircraft traveling the world with the market for extreme-sized air freight all to itself. Its wingspan at 290 ft (88.4 m) leaves it well behind the Stratolauncher, but its 275 ft 7 in (84m) length and 559,580 lb (253.8t) payload capacity both exceed those of the American craft. So the Ukrainians have the larger aircraft. But so do the Americans, so at this point we enter the realm of international rivalries, and reading further into the subject, some pretty fascinating aircraft.
!n 1910, anything must have seemed possible.
The history of very large fixed-wing aircraft is a long one, with contenders stretching back to the first couple of decades of powered flight. At the time futurologists had visions of aircraft following the same trajectory as ships and becoming ever more massive, so it was natural that a generation of monster aircraft would emerge in the years following the First World War. Flight iconography was all the rage in contemporary design, and being the first to have a contender for the world’s largest aircraft became a source of national pride. Giant aircraft such as Germany’s Dornier Do X seaplane or the Soviet Union’s Tupolev ANT-20 were the last word in aeronautical development, and governments and aircraft manufacturers across the world scrambled to build their own prototype monster craft through the 1930s.

The demands of a global conflict by the end of that decade necessitated series-production heavy bombers and transport aircraft rather than prototype luxury airliners, so the largest aircraft of WWII were fewer in number and saw little action. Probably the most famous of all of them was conceived as a wartime transport but not completed until 1947. The Hughes H4 Hercules, “Spruce Goose” flying boat was conceived as a long-distance transport aircraft for the American military able to move up to 750 troops or two tanks across the Atlantic, and with a 320 ft 11 in (97.54 m) wingspan it comfortably exceeded all large aircraft contenders until the Stratolauncher, and though it has now been surpassed by all measures it remains a genuine holder of the largest aircraft title. Contrary to popular legend it is not made of spruce, instead employing a birch composite for lightness and economy of wartime aluminium use.
Who Are Today’s Contenders?
The Airbus A380 airliner at its launch. Xeper[CC BY-SA 3.0]We’re used to the bigger single-fuselage jet-engined aircraft as our reference point for size, because post-war large aircraft development since the ill-fated de Haviland Comet 1 airliner in 1949 has in most cases followed that course. Of these the AN225 is the largest by far, but should we also discount the Airbus A380 airliner with its huge 853-passenger capacity or the Boeing 747-8 which is the world’s longest passenger aircraft? Or how about the various special-purpose manufacturer transport aircraft, Airbus’ Beluga XL fleet, or the Boeing Dreamlifters? Boeing, Airbus, Antonov, and the Scaled Composites all have a stake of their own in the largest aircraft race, with Hughes as a strong cultural reference. Perhaps it is best to be very careful in qualifying any statements about aircraft size, and to tread carefully among your international friends. Where this is being written we’d vote for the Ukrainians on sheer lifting ability, though for sheer lying-outside-the-perimeter-fence large aircraft awesomeness we’d stick with Uncle Sam’s tax dollars and the fearsome spectacle of a Boeing B-52H giving it some throttle on summer exercises at RAF Fairford. You definitely have to be there!
It’s Really About the Tech The DaSH PA human-powered aircraft. Robert A. Proudfoot (CC BY-SA 4.0)
One of the most interesting parts of writing this piece has surprisingly not come from the behemoth aircraft listed above, but from learning about the other largest aircraft, those largest of a particular type. Watching YouTube videos of the Antonov AN-2 for example, the largest mass-produced single-engined biplane, whose unique wing design delivers a capability for seemingly impossibly slow flight. Or the Solar Impulse 2 solar-electric circumnavigation aircraft, which we’re giving the crown of largest electric manned aircraft based on its 71.9 m (236 ft) wingspan but are prepared to be proved wrong by readers with greater knowledge. Sometimes with experimental aircraft it can even be difficult to ascertain which is the largest, we think the DaSH PA with its around 40-metre wingspan is the largest human-powered aircraft, but understandably in that field the designers are more concerned with performance or simply getting airborne in the first place than they are with size records.

Perhaps there is a lesson to be taken from the solar- and human-powered aircraft in all of this. With so many contenders for the title of largest aircraft, should we even be rating these craft on their size alone? They all represent astounding achievements of extreme engineering and material science in their own ways, so not one of them is less worthy of our excitement than any other. Instead we should be keenly looking forwards, because if one organisation, company, or country claims the title of largest aircraft, there is sure to be another exciting craft from another source in the works vying to take away its crown. And that is what keeps us here at Hackaday coming back for more.

Header image, Scaled Composites Stratolauncher, Robert Sullivan [No restrictions]

Tags: featured
8:30
How Hard Can It Be To Buy A Computer In Germany And Get It Back Home To The UK?
» ‎ Hack a Day

Some of the best adventures in the world of hardware hacking start in the pub. For three volunteers at the National Museum Of Computing in the UK, [Adam Bradley], [Chris Blackburn], and [Peter Vaughan], theirs started over a pint with an eBay listing for an old computer in Germany. No problem you might think, we’re well used to international parcel shipping. This computer wasn’t a crusty old Commodore 64 though, instead it was a room-sized IBM System/360 Model 20 from the 1960s, complete with the full array of peripherals and what seemed to be a lot of documentation and software media. It would need a Mercedes Sprinter, a large van, to shift it, but that seemed feasible. With a bit of frantic bidding they secured the auction, and set off for Germany to view their purchase.

Arriving at the machine’s location they found a little bit more than they had expected. In an abandoned building on a side street in Nuremburg there was an intact machine room full of the IBM computer cabinets over a false floor with all the machine cabling in place, and the only usable access was through a street door which hadn’t been opened in decades and which was obstructed by the false floor itself. To cap it all they found they’d bought not one but two System/360s, and also unexpectedly a 1970s System/370 Model 125. Clearly this was more than a job for a quick in-and-out with a Sprinter.

What followed became a lengthy saga of repeated trips, van hire, constructing ramps, and moving heavy computer parts to a hastily rented storage unit. Decabling a computer of this size is no easy task at the best of times, and these cables had spent many decades in a neglected machine room. It’s a fascinating read, and a very well-documented one with plenty of photos. The machines now sit in their storage units awaiting a return to the UK, and the trio are soliciting any help they can find to make that happen. So if you happen to own a European haulage company with spare capacity on your Germany — UK route or if you can help them in any way, donate or get in touch with them. We think this project has much more to offer, so we’ll be following their progress with interest.

These three intrepid computer hunters were brought together at The National Museum Of Computing at Bletchley, UK. If you find yourself within range it is an essential place to visit, we did so in 2016.

Tags: Hardware
7:00
This Week in Security: What’s up with Whatsapp, Windows XP Patches, And Cisco is Attacked by the Thrangrycat
» ‎ Hack a Day
Whatsapp allows for end-to-end encrypted messaging, secure VoIP calls, and until this week, malware installation when receiving a call. A maliciously crafted SRTCP connection can trigger a buffer overflow, and execute code on the target device. The vulnerability was apparently found first by a surveillance company, The NSO Group. NSO is known for Pegasus, a commercial spyware program that they’ve marketed to governments and intelligence agencies, and which has been implicated in a number of human rights violations and even the assassination of Jamal Khashoggi. It seems that this Whatsapp vulnerability was one of the infection vectors used by the Pegasus program. After independently discovering the flaw, Facebook pushed a fixed client on Monday.
Windows XP Patched Against Wormable Vulnerability
What year is it!? This Tuesday, Microsoft released a patch for Windows XP, five years after support for the venerable OS officially ended. Reminiscent of the last time Microsoft patched Windows XP, when Wannacry was the crisis. This week, Microsoft patched a Remote Desktop Protocol (RDP) vulnerability, CVE-2019-0708. The vulnerability allows an attacker to connect to the RDP service, send a malicious request, and have control over the system. Since no authentication is required, the vulnerability is considered “wormable”, or exploitable by a self-replicating program.

Windows XP through Windows 7 has the flaw, and fixes were rolled out, though notably not for Windows Vista. It’s been reported that it’s possible to download the patch for Server 2008 and manually apply it to Windows Vista. That said, it’s high time to retire the unsupported systems, or at least disconnect them from the network.
The Worst Vulnerability Name of All Time
Thrangrycat. Or more accurately, “” is a newly announced vulnerability in Cisco products, discovered by Red Balloon Security. Cisco uses secure boot on many of their devices in order to prevent malicious tampering with device firmware. Secure boot is achieved through the use of a secondary processor, a Trust Anchor module (TAm). This module ensures that the rest of the system is running properly signed firmware. The only problem with this scheme is that the dedicated TAm also has firmware, and that firmware can be attacked. The TAm processor is actually an FPGA, and researchers discovered that it was possible to modify the FPGA bitstream, totally defeating the secure boot mechanism.

The name of the attack, thrangrycat, might be a satirical shot at other ridiculous vulnerability names. Naming issues aside, it’s an impressive bit of work, numbered CVE-2019-1649. At the same time, Red Balloon Security disclosed another vulnerability that allowed command injection by an authenticated user.
Odds and Ends
- Google discovered that their Bluetooth Security Keys use Bluetooth, and maybe that’s not a great idea.
- Our own Bob Baddeley finally put the Supermicro server story to bed, probably.
- Fifty year old aviation technology is hackable, but probably won’t be.
See a security story you think we should cover? Drop us a note in the tip jar!

Tags: hackaday Columns

6:36
Unsecure Chtrbox AWS Database Exposes Data On 49 Million Instagram Influencers, Accounts
» ‎ Packet Storm Security Headlines

Unsecure Chtrbox AWS Database Exposes Data On 49 Million Instagram Influencers, Accounts
Tags: headlineprivacyamazondata lossfacebook
6:36
Huawei's Microchip Vulnerability Explained
» ‎ Packet Storm Security Headlines

Huawei's Microchip Vulnerability Explained
Tags: headlinegovernmentusachinaflawcyberwarspyware
6:36
Linux Variant Of Winnti Malware Spotted In Wild
» ‎ Packet Storm Security Headlines

Linux Variant Of Winnti Malware Spotted In Wild
Tags: headlinemalwarelinux
6:36
Baltimore Ransomware Nightmare Could Last Weeks More
» ‎ Packet Storm Security Headlines

Baltimore Ransomware Nightmare Could Last Weeks More
Tags: headlinegovernmentusacybercrimefraudcryptography

6:33
[REVIVE-SA-2019-002] Revive Adserver Vulnerability
» ‎ Bugtraq

Posted by Matteo Beccati on May 21
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2019-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2019-002
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2019-05-21
Risk Level: High...

Tags:
6:29
CSRF in Darktrace Enterprise Immune System
» ‎ Bugtraq

Posted by Gerwout Van der Veen on May 21
1 - Vulnerability
Darktrace Enterpise Immune System 3.0.9 and 3.0.10 contains multiple
cross site request forgery vulnerabilities. It is highly likely that
older versions are affected as well, but this has not been confirmed.
An attacker can whitelist domains and/or change core Darktrace
configuration. The below proof of concept whitelists
www.evilhackers.com, completely disables all types of alerting and it
disables the Antigena component....

Tags:

4:00
Stick Your Own Samples In The Cheetah SpecDrum
» ‎ Hack a Day

The Sinclair ZX Spectrum was a popular computer in the 8-bit era, and particularly so in its homeland of the United Kingdom. It was known more for its low cost than its capabilities, but it gained many add-ons over the years. One of those was the Cheetah SpecDrum, which turned the Spectrum into a rudimentary drum machine. [PianoMatt] wasn’t happy with the original drum samples, so he set about loading a custom kit into the SpecDrum.

The SpecDrum software initially came with extra sample tapes, so [PianoMatt] knew it was an achievable task to load in custom samples. Starting by loading the software in an emulator, the RAM was then exported as raw data and loaded up in Audacity. After some experimentation, it was determined the samples were stored in 8-bit format at a sample rate of approximately 20 kHz. With this figured out, it was then possible to load replacement samples directly into RAM through the emulator.

However, this wasn’t enough for [PianoMatt]. Further digging enabled him to reverse engineer the format of the replacement sample tapes. Armed with this knowledge, [PianoMatt] then generated his own tape, complete with proper headers and labels for each drum sound.

It’s a tidy effort to bring a more modern sound to a now positively ancient piece of hardware. We’d love to hear a track with drums courtesy of the SpecDrum, so we’ll keep an ear out on Soundcloud. Mucking around with old sound hardware is a popular pastime in these parts – we’ve even seen people go so far as to build bespoke Sega chiptune players from scratch.

Tags: musical hacks

3:11
Slims CMS Akasia 8.3.1 SQL Injection
» ‎ Packet Storm Security Exploits

Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Tags:

3:11
Slims CMS Akasia 8.3.1 SQL Injection
» ‎ Packet Storm Security Recent Files

Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Tags:

3:11
Slims CMS Akasia 8.3.1 SQL Injection
» ‎ Packet Storm Security Misc. Files

Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Tags:

1:00
Paperclip Breadboard
» ‎ Hack a Day

TV’s MacGyver would love the breadboard arrangement we saw recently: it uses paperclips and crimping to make circuits that can be more or less permanent with no soldering. The basic idea is simple. A cardboard base has a piece of paper affixed. Metal paperclips are bent straight and glued to the paper using PVA glue (you know, like ordinary Elmer’s; hot glue would probably work, too). You could probably salvage wires out of old house wiring that would work for this, too.

The scheme uses two sizes of paper clips. Large ones are made straight and form the rails, while small paperclips make connections. The rails are bent to have a little “ear” that pushes into the cardboard base to hold them still. A little glue stabilizes them. The ears poke out the back, so the author suggests covering them with duct tape, hot glue, or another piece of cardboard. Using the top of a shoebox would also solve the problem.

Using pliers, the smaller paperclips are made to grip components. Obviously, you’ll need through-hole components and any sort of IC will probably require a little adapter board. This technique is really better for simple circuits with no ICs. For quick connections, you can crimp a single hook or use a double hook for a stronger connection that is harder to install.

There are other makeshift items included such as a magnetic battery holder. If you really prefer to solder, we’ve done something really similar using copper foil tape as the rails. You can find this tape at craft stores that sell supplies for staining glass. You can actually treat the tape like a PCB trace so long as you remember to solder where they cross as the adhesive will probably insulate the two pieces of tape.

This would be a fun rainy day project with kids. We doubt it will displace the ubiquitous breadboard, although there are some ideas that are attempting to do just that. We’ve also seen other people use paperclips for a variety of unusual purposes — including the ever popular paperclip computer.

Tags: tool hacks

0:00
Vuln: Mozilla Firefox/Thunderbird/Firefox ESR Multiple Security Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Mozilla Firefox/Thunderbird/Firefox ESR Multiple Security Vulnerabilities
Tags:
0:00
Vuln: Mitsubishi Electric MELSEC-Q Series PLCs CVE-2019-10977 Remote Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Mitsubishi Electric MELSEC-Q Series PLCs CVE-2019-10977 Remote Denial of Service Vulnerability
Tags:
0:00
Vuln: Mozilla Firefox Multiple Security Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Mozilla Firefox Multiple Security Vulnerabilities
Tags:
0:00
Vuln: Microsoft Windows 'SetJobFileSecurityByName()' Function Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Windows 'SetJobFileSecurityByName()' Function Local Privilege Escalation Vulnerability
Tags:

May 20, 2019
23:41
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
» ‎ Bugtraq

Posted by Michael Catanzaro on May 20
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
------------------------------------------------------------------------

Date reported : May 20, 2019
Advisory ID : WSA-2019-0003
WebKitGTK Advisory URL :
https://webkitgtk.org/security/WSA-2019-0003.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0003.html
CVE identifiers : CVE-2019-6237,...

Tags:
23:37
Advisory: security controls configured in php.ini could be bypassed on Linux
» ‎ Bugtraq

Posted by Imre Rad on May 20
"PHP is a popular general-purpose scripting language that is
especially suited to web development."

PHP has deployed several features over the years that are prone to
incorrect architectural decisions (safe mode
https://www.php.net/manual/en/features.safe-mode.php or open_basedir
http://news.php.net/php.internals/105606), to have unexpected security
implications (register globals
https://www.php.net/manual/en/security.globals.php), or...

Tags:

22:00
Design Tips For Easier CNC Milling
» ‎ Hack a Day

CNC machining is a wonderful thing, taking away a lot of the manual work required in machining and replacing it with accurate, repeatable computer control. However, this doesn’t mean that you can simply click a few buttons and become a great machinist overnight. There are a wide variety of skills involved in utilizing these tools effectively, and [Adam Bender] has created a guide to help budding makers learn the skills of design for CNC milling.

[Adam]’s guide starts from a basic level, considering 3-axis CNC milling with the most commonly used tools. From there, a whole range of tips, tricks, and potential pitfalls are discussed to help new machinists get to grips with CNC milling. Everything from dogbone corners, to tool selection and feature heights are covered, as well as cost-saving techniques like minimising the number of setups required.

These are skills any engineer will learn in a hurry when approaching an experienced CNC machinist, but it’s always better to go in forewarned and forearmed. Of course, for those eager to not just work with, but build their own CNC machine, we’ve covered that base too. Video after the break.

Tags: tool hacks
19:00
Lateral Thinking For An Easier Charlieplex
» ‎ Hack a Day

In the practical world we live in, PCBs are often rectangles (or rectangles with rectangles, it’s just rectangles all the way down). When a designer goes to schematic capture things are put down on nice neat grid intersections; and if there isn’t a particular demand during layout the components probably go on a grid too. Routing even the nastiest fractal web of traces is mostly a matter of layers and patience. But if the layout isn’t being done in a CAD tool and needs to be hand assembled free-form this isn’t always as simple. [M Rule] had this very problem and discovered a clever solution, turning things diagonal.

They changed the fitness criteria to the optimization problem that is controlling a lot of LEDs. Instead of minimum pins to drive the goal became “easiest assembly”, which meant avoiding wires snaking back and forth across the layout, a big source of frustration in a big Charlieplexed design. The observation was that if they turned the a rectilinear LED matrix by 45° and wrapped each connection around at the edges it formed what was essentially a large multiplexed matrix. The topology is pretty mind bending, so take a minute to study the illustration and build your mental model.

It looks a little strange, but this display works the same way a normal multiplexed display does but with the added benefit that each trace flows from one side to the other without turning back on itself at any point. To light any LED set the right row/column pair as source/sink and it turns on!

What if you actually need a rectangular display? Well that’s no problem, the matrix can be bent and smooshed as desired to change its shape. At the most extreme the possible display topologies get pretty wild! We’re sure to try thinking laterally next time we need to design an unusual display, maybe there is a more efficient matrix to be found.

Tags: art
16:00
Using a Cheap Handheld Radio As A Morse Transceiver
» ‎ Hack a Day

Both grizzled hams and potential future amateur radio operators are well-served by the market these days. Powerful and capable UHF and VHF handheld transceivers can now be had for well under $100, something unimaginable as recently as 20 years ago. Of course, a major part of the amateur radio scene used to be Morse code. Not to worry though, you can do that with a handheld, too!

The setup is simple but effective. A Morse code training unit generates tones in response to input from a Morse keyer. This audio is passed into the headset port of a Baofeng handheld transmitter. A toggle switch is wired up to the Push-To-Transmit circuit of the Baofeng to trigger transmission when required.

It’s a little different from the more typical constant-wave transmission methods that are so seldom used nowadays, but it gets the job done. Morse code has always been appreciated in situations where voice transmission is difficult due to low bandwidth or interference, and now it’s easy for new hams to give it a try.

Morse code can be a trial to learn, but spare a thought for the folks who had to pick it up back in 1939. Video after the break.

Tags: radio hacks
13:00
Integrated Circuits Can Be Easy to Understand with the Right Teachers
» ‎ Hack a Day

For years I’ve been trying to wrap my mind around how silicon chips actually work. How does a purposefully contaminated shard of glass wield control over electrons? Every once in a while, someone comes up with a learning aid that makes these abstract concepts really easy to understand, and this was the case with one of the booths at Maker Faire Bay Area. In addition to the insight it gave me (and hundreds of Faire-goers), here is an example of the best of what Maker Faire stands for. You’ll find a video of their presentation embedded below, along with closeup images of the props used at the booth.

The Uncovering the Silicon booth had a banner and a tablecloth, but was otherwise so unassuming that many people I spoke with missed it. Windell Oskay, Lenore Edman, Eric Schlepfer, John McMaster, and Ken Shirriff took a 50-year-old logic chip and laid it bare for anyone who cared to stop and ask what was on display. The Fairchild μL914 is a dual NOR gate, and it’s age matters because the silicon is not just simple, it’s enormous by today’s standards making it relatively easy to peer inside with tools available to the individual hacker.
ATmega328 decapped by John McMaster was also on display at this booth
The first challenge is just getting to the die itself. This is John McMaster’s specialty, and you’re likely familiar from his Silicon Pr0n website. He decapped the chip (as well as an ATmega328 which was running the Arduino blink sketch with it’s silicon exposed). Visitors to the booth could look through the microscope and see the circuit for themselves. But looking doesn’t mean understanding, and that’s where this exhibit shines.

To walk us through how this chip works, a stack-up of laser-cut acrylic demonstrates the base, emitter, and collector of a single transistor. The color coding and shape of this small model makes it easy to pick out the six transistors of the 941 on a full model of the chip. This lets you begin to trace out the function of the circuit.

For me, a real ah-ha moment was the resistors in the design. A resistive layer is produced by doping the semiconductor with impurities, making it conduct more poorly. But how do you zero-in on the desired resistance for each part? It’s not by changing the doping, that remains the same. The trick is to make the resistor itself take up a larger footprint. More physical space for the electrons to travel means a lower resistance, and in the model you can see a nice fat resistor in the lower right. The proof for these models was the final showpiece of the exhibit as the artwork of the silicon die was laid out as a circuit board with discrete transistors used to recreate the functionality of the original chip.

Windell takes us through the booth presentation in the video below. I think you’ll be impressed by the breakdown of these concepts and how well they aid in understanding. This was a brilliant concept for an exhibit; it brought together interdisciplinary experts whom I respect and whose work I follow, and sought to invite everyone to gain a better understanding of the secrets hiding in the chips that underpin this technological age. This is exactly the kind of thing I love to see at a Maker Faire.

Tags: classic hacks
11:30
Tracking Stolen Bikes with Narrowband IoT
» ‎ Hack a Day

For his entry into the 2019 Hackaday Prize, [Marin Vukosav] is working on an ambitious project to create a small GPS tracking device which utilizes Narrowband IoT (NB-IoT) for long range communications. Rather than using a GSM modem which would suck the batteries dry in short order, NB-IoT can theoretically maintain a connection within a 10 to 15 kilometer range while keeping the energy consumption low enough that the tracker could go up to a year before needing to be recharged.

At this point, the hardware is still in the proof of concept phase. [Marin] is using an Arduino with a GPS shield and a SIM7000 NB-IoT module to experiment with the concept, but ultimately says he wants to shrink the hardware down to the point it could fit inside of a bike light. Looking even farther ahead, he’d like to make deals with bike manufacturers so the module could be integrated into the frame itself, where a thief wouldn’t be able to access it at all.

Of course, nothing says this technology has to be limited to bikes. If [Marin] can get it small enough, and reach even half of his goal battery life, he’d have a very compelling product on his hands. Who wouldn’t want to add something like this to their long-range drone in case it gets lost?

There’s still a long way to go on this project, and it’s not all hardware. [Marin] will also have to create the software side of things, a site where you can register your tracker and be able to view its near real-time position on the map. It’s a lot of work, especially if you’re planning on turning it into a commercial product, and we’re very interested to follow along and see where the project goes throughout the year.
The HackadayPrize2019 is Sponsored by:

Tags: the hackaday prize
10:46
OSH Park Hack Chat
» ‎ Hack a Day

Join us Thursday at noon Pacific time for the OSH Park Hack Chat with Drew and Chris!
Note the different day from our usual Hack Chat schedule!
Printed circuit boards have been around for decades, and mass production of them has been an incalculable boon to the electronics industry. But turning the economics of PCB production around and making it accessible to small-scale producers and even home experimenters is a relatively recent development, and one which may have an even broader and deeper impact on the industry in the long run.

The entire toolchain for PCB production, from design software to final production and shipping of finished boards, has been open-sourced and democratized to the point where we barely even think about the complexity behind it all. To pull back the curtain on the PCB production world a bit, Drew and Chris will be joining us on the Hack Chat to discuss a little about how OSH Park gets those “Perfect Purple PCBs” fabricated and shipped.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Thursday, May 23 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Thursday; join whenever you want and you can see what the community is talking about.

Tags: hackaday Columns
10:01
Everything We Know About SpaceX’s Starlink Network
» ‎ Hack a Day

When it comes to SpaceX, or perhaps more accurately its somewhat eccentric founder and CEO Elon Musk, it can be difficult to separate fact from fiction. For as many incredible successes SpaceX has had, there’s an equal number of projects or ideas which get quietly delayed or shelved entirely once it becomes clear the technical challenges are greater than anticipated. There’s also Elon’s particular brand of humor to contend with; most people assumed his claim that the first Falcon Heavy payload would be his own personal Tesla Roadster was a joke until he Tweeted the first shots of it being installed inside the rocket’s fairing.

So a few years ago when Elon first mentioned Starlink, SpaceX’s plan for providing worldwide high-speed Internet access via a mega-constellation of as many as 12,000 individual satellites, it’s no surprise that many met the claims with a healthy dose of skepticism. The profitability of Starlink was intrinsically linked to SpaceX’s ability to substantially lower the cost of getting to orbit through reusable launch vehicles, a capability the company had yet to successfully demonstrate. It seemed like a classic cart before the horse scenario.

But today, not only has SpaceX begun regularly reusing the latest version of their Falcon 9 rocket, but Starlink satellites will soon be in orbit around the Earth. They’re early prototypes that aren’t as capable as the final production versions, and with only 60 of them on the first launch it’s still a far cry from thousands of satellites which would be required for the system to reach operational status, but there’s no question they’re real.

During a media call on May 15th, Elon Musk let slip more technical information about the Starlink satellites than we’ve ever had before, giving us the first solid details on the satellites themselves, what the company’s goals are, and even a rough idea when the network might become operational.

Launching the First Generation
Elon reiterated several times that these satellites will be the first of at least three generations of satellites which will eventually make up the Starlink network. They’re closer to the final satellites than the Tintin A and Tintin B technology demonstrators launched in 2018, but still lacking key features which will be necessary for optimum performance.
The first 1,600 Starlink satellites as reported to the FCC.
The biggest omission with these early satellites is the lack of inter-vehicle laser communication links, which means each satellite will have to relay everything through ground stations. In other words, if a Starlink satellite wants to send data to one of its peers, it will have to send it down to a ground station which then routes the information over the terrestrial Internet to another ground station that’s in range of the recipient. This not only increases latency, but requires a large number of ground stations located all over the globe.

To solve this problem, Elon says later versions of the Starlink satellites will use laser communications to form interconnected links, creating a mesh network in space. Data won’t always have to be sent to the Earth and back, and instead can be routed through the satellite network. Of course, ground stations will still be required to ultimately get data to and from the Internet itself, but far fewer of them will be needed and their geographic location will be less critical. This technology, which allows global communications with little to no ground infrastructure, could also be applied to satellite constellations orbiting the Moon or Mars; something SpaceX is almost certainly thinking about on the long-term.

In addition, Elon reiterated that these first 60 satellites don’t feature the “Design for Demise” optimizations which were implemented after the Federal Communications Commission’s expressed concerns over SpaceX’s inability to guarantee that debris from reentering Starlink satellites could be safely contained over the ocean. In their response to the FCC, SpaceX promised that future versions of the satellites would be designed in such a way that they would entirely burn up during reentry, removing any risk that falling debris endangering human life or property.
Experimental Technology
These first generation Starlink satellites might be missing some key features, but they aren’t exactly placeholders either. While we’ll have to wait awhile before we see laser communication or fully degradable construction, they definitely have some unique capabilities that will likely get the attention of other aerospace players if they prove successful.

According to Elon, these satellites are the first vehicles to ever use a krypton-powered ion drive in space. This type of propulsion was experimented with by NASA back in the early 1990’s, but never progressed into operational status as it was found to be less efficient than similar thrusters powered by xenon. That said, krypton is cheaper than xenon, and with low-cost satellites that are only expected to make occasional orbit adjustments during their relatively short lifespans, using a lower efficiency propellant actually made more economical sense.

On the subject of orbital adjustments, these satellites will also be testing an autonomous obstacle avoidance system which is sure to be of interest given the ever-increasing concerns over “space junk” in low Earth orbit. The satellites will receive orbital debris data from a NORAD database and use that information to decide on their own whether they should perform evasive maneuvers. Traditionally such decisions are made by ground controllers, but with tens of thousands of satellites in the final Starlink network, SpaceX reasoned this was a task that could benefit from automation.
Shipping and Handling
Learning more about the technical aspects of the satellites themselves is interesting, but probably the biggest question most people have about Starlink was just how SpaceX intends to hoist 12,000 satellites into orbit within the next couple of years. For reference, since the launch of Sputnik 1 in 1957, humanity has put fewer than 9,000 objects into orbit around the Earth. Viewed in that light, one could argue that a satellite constellation of Starlink’s proposed size would represent a new milestone in mankind’s utilization of space.

The reusability of the Falcon 9 was a huge piece of the puzzle, but it still wouldn’t be economically feasible unless SpaceX could maximize the number of satellites that could go up in each launch. To that end, they came up with a novel “flat-pack” design for the Starlink satellites. Inside the payload fairing, the satellites are stored in an arrangement not unlike a server rack, and when deployed they unfold their solar arrays and antennas into operational position. Elon admitted there’s a chance a few of them might bounce into each other on the way out, but said that it wasn’t expected to cause any serious issues given how low their relative speeds will be.

With 60 satellites weighing 227 kilograms each, plus the weight of ancillary hardware like the rack itself, this first Starlink launch tips the scales at 18.5 tons; the most mass a Falcon has ever put into orbit. Even still, Elon said it will cost SpaceX more to launch the Starlink satellites than it did to build them in the first place.
So How Do You Sign Up?
Unfortunately, we didn’t learn a whole lot about when and how consumers can actually sign up for Starlink Internet service. In the best case scenario, Elon estimated it would take another six launches before the network could even be activated, and twelve to provide enough coverage for it to be usable. After that, SpaceX will begin looking for commercial partners to actually start selling Internet service and distributing their phased-array terminals, likely with rural customers to begin with. At least for now it seems like SpaceX would rather partner with traditional ISPs than go to war with them, which will probably come as a disappointment to those who hoped Elon would shake up the telecommunications industry.

Satellite coverage renderings taken from Mark Handley’s excellent video about Starlink.

Tags: current Events

9:39
Red Hat Security Advisory 2019-1245-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1245-01 - An update is now available for Red Hat Quay 3. Issues addressed include a man-in-the-middle vulnerability.
Tags:

9:39
Red Hat Security Advisory 2019-1245-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1245-01 - An update is now available for Red Hat Quay 3. Issues addressed include a man-in-the-middle vulnerability.
Tags:

9:39
Red Hat Security Advisory 2019-1245-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1245-01 - An update is now available for Red Hat Quay 3. Issues addressed include a man-in-the-middle vulnerability.
Tags:

9:07
Flawfinder 2.0.9
» ‎ Packet Storm Security Recent Files

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
Tags:

9:07
Flawfinder 2.0.9
» ‎ Packet Storm Security Tools

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
Tags:

9:07
Flawfinder 2.0.9
» ‎ Packet Storm Security Misc. Files

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
Tags:

8:00
A Compact Strain Wave Gear Assembly
» ‎ Hack a Day

Strain wave gearing is a clever way to produce a high-efficiency, high ratio gearbox within a small space. It involves an outer fixed ring of gear teeth and an inner flexible ring of teeth which are made to mesh with the outer by means of an oval rotor distorting the ring. They aren’t cheap, so [Leo Vu] has had a go at producing some 3D-printable strain wave gearboxes that you could use in your robotic projects.

He’s created his gearbox in three ratios, 1:31, 1:21 and 1:15. It’s not the most miniature of devices at 145mm in diameter and weighing well over a kilogram, but we can still imagine plenty of exciting applications for it. We’d be curious as to how tough a 3D printed gear can be, but we’d expect you’ll be interested in it for modest-sized robots rather than Formula One cars. There’s a video featuring the gearbox which we’ve placed below the break.

This certainly isn’t the first strain wave gearset we’ve brought you, more than one 3D printed project has graced these pages. We’ve even brought you a Lego version.

Tags: printer hacks

7:43
Trump's U.S. Golf Association Account Got Hacked
» ‎ Packet Storm Security Headlines

Trump's U.S. Golf Association Account Got Hacked
Tags: headlinehackergovernmentusa
7:43
Instagram Hacker Forum Gets Hacked By Hackers
» ‎ Packet Storm Security Headlines

Instagram Hacker Forum Gets Hacked By Hackers
Tags: headlinehackerfacebook
7:43
Slack Bug Allows Remote File Hijacking, Malware Injection
» ‎ Packet Storm Security Headlines

Slack Bug Allows Remote File Hijacking, Malware Injection
Tags: headlinemalwaredata lossflaw
7:43
Over 20k Linksys Routers Leak Every Device Ever Connected
» ‎ Packet Storm Security Headlines

Over 20k Linksys Routers Leak Every Device Ever Connected
Tags: headlineprivacydata lossflawcisco

7:00
That Super Mario Bros. C64 Port Was Too Good For This World
» ‎ Hack a Day

It was foolish to think that the adventure of the Mario Bros. would ever exist outside of the castle walls of the Nintendo Entertainment System. Except for that one time it did. The Hudson Soft company was a close collaborator with Nintendo, and parlayed that favor into being tasked with bringing Super Mario Bros. to platforms beyond the NES. The result of that collaboration would be 1986’s Super Mario Special, a port for the NEC PC-88 line of desktop computers. What ended up on that 5.25″ floppy sounded reminiscent of the Famicom original, but with a grand total of four colors (including black) and not a single scrolling screen in sight; Super Mario Special felt decidedly less than spectacular to play. Those eternally flickering sprites mixed with jarring blank screen transitions would never make it outside of Japan, so for a large swath of the world Mario would remain constrained to a gray plastic cartridge for years to come.

There are no shortage of ways to play Super Mario Bros. these days. Emulation in all of its various official and unofficial forms has taken care of that. Virtually everything with a processor more capable than the NES’s 6502 can play host to the Mushroom Kingdom, however, machines more contemporary with the NES still lacked access to the iconic title.

Enter the 2019 port of Super Mario Bros. for the Commodore 64 by [ZeroPaige]. A culmination of seven years work to port the game onto one of the most prolific computers of the eighties was a clear feat of brilliance and an amazing bit of programming that would have taken 1986 by storm. No pale imitation, this was Mario on the C64. Despite all of the nuance in recreating the jump-and-run model of the original paired with enveloping all eight sound channels of a dual SID chip setup, Nintendo saw fit to stifle the proliferation of this incredible 170 kB of software because they claim it infringes on their copyright.

Please Cease and Desist from Building that Pokédex The original Commodore 64 came in a brilliant beige case.
Pokémon games have come out on Nintendo consoles like clockwork since their inception in 1996. The development team’s conservative approach to game design over the years has had the adverse effect that sequels feeling increasingly rote to long-time fans. Each new entry in the mainline series has staunchly adhered to the original’s winning formula albeit with diminishing returns. Sales have seen a downward trend inconsistent with the accompanying console’s install base. All the while, mounting feedback from the community of Pokémon players has surfaced one constant refrain, “Please just make the Pokémon MMO”.

Nintendo has long held a reticence to incorporating the connecting power of the internet to their games. Their broadband adapter for the Nintendo GameCube was supported by a whopping seven of the console’s nearly six hundred releases. When it came to their other “online” consoles/handhelds the company opted for the convoluted Friend Code system rather than the simplicity of screen names used literally everywhere else online. This heaping mess of decisions lead to a handful of fan developers banding together to create their own open source Pokémon multiplayer vision, Pokénet.

The mission of the Pokénet project was to create a online game that would allow players to connect to the same server in order to converse each other en mass while traveling across all of Pokémon’s fictional regions. The project pulled assets from multiple official Pokémon releases, so almost as soon as it appeared Pokénet was shutdown after being issued a cease and desist letter from Nintendo in 2010. Before being shutdown though, thousands had experienced what online connectivity could add to the game franchise; only to find that official offerings ignored this “feedback” from its fans altogether. This same cycle has continued to this day within Nintendo, but there are examples of other companies that have explored an alternative approach to bootleg tributes to beloved videogames.
The Taxman Cometh for Sonic Team
Sonic the Hedgehog fandom runs deep. The blue blur character has been a staple in games since the early 1990s, and has received a regular cadence of sequels released to ever-decreasing levels of critical acclaim. The developers of the Sonic games, Sonic Team, sought to return to basics with the announcement of Sonic the Hedgehog 4 in 2010. The game was planned as a classic 2D design to be released episodically, the problem was that no one cared. Panned by critics and fans alike, Sonic the Hedgehog 4 saw only two episodes release before being cancelled. Sonic Team’s grand vision to reform the franchise had failed.

Meanwhile, hardcore Sonic enthusiasts had not forgotten the series’ roots. An online development community called, Sonic Retro, had hosted a number of homebrew game contests dedicated to keeping 1990s Sonic games alive. Christian Whitehead, a.k.a. Sonic Retro forum user [Taxman], took part in one of the Sonic homebrew game contests and gained notoriety for his creation simply known as the Retro Engine. Whitehead went on to pitch SEGA a port of their own game, Sonic CD, for iOS that utilized the Retro engine. It worked. Sonic CD was ported to multiple modern platforms and received high praise from fellow fans in the the process.

After a number of other successful Sonic game ports, Whitehead was asked to helm a wholly original Sonic game in the classic 2D style. This project as Sonic Mania. Released in 2017, Sonic Mania was the highest rated Sonic game amongst videogame critics in twenty five years. It surpassed Sonic Team’s own release that same year, Sonic Forces. The fan made game resonated with Sonic fans far better than anything put out by the folks with the character emblazoned on their official business cards.
The Most Amazing Software You’ll Never See
And that brings us back to Super Mario. There’s a level of skill on display with that Super Mario Bros. port for Commodore 64 that is rarely seen. Taking into account the inherent limitations of microcomputers contemporaneous with the NES shows how expertly that clone was programed. And because of Nintendo’s lawyers, if you don’t already have a copy, you’re going to have to make do with the video below.

“By Commodore 64 standards, this is [expletive] insane. In terms of how well it animates, sounds, and plays…It doesn’t sound like a Commodore, and they put the fireworks in.”

– Jeff Gerstmann, Founder of Giant Bomb

There is a canyon between it and the official Super Mario Special, and the difference between the two is the amount of time and passion. Fans possess time and passion in spades, and embracing it has proven to yield incredible results. Maybe instead of seeking to silence those less-than-official projects with a flurry of cease and desist notices that same energy could be focused towards cooperation between copiers and copyright holders. After all, it worked for Sonic.

Tags: current Events
4:00
Wing Opens the Skies for Drones With UTM
» ‎ Hack a Day

Yesterday Alphabet (formerly known as Google) announced that their Wing project is launching delivery services per drone in Finland, specifically in a part of Helsinki. This comes more than a month after starting a similar pilot program in North Canberra, Australia. The drone design Wing has opted for consists not of the traditional quadcopter design, but a hybrid plane/helicopter design, with two big propellers for forward motion, along with a dozen small propellers on the top of the dual body design, presumably to give it maximum range while still allowing the craft to hover.

With a weight of 5 kg and a wingspan of about a meter, Wing’s drones are capable of lifting and carrying a payload of about 1.5 kg. This puts it into a category of drones far beyond of what hobbyists tend to fly on a regular basis, and worse, it involves Beyond Visual Line Of Sight (BVLOS for short) flying, which is frowned upon by the FAA and similar regulatory bodies. What Google/Alphabet figures that can enable them to make this kind of service a commercial reality is called Unmanned aircraft system Traffic Management (UTM).

UTM is essentially complementary to the existing air traffic control systems, allowing drones to integrate into these flows of manned airplanes without endangering either. Over the past years, it’s been part of NASA’s duty to develop the systems and infrastructure that would be required to make UTM a reality. Working together with the FAA and companies such as Amazon and Alphabet, the hope is that before long it’ll be as normal to send a drone into the skies for deliveries and more as it is today to have passenger and cargo planes with human pilots take to the skies.

Tags: news
1:00
Make Physics Fun with a Trebuchet
» ‎ Hack a Day

What goes up must come down. And what goes way, way up can come down way, way too fast to survive the sudden stop. That’s why [Tom Stanton] built an altitude recording projectile into an oversized golf ball with parachute-controlled descent. Oh, and there’s a trebuchet too.

That’s a lot to unpack, but suffice it to say, all this stems from [Tom]’s obvious appreciation for physics. Where most of us would be satisfied with tossing a ball into the air and estimating the height to solve the classic kinematic equations from Physics 101, [Tom] decided that more extreme means were needed.

Having a compound trebuchet close at hand, a few simple mods were all it took to launch projectiles more or less straight up. The first payload was to be rocket-shaped, but that proved difficult to launch. So [Tom] 3D-printed an upsized golf ball and packed it with electronics to record the details of its brief ballistic flight. Aside from an altimeter, there’s a small servo controlled by an Arduino and an accelerometer. The servo retracts a pin holding the two halves of the ball together, allowing a parachute to deploy and return the package safely to Earth. The video below shows some pretty exciting launches, the best of which reached over 60 meters high.

The skies in the field behind [Tom]’s house are an exciting place. Between flying supercapacitors, reaction wheel drones, and low-altitude ISS flybys, there’s always something going on up there.

Tags: arduino hacks
May 19, 2019
22:00
It’s Time to Embrace the Toilet of the Future
» ‎ Hack a Day

You use things every day that are very different from the same items from even a decade ago. Your car, your cellphone, and your computer all have probably changed a lot in the last ten years. But there’s something you almost certainly use every day that hasn’t changed much in a very long time: your toilet. That is unless you live in Japan where some toilets are a high tech delight. Lifehacker recently did a video about the toilet of the future, which might be coming to the US soon if Toto — one of the Japanese toilet makers — has its way.

It made us think. For as ubiquitous as the porcelain throne is, we don’t see many hacks related to it. There are several really obvious ones. For example, in the Lifehacker video, the seat automatically raises when you approach. We don’t know how it could figure out if you were going to stand or sit, but maybe that’s a good application for machine learning. What we really want is one that can clean itself. That would be worth something. Every time we see a Sanisette washing itself in Paris we want to take it home.

Bidets aren’t a big thing in this country, but we’ve never heard anyone who has used one say they didn’t like it. Turns out, it is very water efficient compared to the production of toilet paper, too. Some other features mentioned were scent, sound, and UV sterilization. We’ll admit it, though. We snickered at the icon on the bidet button.

So why aren’t there more toilet hacks? We don’t know. Maybe it’s taboo. A computer vision system for precise targeting of a bidet is a dirty business, but someone has to do it. Surprisingly, we do see a lot of toilet paper holders with either IoT sensors or some 3D printed features. We’ve only seen one recent project involving something more concrete. That project tried to thwart splashback. Got a toilet project? Hit us on the tip line.

Tags: classic hacks

20:53
Emerson Network Power Cross Site Scripting(XSS) Vulnerability
» ‎ Bugtraq

Posted by Kubilay Onur Gungor on May 19
I. VULNERABILITY
-------------------------
httpGetSet/httpGet.htm on
Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.

II. CVE REFERENCE
-------------------------
CVE-2019-12167

III. VENDOR
-------------------------
Emerson Network Power

IV. TIMELINE
-------------------------
13/05/2019 Vulnerability discovered

V. CREDIT...

Tags:
20:49
local privilege escalation via CDE dtprintinfo
» ‎ Bugtraq

Posted by Marco Ivaldi on May 19
Dear Bugtraq,

Please find attached an advisory for the following vulnerability:

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the
Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13
(Update 11) and earlier, allows local users to gain root privileges via a long
printer name passed to dtprintinfo by a malicious lpstat program.

Note that Oracle Solaris CDE is based on the original CDE 1.x...

Tags:

19:00
Muscle Wire BugBot and a Raspberry Pi Android with Its Eye on You at Maker Faire
» ‎ Hack a Day

I spent a good chunk of Saturday afternoon hanging out at the Homebrew Robotics Club booth at Maker Faire Bay area. They have a ton of really interesting robot builds on display and I just loved hearing about what went into these two in particular.

It’s obvious where BugBot gets its name. The six-legged walker is the creation of [Mark Johnston] who built the beast in a time where components for robots were much harder to come by. Each leg is driven by a very thin strand of muscle wire which contracts when high voltage is run through it. One of the really tricky parts of the build was finding a way to attach this wire. It has a very low melting point, so trying to solder it usually results in melting right through. His technique is to wrap the wire around the leg itself, then slide a small bit of brass tubing over it and make a crimp connection.

At the heart of the little bug is a PIC microcontroller that is point-to-point soldered to the rest of the components. This only caused real problems once, when Mark somehow bricked the chip and had to replace it. Look close and you’ll see there’s a lot of fiddly bits to work around to pull that off. As I said, robot building was more difficult before the explosion of components and breakout modules hit the scene. The wireless control components on this were actually salvaged out of children’s RC toys. They’re not great by any stretch of the imagination, but it was the best source at the time and it works! You can find a demo of the robot embedded after the jump.
Ralph Campbell (left) and Mark Johnston (right)
An Android robot was on display, but of course, I was most interested in seeing what was beneath the skin. In the image above you can see the mask sitting to the left of the “Pat” skeleton. Ralph Campbell has been working on this build, and plans to incorporate interactive features like facial recognition and gesture recognition to affect the gaze of the robot.

Inside each of the ping pong ball eyes is a Raspberry Pi camera (actually the Adafruit Spy Camera because of its small board size). Ralph has a separate demonstration for facial recognition that he’s in the process of incorporating. But for me, it was the mechanical design of the bot that I find fascinating.

The structure of the skull is coat hanger lashed and soldered together using magnet wires. The eyes move thanks to a clever frame made out of paper clips. The servos to the side of each eye move the gaze up and down, while a servo beneath the eye takes care of left and right. A wooden match stick performs double duty — keeping the camera in place as the pupil of the eye, and allowing it to pivot along the paperclip track of the vertical actuator. It’s as simple as it can be and I find it quite clever!

Rovers on Parade
Since I’m on the topic of robots I want to give a shoutout to Hackaday’s own Roger Cheng. He was selected as a roaming exhibit for this year’s Maker Faire Bay Area. If you haven’t been following his Sawppy build you should be (20,000 people can’t be wrong)!

I thought this moment between Roger and a future robot builder was quite touching. To see a robot modeled after a Mars rover, driven wirelessly on Earth using the touchscreen of your smartphone, will surely have a big impact on what this boy thinks can be accomplished by one determined builder. Of course, it’s not just kids that Roger has been inspiring. This yellow rover was on display in one of the booths. It’s based on Roger’s design, as is this full-scale project that plans to use the platform as an arctic drilling test platform.

Tags: cons
16:00
Hackaday Links: May 19, 2019
» ‎ Hack a Day

Cheap nostalgia, that’s the name of the game. If you can somehow build and ship ‘cheap nostalgia’, you’re going to be raking in the bucks. For the ‘musicians’ in the crowd, the king of cheap nostalgia has something great. Behringer is cloning the Yamaha CS-80. and it was announced at this month’s Superbooth.

The Yamaha CS-80 is the synth in Blade Runner, and since Toto’s Africa is making a comeback on top-40 radio, it’s the instrument of our time. A Wonderful Christmas Time, it seems. Aaaannnyway, yes, there might be a huge and inexpensive version of one of the greatest synthesizers ever made real soon. The cheap 808s and 909s are making their way to stores soon, and the 101 needs a firmware update but you can buy it now. Cheap nostalgia. That’s how you do it.

The PiDP-11/70 is a project we’ve been neglecting for some time, which is an absolute shame. This is a miniature simulation of what is objectively the best-looking minicomputer of all time, the PDP-11/70. This version is smaller, though, and it runs on a Pi with the help of SimH. There are injection molded switches, everything is perfect, and now there are a whole bunch of instructional videos on how to get a PiDP-11/70 up and running. Check it out, you want this kit.

Considering you can put a phone screen in anything, and anyone can make a keyboard, it’s a wonder no one is making real, well-designed palmtop computers anymore. The Vaio P series of PCs would be great with WiFi, Bluetooth, and a slight upgrade in memory and storage. This was [NFM[‘s recent project. This palmtop gets an SSD. The object of modification is a decade-old Sony Vaio CPCP11 palmtop modified with a 256 GB SSD. The Vaio only supports PATA, and the SSD is mSATA, so this is really a project of many weird adapters that also have to be built on flex connectors.

Here’s something for the brain trust in the Hackaday comments. First, take a look at this picture. It’s the inside of a rotary encoder. On the top, you have a Gray code (or what have you) that tracks the absolute position of a shaft. On the bottom, you have some sort of optical detection device with 13 photodiodes (or something) that keeps track of each track in the Gray code. This is then translated to some output, hopefully an I2C bus. What is this device, circled in red? I know what it is — it’s an optical decoder, but that phrase is utterly ungooglable, unmouserable, and undigikeyable. If you were me, what would you use to build your own custom absolute rotary encoder and you only needed the sensor? I technically only need 10 tracks/sensors/resolution of 1024, but really I only need a name.

Lol, someone should apply to Y Combinator and pitch yourself as a B Corp.

Tags: hackaday Columns

13:32
AIDE 0.16.2
» ‎ Packet Storm Security Recent Files

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
Tags:

13:32
AIDE 0.16.2
» ‎ Packet Storm Security Tools

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
Tags:

13:32
AIDE 0.16.2
» ‎ Packet Storm Security Misc. Files

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
Tags:

13:00
New Arduino Nano Line Rolls Out in Four Flavors at Maker Faire Bay Area
» ‎ Hack a Day

Arduino has announced a new line of Nano boards that will begin shipping next month. From the design, to the chips and features on the board, to the price, there’s a lot that is new here. I stopped by their booth at Maker Faire Bay Area for a look at the hardware.

Immediately noticeable is the new design for the pins on either side of the board, which has transitioned from through-hole to a castellated through-hole hybrid. The boards can be ordered with or without pin headers soldered in place. If you get them without, you can reflow these nano boards as modules on a larger PCB design. Recommended footprints are not yet available but I’m told they will be published soon.

The most basic model in this lineup is the “Nano Every”, a 5V board with the ATmega4809 at its center. This brings 48 KB of flash and 6 KB of RAM to the party, running at 20 Mhz. A really nice touch is the inclusion of power regulation that turns up to 21 V of input into the regulated 5 V for the chip, with the added bonus of sourcing up to 1 A for external components through the 5 V pin on one of the headers. For the hackers out there, you can choose to inject your unregulated power through the VIN line, or the USB header.

All of this is a really nice upgrade to the previously available Nano design, with the $9.90 price tag making it a really desirable board for your 8-bit microcontroller needs. The one critique that comes to my mind is that the pins are labeled nicely on the bottom silk screen, but I would also have liked to see these labels on the top layer. When used in a breadboard, or soldered to another PCB, pin labels will be hidden.

The rest of the Nano family center around more powerful chips. As mentioned above, the “Nano Every” board runs an 8-bit chip at 5 V, but the three different “Nano 33” boards have 32-bit chips running at 3.3 V. There’s an “IoT” version with an Arm Cortex-M0+ SAMD21 processor, 6-axis IMU, plus a uBlox NINA-W10 modules which is an ESP32-based board for WiFi, Bluetooth, and cryptography features. MSRP on this board is $18.

The “Nano 33 BLE” and “Nano 33 BLE Sense” boards both do away with the SAMD21 chip and utilize the Nordic nRF52480 which is part of the uBlox NINA-B306 modules and provide Bluetooth connectivity. At $19, the BLE flavor gets you a 9-axis accelerometer. For an additional ten bucks, the “BLE Sense” adds a slew of sensors: pressure, humidity, digital proximity, ambient light, gesture sensor, and a microphone. Pre-orders for these two are slated to begin shipping this July.

The new Arduino Nano designs bring a lot of power to a small footprint. I have to wonder if Arduino is looking to compete with ESP32 modules. The castellated edges on ESP32 modules have allowed them to pop up in all kinds of development boards and other products. The new Nano design continues the legacy of Arduino boards being prototype friendly, but adds the ability to include the boards in a product design based on surface mount assembly.

Tags: arduino hacks
10:00
Desktop Weather Monitor Leaves Nothing to Chance
» ‎ Hack a Day

[Mirko Pavleski] has put together a little weather station for himself that combines Internet-sourced forecasts with physical sensor data to give him a complete view of his local conditions. There’s no shortage of weather applications for our smartphones and computers that will show us the current local conditions and the forecast for the next couple of days. It’s so easy to pull weather data from the various APIs out there that you even see the functionality “baked in” to different gadgets these days. Of course, you can dig through every weather API in the world and not find the temperature and humidity inside your office; for that, you need your own sensors.

[Mirko] took a somewhat unconventional approach by essentially building two totally separate weather devices and packing them into one enclosure, which gives the final device a rather unique look thanks to the contrasting display technologies used.

Local conditions are detected by an Arduino Nano connected to a BMP180 sensor and displayed on a Nokia 5110 LCD. The screen shows not only real-time temperature and barometric pressure, but the change in pressure over the last several hours. The three-day forecast, on the other hand, is provided by a NodeMCU ESP8266 development board connected to the increasingly ubiquitous 0.96 inch OLED.

If you’re not into the whole duality thing and would rather do it all on the same device, you might be interested in one of the ESP8266 weather monitors we’ve seen in the past.

Tags: arduino hacks
7:00
Decap ICs Without The Peril
» ‎ Hack a Day

There can be few of us who haven’t gazed with fascination upon the work of IC decappers, whether they are showing us classic devices from the early years of mass semiconductor manufacture, or reverse-engineering the latest and greatest. But so often their work appears to require some hardcore scientific equipment or particularly dangerous chemicals. We’ve never thought we might be able to join the fun. [Generic Human] is out to change all that, by decapping chips using commonly available chemicals and easy to apply techniques. In particular, we discover through their work that rosin — the same rosin whose smell you will be familiar with from soldering flux — can be used to dissolve IC packaging.

Of course, ICs that dissolved easily in the face of soldering wouldn’t meet commercial success, so an experiment with flux meets little success. Pure rosin, however, appears to be an effective decapping agent. [Generic Human] shows us a motherboard voltage regulator boiled in the stuff. When the rosin is removed with acetone, there among the debris is the silicon die, reminding us just how tiny these things are. We’re sure you’ll all be anxious to try it for yourselves, now, so take a while to look at the video below showing their CCC Congress talk.

The master of chip decapping is of course [Ken Shirriff], whose work we’ve featured many times. Our editor [Mike Szczys] interviewed him last year, and it’s well worth a look.

Tags: chemistry hacks
4:00
[Ben Krasnow] Makes a DSKY
» ‎ Hack a Day

There are hundreds if not thousands of artifacts from the Apollo program scattered around the globe, some twisted wrecks at the bottom of the ocean, others lovingly preserved and sitting in museums or in the hands of private collectors. All of what’s left is pretty much pure unobtainium, so if you want something Apollo-like, you’re probably going to have to make it yourself.

[Ben Krasnow] took up the challenge to make an electroluminescent Apollo-era DSKY display from scratch, with outstanding results. The DSKY, or “display and keyboard”, was the user interface for the Apollo Guidance Computer, the purpose-built digital navigation system that got a total of 24 men there and back again. [Ben] says it took a long time to recreate the display, and we can see why. He needed to master quite a few skills, including screen printing to get the glass-panel display working. The panel is a sandwich of phosphorescent paint, a dielectric, and conductive ink. The ink is silkscreened on the back to form the characters, all applied to indium tin oxide (ITO) conductive glass. A PCB with the same pattern of character segments lays behind that, driving each segment with 300 volts or so through a trio of HV507 high-voltage shift registers. It’s an impressive bit of engineering and gives off a decidedly not-homebrew vibe.

In the video below, [Ben] goes into detail about the trials he experienced on the way to this amazing endpoint, not least of which was frying chip after chip due to ineffective protection diodes in the shift registers. That’s an epic debugging story that’s worth the price of admission all by itself. It’s not the only DSKY in town, of course – [Fran Blanche] has been working on one for a while too – but there’s just something about that blue glow that we really like.

Tags: space
1:00
Not Happy with Smart Bulbs? Make Your Own
» ‎ Hack a Day

The idea of the so-called “smart bulb” sounds good; who wouldn’t want to be able to verify the porch light is on if you’re out of town for the night, or check to see if you left the bathroom lights on in your rush out the door in the morning? But in practice, it can be a nightmare. Each brand wants to push their own protocol. Even worse, it seems you can’t get anything done without signing up for three different services, each with its own application that needs to be installed on your phone. It’s a frustrating and often expensive mire to find yourself in.

[Dom Gregori] liked the Hue bulbs offered by Philips, but didn’t want to buy into the whole ecosystem of phone apps and hardware hubs they require. So he decided to create his own open source version that would do everything he wanted, without any of the seemingly unavoidable baggage of the commercial offerings. The final result is a professional looking ESP8266 controlled RGB bulb that hooks into Home Assistant via MQTT.

Looking at his Bill of Materials, it’s actually pretty amazing to see how little it really takes to pull a project like this off. Outside of the Wemos D1 Mini board, [Dom] just needed a few concentric WS2812 rings, and a USB charger small enough to fit into the base of his 3D printed enclosure.

We especially like how he handled the socket-side of the bulb, as that’s the part that would have left us scratching our heads. Rather than trying to salvage the base from an existing bulb, or come up with his own printed piece to stick in the socket, he just used a cheap and readily available light socket adapter. The solution might be a little bulky, but we like how he’s deftly avoided having to handle any AC voltages in this project.

Over the last couple years, we’ve seen more and more smart bulb related content come our way. From the ever popular teardown of a new entry into the market to the sobering realization that your light bulbs might provide the key attackers need to access your network, it’s been fascinating to see the transformation of these once simple pieces of hardware into something far more complex.

Tags: home hacks
May 18, 2019
22:00
A DIY Sprinkler Controller Using An ESP8266
» ‎ Hack a Day

There is something strangely amusing about the idea of a sprinkler system relying on a cloud. But it was this limitation in some commercial offerings that led [Zack Lalanne] to create his own controller when it was time to upgrade his aging irrigator.

It’s a straightforward enough device, he’s taken an ESP8266 on the ubiquitous NodeMCU board, and added a shift register for some output line expansion to drive a set of relays. The interest here lies with the software, in which he’s used the ESPHome firmware and added his own custom part for the shift register. This change alone should be useful for many other experimenters with the ‘8266 and ESPHome combination.

The ESP8266 end of the device ties in with his instance of the Home Assistant home automation hub software. On this he’s been able to tie in all his various sprinkler outputs he added, and apply whatever automation scripts he chooses. The result is a freshly watered lawn, with not a cloud in the sky (or backend).

The value of this project lies only partly in its use for sprinkler owners, for us it also lies in the clear write-up showing the way for others with similar home automation tasks. It’s not the only way to make an ESP sprinkler controller, you should also see this one from 2017.

Tags: home hacks
19:00
Fallout Inspired Display is Ready for the Apocalypse
» ‎ Hack a Day

We’ve seen more projects based on books, TV shows, movies, and video games than we could ever hope to count. Hackers and makers derive inspiration from what they see around them, and it turns out there’s considerable overlap between the folks who sit in their labs building stuff all day and the ones who spend their free time playing games or watching movies. Big surprise, right? But among them, few can match the influence of the Fallout franchise.

As the latest entry in a long line of incredible Fallout-inspired builds, we present the Octoglow VFD by [Michał Słomkowski]. While this build isn’t trying to replicate anything directly from the games, it captures all the hallmarks that make up the game’s distinctive post-apocalyptic chic : antiquated vintage components, exposed internals, and above all, a dirty, industrial look. It’s supposed to look like somebody built the stuff out of parts they found in the trash, primarily because that’s exactly what they would’ve needed to do.

So what is it? Well, that’s a little hard to nail down. Frankly we’d say it’s a little more like art than anything, but it does have some useful functions. Currently it shows the time, date, weather information, and various RSS feeds on its dual vacuum fluorescent displays. There’s also a real-life Geiger-Müller counter onboard, because what says Fallout more than a little radiation?

The build itself is absolutely fascinating, and [Michał] leaves no stone unturned in his comprehensive write-up. Every module of the Octoglow has its own page on his site, and each one is bristling with hardware details, schematics, and firmware documentation. Reading along you’ll run into all sorts of interesting side notes: like how he reverse engineered a wireless temperature sensor with his sound card, or devised his own ten-pin bus to interconnect all the modules.

If the Octoglow doesn’t quite scratch that Vault-Tec itch, there’s plenty more where that came from. How about this replica of the wall terminals from Fallout 4, or this radiation monitor perfect for roaming the wastelands? Don’t forget to bring along this 3D printed Thirst Zapper for protection.

Tags: games
16:00
The Rhysonic Wheel Automates Live Music
» ‎ Hack a Day

Making waves in the music world is getting harder. Almost anyone who has access to the internet also has access to a few guitars and maybe knows a drummer or can program a drum machine. With all that competition it can be difficult to stand out. Rather than go with a typical band setup or self-producing mediocre rap tracks, though, you could build your own unique musical instrument from scratch and use it to make your music, and your live performances, one-of-a-kind.

[pedrooconnell]’s instrument is known as the Rhysonic Wheel, which he created over the course of a year in his garage. The device consists of several wheels, all driven at the same speed and with a common shaft. At different locations on each of the wheels, there are pieces of either metal or rubber attached to strings. The metal and rubber bits fling around and can strike various other instruments at specified intervals. [pedrooconnell] uses them to hit a series of percussion instruments, a set of bells, and even to play a guitar later on in the performance.

While it looks somewhat dangerous, we think that it adds a level of excitement to an already talented musical performance. After all, in skilled hands, any number of things can be used to create an engaging and unparalleled musical performance with all kinds of sounds most of us have never heard before.

Tags: musical hacks
13:00
Teardown Video: What’s Inside The Self-Solving Rubik’s Cube Robot
» ‎ Hack a Day

You can find all kinds of robots at Bay Area Maker Faire, but far and away the most interesting bot this year is the Self-Solving Rubik’s Cube built by [Takashi Kaburagi]. Gently mix up the colored sides of the cube, set it down for just a moment, and it will spring to life, sorting itself out again.

I arrived at [Takashi’s] booth at just the right moment: as the battery died. You can see the video I recorded of the battery swap process embedded below. The center tile on the white face of the cube is held on magnetically. Once removed, a single captive screw (nice touch!) is loosened to lift off the top side. From there a couple of lower corners are lifted out to expose the tiny lithium cell and the wire connector that links it to the robot.

Regular readers will remember seeing this robot when we featured it in September. We had trouble learning details about the project at the time, but since then Takashi has shared much more about what went into it. Going back to 2017, the build started with a much larger 3D-printed version of a cube. With proof of concept in hand, the design was modeled in CAD to ensure everything had a carefully planned place. The result is a hand-wired robotic core that feels like science fiction but is very, very real.

I love seeing all of the amazing robots on the grounds of the San Mateo County Event Center this weekend. There is a giant mech wandering the parking lot at the Faire. There’s a whole booth of heavy-metal quadruped bots the size of dogs. And if you’re not careful where you walk you’ll step on a scaled-down Mars rover. These are all incredible, out of this world builds and I love them. But the mental leap of moving traditional cube-solvers inside the cube itself, and the craftsmanship necessary to succeed, make this the most under-appreciated engineering at this year’s Maker Faire Bay Area. I feel lucky to have caught it during a teardown phase! Let’s take a look.

Tags: cons
10:00
Breakout Board Becomes Pogo Pin Programmer
» ‎ Hack a Day

Making a programming jig becomes exponentially more difficult after two pins and who would even consider building one if they were not setting up more than twenty boards? If it were easy for novices to construct jigs, we might all have a quiver of them on the shelf next to our microprocessors. Honestly, a tackle box full of homemade programming fixtures sounds pretty chic. The next advantage to ditching the demo boards is that bare processors take up less room and don’t draw power for unnecessary components like unused voltage regulators and LEDs. [Albert David] improves the return-on-time-investment factor by showing us how to repurpose a WeMos board to program a bare ESP8266 module.

[Albert]’s concept can apply to many other surface-mount chips and modules. The first step is to buy a demo board which hosts a programmable part and remove that part. Since you’ve exposed some solder pads in the process, put pogo pins in their place. Pogo pins are small spring-loaded probes that can be surface mounted or through-hole. We’ve used them for programming gorgeous badges and places where the ESP8266 has already been installed. When you are ready to install your software, clamp your Franken-porcupine to the controller and upload like normal. Rinse, wash, repeat. We even get a view of the clamp [Albert] uses.

Tags: microcontrollers

7:44
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting
» ‎ Packet Storm Security Exploits

Emerson Network Power Liebert Challenger version 5.1E0.5 suffers from a cross site scripting vulnerability.
Tags:

7:44
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Emerson Network Power Liebert Challenger version 5.1E0.5 suffers from a cross site scripting vulnerability.
Tags:

7:44
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Emerson Network Power Liebert Challenger version 5.1E0.5 suffers from a cross site scripting vulnerability.
Tags:

7:00
A Trash-Steam-Machine-80
» ‎ Hack a Day

Sometimes for a retrocomputing enthusiast it can be challenging to see a surviving machine gutted and used for another purpose. But in the case of [Tom Pick]’s Radio Shack TRS-80 based Steam Machine PC we can forgive him, because it began with a very unpromising machine that had most definitely seen better days.

The TRS-80 in question is a Model III, the all-in-one console device with a numerical keypad, CRT monitor, and dual 5.25″ floppy drives built in. This provided plenty of space for the components of a modern PC with a 12″ LCD monitor. The PC itself is a run-of-the mill 2.6 GHz Pentium and nothing exceptional, but its input devices are of note. The keyboard is a Red Dragon mechanical item which has been made to look the part in place of the old Radio Shack item with a set of custom colour-coded keycaps, while the pointing device in a particularly neat touch is a modern Radio Shack-branded mouse. The boot screen is the proper Radio Shack logo from the TRS-80’s heyday, meaning that if you didn’t know any differently you might think this was meant to be. Sadly the two floppy drives are unconnected, though we’re sure it would be possible to make a modern PC see them for a bit of 360k storage goodness.

We don’t see as many projects featuring the TRS-80 series as we should, and the model III is a particular rarity. Far more common in these pages is the portable Model 100, most recently gaining a cellular connection.

Tags: Retrocomputing

5:33
phpKF 1.10 XSS / CSRF / SQL Injection
» ‎ Packet Storm Security Exploits

phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Tags:

5:33
phpKF 1.10 XSS / CSRF / SQL Injection
» ‎ Packet Storm Security Recent Files

phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Tags:

5:33
phpKF 1.10 XSS / CSRF / SQL Injection
» ‎ Packet Storm Security Misc. Files

phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Tags:

4:00
Plot Your Way Past A Tiny Buffer
» ‎ Hack a Day

There is a dedicated community of plotter enthusiasts who keep their often-aging X-Y axis pen drawing devices going decades after they were built, and who share plotter-generated paper artwork online. [Dhananjay Balan] was seduced by this, so acquired a second-hand HP7440A through eBay and set about bringing it to life.

Bringing it to life was in the first instance the usual progression of cleaning the mechanism and checking all was in order, before doing a bit of research to find that the missing power supply was a 10-0-10V AC item. Then some adapters and a USB-to-serial port had it talking to a modern PC, and thanks to the wonders of HPGL it was working once more. This could thus have been a very simple tale worthy of the dreaded Not A Hack moniker, had the focus then not changed from the hardware into the software.

Back in the day, a 60-byte buffer in a plotter must have seemed huge. But in 2019 a plotter can be sent data at a rate that will swiftly fill it, after which the commands are not stored and are never drawn. Introducing a delay between sending commands solves the problem, but at the expense of very slow plotting. This was solved with a very clever use of the HPGL command to send the pen position, which waits until the pen has finished moving before sending its return value. This became a handy way to detect when the plotter was ready for more, allowing speedier printing without buffer overruns.

The plotter has an expansion port into which an optional module containing trigonometric drawing functions could have been plugged, but was missing in this example. HP’s idea was that the buffer was so small that a programmer would have difficulty writing their own, but the buffer hack in the previous paragraph put paid to that. Python code for all this and more is in a handy GitHub repository.

Via Hacker News.

Tags: computer hacks
1:00
Here’s How Hard It Is To Produce A Conference Badge
» ‎ Hack a Day

Making an event badge is hard work. Making a single prototype badge is hard enough, but the whole process of sourcing components and coordinating manufacture for hundreds of badges on a shoestring budget with the looming deadline of the event and its expectant attendees is a Herculean task.

[Uri Shaked] is one who bears the scars of producing an event badge, and he’s written a fascinating account of his experience. The conference in question was Aramcon 2019, a private tech event in Israel, and the badge has an nRF52840 driving an e-ink display, multi-colour LED, and an audio codec, with a set of full-size keyboard keys as user input. Since the nRF chip supports mesh networking, the idea was to produce a badge capable of streaming audio across the entire event.
A clothes-pin as a programming jig, we like it!
We follow the team through nail-biting months of prototype boards, reversed connectors with last-minute cable bodges, compatible parts that didn’t turn out to be quite so compatible, and wrong footprints, and see them arriving at a badge which worked, but without the audio they’d hoped for. Along the way they came up with a clothes-pin-based programming jig which would surely have merited its own Hackaday write-up had they covered it on its own. Demonstrating the mesh networking by turning a whole auditorium’s worth of badges LEDs yellow was their reward, and we can see they’ve produced a very creditable badge. We particularly like the use of keyboard key switches, and we commend them for planning a life for the badge after the event.

Our Hackaday colleague [Brian Benchoff] is a veteran of badge production, read his write-ups of the genesis of our Superconference 2017 badge and the Tindie dog badge. Meanwhile the keen-eyed among you may recognise the nRF52840 as the guts of the latest generation of Particle boards.

Tags: cons
May 17, 2019
22:00
Transparent and Flexible Circuits
» ‎ Hack a Day

German researchers have a line on 3D printed circuitry, but with a twist. Using silver nanowires and a polymer, they’ve created flexible and transparent circuits. Nanowires in this context are only 20 nanometers long and only a few nanometers thick. The research hopes to print things like LEDs and solar cells.

Of course, nothing is perfect. The material has a sheet resistance as low as 13Ω/sq and the optical transmission was as high as 90%. That sounds good until you remember the sheet resistance of copper foil on a PCB is about 0.0005Ω.

One of the items built was a flexible capacitor. We assume deforming the capacitor would cause a change in its value making it a reasonable sensor.

The creation steps are relatively simple if you have some chemical gear. A hot oil bath and some ethylene glycol will get you started. Also needed are silver nitrate, polyvinylpyrrolidone, and copper chloride, among other things. You also need a resin such as that used in 3D printing.

However, it wasn’t very clear to us exactly how you’d print the material. So 3D printing your transparent cell phone from Thingiverse may be a ways off, after all.

Of course, there are lower-tech ways of 3D printing circuits. We’ve even seen some that are solderless.

Tags: printer hacks
19:00
Braille Keyboard Finds Its Voice
» ‎ Hack a Day
If you have a serious visual impairment, using a computer isn’t easy. [Dhiraj] has a project that allows people fluent in Braille to use that language for input. In addition to having a set position for fingers, the device also reads the key pressed as you type. With some third party software it is possible to even create Word documents, according to [Dhiraj].

You can see the finished product in the video below. This is one of those projects where the idea is the hardest part. Reading six buttons and converting them into characters is fairly simple. Each Braille character uses a cell of six bumps and the buttons mimic those bumps (although laid out for your fingers).

Our thoughts are that it might be nice to have some tactile feedback on the first switch since the intended users probably can’t see the switches. Perhaps the audio sounds a little rough, but that could have been the speakers. Maybe also a dedicated spacebar and an easier way to select letters vs figures without moving your hands might be nice, too. None of that would be hard to fix.

The code was quite simple, though we can see that you might get some false keystrokes. Every 250 milliseconds the Arduino reads the seven input switches (the seventh switch is the letters/figures select). Then a giant if statement decodes the letter. Just stylistically, we would have probably built a number and used it to select from an array, as with 7 switches it would consume just 128 bytes. More importantly though we would probably wait for at least one on to off transition to start the decoding. The switches are active high, so we’d probably write something like this:
```
unsigned code,oldcode;
code=oldcode=0;
do {
   oldcode=code;
   code=read_button_code();  // get current code
   } while (oldcode<=code);
// process oldcode
```
If this looks confusing, try a few examples (you can do that online, too). At first, the oldcode is zero so code will never be less than that (note the integers are unsigned). As long as bits keep getting set, code will be greater than or equal to oldcode. However, if any bit goes from 1 to zero then the total magnitude of code must be less than oldcode. That triggers the processing. Of course, you might also want to debounce the switches in read_button_code to make sure you have a stable input, too.

Still, what a great and useful idea it is, and one easy enough to build on the original design. We’ve seen a Braille tablet before. If you have some spare space on your next PCB, you could always replace some community signs.

Tags: arduino hacks
16:00
Yet Another Concrete Speaker Build
» ‎ Hack a Day

Concrete is great if you feel like making something heavy on the cheap. [Marek Unger] decided to have a go, using the material to cast speaker cabinets for a home hi-fi rig (Youtube link, embedded below).

Initial attempts involved creating a laser-cut MDF outer mold, with a styrofoam core inside to be removed later. This was unsuccessful, and [Marek] developed the design further. The second revision used an inner core also made from lasercut MDF, designed to be left inside after casting. This inner mold already includes the mounting holes for the speaker drivers, making assembly easier too.

Once cast, the enclosures were fitted with Tang-Band W4-1320SIF drivers. These are a full-range driver, meaning they can be used without needing crossovers or other speakers to fill in the frequency range. Each cabinet weighs just over 10kg, and they’re ported for extra response in the lower frequency bands. Sound tests are impressive, and the rough-finished aesthetic of the final product looks great in [Marek]’s living room.

We’ve seen concrete used for all manner of projects, from furnaces to USB hubs. Video after the break.

Tags: home entertainment hacks

13:32
OpenDNSSEC 2.1.4
» ‎ Packet Storm Security Recent Files

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
Tags:

13:32
OpenDNSSEC 2.1.4
» ‎ Packet Storm Security Tools

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
Tags:

13:32
OpenDNSSEC 2.1.4
» ‎ Packet Storm Security Misc. Files

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
Tags:

13:22
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
» ‎ Packet Storm Security Exploits

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.
Tags:

13:22
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
» ‎ Packet Storm Security Recent Files

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.
Tags:
13:22
Hydra Network Logon Cracker 9.0
» ‎ Packet Storm Security Recent Files

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
Tags:

13:22
Hydra Network Logon Cracker 9.0
» ‎ Packet Storm Security Tools

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
Tags:

13:22
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
» ‎ Packet Storm Security Misc. Files

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.
Tags:
13:22
Hydra Network Logon Cracker 9.0
» ‎ Packet Storm Security Misc. Files

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
Tags:

13:00
DIY Button Matrix Lights Up And Speaks I2C
» ‎ Hack a Day

[David Johnson-Davies] always wanted an illuminated button matrix for projects, but cost was never very friendly. That all changed when he discovered a cheap source of illuminated pushbuttons on Aliexpress, leading to this DIY 4×4 illuminated button matrix design which communicates over I²C. The button states can be read independently of setting the light pattern, and an optional interrupt signal gets pulled low whenever there is a change detected. Not bad for one PCB plus about $10-worth in components!

The device uses every single pin on an ATtiny88, and because each button gets its own pin the keypresses can be detected with pin-change interrupts. The state reporting of buttons over I²C is unambiguous, even when multiple buttons are pressed simultaneously. A simple protocol provides all the needed functionality, and all connections are brought to the board’s edge to allow for easily tiling multiple panels.

The GitHub repository contains the code and PCB files and [David] helpfully shared the board files to OSH Park and PCBWay for easy ordering. In addition, he provides two demos (Tacoyaki and Tacoyaki+) which are games related to the classic Lights Out to show off the matrix.

Tags: attiny hacks

12:22
Huawei eSpace 1.1.11.103 Meeting Heap Overflow
» ‎ Packet Storm Security Exploits

Huawei eSpace version 1.1.11.103 Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.
Tags:

12:22
Huawei eSpace 1.1.11.103 Meeting Heap Overflow
» ‎ Packet Storm Security Recent Files

Huawei eSpace version 1.1.11.103 Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.
Tags:

12:22
Huawei eSpace 1.1.11.103 Meeting Heap Overflow
» ‎ Packet Storm Security Misc. Files

Huawei eSpace version 1.1.11.103 Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.
Tags:

11:32
Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow
» ‎ Packet Storm Security Exploits

Huawei eSpace version 1.1.11.103 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Tags:

11:32
Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow
» ‎ Packet Storm Security Recent Files

Huawei eSpace version 1.1.11.103 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Tags:

11:32
Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow
» ‎ Packet Storm Security Misc. Files

Huawei eSpace version 1.1.11.103 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Tags:

11:30
A Cyclonic Vacuum Cleaner on a Hacker’s Budget
» ‎ Hack a Day

Have you ever seen a product in the store and been shocked at what the manufacturer was trying to charge for it? Since you’re reading Hackaday, we can safely assume the answer to that question; building a homebrew version of some commercial product for a fraction of its retail price is practically a rite of passage around these parts. So it’s fitting that for his entry into the 2019 Hackaday Prize, [Madaeon] submitted the “DIYson”, an open source version of a popular high-end vacuum made by a British company who’s name you can surely guess.

As [Madaeon] explains on the project’s Hackaday.io page, the idea behind “cyclonic” vacuums is not particularly complex. Essentially, with a powerful enough blower and carefully designed chamber, the incoming air will spin around so fast that dust is pulled out by centrifugal force. The trick is getting it working on a small enough scale to be a handheld device. Especially given the energy requirements for the blower motor.

Luckily for the modern hacker, we’re living in the “Golden Age” of DIY. With a 3D printer you can produce plastic components with complex geometry, and thanks to a resurgence in remote controlled aircraft, powerful motors and high capacity lithium-ion batteries are easily obtainable. Powered by what’s essentially the hardware that would go into an electric ducted fan plane, the total cost of all the electronics for the DIYson comes in right around $60 USD. Even with a roll of printer filament added to the mix, you’re still comfortably at half the cost of the “name brand” alternative.

With some refinements, [Madaeon] hopes that this open source dust-buster will be a staple of labs and hackerspaces all over the world. Judging by the performance his early prototype shows in the video after the break, we know we wouldn’t mind having one.

The HackadayPrize2019 is Sponsored by:

Tags: the hackaday prize

11:22
Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow
» ‎ Packet Storm Security Exploits

Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.
Tags:

11:22
Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow
» ‎ Packet Storm Security Recent Files

Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.
Tags:

11:22
Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow
» ‎ Packet Storm Security Misc. Files

Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.
Tags:

10:00
The $50 Ham: Dummy Loads, Part 2
» ‎ Hack a Day

In the last installment of “The $50 Ham” I built a common tool used by amateur radio operators who are doing any kind of tuning or testing of transmitters: a dummy load. That build resulted in “L’il Dummy”, a small dummy load intended for testing typical VHF-UHF handy talkie (HT) transceivers, screwing directly into the antenna jack on the radio.

As mentioned in the comments by some readers, L’il Dummy has little real utility. There’s actually not much call for a dummy load that screws right into an HT, and it was pointed out that a proper dummy load is commercially available on the cheap. I think the latter observation is missing the point of homebrewing specifically and the Hackaday ethos in general, but I will concede the former point. That’s why at the same time I was building L’il Dummy, I was building the bigger, somewhat more capable version described here: Big Dummy.

Design Goals
As with its smaller HT version, the design for Big Dummy is not completely my own. In the grand tradition of finding what other hams have done and sticking with that, I built a version of a dummy load that K7AGE built, which in turn is a design he borrowed from Elecraft, a maker of kits for transceivers and other ham gear.

My design goals were grander than with L’il Dummy, but still pretty simple. First, I wanted the dummy load to be good for the HF bands and into VHF if possible. Second, it needed to handle more power than L’il Dummy – I was shooting for 50 watts. Third, I wanted it to have a tap for making measurements of transmitter output, and the more standard SO-239 UHF-style connector. And finally, I wanted it to look good.

I decided to build a smaller version of the classic “Cantenna” dummy load. Not to be confused with the Pringles-can WiFi antennas we’ve seen plenty of before, a cantenna load is a big 50 Ω resistor in a paint can filled with dielectric oil for cooling. I chose to make mine in a quart (about a liter) paint can.
Circuit sculpture, sorta. Still 1 kΩ, but with a tap for the test point.

Resistor choice for Big Dummy was a little more difficult than sourcing a single 35 W thick-film SMT resistor was for L’il Dummy. Wirewound power resistors are easy to find, but as previously noted they’re entirely wrong for a dummy load, as their inductance would change the impedance of the load at higher frequencies. I finally managed to find 1000 Ω metal-film resistors in traditional axial lead packages. A pack of 30 only cost me a few bucks. The plan was to put twenty 1000 Ω resistors in parallel, resulting in a total impedance of 50 Ω. At two watts dissipation each, that should make the load capable of handling 40 W – close enough to my target 50 W.

The tap for the test point was a modification on K7AGE’s design as well. He used a series-parallel network to build his dummy load, which gave him a natural tap point between two of the series resistors that acts as a voltage divider. I had to play a few tricks with the resistors I had to make up a network that does the same thing. I detail its construction in my Hackaday.io post, but the quick version is that four 1 kΩ resistors in a parallel-series arrangement did the trick, allowing me to install a 1N5711 Schottky diode and a small ceramic decoupling cap for the test point while maintaining an overall 50 Ω load.
How not to schematic. All resistors are 1 kΩ, 2 W, 1% The Build
To keep stray inductance at bay, I decided to mount the resistors between two copper discs. This sounded like a way better idea than it turned out to be. I’ll leave the hijinks that resulted from that decision to the build log, but suffice it to say that trying to solder twenty resistors to a heavy copper plate is not as easy as you might think. I ended up using a cheap hot plate to heat the whole assembly evenly and soldering all the leads to one plate at the same time, then flipping the assembly over and doing it again.

I finally figured out how to do it – the plates needed to be held together with threaded rod first, and I needed to use holes rather than dimples in the copper plates. That resulted in this beauty of overkill – I really dig circuit sculptures, and I wanted it to look good before taking a dunk.
Almost done – just need to trim the center rod and connect it to the SO-239 jack on the lid of the can. Finishing Up
I chose plain mineral oil for my dielectric fluid. I was warned that oil-filled dummy loads always end up making a mess, but I decided to try it anyway. It took most of a liter of oil to fill the can, and I did get some initial leaking around the connectors penetrating the top of the can. I may have to add gaskets on some kind, but it’s fine for now if I just keep it upright.
Big Dummy gets ready for a bath while L’il Dummy looks on.
I did the exact same test described in my last post to determine how flat the impedance of Big Dummy is across the range from 2.5 MHz to 20 MHz, the upper limit of my function generator. The data was almost identical to the readings from L’il Dummy, meaning this load is a flat 50 Ω across the ham HF bands. Unfortunately, I haven’t pulled my HF rig out of storage yet since moving across the country, so testing at full power and making some measurements using the test points will have to wait.
Next Time
I think I’ve really caught the homebrewing bug with these two builds, so I’m going to look for another cheap build to do for next time. I’m leaning toward characterizing the notoriously dirty output of the Baofeng and seeing if there’s a filter we can build to clean it up. If you have any ideas on that, please sound off below.

Tags: hackaday Columns

9:47
local privilege escalation via CDE dtprintinfo
» ‎ Full Disclosure

Posted by Marco Ivaldi on May 17
Dear Full Disclosure,

Please find attached an advisory for the following vulnerability:

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the
Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13
(Update 11) and earlier, allows local users to gain root privileges via a long
printer name passed to dtprintinfo by a malicious lpstat program.

Note that Oracle Solaris CDE is based on the original...

Tags:
9:47
[CVE-2019-11880] CommSy
» ‎ Full Disclosure

Posted by Jens Regel | Schneider & Wulf on May 17
Title:
======
CommSy <= 8.6.5 - SQL injection

Researcher:
===========
Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG

CVE-ID:
=======
CVE-2019-11880

Timeline:
=========
2019-04-15 Vulnerability discovered
2019-04-15 Asked for security contact and PGP key
2019-04-16 Send details to the vendor
2019-05-07 Flaw was approved but will not be fixed in branch 8.6
2019-05-15 Public disclosure

Affected Products:
==================...

Tags:
9:46
GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability
» ‎ Full Disclosure

Posted by gionreale on May 17
GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system
information via a crafted request:

PoC:
---------------------------------------------------------------------------------------------------------------------------------------

POST /ws/gatshipWs.asmx/SqlVersion <...

Tags:

9:22
Huawei eSpace 1.1.11.103 DLL Hijacking
» ‎ Packet Storm Security Exploits

Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.
Tags:

9:22
Huawei eSpace 1.1.11.103 DLL Hijacking
» ‎ Packet Storm Security Recent Files

Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.
Tags:

9:22
Huawei eSpace 1.1.11.103 DLL Hijacking
» ‎ Packet Storm Security Misc. Files

Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.
Tags:

9:01
Hackaday Podcast Ep19: Extreme Clock Accuracy, Mobius Gears and Planetary Stunts, Jamming All Fobs, Pi in Your Wii
» ‎ Hack a Day
Join Mike Szczys and Elliot Williams as they riff on the coolest hacks from the past week. Clocks and 3D printing seem to keep coming up this week as we look at using an FPGA plus GPS receiver for better accuracy than we’re used to, and we haggle over what to call the robot arms that nudge the hands on a shelf-clock. There’s a wicked 3D-printed planetary gear design, and brackets that turn flat cardboard into boxes (more useful than you might think). We close out with great reads on the Supermicro fallout of the last 7 months, and a pretty big oops-moment as a hacker knocks out keyfobs for an entire neighborhood.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (48 MB of sweet, sweet audio)
Places to follow Hackaday podcasts:
- Google Play
- iTunes
- Soundcloud
- Spotify
- Stitcher
- RSS
Episode 019 Show Notes: New This Week:
Interesting Hacks of the Week:
Quick Hacks:
- Elliot’s Picks:
- Mike’s Picks:
Can’t-Miss Articles:
- The Great Ohio Key Fob Mystery, or “Honey, I Jammed the Neighborhood!”
- What Happened With Supermicro?
Tags: hackaday Columns
8:30
A Ping Pong Ball LED Video Wall
» ‎ Hack a Day

Constrained builds are often the most fun. Throw an artificial limit into the mix, like time limiting your effort or restricting yourself to what’s on hand, and there’s no telling what will happen.

[bitluni] actually chose both of those constraints for this ping pong ball LED video display, and the results are pretty cool, even if the journey was a little rough. It seems like using sheet steel for the support of his 15 x 20 Neopixel display was a mistake, at least in hindsight. A CNC router would probably have made the job of drilling 300 holes quite a bit easier, but when all you have is a hand drill and a time limit, you soldier on. Six strings of Neopixels fill the holes, a largish power supply provides the 18 or so amps needed, and an Arduino knock-off controls the display. The ping pong ball diffusers are a nice touch, even if punching holes in them cost [bitluni] a soldering iron tip or two. The display is shown in action in the video below, mostly with scrolling text. If we may make a modest suggestion, a game of Pong on a ping pong ball display might be fun.

[bitluni] says that the display is on its way to Maker Faire Berlin this weekend, so stop by and say hi. Maybe he’ll have some of his other cool builds too, like his Sony Watchman Game Boy mashup, or the electric scooter of questionable legality.

Tags: led hacks

7:44
Cisco Expressway Gateway 11.5.1 Directory Traversal
» ‎ Packet Storm Security Exploits

Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
Tags:

7:44
Cisco Expressway Gateway 11.5.1 Directory Traversal
» ‎ Packet Storm Security Recent Files

Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
Tags:

7:44
Cisco Expressway Gateway 11.5.1 Directory Traversal
» ‎ Packet Storm Security Misc. Files

Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
Tags:

7:40
Everything You Need To Know About GDPR
» ‎ Packet Storm Security Headlines

Everything You Need To Know About GDPR
Tags: headlinegovernmentprivacy
7:39
Magecart POS Malware Found On Forbes Subscription Page
» ‎ Packet Storm Security Headlines

Magecart POS Malware Found On Forbes Subscription Page
Tags: headlinehackermalwarebankcybercrimefraud
7:39
Senate Unlikely To Vote On Election Security Despite Risk
» ‎ Packet Storm Security Headlines

Senate Unlikely To Vote On Election Security Despite Risk
Tags: headlinegovernmentusarussiafraudcyberwar
7:39
Hacktivist Attacks Dropped By 95% Since 2015
» ‎ Packet Storm Security Headlines

Hacktivist Attacks Dropped By 95% Since 2015
Tags: headlinehackergovernmentanonymous

7:01
Repairing a Catastrophic Failure: The Oroville Dam Update
» ‎ Hack a Day

More than two years ago, the largest dam in the United States experienced a catastrophic failure of its main spillway, the primary means by which operators of the dam prevent the lake from cresting its pen. The spillway failure caused so much erosion that the hydroelectric plant could not operate, further worsening the situation. In a few days, the dam was finally put to its design limitations, and water began flowing down an emergency spillway that had never been used, prompting the evacuation of 188,000 people living in downstream communities.

Since the time that this crisis came to a head, crews have been working around the clock to repair the main and emergency spillways in order to ensure that one of the largest pieces of infrastructure in the wealthiest country in the world does not suffer a complete failure. The dam’s spillways were reopened recently on April 2, in time for this year’s snow melting, and so far everything looks good.

The repair work was a true feat of engineering, and perhaps a logistics miracle as well. The video below goes over a lot of the raw materials inputs that were needed, but the one that stuck out the most was that a dump truck full of roller-compacted concrete was emptied every five minutes over the entire course of the repair — enough to build a sidewalk from the Oroville Dam to Texas. Part of the reason for the use of such an incredible amount of concrete was that it wasn’t just used to repair the main spillway. An enormous “splash pad” for the emergency spillway was also constructed to limit erosion in the event that it must be used again. But the full change goes beyond concrete and rebar. Join me after the break as I try to wrap my mind around the full scope of the Oroville Dam repair.

Won’t Somebody Think of the Fish? (Actually, They Did)
Truck offloading fish rescued from river during Oroville crisis. [Image source: NOAA Fisheries]Fixing the dam itself wasn’t the only task that needed to be accomplished. The sediment that collected in the basin below the dam was so great that the fish in the river couldn’t get access from one side to the other. That meant millions of small fish had to be trucked around the area, from various fisheries and ponds, to and from the river, in order to keep the population from collapsing.

The other, perhaps more obvious, issue that the sediment in the lower basin was preventing the power station from running at all. Since the generators are situated at the base of the dam, the blockage that was caused by the extreme erosion prevented any outflow from this part of the dam. Before restoring the ability of the generators to run (and lower the lake level some as a side effect), all of the debris had to be removed before the real work of repairing the main spillway could be finished.

Once repairs were complete, dam operators tested out the main spillway with a small flow, and planned to increase the flow to a level greater than that let out of the lake when the spillway first experienced problems two years ago. So far there have been no reported problems with the repaired spillway and the dam is operating as intended.
On the List of Largest Engineering Projects
Ataturk Dam in Turkey [Image source: Temblor]While the Oroville Dam was completed in 1968 it was among the largest dams in the world, but still only the third largest in the United States alone by structure volume (although it is still the tallest). Since then it has been surpassed by only two other dams, the Atatürk Dam in Turkey and the Tarbela Dam in Pakistan. These were all constructed using earth, rock, or a combination of both to hold back the reservoir; other types of dams which require less building material but can reach similar (or greater) heights are concrete arch and gravity dams.

Concrete arch dams require a narrow valley of strong rock to build an effective structure, and gravity dams require a solid rock foundation in order to prevent the structure from sinking. Embankment dams, like Oroville, do not have these same requirements and can be built in areas with less strict requirements, although the downside is the enormous amount of material needed to construct them. This was part of the failure mode of the Oroville Dam’s emergency spillway, situated on the back side of the embankment. Since it was constructed of earth and not concrete, it was able to erode away rapidly which threatened the structural integrity of the dam.

Of course, arch and gravity dams are not immune to issues either. Spillways at the Hoover Dam suffered damage from cavitation in each of the two instances they were needed. At the Grand Coulee Dam, damage to the spillways occurred during a year with heavy rainfall when the spillways were used in a greater capacity than they had been in the past. Typically, though, these issues do not result in the type of damage seen at Oroville, and can even be prevented by draining the reservoir further down earlier in the season (although this is dependent on accurate weather forecasting).
A Dam Renaissance
Jinping-I Hydropower Station [Image source: China Daily]More dams are being constructed in developing countries now, as there are still an abundance of rivers with favorable qualities for constructing dams. Most of the available locations in developed countries are already used already for their power generation and flood control abilities. But in places like China there are a large number of opportunities. There have been few embankment dams built, however, as China seems to favor gravity dams like the Three Gorges Dam, noted for having the largest power generation ability of any dam in the world, or arch dams like the Jinping-I Dam.

While there are taller dams, dams which impound more water, larger dams, or dams which generate more electricity, with proper maintenance these dams will all hopefully be able to avoid any kind of Oroville-like issues in the future.
The Blame Game
Unfortunately, repairing the problems at Oroville is unlikely to be the end of the story. The current issue is deciding which level of government is going to pay for the $1 billion repairs. The federal government claims that this repair does not qualify for federal funds, since the failure of the dam was a result of poor management and maintenance practices. That means California is likely on the hook for the bill, and won’t be able to come up with the money easily.

Regardless of how the financial and political situation plays out, the crisis at the Oroville Dam can be viewed as an example of what is likely to happen to a majority of the rest of the bridges, dams, canals, and other critical infrastructure as maintenance budgets continue to stretch. Unfortunately, beating this dead horse has yet to result in any measurable change in policy, even after almost 200,000 lives were put at risk as a result of this specific incident alone.

Even if the piece of infrastructure is small, it isn’t immune from lack of maintenance. Even a small bridge on U.S. Highway 1 in Florida that experienced a critical structural failure late in 2017 still hasn’t been fixed yet, likely due to government squabbles, lack of funding, or both.

Perhaps the next time we cross a bridge, fly on an airplane, take a drink of water, or even turn on a light switch, we should consider the state of our infrastructure, from the large to the small. It might not all turn out as well as the Oroville Dam.

Tags: engineering

6:13
Ubuntu Security Notice USN-3985-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3985-2 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

6:13
Ubuntu Security Notice USN-3985-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3985-2 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

6:13
Ubuntu Security Notice USN-3985-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3985-2 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

6:02
Freelance Cockpit CRM 3.3.1 SQL Injection
» ‎ Packet Storm Security Exploits

Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.
Tags:

6:02
Freelance Cockpit CRM 3.3.1 SQL Injection
» ‎ Packet Storm Security Recent Files

Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.
Tags:

6:02
Freelance Cockpit CRM 3.3.1 SQL Injection
» ‎ Packet Storm Security Misc. Files

Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.
Tags:

5:11
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
» ‎ Packet Storm Security Exploits

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Tags:

5:11
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
» ‎ Packet Storm Security Recent Files

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Tags:

5:11
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
» ‎ Packet Storm Security Misc. Files

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Tags:

4:23
[RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway
» ‎ Bugtraq

Posted by RedTeam Pentesting GmbH on May 17
Advisory: Directory Traversal in Cisco Expressway Gateway

RedTeam Pentesting discovered a directory traversal vulnerability in
Cisco Expressway which enables access to administrative web interfaces.

Details
=======

Product: Cisco Expressway Gateway
Affected Versions: 11.5.1, possibly others
Fixed Versions: See Cisco Bug ID CSCvo47769 [1]
Vulnerability Type: Directory Traversal
Security Risk: medium
Vendor URL:...

Tags:

4:00
Reverse Engineering Dropbox
» ‎ Hack a Day

These days everyone talks about data “in the cloud.” However, before that phrase was fashionable, there were a few pioneers and one of the most famous of these is Dropbox — a service that let you store files on a remote server that dates back to 2007. [Vincent Berg] first noticed some odd network traffic on a hotel network, and figured out that it was a feature of Dropbox that allows computers on the same network to update each other. This led him to start investigating the undocumented Dropbox protocol and reverse engineering the Linux client.

We won’t ask why [Vincent] was poking around the hotel network to start with. However, a cursory glance at the Dropbox client gave away that it was using Python. The byte-compiled classes were — at the time — in a ZIP file added to the executable (which was nothing but a modified copy of Python). The files were encrypted, but [Vincent] used a clever technique. He built a shared object using normal Python and put a backdoor in it that gave him access to the Dropbox Python interpreter.

Apparently, however, Dropbox knew that was possible. They had built in several anti-debugging measures in their code and [Vincent] explains some of them. For example, though, the custom Python interpreter remapped opcodes to different numbers and marshaling was now encrypted to some extent.

The Dropbox client has changed over that time period and [Vincent] has kept up with it. His current code and the first version is in a GitHub repo if you are interested in doing what he’s done. Honestly, we don’t really want to reverse engineer the Dropbox client and protocol, but we learned a lot about hacking into a Python executable by looking over [Vincent’s] shoulder.

If you are interested in the same sort of tricks with Android, we suggest you read this post with a refreshing beverage. Just remember, too much decompilation can come with significant legal fees.

Tags: Software hacks
1:00
Concrete Speakers Are Attractive And Functional
» ‎ Hack a Day

In a lot of fields – motorsport, space exploration, wearables – lighter is better. But it’s not always the case. When you want to damp vibration, stop things moving around, and give things a nice weighty feel, heavier is the way to go. This is the case for things like machine tools, anvils, and yes – speakers. Using this philosophy, [SoundBlab] built a set of concrete speakers. (Youtube link, embedded below)

The concrete speaker enclsosures are sized for 3″ drivers, and were cast using two measuring jugs as the mold. This gave the final product a smooth and glossy surface finish, thanks to the surface of the plastic used. The concrete was also agitated during the casting process to minimise the presence of air bubbles in the mixture.

Once cast, the enclosures are fitted with plywood end caps which mount the Fountek FE85 speaker drivers. These are a full-range driver, meaning no cross-overs or other drivers are required. The speakers are then mounted on stands constructed from wood edging, which are stained in a contrasting colour for a nice aesthetic touch. Felt pads are placed on the base, and polyfill inside the enclosure to further minimise any unwanted vibrations.

The sound test confirms the speakers perform well, and they look great as a part of a lounge audio setup. We think they make an excellent pair of bookshelf speakers, which would be ideal for comfortable listening at moderate volume levels.

We’ve seen many speaker builds at Hackaday, from 3D-printed omnidirectional builds to the more classical designs. Video after the break.

Tags: classic hacks

0:37
[RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway
» ‎ Full Disclosure

Posted by RedTeam Pentesting GmbH on May 17
Advisory: Directory Traversal in Cisco Expressway Gateway

RedTeam Pentesting discovered a directory traversal vulnerability in
Cisco Expressway which enables access to administrative web interfaces.

Details
=======

Product: Cisco Expressway Gateway
Affected Versions: 11.5.1, possibly others
Fixed Versions: See Cisco Bug ID CSCvo47769 [1]
Vulnerability Type: Directory Traversal
Security Risk: medium
Vendor URL:...

Tags:

0:00
Vuln: Linux Kernel CVE-2018-7191 Local Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel CVE-2018-7191 Local Denial of Service Vulnerability
Tags:
0:00
Vuln: systemd CVE-2018-20839 Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

systemd CVE-2018-20839 Information Disclosure Vulnerability
Tags:
0:00
Vuln: cockpit-ovirt CVE-2019-10139 Local Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

cockpit-ovirt CVE-2019-10139 Local Information Disclosure Vulnerability
Tags:

May 16, 2019
22:00
PokerBot Uses FPGA For Card Calculating Horsepower
» ‎ Hack a Day

Played against humans, Poker is a game as much about reading your opponent as it is about the cards you’re dealt. That doesn’t mean there aren’t certain mathematical ways to aid your decision making based on probabilities. In this vein, a group of students from Cornell’s ECE 5760 class built a pokerbot on an FPGA.

The bot uses the principle of Monte Carlo simulation to calculate the probabilities of an individual winning a hand of Limit Texas Hold’em. Calculating the entire set of possible hands is impractical, so in a Monte Carlo simulation a sample is calculated instead. By accelerating these calculations on an FPGA, the pokerbot is able to calculate 300,000 possible hands in just 150 ms, and present a probability of winning to the human player. This same calculation method is then used to make decisions for the computer players in the game, too.

The team report that the FPGA’s processing power brought a 10x speed up compared to their C++ program running on an Intel i7-6700HQ. The strong statistical calculations help to make the computer players engaging and realistic to play against.

It’s another great example of a project from Bruce Land’s classes, which are somewhat of a hotbed of development each year. Video after the break.

Tags: fpga

20:33
GAT-Ship Web Module 1.30 Information Disclosure
» ‎ Packet Storm Security Exploits

GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.
Tags:

20:33
GAT-Ship Web Module 1.30 Information Disclosure
» ‎ Packet Storm Security Recent Files

GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.
Tags:

20:33
GAT-Ship Web Module 1.30 Information Disclosure
» ‎ Packet Storm Security Misc. Files

GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.
Tags:

19:00
Reupholstering A Couch, With No Prior Experience
» ‎ Hack a Day

Upholstery is a craft that dates back far longer than many we feature on Hackaday. It requires patience, attention to detail, and a series of specialised skills. If you fancy yourself to be like a young Jack White, you might have considered trying your hand at a piece or two. [darkpine] did just that, and the results are impressive.

The couch was sourced from an online bartering platform, and was in a sad and sorry state after years of use. According to the original owner, the couch was over 100 years old and had been passed down through several generations. Last reupholstered in the 1970s, it was in dire need of repair. Wooden trim was falling off, fabric was fading, and resident cats had been sure to leave their mark.

[darkpine] set about things the right way, stripping the couch back to its bare bones. Taking careful note of the original construction, diagrams were made to ensure the springs could be retied in the correct fashion. Fresh burlap was installed, followed by foam and a layer of cotton batting. Careful attention was then paid to the fabric covering, with hand stitching used along the arms to get an absolutely perfect pattern match along the seams. With the hard part done, the wood was then restored and waxed to a glorious shine.

The final results are astounding, especially when noting that this was [darkpine]’s first ever upholstery project. We don’t see a lot of this kind of thing around here, but it’s not completely unknown.

[via Reddit]

Tags: home hacks

16:32
GetSimpleCMS 3.3.15 Remote Code Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
Tags:

16:32
GetSimpleCMS 3.3.15 Remote Code Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
Tags:

16:32
GetSimpleCMS 3.3.15 Remote Code Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
Tags:

16:16
Packet Fence 9.0.0
» ‎ Packet Storm Security Recent Files

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
Tags:

16:16
Packet Fence 9.0.0
» ‎ Packet Storm Security Tools

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
Tags:

16:16
Packet Fence 9.0.0
» ‎ Packet Storm Security Misc. Files

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
Tags:

16:06
Red Hat Security Advisory 2019-1243-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1243-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.131. Issues addressed include an out of bounds access vulnerability.
Tags:

16:06
Red Hat Security Advisory 2019-1243-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1243-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.131. Issues addressed include an out of bounds access vulnerability.
Tags:

16:06
Red Hat Security Advisory 2019-1243-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1243-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.131. Issues addressed include an out of bounds access vulnerability.
Tags:

16:06
Ubuntu Security Notice USN-3988-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3988-1 - It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.
Tags:

16:06
Ubuntu Security Notice USN-3988-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3988-1 - It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.
Tags:

16:06
Ubuntu Security Notice USN-3988-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3988-1 - It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.
Tags:

16:05
Ubuntu Security Notice USN-3986-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3986-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
Tags:

16:05
Ubuntu Security Notice USN-3986-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3986-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
Tags:

16:05
Ubuntu Security Notice USN-3986-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3986-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
Tags:

16:05
Red Hat Security Advisory 2019-1238-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1238-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Issues addressed include a buffer overflow vulnerability.
Tags:

16:05
Red Hat Security Advisory 2019-1238-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1238-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Issues addressed include a buffer overflow vulnerability.
Tags:

16:05
Red Hat Security Advisory 2019-1238-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1238-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Issues addressed include a buffer overflow vulnerability.
Tags:

16:05
Red Hat Security Advisory 2019-1237-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.
Tags:

16:05
Red Hat Security Advisory 2019-1237-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.
Tags:

16:05
Red Hat Security Advisory 2019-1237-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.
Tags:

16:05
Slackware Security Advisory - rdesktop Updates
» ‎ Packet Storm Security Advisories

Slackware Security Advisory - New rdesktop packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Tags:

16:05
Slackware Security Advisory - rdesktop Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New rdesktop packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Tags:

16:05
Slackware Security Advisory - rdesktop Updates
» ‎ Packet Storm Security Misc. Files

Slackware Security Advisory - New rdesktop packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Tags:

16:05
Red Hat Security Advisory 2019-1236-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1236-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5. Issues addressed include a denial of service vulnerability.
Tags:

16:05
Red Hat Security Advisory 2019-1236-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1236-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5. Issues addressed include a denial of service vulnerability.
Tags:

16:05
Red Hat Security Advisory 2019-1236-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1236-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5. Issues addressed include a denial of service vulnerability.
Tags:

16:04
Ubuntu Security Notice USN-3985-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3985-1 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

16:04
Ubuntu Security Notice USN-3985-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3985-1 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

16:04
Ubuntu Security Notice USN-3985-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3985-1 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

16:02
SEL AcSELerator Architect 2.2.24 Denial Of Service
» ‎ Packet Storm Security Exploits

SEL AcSELerator Architect version 2.2.24 suffers from a CPU exhaustion denial of service vulnerability.
Tags:

16:02
SEL AcSELerator Architect 2.2.24 Denial Of Service
» ‎ Packet Storm Security Recent Files

SEL AcSELerator Architect version 2.2.24 suffers from a CPU exhaustion denial of service vulnerability.
Tags:

16:02
SEL AcSELerator Architect 2.2.24 Denial Of Service
» ‎ Packet Storm Security Misc. Files

SEL AcSELerator Architect version 2.2.24 suffers from a CPU exhaustion denial of service vulnerability.
Tags:

16:01
Axessh 4.2 Denial Of Service
» ‎ Packet Storm Security Exploits

Axessh version 4.2 denial of service proof of concept exploit.
Tags:

16:01
Axessh 4.2 Denial Of Service
» ‎ Packet Storm Security Recent Files

Axessh version 4.2 denial of service proof of concept exploit.
Tags:

16:01
Axessh 4.2 Denial Of Service
» ‎ Packet Storm Security Misc. Files

Axessh version 4.2 denial of service proof of concept exploit.
Tags:

16:00
ZOC Terminal 7.23.4 Denial Of Service
» ‎ Packet Storm Security Exploits

ZOC Terminal version 7.23.4 suffers from multiple denial of service vulnerabilities.
Tags:

16:00
ZOC Terminal 7.23.4 Denial Of Service
» ‎ Packet Storm Security Recent Files

ZOC Terminal version 7.23.4 suffers from multiple denial of service vulnerabilities.
Tags:

16:00
ZOC Terminal 7.23.4 Denial Of Service
» ‎ Packet Storm Security Misc. Files

ZOC Terminal version 7.23.4 suffers from multiple denial of service vulnerabilities.
Tags:

16:00
This Two-Wheeled RC Car Is Rather Quick
» ‎ Hack a Day

Radio control cars have always been fun, it’s true. With that said, it’s hard to deny that true speed was unlocked when lithium polymer batteries and brushless motors came to the fore. [Gear Down For What?] built himself a speedy RC car of his own design, and it’s only got two wheels to boot (Youtube link, embedded below).

The design is of the self-balancing type – if you’re thinking of an angry unmanned Segway with a point to prove, you’re in the ballpark. The brains of the machine come thanks to a Teensy 3.6, which runs the PID loops for balancing and control. An MPU6050 gyroscope & accelerometer provide the necessary sensing to enable the ‘bot to keep itself upright in varied conditions. Performance is impressive, with the car reaching speeds in excess of 40 MPH and managing to handle simple ramps and bumps with ease. It’s all wrapped up in a 3D printed frame which held up surprisingly well to many crashes into tripods and tarmac.

Such builds are not just fun; they’re an excellent way to learn useful control skills that can serve you well in industry and your own projects. You can pick up the finer details of control systems in a university engineering course, or you could give our primer a whirl. When you’ve whipped up your first awesome project, we’d love to hear about it. Video after the break.

Tags: car hacks

15:58
JetAudio jetCast Server 2.0 Buffer Overflow
» ‎ Packet Storm Security Exploits

JetAudio jetCast Server version 2.0 log directory local SEH alphanumeric encoded buffer overflow exploit.
Tags:

15:58
JetAudio jetCast Server 2.0 Buffer Overflow
» ‎ Packet Storm Security Recent Files

JetAudio jetCast Server version 2.0 log directory local SEH alphanumeric encoded buffer overflow exploit.
Tags:

15:58
JetAudio jetCast Server 2.0 Buffer Overflow
» ‎ Packet Storm Security Misc. Files

JetAudio jetCast Server version 2.0 log directory local SEH alphanumeric encoded buffer overflow exploit.
Tags:

15:56
WeChat 7.0.4 Denial Of Service
» ‎ Packet Storm Security Exploits

WeChat for Android version 7.0.4 suffers from a denial of service vulnerability.
Tags:

15:56
WeChat 7.0.4 Denial Of Service
» ‎ Packet Storm Security Recent Files

WeChat for Android version 7.0.4 suffers from a denial of service vulnerability.
Tags:

15:56
WeChat 7.0.4 Denial Of Service
» ‎ Packet Storm Security Misc. Files

WeChat for Android version 7.0.4 suffers from a denial of service vulnerability.
Tags:

15:54
VMware Workstation DLL Hijacking
» ‎ Packet Storm Security Exploits

VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability.
Tags:

15:54
VMware Workstation DLL Hijacking
» ‎ Packet Storm Security Recent Files

VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability.
Tags:

15:54
VMware Workstation DLL Hijacking
» ‎ Packet Storm Security Misc. Files

VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability.
Tags:

15:53
US Telcos Say They Stopped Selling User Location Data, With A Few Exceptions
» ‎ Packet Storm Security Headlines

US Telcos Say They Stopped Selling User Location Data, With A Few Exceptions
Tags: headlineprivacyphonedata lossfraud
15:53
ARIN Recovers 735,000 Fraudulently Obtained IPv4 Addresses
» ‎ Packet Storm Security Headlines

ARIN Recovers 735,000 Fraudulently Obtained IPv4 Addresses
Tags: headlinefraud
15:53
GozNym Bank Malware Gang That Stole Millions Busted
» ‎ Packet Storm Security Headlines

GozNym Bank Malware Gang That Stole Millions Busted
Tags: headlinehackermalwarebankcybercrimefraud
15:53
Cisco / WebEx Flaws Offer Up Remote Code Execution
» ‎ Packet Storm Security Headlines

Cisco / WebEx Flaws Offer Up Remote Code Execution
Tags: headlinehackerflawcisco

13:00
Building An ESP8266 Game System With MicroPython
» ‎ Hack a Day

After a seemingly endless stream of projects that see the ESP8266 open doors or report the current temperature, it can be easy to forget just how powerful the little WiFi-enabled microcontroller really is. In fact, you could argue that most hackers aren’t even scratching the surface of what the hardware is actually capable of. But that’s not the case for [Brian Wagner] and his students from the Kentucky Country Day School.

Their project, the GamerGorl, is a completely custom handheld game system running on a Wemos D1 Mini development board. The team’s PCB, which was developed over several iterations, is essentially a breakout board which allows them to easily connect up peripheral devices. Given the low total component cost of the GamerGorl and relative simplicity of its construction, it looks like a phenomenal project for older STEM students.

Beyond the ESP8266 board, the GamerGorl features a SSD1106 1.3″ OLED display, a buzzer for sound effects, two tactile buttons, and an analog joystick originally intended for an Xbox controller. Around the backside there’s a WS2812B RGB LED strip that’s at least partially for decoration, but it’s also actively used in some of the games such as the team’s take on Simon.

Even if you aren’t in the market for a portable game system, the GameGorl does provide an interesting case study for MicoPython applications on the Wemos D1 Mini. Browsing through the team’s source code as well as the helpful hints that [Brian] gives about getting the software environment up and running could be useful if you’re looking to expand your ESP8266 programming repertoire. We’d also love to see this device running the “ESP Little Game Engine” we covered recently.

Tags: handhelds hacks
11:30
The Raspberry Pi Portable Console You Wish You Had
» ‎ Hack a Day

A retro game console is a fun all-arounder project. You’ve got electronics, mechanical design, and software considerations. For this year’s Hackaday Prize, is going all in. The Portable Retro Game Console with 7.9-inch Display is a work of art, and everything that a retro console could be.

This build is based on the Raspberry Pi 3 A+ instead of the B model for space-saving considerations. The screen is a beautiful 7.9 inch IPS panel with 2048 x 1536 resolution. Stereo 3 W speakers pump out the tunes, and an 8000 mAh provides somewhere between 3 and 6 hours of play time.

While using a Raspberry Pi 3 for retro gaming is fun, there’s a world of oppurtunity for emulating bigger and badder consoles thanks to more powerful single board computers. The Nvidia Jetson Nano is far more powerful than the Raspberry Pi 3, and could conceivably emulate N64 and PlayStation games. The Atomic Pi, the fantastic computer that totally isn’t industrial surplus repackaged as an educational computer, already is proven to emulate N64 games. Imagine taking a portable console out of your backpack and playing Conker’s Bad Fur Day on the bus. Oh, that’s cheeky, but it is possible thanks to the amazing work of hardware creators.
The HackadayPrize2019 is Sponsored by:

Tags: raspberry
10:00
Fun With Negative Resistance II: Unobtanium Russian Tunnel Diodes
» ‎ Hack a Day

In the first part of this series, we took a look at a “toy” negative-differential-resistance circuit made from two ordinary transistors. Although this circuit allows experimentation with negative-resistance devices without the need to source rare parts, its performance is severely limited. This is not the case for actual tunnel diodes, which exploit quantum tunneling effects to create a negative differential resistance characteristic. While these two-terminal devices once ruled the fastest electronic designs, their use has fallen off dramatically with the rise of other technologies. As a result, the average electronics hacker probably has never encountered one. That ends today.

Due to the efficiencies of the modern on-line marketplace, these rare beasts of the diode world are not completely unobtainable. Although new-production diodes are difficult for individuals to get their hands on, a wide range of surplus tunnel diodes can still be found on eBay for as little as $1 each in lots of ten. While you’d be better off with any number of modern technologies for new designs, exploring the properties of these odd devices can be an interesting learning experience.

For this installment, I dug deep into my collection of semiconductor exotica for some Russian 3И306M gallium arsenide tunnel diodes that I purchased a few years ago. Let’s have a look at what you can do with just a diode — if it’s the right kind, that is.

[Note: the images are all small in the article; click them to get a full-sized version]

3И306M Tunnel Diodes
I bought a set of ten of these military-grade gallium arsenide diodes in 2016 for some experiments with pulse generators. You may also see this part listed as “3I306M,” since the Cyrillic letter “И” corresponds to the English “I.” The TekWiki on w140.com has a good page on surplus Russian diodes, as well as good general information on tunnel diodes, especially those used in classic Tektronix oscilloscopes. Some diodes are optimized for use in amplifiers, pulse generators, or for switching circuits. From the 3И306M datasheet (PDF, in Russian), we can glean some information about this particular diode — a switching type — but I found it easier just to measure some of the parameters firsthand using a curve tracer, which generates the I/V characteristic curve for the device.
Tunnel diode waveform shows sharp edges
In the last article, I presented my quick-and-dirty curve tracer, which is nothing more than a signal generator, a 10-Ohm resistor, and an oscilloscope. I also mentioned the problem with that method: that the voltage measurement is corrupted by the current measurement on the scope’s screen. The ideal thing to do is capture the trace data and plot the curve in your favorite graphing software, where you can compensate for the error. This time, that’s exactly what I did, exporting the traces as a CSV file, then generating the plot in python using matplotlib.

As you can see in the curve, the current through the device initially ramps up to around 11 mA with increasing voltage until 150 mV, at which point the current drops abruptly to about 500 uA before increasing again. This is the negative differential resistance (NDR) region, where the current drops with increasing voltage. The interesting thing about this curve is that only two points in this region were captured. Looking at the waveform of the voltage measurement shows what’s going on — the diode is switching on and off at very high speed.
Switching Performance Tunnel diode switching time test jig – just a couple of BNC connectors soldered together.
This diode was intended for switching, so it makes sense it should generate sharp edges. To get a better look at this, I built a test jig from two BNC jacks soldered closely together: the tunnel diode is soldered across the BNC terminals. With one end connected to a 50-Ohm signal generator and the other to a 50-Ohm terminated oscilloscope, this allows testing of the very fast switching speed of the diode.
Fall time of tunnel diode is less than 1 ns
The switching time of the diode seems independent of the input waveform — when the voltage hits the threshold, the diode switches — so I drove it with a triangle waveform at around 100 kHz. I measured the fall time of the output transitions at under 900 ps, while the rise time was slightly longer at 1.1 ns. That’s pretty impressive for a circuit with only one part (ignoring the signal generator). This could be just the ticket for sharpening up the lazy 100 ns edges on a classic 555 oscillator, if you were into that kind of thing.

The drawback to this circuit, common to all tunnel diode applications, is the low output level: these diodes work at low voltages and currents, so can’t generate powerful outputs.
300 MHz Oscillator Tunnel diode LC oscillator
While this particular diode may have been intended for switching, it can easily be pressed into oscillator service. Like I did with the transistor circuit in Part I, I built an LC oscillator using this diode as the active element. The negative resistance of the tunnel diode counteracts the positive resistance in the LC tank, causing oscillations to build over time instead of diminishing.
300 MHz oscillator and probe loop
The resonator initially consisted of a single 9 mm loop of copper wire in parallel with a 2 pF capacitor – or so I thought. A 10 nF bypass capacitor handles the return current through the diode, and a 700 mV supply powers the oscillator, although I found that the circuit would continue to oscillate down to 330 mV once started.

This circuit initially oscillated at 295 MHz. When I swapped the 2 pF capacitor for a 1 pF part, and the frequency only went up to 300 MHz, I realized that the capacitance of the diode itself was keeping the frequency low. By calculating the inductance of the wire loop, I was able to estimate the diode capacitance at around 18 pF (the datasheet only says less than 30 pF). This diode capacitance adds to the LC tank capacitance, reducing the resonant frequency.
300 MHz tunnel diode oscillator output
For the same reason, care must be taken when probing a circuit like this. My 10x oscilloscope probe claims to have a 10 pF nominal capacitance, which would have a similar frequency-reducing effect if the circuit were probed directly. Instead, I attached the ground clip to the probe’s tip, forming an inductive pickup loop. Keeping the two loops close together acts like a transformer and gives enough coupling to detect the signal and measure the frequency. Since the coupling is somewhat arbitrary, the amplitude scaling is not calibrated, but changes to the circuit operation — due to changing the power supply for instance — can still be seen.
581 MHz Oscillator 581 MHz tunnel diode oscillator with two components
Not content with 300 MHz, I decided to strip the circuit down to the bare minimum to speed it up. I cut the diode leads short and soldered them directly to those of a 100 pF axial capacitor. In this case, the leads themselves are providing the necessary inductance, resonating with the diode capacitance. Again using a supply voltage of 700 mV, I found the circuit oscillated at 581 MHz. I’m not sure how to make this go any faster using lumped components – maybe someone can suggest a different method in the comments. Cavity resonators?
Output of two-component tunnel diode oscillator at 581 MHz
In any case, I find it amazing that a two-terminal device can form such an oscillator this simply. I also have a much greater appreciation for the designers who worked with these things: preventing unwanted parasitic oscillations in circuits using these diodes must have been a serious consideration. This is also why I haven’t tried to build an amplifier with these diodes (yet). There’s an old adage that the easiest way to build an oscillator is to design an amplifier, and now I’m wondering if this saying really caught on during the tunnel-diode days.

To measure this faster oscillator, I constructed a smaller pickup loop on the end of the oscilloscope probe with a length of bare copper wire. Don’t be fooled by the perfect-looking sine wave shape of the output; it’s a 581 MHz signal measured on a 1 GHz scope, so there’s not enough bandwidth to show many distortions. They may or may not be present, but we can’t tell with this equipment. And, like with the previous oscillator, the random coupling of the probe loop creates an arbitrary amplitude scale, so you can’t compare the outputs of the two circuits.
Hard Lessons Soldering heat sink can prevent thermal damage
These gallium arsenide diodes are as fragile as they are fascinating. Of the four diodes I used in these experiments, I destroyed two. The first one was simply a matter of applying too much voltage during curve tracing. The best approach is probably to start low — the active region is below 1 V with these devices — and advance slowly. The second casualty was a case of overheating. The datasheet cautions to heat the leads no more than 3 seconds to a temperature not exceeding 260 °C, and to use a heat sink between the diode body and the solder point on the leads. I read this after having overcooked one. I didn’t have the recommended 2 mm wide copper tweezers, but finally made do with a clamp-on aluminum sink I originally bought for soldering germanium components.

The diodes are also static sensitive, and the datasheet ominously warns not to test them with a diode tester. I had already tested one with the diode-test function on a DMM when I read this, and although the diode seems to have survived — at least it was not instantly destroyed — the tester didn’t register the diode in either polarity. So, use the diagram in the datasheet to determine which end is which.

The bottom line: if you play with these diodes, be careful and make sure to buy a few spares.
Whats Next?
So, that wraps up this brief hands-on series about negative resistance devices. Be sure to let us know in the comments if you have first-hand experience with these unusual diodes or similar parts, especially if you can get one to go much faster than 581 MHz. I really want to see one of these things scream.

Tags: classic hacks
8:30
A Better Bowden Drive for Floppy Filaments
» ‎ Hack a Day

You might not think to use the word “rigid” to describe most 3D-printer filaments, but most plastic filaments are actually pretty stiff over a short length, stiff enough to be pushed into an extruder. Try the same thing with a softer plastic like TPE, though, and you might find yourself looking at this modified Bowden drive for elastomeric filaments.

The idea behind the Bowden drive favored by some 3D-printer designers is simple: clamp the filament between a motor-driven wheel and an idler to push it up a pipe into the hot end of the extruder. But with TPE and similar elastomeric filaments, [Tech2C] found that the Bowden drive on his Hypercube printer was causing jams and under-extrusion artifacts in finished prints. A careful analysis of the stock drive showed a few weaknesses, such as how much of the filament is not supported on the output side of the wheel. [Tech2C] reworked the drive to close that gap and also to move the output tube opening closer to the drive. The stock drive wheel was also replaced with a smaller diameter wheel with more aggressive knurling. Bolted to the stepper, the new drive gave remarkably improved results – a TPE vase was almost flawless with the new drive, while the old drive had blobs and artifacts galore. And a retraction test print showed no stringing at all with PLA, meaning the new drive isn’t just good for the soft stuff.

All in all, a great upgrade for this versatile and hackable little printer. We’ve seen the Hypercube before, of course – this bed height probe using SMD resistors as strain gauges connects to the other end of the Bowden drive.

Tags: printer hacks
7:01
It Is ‘Quite Possible’ This Could Be The Last Bay Area Maker Faire
» ‎ Hack a Day

The Bay Area Maker Faire is this weekend, and this might be the last one. This report comes from the San Francisco Chronicle, and covers the continuing problems of funding and organizing what has been called The Greatest Show and Tell on Earth. According to Maker Media CEO Dale Dougherty, “it is ‘quite possible’ that the event could be the Bay Area’s last Maker Faire.”

Maker Faire has been drawing artists, craftspeople, inventors, and engineers for more than a decade. In one weekend you can see risque needlepoint, art cars meant for the playa, custom racing drones, science experiments, homebrew computers, gigantic 3D printers, interactive LED art, and so much more. This is a festival built around a subculture defined by an act of creation; if you do something with your hands, if you build something, or if you make something, Maker Faire has something for you. However you define it, this is the Maker Movement and since 2006, there has been a Maker Faire, a festival to celebrate these creators.

It’s sad to learn the future of this event is in peril. Let’s take a look at how we got here and what the future might hold.

Where is Maker Faire Bay Area Having Trouble?
In The Chronicle’s interview with Dale Dougherty, financial issues are at the forefront of the uncertain future. We had to ask ourselves why. Attendance is still quite high, and shows that there is demand, but is the cost an issue? For a family of four, a single-day pass costs $130. A bottle of water is six dollars. In terms of entertainment, Maker Faire isn’t terribly expensive; a single-day pass for a family of four to the Exploratorium, a children’s museum that’s the closest thing to Maker Faire that’s in the Bay Area, costs $100. While the cost of attending the Bay Area Maker Faire is an issue, it’s not something that is outrageously expensive — aside from the food vendors, of course — but it is an issue.

Nonetheless, attendance has fallen in recent years. 2015 saw 145,000 makers attend the Bay Area Maker Faire, a slight increase over 2014 numbers. In 2016, Make reported attendance of 150,000, and in 2017 it was listed at 125,000. The number for 2018 was a mere 100,000. That’s still a lot of people, but in less than two years, attendance at the Bay Area Maker Faire dropped more than 30%.

Makers exhibit and attend Bay Area Maker Faire at no cost. Individual makers who are trying to make a business of their craft, and non-profits with small budgets, can exhibit for $525 to $1,500 per booth. It’s harder to get numbers for ‘maker’ companies who fall somewhere in between the individuals and the large corporations. But anecdotally I have heard that rising booth prices have caused some of these companies to pass on having a booth at the faire.

While the economics of Maker Faire might not make sense for some small businesses in the DIY market, Maker Faire is still supported by large companies that headline the event. Even here, support is waning. Huge sponsors like Intel have exited the ‘maker market’ entirely.

It’s easy to see that the crunch between waning attendance revenue and falling sponsorships endangers the future of the event.
Is It The Economy?
Decreased attendance and a shrinking number of sponsorships are merely a symptom. Any one of these reasons is not enough to account for the possible shuttering of Maker Faire. The faire, at its core, is a do-it-yourself festival and there is a historical precedent of the rise and fall of this market.

Bob Vila, of This Old House fame, attributes the success of his show to the terrible economy of the 1970s. This was an era where homeowners would remodel instead of upgrading, and This Old House was there to teach people how to spackle. DIY appears to be inversely correlated with the economy, and right now the economy is doing great. Last December, unemployment in the US was at 3.9%, a rate not seen since the eve of the dot com bubble.

Many ‘maker’ companies who have been around long enough to go through a few economic cycles will tell you it’s a great, nearly recession-proof business to be in, but still long “booms” in the economy as a whole can kill a company that was already on shaky footing. There is a reason TechShop saw a massive explosion of growth around 2008, only to shut most of its locations in 2017. There’s a reason RadioShack died in 2015.

Maker Media itself has seen a series of layoffs, with the most recent round in March. Years ago, at the height of the Maker movement, twenty percent of the staff was laid off. There is a lot of speculation as to why this is happening, and unfortunately very little data to give a clear picture of what is happening.
Maker Faire is Not the Maker Community
If this is the last Maker Faire Bay Area — and it’s not entirely certain that this is the last Maker Faire quite yet — this isn’t a time to mourn. The ‘maker community’ — whatever that is — may have been branded by Maker Media, but we weren’t created by them. DIY and amateur engineering has been around since the invention of the lathe and the soldering iron. Crafting has existed since time immemorial. Tinkering is a long-standing tradition.

Maker Media and Make Magazine have done great things to bolster the community over the years, and we’ll be sad to see the Maker Faires come to an end, but we have other outlets too.

While in some peoples’ minds Maker Faire, Make Magazine, and Make Media represent the community, it’s worth remembering that they’re just a for-profit company that can fail for any number of economic and financial reasons. If this is the last Maker Faire Bay Area, that doesn’t mean that the community is to blame.

I’ll be at the Faire this weekend and I hope you will too.

Tags: cons

5:46
[slackware-security] rdesktop (SSA:2019-135-01)
» ‎ Bugtraq

Posted by Slackware Security Team on May 16
[slackware-security] rdesktop (SSA:2019-135-01)

New rdesktop packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/rdesktop-1.8.5-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Add bounds checking to protocol handling in order to fix many
security problems when communicating with...

Tags:

4:00
PocketPi Is Exactly What It Sounds Like
» ‎ Hack a Day

The Raspberry Pi line of single-board computers are remarkably useful things, but they generally require some accessories to be hooked up to become a useful computing platform. [Ramin Assadollahi] wanted a pocket-sized computer to work on without the distractions so common on smartphones, so whipped up the PocketPi to do the job.

It’s a testament to the popularity of the Raspberry Pi platform that [Ramin] was able to put this project together with so many off-the-shelf parts. A Pi Zero W was chosen for its compact size, while a HyperPixel 4.0 screen was chosen for its high resolution in a small package. These parts were combined with a 3000 mAh battery, Adafruit Powerboost 1000C and a small USB keyboard and hub. It’s all wrapped up in a tidy 3D printed package, giving the pocket-sized computer a classic late-1980s look, albeit with much more horsepower under the hood.

It looks like a fun and useful machine to have when out and about, and the full QWERTY keyboard makes input easy. We’ve seen [Ramin]’s work before – with last year’s StickPi implementing an e-paper display. Video after the break.

Tags: raspberry
1:00
An Impeccably Designed High-Speed LED Flash
» ‎ Hack a Day

If you want to take a picture of something fast, and we mean really fast, you need to have a suitably rapid flash to illuminate it. A standard camera flash might be good enough to help capture kids running around the back yard at night, but it’s not going to do you much good if you’re trying to get a picture of a bullet shattering a piece of glass. For that you’ll need something that can produce microsecond flashes, allowing you to essentially “freeze” motion.

You can buy a flash that fast, but they aren’t common, and they certainly aren’t cheap. [td0g] thought he could improve on the situation by developing his own microsecond flash, and he was kind enough to not only share it with the world, but create a fantastically detailed write-up that takes us through the entire design and construction process. Even if you aren’t in the market for a hyper-fast flash for your camera, this is a fascinating look at how you can build an extremely specialized piece of gear out of relatively common hardware components.

So what goes into a fast LED flash? Rather unsurprisingly, the build starts with high-quality LEDs. After some research, [td0g] went with an even dozen CREE CXA2530 arrays at just shy of $7 USD each. Not exactly cheap, but luckily the rest of the hardware is pretty garden variety stuff, including a ATMega328P microcontroller, some MOSFETs, and a TC4452 driver. He did pack in some monstrous 400 V 10μf capacitors, but has since realized they were considerably overkill and says he would swap them out if doing it all over again.

To make development easier (and less costly, should anything go wrong), [td0g] designed the flash so that the LEDs are arranged in banks of three which can be easily removed or swapped in the 3D printed case. Each trio of LEDs is in a removable “sled” that also holds the corresponding capacitor and MOSFET. Then it was just a matter of getting the capacitors charged up and safely dumping their energy into the banks of LEDs without frying anything. Simple.

At this point, the astute reader is probably thinking that a high speed flash is worthless without an equally fast way of triggering it. You’d be right, but [td0g] already figured that part. A couple years back we covered his incredible ballistic chronometer which is being used as a sensor to fire off his new flash.

Tags: led hacks

0:00
Vuln: Symantec Messaging Gateway CVE-2019-9699 Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Symantec Messaging Gateway CVE-2019-9699 Information Disclosure Vulnerability
Tags:
0:00
Vuln: Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability
Tags:
0:00
Vuln: Cisco NX-OS CVE-2019-1778 Local Command Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Cisco NX-OS CVE-2019-1778 Local Command Injection Vulnerability
Tags:

May 15, 2019
22:00
MIDI Synthesizer From A Sega Genesis
» ‎ Hack a Day

[Aidan] is really into FM synthesis chips for creating audio, and one of the most interesting chips from that era is found on the Sega Genesis. Anyone involved in the console wars at that time certainly remembers the classic, unique sound that those video game systems were able to produce, so [Aidan] built a device using a sound chip from a Genesis to play any piece of music from any game. The second iteration of that project, though, is able to use those same sound files as a MIDI synthesizer.

The interesting aspect of these chips is how they use registers to change the audio output. Essentially, there is a complicated register map (one section of his write-up is simply called “Register Hell”) that can be called in order to access the various types of effects one would normally see on a synthesizer. It’s not straightforward at all, though, and got even more complicated once [Aidan] started adding MIDI functionality to it as well. Once he finished sifting through the Sega Genesis technical manuals and a bunch of registers, though, he had a unique synthesizer working that doesn’t sound like anything you’ve ever heard, unless you’ve ever played a Genesis.

If you’d like to check out his first project, the MegaBlaster, which plays the sound files of the old Genesis games directly, we featured that a while ago. Keep in mind though that his latest project isn’t just an updated MegaBlaster, though. He built this entire thing from the ground up.

Tags: musical hacks

19:12
FreeBSD Security Advisory FreeBSD-SA-19:07.mds [REVISED]
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on May 15
=============================================================================
FreeBSD-SA-19:07.mds Security Advisory
The FreeBSD Project

Topic: Microarchitectural Data Sampling (MDS)

Category: core
Module: kernel
Announced: 2019-05-14
Credits: Refer to Intel's security advisory at the URL below for...

Tags:
19:08
FreeBSD Security Advisory FreeBSD-SA-19:07.mds
» ‎ Bugtraq

Posted by FreeBSD Security Advisories on May 15
=============================================================================
FreeBSD-SA-19:07.mds Security Advisory
The FreeBSD Project

Topic: Microarchitectural Data Sampling (MDS)

Category: core
Module: kernel
Announced: 2019-05-14
Credits: Refer to Intel's security advisory at the URL below for...

Tags:

19:00
Air Compressor From Fridge Parts Gets An Upgrade
» ‎ Hack a Day

Air compressors are often loud, raucous machines – but they don’t have to be. [Eric Strebel] built a remarkably quiet compressor using parts salvaged from an old fridge. After several years of use, it was due for an upgrade (Youtube link, embedded below}.

While performance of the original setup was good, [Eric] desired a compressor with more capacity for his resin casting activities. A 15 gallon air tank was sourced from a damaged Craftsman brand compressor, and pressed into service. The build involved plenty of sheet metal work to mount the various components, as well as an upgrade to the pressure regulator.

During the refit, [Eric] takes the time to answer questions from the audience about his original build. He notes that the fridge compressor has worked well without using any noticeable amount of oil, and that there was a problem with water build up in the original tank which has been solved in the new rig.

It’s a great example of building your own tools, which can provide years of service if done right. Check out our write up on [Eric]’s first build, or his work on photogrammetry. Video after the break.

Tags: tool hacks
16:00
An Open Source ESC For Brushless Motors
» ‎ Hack a Day

For something basic like a brushed DC motor, speed control can be quite simple, and powering up the motor is a simple matter of just applying voltage. Brushless motors are much more demanding in their requirements however, and won’t spin unless driven just right. [Electronoobs] has been exploring the design of a brushless speed controller, and just released version 1.0 of his open-source ESC design.

The basic design is compact, and very similar to many off-the-shelf brushless ESCs in the low power range. There’s a small PCB packing a bank of MOSFETs to handle switching power to the coils of the motor, and a big capacitor to help deal with current spikes. The hacker staple ATMEGA328 is the microcontroller running the show. It’s a sensorless design, which measures the back EMF of the motor in order to determine when to fire the MOSFETs. This keeps things simple for low-torque, low-power applications.

It’s a tidy build, and the latest revision shows a lot of polish compared to the earlier prototypes. If you’re interested to learn more, try building it yourself, or consider building a thrust testing rig for your bench at home. Video after the break.

Tags: classic hacks
13:00
Lifelike Dinosaur Emerges From The Plumbing Aisle
» ‎ Hack a Day

Despite the incredible advancements in special effects technology since the film’s release, the dinosaurs in 1993’s Jurassic Park still look just as terrifying today as they did nearly 30 years ago. This has largely been attributed to the fact that the filmmakers wisely decided to use physical models in many of the close-up shots, allowing them to capture the nuances of movement which really helps sell the idea you’re looking at living creatures.

[Esmée Kramer] puts that same principle to work in her incredible articulated dinosaur costume, and by the looks of it, Steven Spielberg could have saved some money if he had his special effects team get their supplies at the Home Depot. Built out of PVC pipes and sheets of foam, her skeletal raptor moves with an unnerving level of realism. In fact, we’re almost relieved to hear she doesn’t currently have plans on skinning the creature; some things are better left to the imagination.

In her write-up on LinkedIn (apparently that’s a thing), [Esmée] explains some of the construction tricks she used to help bring her dinosaur to life, such as heating the pipes and folding them to create rotatable joints. Everything is controlled by way of thin ropes, with all the articulation points of the head mirrored on the “steering wheel” in front of her.

Now to be fair, it takes more than a bundle of PVC pipes to create a convincing dinosaur. Obviously a large part of why this project works so well is the artistry that [Esmée] demonstrates at the controls of her creation. Judging by her performance in the video after the break, we’re going to assume she’s spent a not inconsiderable amount of time stomping around the neighborhood in this contraption to perfect her moves.

In the past we’ve seen the Raspberry Pi used to upgrade life-sized animatronic dinosaurs, but even with the added processing power, those dinos don’t hold a candle to the smooth and organic motion that [Esmée] has achieved here. Just goes to show that sometimes low-tech methods can outperform the latest technological wizardry.

[Thanks to themoreyouknow for the tip.]

Tags: wearable hacks

11:44
Red Hat Security Advisory 2019-1235-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1235-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Tags:

11:44
Red Hat Security Advisory 2019-1235-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1235-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Tags:

11:44
Red Hat Security Advisory 2019-1235-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1235-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Tags:

11:43
Red Hat Security Advisory 2019-1234-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1234-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.192. Issues addressed include a code execution vulnerability.
Tags:

11:43
Red Hat Security Advisory 2019-1234-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1234-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.192. Issues addressed include a code execution vulnerability.
Tags:

11:43
Red Hat Security Advisory 2019-1234-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1234-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.192. Issues addressed include a code execution vulnerability.
Tags:

11:31
Perfecting the Open Source RC Controller
» ‎ Hack a Day

Over the last few months we’ve seen an influx of homebrew RC controllers come our way, and we’re certainly not complaining. While the prices of commercial RC transmitters are at an all-time low, and many of them can even run an open source firmware, there’s still nothing quite like building the thing yourself. How else are you going to get exactly what you want?

For this entry into the 2019 Hackaday Prize, [Vitor de Miranda Henrique] is working on his own version of the ultimate open source remote control. His design follows some of the trends we’ve already seen in terms of outward design and hardware expandability, but also branches off into some new territory with features such as dual integrated displays.

Why does your controller need two displays? The top 4.3 inch TFT is linked up to a 5.2 GHz video receiver, which makes it perfect for controlling vehicles in “first-person” view, such as drones. The lower screen is a 2.8 inch touch screen from Adafruit, which is intended to be used for navigating through menus and options once the firmware is fully fleshed out.

Powering the controller is a ESP32 and dual MCP23017 GPIO expanders to connect up to the array of input devices available to the user. The current iteration of the controller has ten switches, two encoders, some buttons, and a pair of scroll wheels for good measure. Oh, and of course there are a couple of joysticks in the mix as well. All the devices terminate at a custom PCB in the back of the controller which looks to make modifying and adding input devices simple and neat.

We’ve previously seen the Alpha V1, an open source controller with a fairly similar setup, albeit without the dual displays. If even that one is a bit more complex than you’d like, you can always just do it with an Arduino.
The HackadayPrize2019 is Sponsored by:

Tags: Wireless hacks
10:01
2019 Cornell Cup Winners Include Autonomous Boat, Flapping UAV, and Leaping Rover
» ‎ Hack a Day

For college-aged engineers and designers, finding a problem they’re truly passionate about early on could very well set the trajectory for an entire career. This is precisely the goal of the Cornell Cup, a competition that tasks applicants with solving a real-world problem in a unique and interesting way. From what we saw this is definitely working, as teams showed up with ornithopter-based quadcopters, robotic dinghies, forest fire sniffers, and high-jumping rovers.

With such an open ended approach, individual entries have a tendency to vary wildly, running the gamut from autonomous vehicles to assistive technology. No team feels pressured to pursue a project they aren’t truly invested in, and everyone’s the better for it.

Given such lofty goals, Hackaday was proud to sponsor the 2019 Cornell Cup. Especially as it so closely aligns with the product design focus of this year’s Hackaday Prize. Designing something which solves a real-world problem is definitely part of the formula when the goal is to reach large scale production. And after seeing the entries first-hand during the Finals at Kennedy Space Center, we think every one of them would be a fantastic entry into the Hackaday Prize.

I don’t envy the judges who ultimately had to narrow it down to just a few teams to take home their share of the nearly $20,000 awarded. Join me after the break for a closer look at the projects that ended up coming out on top.

First Place: S.S. MAPR
Developed by a team from the University of Pennsylvania, the S.S. MAPR impressed on multiple fronts. It was the only autonomous vehicle to make it into the Finals, and also the only watercraft. Its imposing eight-foot length was also hard to discount in a room largely dominated by tabletop demonstrations. Given its size, there was unfortunately no way for the autonomous boat to show off its moves indoors, but videos recorded during a previous expedition to Pennsylvania’s Schuylkill river were on display for the judges to view.

The team’s goal with S.S. MAPR was to make performing water quality samples faster and cheaper than sending a human out to do it, which in turn helps authorities identify and respond to ecological threats to drinking water sources. Operators provide the locations and depths they want to sample, and the craft uses a submersible pump to bring samples aboard. The 250 mL sample containers are held within a novel rotary mechanism, and there’s a provision for purging the pump and lead hose before sample collection to avoid cross-contamination with the previous sample.

Initially, the team planned to manufacture their own hull, but eventually found it made more sense to use a commercially available inflatable boat as a starting point. For propulsion, they used Blue Robotics T200 thrusters capable of delivering 5.1 kilograms of thrust each; more than enough to get the lightweight inflatable craft where it needs to go. The considerable energy requirements of the craft did prove to be something of a challenge, and the team eventually settled on an onboard 700 watt gasoline generator after finding that pure battery power didn’t deliver the necessary endurance.
Second Place: TerraNova
Not all of the problems tackled during the Cornell Cup were of Earthly origin. It’s theorized that caves on the Moon would make an ideal starting point for a future human outpost, but up until this point, they’ve gone completely unexplored. In lieu of relatively sure-footed human explorers, it would take an exceptionally nimble rover to descend more than a few feet into these caves.

Enter TerraNova. This rover design is not only able to handle rough and uneven terrain, but it has a secret weapon: a spring-loaded vertical leap capability designed to get it out of trouble. On the Moon, the team estimates their system should be able to propel TerraNova one meter into the air without expending any fuel. With the addition of gas thrusters, this ability could potentially be expanded to performing the sort of long-distance horizontal “hops” required by the unclaimed Google Lunar X Prize.

As impressive as the rover is, Team TerraNova has no illusions about their machine actually going to the Moon. But then, that was never really the goal. The hope is that the research and engineering done during the development of their leaping rover could prove useful to NASA or other entities performing future lunar missions. Of course, knowing you don’t have to design your vehicle to operate hundreds of thousands of miles from home has its advantages; namely the ability to use consumer-grade components and swapping out a complex semi-autonomous control system for an Xbox controller hooked up to a laptop.
Third Place: FWMAV
Last but certainly not least is the Flapping-Wing Micro Air Vehicle (FWMAV) from the University of California, Irvine. Essentially, the team took the traditional quadcopter design we’re all familiar with and replaced the spinning propellers with four sets of ornithopter wings. The amalgamation of these two vastly different styles of flight results in a vehicle with the maneuverability of a quadcopter but without the noise and hazardous blades which thus far have been considered part and parcel with small UAVs.

It’s one thing to understand the physics of how it flies, but it’s quite another to see it in the air. The FWMAV doesn’t just fly, it zooms. A side-effect of the ornithopter wings is that the craft is capable of very nearly horizontal flight, but with the hovering ability and pinpoint landing accuracy of a helicopter. We’re told that the team received special dispensation from NASA to fly the FWMAV around the conference center, a decision which was surely appreciated by all those in attendance.

Without the spinning blades, the FWMAV is much safer than traditional UAV designs. You can put your hand against the flapping wings and cause no damage to yourself or the aircraft. While it’s still far from silent, the movement of the wings makes for a far more organic noise than you might expect. Seeing it buzz and flit around the room, it seems more like a giant insect than a mechanical device.

Incredibly, every piece of hardware used in the FWMAV is an off-the-shelf component. From the flight controller to the ornithopter mechanisms, they’re all parts you can buy right now. The trick was combining them in a novel way. According to the team, the hardest part was modifying the flight controller’s open source firmware to handle the new propulsion system.
People’s Choice: Vulcan IoT
While it didn’t get selected by the judges, Vulcan IoT impressed the Cornell Cup attendees enough that it picked up the “People’s Choice” award at the end of the Finals. This project uses a network of low-cost sensors to try to predict when wildfires will occur by analyzing variables such as air temperature and soil moisture. Comparing real-time data from the sensor network to decades of historical records, the team believes their system can preemptively alert authorities to an imminent fire threat.

The success of the system essentially depends on having a large network of reporting nodes, so looking ahead, the team wants to drive the sensor cost down as low as possible. At this early stage they’re still using CNC milled PCBs and 3D printed enclosures, but those will give way to professionally fabricated boards and injection molded cases as the sensor network expands.

Right now the prototypes are using Particle Electron microcontrollers, which they feel is overkill for the final hardware. As the design progresses towards higher production rates, they’ll look into finding a MCU that’s more closely honed to their specific needs. In the future, the team says an open API could even allow sensors built by other manufacturers (or even individuals) to push data into their system, ultimately paving the way for Vulcan IoT to offer fire detection as a service.
More than a Competition
We wanted to specifically showcase the entries that came out on top at this year’s Cornell Cup, but the event is really so much more than a handful of winning projects. Everyone we talked to said the true value of the Cornell Cup wasn’t the prize money, but the chance to network with other teams and see how the various problems were being solved. As every project is tackling a different problem, the teams see themselves less as competitors and more like colleagues; allowing for a freer exchange of information than you’d likely see if all the teams were working towards the same end goal.

In the hopes of capturing a little bit of the energy and camaraderie that events like the Cornell Cup foster, we’ve put together a video that features some of the passionate students and staffers we talked to during the two day event.

Tags: contests

9:57
RSA NetWitness Authorization Bypass
» ‎ Packet Storm Security Exploits

RSA NetWitness versions prior to 10.6.6.1 and 11.2.1.1 suffer from an issue where an unauthorized attacker can access an administrative resource that may contain plain text credentials to a 3rd party system.
Tags:

9:57
RSA NetWitness Authorization Bypass
» ‎ Packet Storm Security Recent Files

RSA NetWitness versions prior to 10.6.6.1 and 11.2.1.1 suffer from an issue where an unauthorized attacker can access an administrative resource that may contain plain text credentials to a 3rd party system.
Tags:

9:57
RSA NetWitness Authorization Bypass
» ‎ Packet Storm Security Misc. Files

RSA NetWitness versions prior to 10.6.6.1 and 11.2.1.1 suffer from an issue where an unauthorized attacker can access an administrative resource that may contain plain text credentials to a 3rd party system.
Tags:

9:01
This Saturday: Meetup with Hackaday, Tindie, and Kickstarter
» ‎ Hack a Day

If you’re near San Francisco this weekend, this is what you should be doing. It’s The 6th Annual Hackaday x Tindie MFBA Meetup w/ Kickstarter.

Come hang out with the hardware hackers and bring along a project of your own to get the conversation going. We’re excited to move to a new, larger venue this year. All the good of the past five years will come along with us, plus many benefits of exclusively booking out an entire venue. You can catch up with people who have been on their feet all day running booths — and usually see the stuff they can’t show you at the Faire. The crew from Hackaday, Tindie, and Kickstarter will be on hand. And you’ll get a glimpse of a lot of the cool people and projects you’ve admired on the pages of Hackaday over the years. It’s fun, you should go!

First beer is on us if you RSVP using the link at the top of this article. But we’re mainly publishing this today to show off the poster art. Deposit your adoration for this exquisite illustration in the comments below.
Amazing Art by Joe Kim
We love all of the original art that Joe Kim creates for Hackaday articles. It’s impossible to look at his poster for this event and be anything but overjoyed. Here’s a link to the full size image, but be warned that the file is 14.4 MB

Tags: cons

8:59
Debian Security Advisory 4447-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4447-1 - This update ships updated CPU microcode for most types of Intel CPUs. It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.
Tags:

8:59
Debian Security Advisory 4447-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 4447-1 - This update ships updated CPU microcode for most types of Intel CPUs. It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.
Tags:

8:59
Debian Security Advisory 4447-1
» ‎ Packet Storm Security Misc. Files

Debian Linux Security Advisory 4447-1 - This update ships updated CPU microcode for most types of Intel CPUs. It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.
Tags:

8:58
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting
» ‎ Packet Storm Security Exploits

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site scripting vulnerability.
Tags:

8:58
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site scripting vulnerability.
Tags:

8:58
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site scripting vulnerability.
Tags:

8:57
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site request forgery vulnerability.
Tags:

8:57
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site request forgery vulnerability.
Tags:

8:57
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site request forgery vulnerability.
Tags:

8:56
Ubuntu Security Notice USN-3983-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3983-2 - USN-3983-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

8:56
Ubuntu Security Notice USN-3983-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3983-2 - USN-3983-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

8:56
Ubuntu Security Notice USN-3983-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3983-2 - USN-3983-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Tags:

8:49
Ubuntu Security Notice USN-3981-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3981-2 - USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.
Tags:

8:49
Ubuntu Security Notice USN-3981-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3981-2 - USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.
Tags:

8:49
Ubuntu Security Notice USN-3981-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3981-2 - USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.
Tags:

8:48
Red Hat Security Advisory 2019-1205-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-1205-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed include a CPU related vulnerability.
Tags:

8:48
Red Hat Security Advisory 2019-1205-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-1205-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed include a CPU related vulnerability.
Tags:

8:48
Red Hat Security Advisory 2019-1205-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-1205-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed include a CPU related vulnerability.
Tags:

8:47
FreeBSD Security Advisory - FreeBSD-SA-19:07.mds
» ‎ Packet Storm Security Advisories

FreeBSD Security Advisory - On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).
Tags:

8:47
FreeBSD Security Advisory - FreeBSD-SA-19:07.mds
» ‎ Packet Storm Security Recent Files

FreeBSD Security Advisory - On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).
Tags:

8:47
FreeBSD Security Advisory - FreeBSD-SA-19:07.mds
» ‎ Packet Storm Security Misc. Files

FreeBSD Security Advisory - On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).
Tags:

8:47
Ubuntu Security Notice USN-3982-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3982-2 - USN-3982-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 for Ubuntu 14.04 LTS.
Tags:

8:47
Ubuntu Security Notice USN-3982-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3982-2 - USN-3982-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 for Ubuntu 14.04 LTS.
Tags:

Skip to page: 1 2 3 4 ... 898

Feeds

Recent items

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: classic hacks

Tags: robots hacks

Tags:

Tags:

Tags:

Tags:

Tags: featured

Tags: Hardware

Tags: hackaday Columns

Tags: headlineprivacyamazondata lossfacebook

Tags: headlinegovernmentusachinaflawcyberwarspyware

Tags: headlinemalwarelinux

Tags: headlinegovernmentusacybercrimefraudcryptography

Tags:

Tags:

Tags: musical hacks

Tags:

Tags:

Tags:

Tags: tool hacks

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: tool hacks

Tags: art

Tags: radio hacks

Tags: classic hacks

Tags: the hackaday prize

Tags: hackaday Columns

Tags: current Events

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: printer hacks

Tags: headlinehackergovernmentusa

Tags: headlinehackerfacebook

Tags: headlinemalwaredata lossflaw

Tags: headlineprivacydata lossflawcisco

Tags: current Events

Tags: news

Tags: arduino hacks

Tags: classic hacks

Tags:

Tags:

Tags: cons

Tags: hackaday Columns

Tags:

Tags:

Tags:

Tags: arduino hacks

Tags: arduino hacks

Tags: chemistry hacks

Tags: space

Tags: home hacks

Tags: home hacks

Tags: games

Tags: musical hacks