«
Expand/Collapse
332 items tagged "computer"
Related tags:
arcserve [+],
pcs [+],
audio [+],
security [+],
bit [+],
Hardware [+],
security authors [+],
raspberry [+],
quinn dunki [+],
homebrew computer [+],
homebrew [+],
d2d [+],
computer security [+],
computer associates arcserve [+],
computer associates [+],
usa [+],
sql injection [+],
legal [+],
laptop [+],
jennifer granick [+],
internet [+],
david [+],
commodore 64 [+],
building a computer [+],
black hat [+],
Software [+],
vulnerability note [+],
veronica [+],
time [+],
talk [+],
sql [+],
science authors [+],
science [+],
p event [+],
mole2 [+],
misc [+],
law [+],
laptops [+],
information disclosure vulnerability [+],
imaging [+],
homepageservlet [+],
hacker [+],
hackaday [+],
game [+],
educational computer [+],
distinct research [+],
digital [+],
development [+],
desk [+],
denial of service [+],
david gthberg [+],
computer speakers [+],
computer imaging [+],
code execution [+],
chris [+],
central servers [+],
basic [+],
based computer [+],
arduino [+],
Rasberry [+],
year [+],
xcom [+],
weather [+],
war [+],
video [+],
usb keyboard [+],
universe [+],
tracking [+],
tom [+],
space shooter [+],
siteminder [+],
simpler time [+],
robert clark tags [+],
rich games [+],
remote [+],
raison d [+],
purpose [+],
project [+],
problem [+],
peripherals [+],
paper [+],
own computer [+],
output [+],
net [+],
music [+],
monitor [+],
micro [+],
michael chen [+],
matter [+],
mark vogelsberger [+],
m.i.t [+],
logic [+],
links [+],
law enforcements [+],
lambda cdm [+],
johannes grenzfurthner [+],
instruction computer [+],
instruction [+],
instructables [+],
ibm [+],
home [+],
history [+],
hand [+],
hacking [+],
general purpose computers [+],
general purpose computer [+],
functionality of dos [+],
france [+],
framework [+],
forensics [+],
fez [+],
enforcement provisions [+],
data transport [+],
data [+],
culture [+],
cultural technology [+],
critical infrastructure [+],
cpu [+],
computing [+],
computer simulations [+],
computer pop [+],
computer keyboard [+],
computer forensics [+],
commodore [+],
command execution [+],
chris fenton [+],
box [+],
bit computer [+],
basic interpreter [+],
band [+],
asia [+],
arbitrary command [+],
arbitrary code execution [+],
andreas lange [+],
Programming [+],
classic [+],
zx spectrum [+],
zero [+],
z80 processor [+],
z80 cpu [+],
z80 [+],
year in review [+],
worth [+],
world of computers [+],
world [+],
work [+],
wooden computer case [+],
wooden [+],
wood [+],
wii [+],
website [+],
weather simulations [+],
weather display [+],
wattage [+],
waterfall [+],
warriors [+],
vulnerability [+],
voltage source [+],
vision [+],
virus [+],
vintage hardware [+],
vintage [+],
video playlist [+],
video conferencing [+],
victor [+],
vic [+],
vga output [+],
vertical board [+],
verilog [+],
valentin [+],
user [+],
usb keyboards [+],
unshredding [+],
university of illinois at urbana champaign [+],
unique solution [+],
ukasz [+],
u.s. [+],
tv remotes [+],
tutorial [+],
ttl [+],
truths [+],
triggers [+],
travel computer [+],
travel [+],
transportation [+],
transistor gates [+],
transistor [+],
touchscreen keyboards [+],
total [+],
tony sale [+],
tiny speakers [+],
tin box [+],
tim [+],
tic tac toe [+],
three truths [+],
thomas [+],
tetris [+],
terminal [+],
teaching computing [+],
teaching [+],
tape [+],
tactile [+],
tablet keyboard [+],
system monitor [+],
system [+],
swing [+],
supercomputer [+],
style music [+],
style connector [+],
strut [+],
strike [+],
stock materials [+],
stereo amp [+],
stepper motors [+],
step back in time [+],
spectrum [+],
speaker [+],
sound capabilities [+],
solid state drive [+],
software interface [+],
sinterklaas [+],
single board computer [+],
simple computers [+],
simon ferber [+],
silent [+],
sifting through [+],
shredder [+],
shredded paper [+],
shawn [+],
share [+],
sexy beast [+],
set [+],
service vulnerability [+],
server [+],
semester [+],
security law [+],
second computer [+],
second [+],
scores games [+],
score keeper [+],
savants [+],
s miles [+],
room [+],
roel [+],
rocket launch [+],
rock fire explosion [+],
robots [+],
robot [+],
robert lupo [+],
risc cpus [+],
riot [+],
richard [+],
ribbon cable [+],
reworking [+],
reviews [+],
retrotechtacular [+],
retired [+],
response plan [+],
resource manager [+],
repair [+],
remarkable volume [+],
relay [+],
reimagined [+],
recon [+],
reading material [+],
ram viswanathan [+],
python [+],
punch cards [+],
project thanks [+],
project goal [+],
processor [+],
process [+],
power supply cords [+],
potentiometer [+],
portable computing [+],
pogo pins [+],
pocket [+],
playing the game [+],
plastic [+],
piece of furniture [+],
pic [+],
philco radio [+],
philco model [+],
peter [+],
perfect computer [+],
perfboard [+],
pentiums [+],
pc. to [+],
pc. but [+],
pc enthusiast [+],
pc [+],
parts bin [+],
particle accelerators [+],
particle [+],
part [+],
paper pdf [+],
paintbrush [+],
paint brush [+],
overhead [+],
operating [+],
old computer [+],
oisc [+],
office printers [+],
office [+],
nycresistor [+],
nyc [+],
nunchuck [+],
nico [+],
news [+],
network attached storage [+],
network [+],
neato [+],
nanocomputer [+],
musical [+],
msx computer [+],
motorola 6809 [+],
motorola 68000 [+],
motherboard [+],
mother [+],
monitor stand [+],
minimal hardware requirements [+],
mini itx [+],
mini [+],
milton keynes [+],
mila [+],
microphone [+],
metal fabrication [+],
metal [+],
mess [+],
memory usage [+],
masterpiece [+],
martin khoo [+],
marilyn manson [+],
manning [+],
mainboard [+],
mad scientist [+],
machine [+],
m. eric carr [+],
lupo [+],
look [+],
london [+],
login [+],
logic ic [+],
logic gates [+],
logic gate [+],
logic chips [+],
logic chip [+],
loading programs [+],
linux distro [+],
linux computer [+],
linux [+],
life [+],
levers [+],
level languages [+],
legal aspects [+],
lcd screen [+],
lcd monitor [+],
laptop computer [+],
lapdock [+],
konrad zuse [+],
kinect [+],
keyboard mouse [+],
keyboard [+],
k rom [+],
k ram [+],
julian skidmore [+],
julian [+],
john williams [+],
john knittel [+],
john doran [+],
jeff [+],
jan [+],
james [+],
iran [+],
introduction [+],
interfacing [+],
interface [+],
instructable [+],
installing linux [+],
inch floppies [+],
improving [+],
impersonation [+],
illinois [+],
igor [+],
htpc [+],
how to [+],
hour [+],
hinges [+],
headphone port [+],
hdmi [+],
hcmos [+],
hasith [+],
harry porter [+],
hardware terminal [+],
hardware keylogger [+],
hardware hacker [+],
hardsync [+],
half a chance [+],
hackers [+],
hacked [+],
guide [+],
gregory s. miles tags [+],
great primer [+],
graduation paper [+],
gpu [+],
google translation [+],
google [+],
going back in time [+],
gigantic [+],
gesture recognition [+],
garth wilson [+],
game link [+],
furniture [+],
fundamental unit [+],
frank [+],
ford forcus [+],
ford focus [+],
ford [+],
fire explosion [+],
fignition [+],
fenton [+],
faithful reproduction [+],
fabian mihailowitsch [+],
eye tracker [+],
evil [+],
error [+],
eric carr [+],
equipment friends [+],
equipment [+],
energy particle accelerator [+],
endeavours [+],
emulator [+],
electronic real estate [+],
electronic hardware [+],
electronic band [+],
electromechanical computer [+],
edge computer [+],
easy [+],
dustbin [+],
dumb terminals [+],
drift tubes [+],
dream computer [+],
douglas engelbart [+],
doppler shift [+],
doppler effect [+],
don [+],
diy [+],
display [+],
discrete transistors [+],
digital computer [+],
different style [+],
device [+],
desktop machine [+],
desktop computer [+],
desktop [+],
desk surface [+],
defense [+],
decade [+],
ddr [+],
dash 7 [+],
dance games [+],
d. l. slotnick [+],
cyber vandals [+],
custom desk [+],
cray 1 [+],
cray [+],
cornell [+],
copies [+],
controller adapter [+],
controller [+],
control [+],
contest [+],
conservationist [+],
computer worm [+],
computer vision researchers [+],
computer vision [+],
computer viruses [+],
computer virus [+],
computer speaker [+],
computer researchers [+],
computer project [+],
computer network defense [+],
computer monitor [+],
computer memory [+],
computer investigator [+],
computer interface [+],
computer hacking [+],
computer hackers [+],
computer geeks [+],
computer error [+],
computer desk [+],
computer chip [+],
computer case [+],
computer aided [+],
colossus computer [+],
colossus [+],
coffee table [+],
co author [+],
classic computers [+],
chromium [+],
chip [+],
champaign [+],
case [+],
cardboard box [+],
cardboard [+],
cables [+],
cable repair [+],
c64 games [+],
c64 [+],
c.o.r.e [+],
building your own computer [+],
build [+],
brute force [+],
bruce schneier [+],
bruce land [+],
bridge [+],
breakthrough [+],
brain [+],
box computer [+],
boron [+],
borked [+],
book [+],
bolster [+],
boisy [+],
bob alexander [+],
bob [+],
board [+],
billard balls [+],
billard [+],
bill [+],
backplane [+],
awe [+],
authors [+],
audio introduction [+],
attacked [+],
atmosphere circulation [+],
atari computer [+],
atari [+],
asus computer [+],
asus [+],
assembly [+],
aspects [+],
art [+],
armin [+],
architecture design [+],
arbitrary [+],
apple ii [+],
apple computers [+],
announces [+],
android [+],
andrew gibiansky [+],
andrew [+],
andrei [+],
amsterdam [+],
alistair [+],
alex chadwick [+],
aficionado [+],
accelerator [+],
aachen university [+],
FCC [+],
3d model [+],
16 bits [+],
hacks [+],
chaos communication congress [+],
zusie,
zoz,
yamaha xtz 750,
xosoft,
wristwatch,
world computer,
wlan,
when,
wep key,
wep,
web,
wearable,
water jet,
walk down memory lane,
vulnerabilities,
voltage divider,
video computer,
vice,
version,
using a webcam,
uranium centrifuges,
update,
txt,
trains,
touch interface,
target windows,
tablet computer,
tablet,
student computer,
student,
steve anson,
staff,
sport,
source,
slot cars,
slides,
sketchup,
sketches,
sketch,
simon,
shiny,
shell,
servlet code,
service computer,
seattle computer,
seattle,
scooter computer,
scooter,
school games,
scam,
sarnoff,
sabotaged,
s. reviews,
rpm,
routers,
risk,
right,
review,
resistor network,
remote buffer overflow,
reboot,
read,
projector,
privacy,
pressure sensors,
pre,
popular electronics magazine,
pockets,
playstation,
plainsight,
ping pong ball,
pin,
pianist composer,
pianist,
peter skaarup,
pet gaming,
peripherie,
peripheral controller,
pentagon,
penguin,
peculiar combination,
pcb,
pc cooling,
pasco,
parts,
panel,
open source tools,
nintendo games,
nick klein,
netapi,
myvu,
mysql,
multitouch,
multiple,
mouse,
motorcycle,
monocrome,
moment,
mitchel humpherys,
miroslav,
millionaire,
million,
microcontroller,
metaexploit,
meet,
mechanical monster,
mcafee crippled,
maze,
matt sarnoff,
math,
martin raynsford,
martin magnusson,
mark fickett,
mark,
mario mauerer,
manager tsksp,
man,
malware,
malaysia,
macs,
macbook,
mac address,
mac,
local,
light bulb,
light,
legal commentaries,
led,
lack,
kurt,
kitchen computer,
kitchen,
jason statham,
jargon,
jailbreak,
jack toole,
iphone,
iowa computer,
iowa,
intrusions,
intrusion detection,
internet security,
ingres,
information,
heat sinks,
heat,
hash,
hardware interface,
hal,
hacking xp,
hack in the box,
grant skinner,
gizmo,
ghz computer,
germany,
geothermal,
gas,
full color led display,
fredrik andersson,
fraud ring,
forensic security,
flying mouse,
fix,
fire button,
fellow researchers,
fellow developers,
famicom,
fakeap,
factor computer,
extradited,
exchange circuit,
evolution of computer,
europe,
etch a,
entertainment,
eniac,
elegant,
electronic components,
electromechanical relays,
electromechanical,
dubai,
driver,
dram chip,
dr. stefan savage,
dr stefan,
ditches,
distance,
digital multimeter,
detecting,
denial,
defcon,
decoration,
darknet,
cyclist,
custom libraries,
cursor movement,
current project,
cross platform,
criminal,
crime,
crack,
contraption,
cons,
conference,
computer systems,
computer system,
computer skills,
computer security expert,
computer program,
computer network security,
computer network operations,
computer motherboards,
computer module,
computer manager,
computer jargon,
computer intrusions,
computer hacker,
computer fraud,
computer display,
computer crime cases,
clone,
click option,
chronos,
china,
careful measurements,
careful,
car computer,
car,
cake decoration,
cake,
button,
bulb,
buffer overflow vulnerabilities,
budapest,
bt4,
break,
breach,
boundaries,
boston,
bicycle computer,
bicycle,
berlin germany,
berlin,
ben,
beeps,
beagleboard,
bar code scanner,
ball,
baffles,
backlit display,
axis controller,
avr chip,
avr,
auto fire,
aussie,
atanasoff berry computer,
assembly skills,
applied network,
antenna,
anson,
angebot,
analog,
altair computer,
altair 8800,
altair,
adventure,
advantage,
add on,
adam,
accused,
access points,
access,
accelerometer,
aaron king,
a. but,
Wireless,
Support,
Newbie,
General,
Final,
BackTrack,
Area
-
-
7:00
»
Hack a Day
Bluetooth is a great protocol. You can listen to music, transfer files, get on the internet, and more. A side effect of those many uses is that the specification is complicated and intended to cover many use cases. A team of researchers took a look at the Bluetooth specification, and discovered a problem they call the KNOB attack, Key Negotiation Of Bluetooth.
This is actually one of the simpler vulnerabilities to understand. Randomly generated keys are only as good as the entropy that goes into the key generation. The Bluetooth specification allows negotiating how many bytes of entropy is used in generating the shared session key. By necessity, this negotiation happens before the communication is encrypted. The real weakness here is that the specification lists a minimum entropy of 1 byte. This means 256 possible initial states, far within the realm of brute-forcing in real time.
The attack, then, is to essentially man-in-the-middle the beginning of a Bluetooth connection, and force that entropy length to a single byte. That’s essentially it. From there, a bit of brute forcing results in the Bluetooth session key, giving the attacker complete access to the encrypted stream.
One last note, this isn’t an implementation vulnerability, it’s a specification vulnerability. If your device properly implements the Bluetooth protocol, it’s vulnerable.
CenturyLink Unlinked
You may not be familiar with CenturyLink, but it maintains one of the backbone fiber networks serving telephone and internet connectivity. On December 2018, CenturyLink had a large outage affecting its fiber network, most notable disrupting 911 services for many across the United States for 37 hours. The incident report was released on Monday, and it’s… interesting.
“In the early morning of December 27, 2018, a switching module in CenturyLink’s Denver, Colorado node spontaneously generated four malformed management packets.”
These packets were addressed to a broadcast destination, had valid headers and checksums, no expiration time, and were larger than 64 bytes. Because the packets appeared to be properly formed, none of the security infrastructure filtered those packets. The term for what happened next is a “packet storm”. Each device on the node rebroadcast each packet as it was received, quickly saturating the whole fiber network.
“CenturyLink and Infinera state that, despite an internal investigation, they do not know how or why the malformed packets were generated.”
In reading this, I can only suspect this was an intentional attack. Even if this particular instance was accidental, this represents an enormous vulnerability in the CenturyLink backbone network.
Siri, Make a Phone Call
The Better Business Bureau issued a warning about a new scam, apparently discovered through their scam tracker service. More accurately, it’s an old scam that people are falling for in a new way.
How do Siri, Cortana, and the like know what number to call in response to a voice command? They use their respective search engine to look it up. And what happens when the top result has been manipulated through SEO, or an ad purchase? Your assistant might just call a tech support scam by mistake. The BBB suggests that you don’t use the automated calling function, and carefully look up numbers manually instead.
Backdoors in Management Interface
The open source Webmin tool shipped three separate releases that contained intentional backdoors, 1.890, 1.900, and 1.920. The backdoor wasn’t included in the official source, but was instead planted on the build machine by an attacker. Because of the specifics of the build process, that code wasn’t overwritten until the compromised source file was legitimately changed in the project. At least once, the attacker re-injected malicious code after such a change and update.
This sort of attack is just a reminder of the importance of reproducible builds, and the constant need to validate everything. All it takes to discover this attack is for one user to run a reproducible build and compare the output binaries.
Steam Fixes 0-days by Banning Researchers
OK, so maybe it’s not that bad, but this still isn’t great. [Vasily Kravets] discovered a pair of problems in the Steam client that an attacker could use to gain system level privileges. It’s not remote code execution, but both vulnerabilities appear to be legitimate. [Vasily] reported the first problem to HackerOne, the service Steam uses to manage vulnerability reporting. They promptly classified his report as out of scope for Valve’s bug bounty program. This isn’t such a terrible problem, except for the implication that Valve didn’t think that the vulnerability in question wasn’t important enough to fix.
The story gets worse before it gets better. [Vasily] informed HackerOne that he would publicly release the vulnerability, and they responded by informing him that he wasn’t allowed to do so. With no indication of intent to fix, he went ahead with the public disclosure, and was banned from reporting Valve related vulnerabilities on HackerOne.
Valve has reached out to ZDNet, saying that the whole debacle was a mistake, and they are taking steps to make it right. The vulnerabilities have been fixed in a beta release of Steam, and Valve is reviewing [Vasily]’s ban.
-
-
10:01
»
Hack a Day
As the 2019 mushroom foraging season approaches it’s timely to combine my thirst for knowledge about low level machine learning (ML) with a popular pastime that we enjoy here where I live. Just for the record, I’m not an expert on ML, and I’m simply inviting readers to follow me back down some rabbit holes that I recently explored.
But mushrooms, I do know a little bit about, so firstly, a bit about health and safety:
- The app created should be used with extreme caution and results always confirmed by a fungus expert.
- Always test the fungus by initially only eating a very small piece and waiting for several hours to check there is no ill effect.
- Always wear gloves – It’s surprisingly easy to absorb toxins through fingers.
Since this is very much an introduction to ML, there won’t be too much terminology and the emphasis will be on having fun rather than going on a deep dive. The system that I stumbled upon is called XGBoost (XGB). One of the XGB demos is for binary classification, and the data was drawn from The Audubon Society Field Guide to North American Mushrooms. Binary means that the app spits out a probability of ‘yes’ or ‘no’ and in this case it tends to give about 95% probability that a common edible mushroom (Agaricus campestris) is actually edible. 
The app asks the user 22 questions about their specimen and collates the data inputted as a series of letters separated by commas. At the end of the questionnaire, this data line is written to a file called ‘fungusFile.data’ for further processing.
XGB can not accept letters as data so they have to be mapped into ‘classic LibSVM format’ which looks like this: ‘3:218’, for each letter. Next, this XGB friendly data is split into two parts for training a model and then subsequently testing that model.
Installing XGB is relatively easy compared to higher level deep learning systems and runs well on both Linux Ubuntu 16.04 and on a Raspberry Pi. I wrote the deployment app in bash so there should not be any additional software to install. Before getting any deeper into the ML side of things, I highly advise installing XGB, running the app, and having a bit of a play with it.
Training and testing is carried out by running bash runexp.sh in the terminal and it takes less than one second to process the 8124 lines of fungal data. At the end, bash spits out a set of statistics to represent the accuracy of the training and also attempts to ‘draw’ the decision tree that XGB has devised. If we have a quick look in directory ~/xgboost/demo/binary_classification, there should now be a 0002.model file in it ready for deployment with the questionnaire.
I was interested to explore the decision tree a bit further and look at the way XGB weighted different characteristics of the fungi. I eventually got some rough visualisations working on a Python based Jupyter Notebook script:
Obviously this app is not going to win any Kaggle competitions since the various parameters within the software need to be carefully tuned with the help of all the different software tools available. A good place to start is to tweak the maximum depth of the tree and the number or trees used. Depth = 4 and number = 4 seems to work well for this data. Other parameters include the feature importance type, for example: gain, weight, cover, total_gain or total_cover. These can be tuned using tools such as SHAP.
Finally, this app could easily be adapted to other questionnaire based systems such as diagnosing a particular disease, or deciding whether to buy a particular stock or share in the market place.
An even more basic introduction to ML goes into the baseline theory in a bit more detail – well worth a quick look.
-
-
1:00
»
Hack a Day
[Gamozolabs’] post about Sushi Roll — a research kernel for monitoring Intel CPU internals — is pretty long. While we were disappointed at the end that the kernel’s source is not exactly available due to “sensitive features”, we were so impressed with the description of the modern x86 architecture and some of the work done with Sushi Roll, that we just had to post it. If the post gets you wanting to actually try some of this, you can check out another [Gamozolabs] creation, Orange Slice.
While you probably know that a modern Intel CPU bears little resemblance to the old 8086 processor it emulates, it is surprising, sometimes, to realize just how far it has gone. The very first thing the CPU does is to break your instruction up into microoperations. The execution engine uses some sophisticated techniques for register renaming and scheduling that allow you to run instructions out of order and to run more than one instruction per clock cycle.
The purpose of Sushi Roll is to reduce uncertainty in timing so that measurements can reveal short microoperation durations. The kernel does not use locking, nor does it use interrupts, timers, threads, or processes. This allows code to run without a lot of extraneous things affecting timing like cache evictions or interrupts. Combined with the Intel performance monitoring registers allows you to make some very specific measurements.
Like we said, we were sorry you can’t get the kernel source to do your own measurements. However, the work is impressive and the background information is still a good read, too.
A lot of this internal trivia seemed unimportant until it became the subject of security exploits. We just can’t get enough of CPU internals.
-
-
7:01
»
Hack a Day
Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.
First some light-hearted shenanigans. Obviously inspired by Little Bobby Tables, Droogie applied for the vanity plate “NULL”. A year went by without any problems, but soon enough it was time to renew his registration. The online registration form refused to acknowledge “NULL” as a valid license plate. The hilarity didn’t really start until he got a parking ticket, and received a bill for $12,000. It seems that the California parking ticket collection system can’t properly differentiate between “NULL” and a null value, and so every ticket without a license plate is now unintentionally linked to his plate.
In the comments on the Ars Technica article, it was suggested that “NULL” simply be added to the list of disallowed vanity plates. A savvy reader pointed out that the system that tracks disallowed plates would probably similarly choke on a “NULL” value.
Hacking an F-15
In a surprising move, Air Force officials brought samples of the Trusted Aircraft Information Download Station (TADS) from an F-15 to DEF CON. Researchers were apparently able to compromise those devices in a myriad of ways. This is a radical departure from the security-through-obscurity approach that has characterized the U.S. military for years.
Next year’s DEF CON involvement promises to be even better as the Air Force plans to bring researchers out to an actual aircraft, inviting them to compromise it in every way imaginable.
Patch Tuesday
Microsoft’s monthly dump of Windows security fixes landed this week, and it was a doozy. First up are a pair of remotely exploitable Remote Desktop vulnerabilities, CVE-2019-1222 and CVE-2019-1226. It’s been theorized that these bugs were found as part of an RDP code review launched in response to the BlueKeep vulnerability from earlier this year. The important difference here is that these bugs affect multiple versions of Windows, up to and including Windows 10.
What the CTF
Remember Tavis Ormandy and his Notepad attack? We finally have the rest of the story! Go read the whole thing, it’s a great tale of finding something strange, and then pulling it apart looking for vulnerabilities.
Microsoft Windows has a module, MSCTF, that is part of the Text Services Framework. What does the CTF acronym even stand for? That’s not clear. It seems that CTF is responsible for handling keyboard layouts, and translating keystrokes based on what keyboard type is selected. What is also clear is that every time an application builds a window, that application also connects to a CTF process. CTF has been a part of Microsoft’s code base since at least 2001, with relatively few code changes since then.
CTF doesn’t do any validation, so an attacker can connect to the CTF service and claim to be any process. Tavis discovered he could effectively attempt to call arbitrary function pointers of any program talking to the same CTF service. Due to some additional security measures built into modern Windows, the path to an actual compromise is rather convoluted, but by the end of the day, any CFT client can be compromised, including notepad.
The most interesting CFT client Tavis found was the login screen. The exploit he demos as part of the write-up is to lock the computer, and then compromise the login in order to spawn a process with system privileges.
The presence of this unknown service running on every Windows machine is just another reminder that operating systems should be open source.
Biostar 2
Biostar 2 is a centralized biometric access control system in use by thousands of organizations and many countries around the globe. A pair of Israeli security researchers discovered that the central database that controls the entire system was unencrypted and unsecured. 23 Gigabytes of security data was available, including over a million fingerprints. This data was stored in the clear, rather than properly hashed, so passwords and fingerprints were directly leaked as a result. This data seems to have been made available through an Elasticsearch instance that was directly exposed to the internet, and was found through port scanning.
If you have any exposure to Biostar 2 systems, you need to assume your data has been compromised. While passwords can be changed, fingerprints are forever. As biometric authentication becomes more widespread, this is an unexplored side effect.
-
-
22:00
»
Hack a Day
The bsnes emulator has a new overclocking mode to eliminate slowdowns in SNES games while keeping the gameplay speed accurate. We’re emulating old SNES hardware on modern machines that are vastly more powerful. Eliminating slowdowns should be trivial, right? For an emulator such as bsnes, which is written to achieve essentially pixel-perfect accuracy when emulating, the problem is decidedly non-trivial. Stick around to learn why.
The Super Nintendo was an impressive system, for its time — mostly. The SNES framerate is locked to 60 FPS, which is a bit surprising considering the NTSC standard was only 30 FPS. NTSC calls for 30 frames per second, but those are interlaced frames. 30 times a second the even scanlines are updated, and 30 times a second the odd scanlines are updated. So 60 times a second, half of the screen is updated, alternating between the even and odd lines.
At the top of each frame the equivalent of half a scanline marks whether the rest of the frame is even or odd scanlines. In order to produce a clean 60 FPS, the SNES didn’t interlace, and just always wrote to the same 240 scanlines. This is also why retro consoles can look so terrible on modern monitors. The blank scanlines were hidden by the analog fuzziness of CRT TVs.
The SNES primary processor runs all the game logic and updates the graphics 60 times per second, finishing each frame’s calculations before the TV began writing that frame to the screen. Games were generally carefully written to make sure each frame’s processing would finish within that 16 millisecond window.
Most games have a few scenarios where lots of things are happening at once, and the processor just can’t keep up with the framerate. In this case, the game begins to lag. Since the framerate is hard synced to 60fps, the previous frame is simply shown again, and the game is paused for that frame while processing finishes.
The bsnes solution is a clever one. Virtual scanlines are added, but the audio and video emulation is paused. This allows the whole process to happen very rapidly, and yet continue to sync with the normal 60 FPS. Below is the Gradius III demo, showing off the results.
Header image: Sandos (CC BY-SA 3.0).
-
-
8:01
»
Hack a Day
We assume your office policy allows for reading Hackaday during work hours. But what about cruising reddit, or playing Universal Paperclips? There’s a special kind of stress experienced when attempting to keep one eye on your display and the other on the doorway; all the while convinced the boss is about to waltz into the room and be utterly disappointed in you.
But fear not, for [dekuNukem] has found the solution with Daytripper. This wireless laser tripwire communicates back to your computer using NRF24 (2.4 Ghz on the ISM band) and can be used to invisibly cordon off a door or hallway and fire a scripted action on your computer if its beam has been broken. Nominally this is used to send the keyboard command that hides all open windows, but we’re sure the imaginative readers of Hackaday could come up with all sorts of alternate uses for this capability.
The Daytripper transmitter uses a laser time-of-flight sensor, in this case the very small VL53L0X by STMicroelectronics. It’s best situated so the laser will be bounced straight back at it. It has a range of about four feet, which is perfect for covering a door, though a wide hallway could give it some trouble. [dekuNukem] admits that the 5 Hz scan rate means a sufficiently fast moving adversary might slip past the sensor, but if they’re trying that hard to see what’s on your monitor, they probably deserve a peek.
On the receiver side, there’s a small board that plugs into your computer and mimics a USB keyboard. It has a selector switch on the side that allows the user to set what key sequence will be “typed” once the system has been tripped. It has built-in support for minimizing all windows or locking the computer, or you can set it to send ALT + Pause, which you can listen for and act on however you see fit.
If you want to build your own Daytripper, the firmware and hardware are both available on GitHub under an MIT license. For those who prefer instant gratification, [dekuNukem] is doing a small production run and offering them up on Tindie.
-
7:01
»
Hack a Day
I’m sure you’ve heard of Spectre, which was the first of many speculative execution vulnerabilities found in modern processors. A new one just popped up this week. At Blackhat on Tuesday, CVE-2019-1125 was announced by Bitdefender as SWAPGS.
SWAPGS is an x86_64 instruction that is intended for use in context switching, that is when execution is transferred from a user-space program back into the kernel. Specifically, SWAPGS swaps the value of the GS register so that it refers to either a memory location in the running application, or a location in the kernel’s space. An unprivileged program can attempt to call this instruction and leak kernel memory contents as a result of the processor speculatively executing the instruction (this is similar to Spectre). Even though the instruction will ultimately not be executed, because a userspace program doesn’t have sufficient privilege to do so, the contents of the system cache have already been sufficiently altered, and an attack could feasibly leverage this to read arbitrary kernel memory.
While the initial reports have mentioned both AMD and Intel products, AMD has released a statement:
AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.
Patches for Windows and Linux have been released, and Red Hat has an informative write-up on the vulnerability. I would have reviewed Bitdefender’s whitepaper on the vulnerability, but rather than make it freely available, they have opted to require a name and email address. While I would like to see their work, I refuse to sell my contact information in exchange for access.
A Malicious Shader?
This is the first time I can remember hearing of a malicious pixel shader. Cisco Talos announced a set of vulnerabilities targeting VMware and NVIDIA graphics drivers.
Shaders are specialized programs that run on a video card, and are generally used to apply effects like blur, lighting, bump mapping, and more. Most of the graphical improvements in the last few years of gaming is a result of shaders.
Talos researchers were specifically looking at how to compromise a VM Hyper-visor from inside a guest OS, and they discovered that when a host provides 3d acceleration to the guest, shaders are passed directly through to the system drivers without verification. Because the NVIDIA drivers are also vulnerable, this could allow a malicious program on the host to run arbitrary code on the hypervisor.
While this is troubling enough, the topper is that a malicious shader could potentially be run via WebGL. Taken together, this represents a real danger where simply loading a malicious WebGL enabled page could compromise not only a conventional machine, but could also compromise the bare-metal OS even when run on a guest instance.
Both NVIDIA and VMware have already released driver updates that fixes the flaw, so go update!
iOS Problems
Natalie Silvanovich of Google’s Project Zero released a set of 5 iOS vulnerabilities on Wednesday the 7th. These are not garden variety bugs, but so-called “zero click” problems where no user interaction is required for exploit.
The first exploit, for example, is a spoofed visual voicemail message. Visual voicemail notifications are sent as specially formatted text messages and contain information about the message and the address of an IMAP server to connect to and download the message. That information can be spoofed, leading a device to try to download a message from an IMAP server in the control of an attacker. From that point, finding a bug in the iOS IMAP handling code was relatively easy.
5 vulnerabilities have been fixed in iOS updates. There is a 6th vulnerability, CVE-2019-8641, that has yet to be fixed. While a few hints about this problem are given, the details have been withheld until an update has been released to fully fix the problem. One could be a bit cynical and point out that it’s the Google research team announcing these flaws. While there is certainly a self-serving angle to consider, it’s much better for iOS and consumers if flaws are fixed and publicized, rather than kept secret and sold to an offensive security vendor.
One more iOS story is Apple Bleee. Bluetooth Low Energy is an extremely useful communication protocol, allowing Apple devices to perform many of their seemingly magic functionality. The downside is that to make the magic happen, iOS devices are constantly sending BLE signals, probing for other devices. The researchers at Hexway realized that these signals leak lots of data about your device, potentially including your phone number.
iOS uses a SHA256 hash of the device’s phone number as an identifier when using AirDrop. A SHA256 is still a reasonably secure one-way hash, so there’s no problem, right? The clever realization is that while the hash is secure, and the output space is too large to attack, the input space is small enough to be manageable. An attacker could target the most common area codes in their area, limiting the target space further. From there, the SHA256 hashes for all valid numbers can be pre-calculated and stored in a lookup table.
More WPA3 Problems
We’ve discussed Dragonblood, a WPA3 analysis project. A new problem has been identified, a timing analysis attack that leaks information about the internal state of the encryption algorithm.
-
-
7:00
»
Hack a Day
This has been an interesting week. First off, security researchers at Armis discovered a set of serious vulnerabilities in the vxWorks Real Time Operating System (RTOS). Released under a name that sounds like the title of a western or caper movie, Urgent/11. Not familiar with vxWorks? It’s a toss-up as to whether vxWorks or Linux is more popular for embedded devices. Several printer brands, Arris modems, Sonicwall firewalls, and a whole host of other industrial and medical devices run the vxWorks RTOS.
Several of these vulnerabilities are in the network stack, rather than in applications. The worst offender is CVE-2019-12256, a vulnerability in error handling. An ICMP error response is generated from an incoming packet, and assumptions are made about that incoming packet. When data is copied from that packet into the ICMP error, the length is not first checked, allowing unconfined memory write. If this sounds familiar, it should. We covered a similar vulnerability in Apple’s XNU kernel not long ago.
This particular vulnerability can compromise a vxWorks machine even without an opened port. The saving grace of that vulnerability applies here: a maliciously crafted packet is necessarily malformed, and won’t navigate public routing. In other words, it’s LAN only, and can’t be sent over the internet.
They come in through the firewall.
A second class of vulnerability, where the name comes from, is related to the TCP urgent pointer. This rarely used TCP feature was intended to allow more up-to-date information to supersede data still being processed. Not only has TCP urgent not been widely used, the specifications were not written particularly well, with the various RFC documents describing conflicting implementations. It’s surprising that vxWorks supports it at all, but isn’t particularly surprising that their implementation is flawed. Manipulation of the data stream can cause a length integer to underflow. The nature of binary arithmetic means that underflowing an unsigned integer causes it to wrap around to maximum value, which can lead to writing packet data in the buffer in unexpected memory locations. These vulnerabilities require an established TCP connection, but the researchers describe several scenarios where that could be accomplished by an attacker.
The last RCE vulnerability they describe is in the DHCP client, ipdhcpc. This is a very simple vulnerability. One section of code allocates a buffer for DHCP options, but allocates 24 bytes fewer than the maximum size. An attacker could use this 24 byte overflow to manipulate the data structure and potentially jump execution into manipulated memory.
Update (2019-08-02 09:15 UTC-7): Hackaday received a statement from SonicWall that they made a patch for this vulnerability back on July 19th:
Ensuring the security of our customers is a responsibility we take seriously at SonicWall and we work vigilantly to always keep our customers secure. SonicWall physical firewall appliances running certain versions of SonicOS contain vulnerabilities in code utilized for remote management. At this time, there is no indication that the discovered vulnerabilities are being exploited in the wild. The patches are available now and we strongly advised our partners and end users July 19 th to apply the SonicOS patch immediately.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
Capital One: What’s in Your Data
Capital One made use of Amazon AWS for storing customer data. This isn’t surprising, many companies have turned to Amazon’s seemingly inexhaustible cloud computing platform for storing large data sets. It seems, however, that Capital One failed to configure the security properly on that bucket. (As many other companies have done.) Information was leaked for over an estimated 100 million customers. A former Amazon employee has been arrested, and seems to have posted at least a portion of that data in a Github gist.
Reading between the lines, it seems that this was a very simple mistake. Perhaps credentials were leaked, or the S3 bucket was publicly available. That particular detail has not been released. There is something to be said for Capital One’s response to the incident. They were anonymously informed of the existence of the gist on July 17, using their responsible disclosure process. By the 29th, they had fixed the misconfiguration, coordinated with law enforcement, and publicly announced the breach. A twelve day turn-around is an impressive response, particularly when so many companies have tried to hide or ignore similar breaches.
Cabarrus County, NC
It seemed simple enough. The general contractor for the county’s new school building needed to update bank account information. The appropriate forms were signed and filed, and the information was updated. Nothing seemed amiss unto two months later, when the contractor notified the county that they had missed a scheduled payment of 2.5 million dollars. But the transaction went through, and the money was transferred to the account on file.
Yes, the transfer went through, but the the county had been hit with a social engineering scam. The report refers to it as an Email Account Compromise (EAC) scam, which seems to indicate that the scammer first gained access to a legitimate email account of the contractor in question. Alternatively, an attacker could simply spoof the sender’s email address, and set a different reply-to field. Unless a user was particularly watching for such a scheme, it would be easy to overlook the discrepancy. In any case, even after recovering some of the transferred money, the county seems to be out about $1.7 million. These scams are becoming more and more popular, so remember, don’t believe anything you read in an email.
The Weird and Wacky
And to round out this week’s news, yet another [Satoshi Nakamoto] candidate has been found: Linus Torvalds. While it appears to be a serious suggestion, I’ll just note that the author doesn’t have his name attached to this article. He does make one interesting observation — git is the killer blockchain app. You see, I tend to compare blockchain to the laser. Both were very clever inventions, but didn’t have any immediate uses. They were solutions in search of a problem. This article points out that core concepts of blockchain are present in git, which seems to be an accurate and clever observation. So what is blockchain good for? Git!
And the most useless security news of the week? The CAN bus on airplanes is exploitable when an attacker has unsupervised physical access. Yes, people with unsupervised physical access can do bad things to airplanes. Think about what they could do if they brought a wrench.
-
1:00
»
Hack a Day
When shopping online, there’s plenty of great deals out there on modern graphics hardware. Of course, if you’re like [Dawid] and bought a GTX1050 Ti for $48 from Wish, you probably suspect it’s too good to be true. Of course, you’d be correct.
[Dawid] notes from the outset that the packaging the card ships in is unusual. While it’s covered in NVIDIA and GeForce branding, there’s no note of the model number or even the overarching series. The card is loosely packed in bubblewrap, free to bounce around in transit. Upon installation, the card reports itself as a GTX1050 Ti, but refuses to properly work with NVIDIA drivers and routinely causes a Blue Screen of Death.
Upon disassembly, it becomes apparent that the card is merely a poorly manufactured GTS450 Revision 2, over five generations older than the card it was advertised as. Thanks to the mismatch between the actual hardware and what the card reports as, the drivers are unable to properly work with the card.
For those that have been scammed, there is some hope. [Phil] has had experience with several of these cards, which similarly misreport their actual hardware. To correct this, the cards need to have their BIOS flashed to reflect reality, but the fake cards don’t work with NVIDIA’s NVFlash tool. Instead, they must be flashed manually using an EEPROM programmer. Once the cards are flashed with an appropriate BIOS, they can be used with the proper drivers and will function properly, albeit with much less performance than was advertised.
It’s an interesting insight into the state of online shopping platforms, and the old adage remains true – if it’s too good to be true, it probably is. Plus, hacking GPUs can often have great results. Video after the break.
-
-
19:00
»
Hack a Day
Once a program has been debugged and works properly, it might be time to start optimizing it. A common way of doing this is a method called profiling – watching a program execute and counting the amount of computing time each step in the program takes. This is all well and good for most programs, but gets complicated when processes execute on more than one core. A profiler may count time spent waiting in a program for a process in another core to finish, giving meaningless results. To solve this problem, a method called casual profiling was developed.
In casual profiling, markers are placed in the code and the profiler can measure how fast the program gets to these markers. Since multiple cores are involved, and the profiler can’t speed up the rest of the program, it actually slows everything else down and measures the markers in order to simulate an increase in speed. [Daniel Morsig] took this idea and implemented it in Go, with an example used to demonstrate its effectiveness speeding up a single process by 95%, resulting in a 22% increase in the entire program. Using a regular profiler only counted a 3% increase, which was not as informative as the casual profiler’s 22% measurement.
We got this tip from [Greg Kennedy] who notes that he hasn’t seen much use of casual profiling outside of the academic world, but we agree that there is likely some usefulness to this method of keeping track of a multi-threaded program’s efficiency. If you know of any other ways of solving this problem, or have seen causal profiling in use in the wild, let us know in the comments below.
Header image: Alan Lorenzo [CC BY-SA 3.0].
-
-
7:00
»
Hack a Day
Selfblow (Don’t google that at work, by the way) is a clever exploit by [Balázs Triszka] that effects every Nvidia Tegra device using the nvtboot bootloader — just about all of them except the Nintendo Switch. It’s CVE 2019-5680, and rated at an 8.2 according to Nvidia, but that high CVE rating isn’t entirely reflective of the reality of the situation. Taking advantage of the vulnerability means writing to the boot device, which requires root access, as well as a kernel flag set to expose the boot partitions to userspace. This vulnerability was discovered as part of an effort by [Balázs] and other LineageOS developers to build an open source bootloader for Nvidia Tegra devices.
The Tegra boot process is a bit different, having several stages and a dedicated Boot and Power Management CPU (BPMP). A zero-stage ROM loads nvtboot to memory and starts it executing on the BPMP. One of the tasks of nvtboot is to verify the signature of the next bootloader step, nvtboot-cpu. The file size and memory location are embedded in the nvtboot-cpu header. There are two problems here that together make this vulnerability possible. The first is that the bootloader binary is loaded to its final memory location before the signature verification is performed. The code is written to validate the bootloader signature before starting it executing on the primary CPU, so all is well, right?
The second problem with this bootloader code is that the memory load location is embedded in the firmware header, and that location is not verified prior to loading the next bootloader stage to memory. At this point, we should all know what happens once unrestricted memory writes are allowed. How exactly the exploit takes advantage of unrestricted writes is particularly fun. The header instructs nvtboot to write the next bootloader binary on top of it’s own signature verification routine, blowing a whole in its self, hence the name. When nvtboot tries to call the function to verify that this file is properly signed by Nvidia, it instead jumps execution into this unsigned code. It’s elegant, effective, and blows the doors open for developing an open source bootloader for Tegra devices.
Encryption Backdoors
On Tuesday, Attorney General William Barr gave a speech at Fordham University. One of the topics he talked about is back doors in encryption, specifically in consumer platforms. [Bruce Schneier] takes a look at the relevant sections from the speech, and breaks it down. His take is optimistic, as he sees the conversation shifting from a stubborn insistence that encryption backdoors are harmless. Now we can at least have the discussion about whether the societal damage from weakened encryption is worth the transparency it would provide to law enforcement.
Schneier’s position on this hasn’t changed, however. He maintains that the technology is neutral, and if you allow spying on the phones of consumers, you also allow spying on the phones of nuclear plant operators, CEOs, and elected officials. Security is security.
Code That Kills
What do you do when a medical company refuses to address vulnerabilities in medical equipment? You write a proof-of-concept exploit that can kill. In their defense, the researchers at QED Secure Solutions disclosed their killer app to the FDA and coordinated the public release after a voluntary recall.
The device in question is an insulin pump that has wireless control. The built-in authentication is limited to the device’s serial number, so the attack simply spams commands at all the possible serial numbers. Their work takes advantage of Software Defined Radio and, as tested, only works from a few feet away. But it was good enough to finally get insecure devices (voluntarily) recalled.
VLC is Vulnerable?
The VLC news this week has been all over the place. First, VLC had an undisclosed vulnerability, and then more details came out about CVE-2019-13615, first classified as a Remote Code Execution vulnerability, with a score of 9.8 out of 10. VLC has been downloaded literally billions of times, so many were claiming that billions of computers were vulnerable.
The only problem with this sensational story is that the VLC devs were publicly claiming they couldn’t replicate the crash. As more and more information has leaked out, a clearer picture has emerged. Apparently the vulnerability that was found was actually in libebml, and had been found and patched over a year prior. The researcher that re-discovered the problem was working on a Linux machine that hadn’t been updated recently.
It’s not often that we get to see such a clear breakdown between the hype and reality of a vulnerability. As the VLC developers explained on Twitter, quite a few in the security community really jumped the gun in making such a big deal out of this bug. A big share of the blame needs to go to MITRE, the organization that manages the CVE process. They seemed to have entirely failed to validate the vulnerability claim before assigning a CVE number with a ridiculously high rating.
Contrary to what you might have read; no, you don’t need to uninstall VLC right away; no, there aren’t billions of suddenly vulnerable computers; and no, the current release of VLC isn’t vulnerable to this particular bug. If you have the old libs, however, you’re long overdue for an update.
-
-
22:00
»
Hack a Day
When folk at Origin PCs realized that their company was about to celebrate its 10th anniversary of making custom (gaming) PCs, they knew that they had to do something special. Since one thing they did when the company launched in 2009 was to integrate an XBox 360 into a gaming PC, they figured that they might as well refresh and one-up that project. Thus 2019’s Project ‘Big O’ was born.
Naturally still featuring a high-end gaming PC at its core, the show piece of the system is that they also added an XBox One X, Playstation 4 Pro and Nintendo Switch console into the same full-tower GENESIS chassis. For this they had to strip the first two consoles out of their enclosures and insert them into the case each along with their own (appropriately colored) watercooling loop. Unfortunately the optical drives got ditched, presumably because this made things look cleaner.
The Switch was not modded or even cracked open. Instead a Switch dock was installed in the front of the case, allowing one to dock the Switch in the front of the case, and still use it in a mobile fashion after undocking it. Meanwhile an Ethernet and HDMI switch simplify the interfaces to this gaming system a lot, requiring one to only plug in a single HDMI and Ethernet cable to plug in all capable platforms. The result is a pretty sleek-looking system, definitely an eye-catcher.
Since Origin will never, ever, sell the Big O to customers as it’s just a promotional item, it does tickle the imagination. Case-modding and combining multiple computers (often an ATX and mini-ITX) system into a single case is nothing new, but aspects such as having a dockable Switch feature, this clean aesthetic and overall functionality makes one wonder what an enterprising hobbyist could accomplish here.
Feel free to post your favorite related mods in the comments and take a look at the video below of the unboxing and putting through its paces by the folk at Unbox Therapy.
-
-
4:00
»
Hack a Day
If you are the operator of a vintage computer, probably the only one of its type remaining in service, probably the worst thing you can hear is a loud pop followed by your machine abruptly powering down. That’s what happened to the Elliott 803B in the UK’s National Museum Of Computing, and its maintainer [Peter Onion] has written an account of his getting it back online.
The Elliott is a large machine from the early 1960s, and because mains supplies in those days could be unreliable it has a rudimentary UPS to keep it going during a brownout. A hefty Ni-Cd battery is permanently hooked up to a charger that also serves as the power supply for the machine, ensuring that it can continue to operate for a short while as the voltage drops. A spate of fuses had blown in this power supply, so we’re taken through the process of fault-finding. Eventually the failure is found in a rectifier diode, the closest modern equivalent is substituted, and after testing the machine comes back to life.
We’re used to reading these stories from the other side of the Atlantic, so we welcome TNMOC saying that this is the first of a series of technical posts on their work. We visited the museum back in 2016, and also featured its famous recreated Colossus.
-
-
7:00
»
Hack a Day
Remember the end of GandCrab we talked about a couple weeks back? A new wrinkle to this story is the news that a coalition of law enforcement agencies and security researchers have released a decrypter and the master decryption keys for that ransomware. It’s theorized that researchers were able to breach the command and control servers where the master keys were stored. It’s yet to be known whether this breach was the cause for the retirement, or was a result of it.
Apple’s Secure Enclave is Broken?
A Youtube video and Reddit thread show a way to bypass the iPhone’s TouchID and FaceID, allowing anyone to access the list of saved passwords. The technique for breaking into that data? Tap the menu option repeatedly, and cancel the security prompts. Given enough rapid tries, the OS gives up on the validation and simply shows the passwords!
The iPhone has an onboard security chip, the Secure Enclave, that is designed to make this sort of problem nearly impossible. The design specification dictates that data like passwords are encrypted, and the only way to decrypt is to use the Enclave. The purpose is to mitigate the impact of programming bugs like this one. It seems that the issue is limited to the iOS 13 Beta releases, and you’d expect bugs in beta, but a bug like this casts some doubt on the effectiveness of Apple’s Security Enclave.
URL Scheme Hijacking
Our next topic is also iOS related, though it’s possible the same issue could effect Android phones: URL scheme problems. The researchers at Trend Micro took a look at how iOS handles conflicting app URLs. Outside of the normal http: and https: URLs, applications can register custom URL schemes in order to simplify inter-process communication. The simplest example is something like an email address and the mailto: scheme. Even on a desktop, using one of these links will open a different application to handle that request. What could go wrong?
One weakness in using URL schemes like this is that not all apps properly validate what launched the request, and iOS allows multiple apps to use the same URL scheme. In the example given, a malicious app could register the same URL handler as the target, and effectively launch a man-in-the-middle attack.
Bluekeep, and Patching Systems
It has been five weeks since Bluekeep, the Remote Desktop Protocol vulnerability, was revealed. Approximately 20% of the vulnerable systems exposed to the internet have been patched. Bitsight has been running scans of the remaining vulnerable machines, and estimates about 800,000 remaining vulnerable systems. You may remember this particularl vulnerability was considered so problematic that even the NSA released a statement encouraging patching. So far, there hasn’t been a worm targeting the vulnerability, but it’s assumed that at least some actors have been using this vulnerability in attacks.
-
-
7:00
»
Hack a Day
Last week the schedule for our weekly security column collided with the Independence Day holiday. The upside is that we get a two-for-one deal this week, as we’re covering two weeks worth of news, and there is a lot to cover!
[Petko Petrov], a security researcher in Bulgaria, was arrested last week for demonstrating an weakness he discovered in a local government website. In the demonstration video, he stated that he attempted to disclose the vulnerability to both the software vendor and the local government. When his warnings were ignored, he took to Facebook to inform the world of the problem.
From the video, it appears that a validation step was performed on the browser side, easily manipulated by the end user. Once such a flaw is discovered, it becomes trivial to automate the process of scraping data from the vulnerable site. The vulnerability found isn’t particularly interesting, though the amount of data exposed is rather worrying. The bigger story is that as of the latest reports, the local government still intends to prosecute [Petko] for downloading data as part of demonstrating the attack.
Youtube Censorship
In related news, Google has begun cracking down on “Instructional Hacking and Phishing” videos. [Kody] from the Null Byte Youtube channel found himself locked out of his own channel, after receiving a strike for a video discussing a Wifi vulnerability.
The key to getting a video unblocked seems to be generating lots of social media attention. Enough outcry seems to trigger a manual review of the video in question, and usually results in the strike being rescinded.
Improved Zip Bomb
A zip bomb is a small zip file that unzips into a ridiculously large file or collection of files. While there are obvious nefarious uses for such a file, it has also become something of a competition, crafting the most extreme zip bomb. The previous champion was 42.zip, a recursive zip file that when fully extracted, weighs in at 42 petabytes. A new contender may have just taken the crown, and without using zip file recursion.
[David Fifield] discovered a pair of ZIP tricks. First being that multiple files can be constructed from a single “kernel” of compressed data. The second is that file headers could also be part of files to be decompressed. It’s clever work, and much easier to understand when looking at the graphics he put together. From those two points, the only task left is to optimize. Taking advantage of the zip64 format, the final compression ratio was approximately 98 million to one.
Breaking OpenPGP Keyservers
OpenPGP as we know it is on the ropes. OpenPGP is the technique that allows encryption and verification of emails through cryptographic signatures. It’s the grandaddy of modern secure communication, and still widely used today. One of the features of OpenPGP is that anyone can upload their public key to keyservers hosted around the world. Because of the political climate in the early 90’s when OpenPGP was first developed, it was decided that a baked-in feature of the keyserver was that uploaded keys could never be deleted.
Another feature of OpenPGP keys is that one user can use their key to sign another user’s key, formally attesting that it is valid. This creates what is known as a “web of trust”. When an OpenPGP instance validates a signature, it also validates all the attestations attached to that signature. Someone has spammed a pair of OpenPGP certificates with tens of thousands of signatures. If your OpenPGP client refreshes those signatures, and attempts to check the validations, it will grind to a halt under the load. Loading the updated certificate permanently poisons the offline key-store. In some cases, just the single certificate can be deleted, but some users have had to delete their entire key store.
It’s now apparent that parts of the OpenPGP infrastructure hasn’t been well maintained for quite some time. [Robert J. Hansen] has been spearheading the public response to this attack, not to mention one of the users directly targeted. In a follow-up post, he alluded to the need to re-write the keyserver component of OpenPGP, and the lack of resources to do so.
It’s unclear what will become of the OpenPGP infrastructure. It’s likely that the old keyserver network will have to be abandoned entirely. An experimental keyserver is available at keys.openpgp.org that has removed the spammed signatures.
Beware the QR Codes
Link shorteners are a useful way to avoid typing out a long URL, but have a downside — you don’t know what URL you’re going to ahead of time. Thankfully there are link unshorteners, like unshorten.it. Paste a shortlink and get the full URL, so you don’t accidentally visit a shady website because you clicked on a shortened link. [Nick Guarino] over at cofense.com raises a new alarm: QR codes can similarly lead to malicious or questionable websites, and are less easily examined before scanning. His focus is primarily how a QR code can be used to bypass security products, in order to launch a fishing attack.
Most QR scanners have an option to automatically navigate to the web page in the code. Turn this option off. Not only could scanning a QR code lead to a malicious web site, but URLs can also launch actions in other apps. This potential problem of QR codes is very similar to the problem of shortened links — the actual payload isn’t human readable prior to interacting with it, when it’s potentially too late.
Dereferencing Pointers for Fun and Profit
On the 10th, the Eset blog, [welivesecurity], covered a Windows local priveledge escalation 0-day being actively exploited in the wild. The exploit highlights several concepts, one of which we haven’t covered before, namely how to use a null pointer dereference in an exploit.
In C, a pointer is simply a variable that holds a memory location. In that memory location can be a data structure, a string, or even a callable function. By convention, when pointers aren’t referring to anything, they are set to NULL. This is a useful way to quickly check whether a pointer is pointing to live data. The process of interacting with a pointer’s data is known a dereferencing the pointer. A NULL pointer dereference, then, is accessing the data referred to by a pointer that is set to NULL. This puts us in the dangerous territory of undefined behavior.
Different compilers, architectures, and even operating systems will potentially demonstrate different behavior when doing something undefined. In the case of C code on 32-bit Windows 7, NULL is indistinguishable from zero, and memory location zero is a perfectly valid location. In this case, we’re not talking about the physical location zero, but logical address zero. In modern systems, each process has a dedicated pool of memory, and the OS manages the offset and memory mapping, allowing the process to use the simpler logical memory addressing.
Windows 7 has a function, “NtAllocateVirtualMemory”, that allows a process to request access to arbitrary memory locations. If a NULL, or zero, is passed to this function as the memory location, the OS simply picks a location to allocate that memory. What many consider a bug is that this function will effectively round down small memory locations. It’s quite possible to allocate memory at logical address 0/NULL, but is considered to be bad behavior. The important takeaway here is that in Windows 7, a program can allocate memory at a location referred to by a null pointer.
On to the vulnerability! The malicious program sets up a popup menu and submenu as part of its GUI. While this menu is still being initialized, the malicious program cancels the request to set up the menu. By timing the cancellation request precisely, it’s possible for the submenu to still be created, but to be a null pointer instead of the expected object. A second process can then trigger the system process to call a function expected to be part of the object. Because Windows allows the allocation of memory page zero, this effectively hands system level execution to the attacker. The full write-up is worth the time to check out.
Zoom Your Way to Vulnerability
Zoom is a popular web-meeting application, aimed at corporations, with the primary selling point being how easy it is to join a meeting. Apparently they worked a bit too hard on easy meeting joins, as loading a malicious webpage on a Mac causes an automatic meeting join with the mic and webcam enabled, so long as that machine has previous connected to a Zoom meeting. You would think that uninstalling the Zoom client would be enough to stop the madness, but installing Zoom also installs a local webserver. Astonishingly, uninstalling Zoom doesn’t remove the webserver, but it was designed to perpetually listen for a new Zoom meeting attempt. If that sounds like a Trojan to you, you’re not wrong.
The outcry over Zoom’s official response was enough to inform them of the error of their ways. They have pushed an update that removes the hidden server and adds a user interaction before joining a meeting. Additionally, Apple has pushed an update that removes the hidden server if present, and prompts before joining a Zoom meeting.
Wireless Keyboards Letting You Down
Have you ever typed your password using a wireless keyboard, and wondered if you just broadcast it in the clear to anyone listening? In theory, wireless keyboards and mice use encryption to keep eavesdroppers out, but at least Logitech devices have a number of problems in their encryption scheme.
Part of the problem seems to be Logitech’s “Unifying” wireless system, and the emphasis on compatibility. One receiver can support multiple devices, which is helpful when eliminating cable clutter, but also weakens the encryption scheme. An attacker only has to be able to monitor the radio signals during pairing, or even monitoring signals while also observing keypresses. Either way, a few moments of processing, and an attacker has both read and write access to the wireless gear.
Several even more serious problems have fixed with firmware updates in the past years, but [Marcus Mengs], the researcher in question, discovered that newly purchased hardware still doesn’t contain the updated firmware. Worse yet, some of the effected devices don’t have an officially supported firmware update tool.
Maybe wired peripherals are the way to go, after all!
-
-
19:00
»
Hack a Day
In years gone by, trying out a new circuit probably would have meant heating up a soldering iron. Solderless breadboards have made that even easier and computer simulation is easier still, but there’s something not quite as satisfying about building a circuit virtually. [Thedeuluiz] has a way to get some of the best of both worlds with the RTSpice project.
The idea is simple in concept, although not as simple in execution. The program does a Spice-like simulation of a circuit and can accept input and produce output from a PC’s sound card. Obviously, that means you can’t simulate RF circuits — at least not at the input and the output. It also means the simulation has to run lightning fast to keep up with the sound card sample rate. According to the author, it works best with modest circuits but exactly how big you can go will depend on your hardware.
The simulation engine isn’t as complete as some other programs, however it also has special tags for inputs, probes, and parameters. These create inputs, virtual potentiometers, and outputs, respectively.
It looks like the code is set up for Linux but since Jack — the audio interface — is available on Windows, it might be possible to build it there, too. Planned improvements include a GUI schematic editor, better pot models, and subcircuits.
We like Spice in general. We use it and a browser-based simulator in our Circuit VR series.
-
-
1:00
»
Hack a Day
Access to fast and affordable internet is a big issue in the USA, even in a major metropolis such as New York City. Amidst a cartel of ISPs who simply will not deliver, a group of NYC inhabitants first took it upon themselves to ease this situation by setting up their own mesh-based internet connections way back in 2013. Now they will be installing a new Supernode to take the installation base far beyond the current 300 buildings serviced.
As a community project, NYC Mesh is run as a non-profit organization, with its community members supporting the effort through donations, along with partnerships with businesses. Its router hardware consists out of off-the-shelf equipment (with a focus on the Ubiquiti NanoStation NSM5) that get flashed with custom firmware containing the mesh routing functionality.
As this article by Vice mentions, NYC Mesh is one of 750 community-led broadband projects in the US. Many of those use more traditional fixed wiring with distribution lines, but NYC Mesh focuses fully on wireless (WiFi) links with wireless mesh networking. This has the obvious benefit that given enough bandwidth on the Supernodes that hook into the Internet exchange points (IXP) and an efficient mesh routing protocol, it’s quick and easy to hook up new clients and expand the network.
The obvious downsides of using WiFi and RF in general is that they are not immune to outside influences, such as weather (rain), RF interference (including from other WiFi stations) and of course fairly limited range if there’s no direct line of sight. In a densely populated city such as NYC this is not much of an issue, with short hops between roof tops.
-
-
7:00
»
Hack a Day
AMD Epyc processors support Secure Encrypted Virtualization (SEV), a technique that prevents even a hypervisor reading memory belonging to a virtual machine. To pull this off, the encryption and decryption is handled on the fly by the Platform Security Processor (PSP), which is an ARM core that handles processor start-up and many security features of modern AMD processors. The vulnerability announced this week is related to the encryption scheme used. The full vulnerability is math heavy, and really grokking it requires a deeper understanding of elliptical curve cryptography (ECC) than your humble author currently possesses.
During the process of starting a virtual machine, the VM process goes through a key-sharing process with the PSP, using an ECC Diffie-Hellman key exchange. Rather than raising prime numbers to prime exponents, an ECC-DH process bounces around inside an elliptical curve in order to find a shared secret. One of the harder problems to solve when designing an ECC based cryptographic system, is the design of the curve itself. One solution to this problem is to use a published curve that is known to be good. AMD has taken this route in their SEV feature.
The attack is to prime the key exchange with invalid data, and observing the shared key that is generated. A suitably simple initial value will leak information about the PSP’s secret key, allowing an attacker to eventually deduce that key and decrypt the protected memory. If you’d like to bone up on invalid curve attacks, here’s the seminal paper. (PDF)
OpenSSH Shielding
[Damien Miller] of OpenSSH was apparently tired of seeing that project tied to vulnerabilities like Rambleed and Rowhammer, so added a technique he’s calling key-shielding. OpenSSH now encrypts private keys in memory using a 16 kB pre-key. While an attacker with full knowledge of the process’s memory wouldn’t be deterred, the error rate of Rambleed and similar attacks is high enough that the 16 kB of randomness is likely to thwart the attempt to recover the secret key.
Firefox and Coinbase
We mentioned Firefox vulnerabilities and updates last week, and as anticipated, more information is available. [Philip Martin] from Coinbase shared more information on Twitter. Coinbase employees, as well as other cryptocurrency companies, were targeted with fishing emails. These lured employees to a malicious page that attempted to exploit a pair of Firefox vulnerabilities. Coinbase has a security system in place that was able to prevent the exploit, and their security team was able to reverse engineer the attack.
The first vulnerability has been dissected in some detail by a Google security researcher. It’s a weakness in Firefox’s Javascript engine related to type handling. An object is created with one data type, and when that data is changed to another type, not all the data handlers are appropriately updated. Under the hood, a value is assumed to be a pointer, but is actually a double-length value, controlled by the attacker.
The second vulnerability is in the functions used to prompt for user interaction. Specifically the call to “Prompt:Open” isn’t properly validated, and can result in the un-sandboxed Firefox process loading an arbitrary web location. I suspect the sandbox escape is used to run the initial exploit a second time, but this time it’s running outside the sandbox.
Odds and Ends
[Tom] wrote a great intro into how to Impersonate The President With Consumer-Grade SDR, go check it out!
Another city, more ransomware. Riviera Beach, Florida was hit with a ransomware attack, and paid $600,000 in an attempt to get their data back. For a city of 35,000 inhabitants, that’s $17.14 in ransom per man, woman, and child. According to the linked article, though, the city was insured.
-
-
13:00
»
Hack a Day
At this point, you’ve almost certainly heard about the Atomic Pi. The diminutive board that once served as the guts of a failed robot now lives on as a powerful x86 SBC available at a fire sale price. How long you’ll be able to buy them and what happens when the initial stock runs out is another story entirely, but there’s no denying that folks are already out there doing interesting things with them.
One of them is [Jason Gin], who recently completed an epic quest to add a PCI Express (PCI-E) slot to his Atomic Pi. Things didn’t exactly go according to plan and the story arguably has more lows than highs, but in the end he emerged victorious. He doesn’t necessarily recommend you try the same modification on your own Atomic Pi, but he does think this sets the stage for the development of a more refined upgrade down the line.
[Jason] explains that the board’s Ethernet controller was already communicating with the Intel Atom x5-Z8350 SoC over PCI-E, so there was never a question about whether or not the modification was possible. In theory, all you needed to do was disable the Ethernet controller and tack on an external PCI-E socket so you could plug in whatever you want. The trick is pulling off the extremely fine-pitch soldering such a modification required, especially considering how picky the PCI Express standard is.
In practice, it took several attempts with different types of wire before [Jason] was able to get the Atomic Pi to actually recognize something plugged into it. Along the way, he managed to destroy the Ethernet controller somehow, but that wasn’t such a great loss as he planned on disabling it anyway. The final winning combination was 40 gauge magnet wire going between the PCB and a thin SATA cable that is mechanically secured to the board with a piece of metal to keep anything from flexing.
At this point, [Jason] has tested enough external devices connected to his hacked-on port to know the modification has promise. But the way he’s gone about it is obviously a bit temperamental, and far too difficult for most people to accomplish on their own anyway. He’s thinking the way forward might be with a custom PCB that could be aligned over the Ethernet controller and soldered into place, though admits such a project is currently above his comfort level. Any readers interested in a collaboration?
Like most of you, we had high hopes for the Atomic Pi when we first heard about it. But since it became clear the board is the product of another company’s liquidation, there’s been some understandable trepidation in the community. Nobody knows for sure what the future looks like for the Atomic Pi, but that’s clearly not stopping hackers from diving in.
-
-
4:00
»
Hack a Day
By now we should all be used to the astonishing variety of CPUs that have come our way created from discrete logic chips. We’ve seen everything from the familiar Von Neumann architectures to RISC and ever transport-triggered architecture done in 74 TTL derivatives, and fresh designs remain a popular project for many people with an interest in the inner workings of a computer.
[Warren Toomey]’s CSCvon8 is an interesting machine that implements an 8-bit computer with a 64-bit address space using only 17 chips, and without resorting to any tricks involving microcontrollers. It implements a fairly conventional Von Neumann architecture using TTL with a couple of tricks that use modern chips but could have been done in the same way in decades past. Instruction microcode is stored in an EEPROM, and the ALU is implemented in a very large EPROM that would probably once have been eye-wateringly expensive. This in particular removes many discrete TTL chips from the total count, in the absence of the classic 74181 single-chip part. To make it useful there is 32k each of RAM and EEPROM, and also a UART for serial access. The whole is brought together on a neat PCB, and there is a pile of demo code to get started with. Everything can be found in the project’s GitHub repository.
At the start of this article we mentioned a couple of unconventional TTL CPUs. The transport triggered one we featured in 2017, and the RISC one is the Gigatron which has appeared here more than once.
-
-
7:00
»
Hack a Day
Netflix isn’t the first name to come to mind when considering security research firms, but they make heavy use of FreeBSD in their content delivery system and do security research as a result. Their first security bulletin of the year, not surprisingly, covers a FreeBSD vulnerability that happens to also affect Linux kernels from the last 10 years. This vulnerability uses SACKs and odd MSS values to crash a server kernel.
To understand Selective ACKs, we need to step back and look at how TCP connections work. TCP connections provide guaranteed delivery, implemented in the from of ACKnowledgement (ACK) packets. We think of a TCP connection as having a dedicated ACK packet for every data packet. In reality, the Operating System makes great effort to avoid sending “naked” ACK packets, and combines multiple ACKs in a single packet. An ACK is simply a flag in a packet header combined with a running total of bytes received, and can be included in a normal data packet. As much as is possible, the ACK for data received is sent along with data packets flowing in the opposite direction.
One problem with this approach is that when a transmission failure occurs, it’s not clear which packet was dropped, and multiple packets must be re-transmitted. Another strategy for handling ACKs is to use Selective ACKs, or SACKs. A SACK will include the ACK flag, the total number of bytes, as well as the TCP sequence numbers. When data is dropped, the SACK packet specifies precisely which packets were lost.
The other term important to understand is the Maximum Segment Size (MSS). This value is usually specified during the initial TCP handshake, and specifies how much data can be transmitted in a single TCP segment. A MSS set to a lower number often results in data being split into multiple segments.
Netflix outlined several problems related to SACK , but the most serious vulnerability is triggered when an attacker makes a TCP connection to a Linux or FreeBSD server, and sets the MSS to the lowest possible value. After data is transferred, the attacker sends a sequence of SACK packets, requesting the re-transfer of specific multiple packets. This specially crafted series of packets causes the multiple fragmented messages to overflow the server’s outgoing buffer. It appears this attack cannot lead to code execution, but it does cause an immediate kernel panic, which essentially knocks the target machine offline.
Patches fixing the problem have been released, but aren’t yet available for easy install on live systems. The patches haven’t yet been part of an official kernel release, but most distributions have already backported the patches and made them available as updates. For more information, see a very helpful comment from an anonymous commenter below.
As a workaround, Netflix suggests either disabling SACK altogether, or filtering packets with very low MSS values. More information about these mitigations is available in their bulletin.
Rambleed
Building on the concepts of Rowhammer, Rambleed attacks the memory of other processes, but by reading that memory instead of just writing to it. Just as with Rowhammer, the central idea is that modern RAM is so dense that individual bits have a detectable effect on nearby bits. Rowhammer allowed an attacker to flip nearby bits even though they may have belonged to a different process, or even the kernel itself.
Rambleed depends on the physical layout of memory — it’s essentially a two dimensional grid. The bits above and below have an effect on the bit flips of a given bit. If an attacker can control a row of memory, a Rowhammer attack can be mounted on one of the bits of that row. By measuring how effective that attack was, the status of the bits above and below can be statistically determined.
Historically, physical RAM attacks of this nature is defeated by ECC memory. The Rambleed researchers suggest two approaches to overcome ECC. The first is to flip multiple bits so that the ECC algorithm still evaluates the pattern as correct. The second technique is a timing attack, where an error-corrected read takes measurably longer than an uncorrected read. Since the presence or absence of a flipped bit is enough to determine the target bit’s value, the ECC mechanism is defeated. As their coup de grâce, the authors demonstrated Rambleed by recovering an RSA-2048 key from an OpenSSH 7.9 server.
Have I Been Pwned… For Sale?
First off, if you haven’t already, go check out Have I Been Pwned. Give the website an email address, and it will return the list of websites that have been compromised where an account was using that email address. It’s extremely useful to keep track of where your accounts have been scraped and exposed. While some hits are benign, like your email address scraped from public Github data, you might just discover an old forum or service that leaked an important password or other data.
As useful as this service is, it’s surprising to see a virtual for sale sign show up. [Troy Hunt] has been running the site single-handedly for over 5 years. He now measures traffic by the millions, and records by the billions, and recently had the epiphany that personal burnout was looming on the horizon, unless changes were made. He’s looking for a parent organization or company to acquire HIBP, stay true to his core principles, and let him make some changes to keep the ship afloat.
Zero Days!
Oracle Weblogic is actively being targeted with a Java deserialization attack. If that sounds familiar, it’s because we talked about it right here not long ago.
An April commentary on the vulnerability seems particularly apt, given the current resurgence of the problem. [Rob VandenBrink] observed that Oracle’s resolution for the problem is simply to blacklist the specific attack vector, rather than take action to fix the underlying deserialization problem.
Firefox has released two point releases in the last week, patching two vulnerabilities that are reported to be actively used in an attack against Coinbase employees. Not all the details have been released yet, so look forward to more details next week. For now, just make sure your version of Firefox is at least 67.0.4.
-
-
13:01
»
Hack a Day
The folks behind the Atmos Extended Reality (XR) headset want to provide improved accessibility with an open ecosystem, and they aim to do it with a WebVR-capable headset design that is self-contained, 3D-printable, and open-sourced. Their immediate goal is to release a development kit, then refine the design for a wider release.
An early prototype of the open source Atmos Extended Reality headset.
The front of the headset has a camera-based tracking board to provide all the modern goodies like inside-out head and hand tracking as well as the ability to pass through video. The design also provides for a variety of interface methods such as eye tracking and 6 DoF controllers.
With all that, the headset gives users maximum flexibility to experiment with and create different applications while working to keep development simple. A short video showing off the modular design of the HMD and optical assembly is embedded below.
Extended Reality (XR) has emerged as a catch-all term to cover broad combinations of real and virtual elements. On one end of the spectrum are completely virtual elements such as in virtual reality (VR), and towards the other end of the spectrum are things like augmented reality (AR) in which virtual elements are integrated with real ones in varying ratios. With the ability to sense the real world and pass through video from the cameras, developers can choose to integrate as much or as little as they wish.
Terms like XR are a sign that the whole scene is still rapidly changing and it’s fascinating to see how development in this area is still within reach of small developers and individual hackers. The Atmos DK 1 developer kit aims to be released sometime in July, so anyone interested in getting in on the ground floor should read up on how to get involved with the project, which currently points people to their Twitter account (@atmosxr) and invites developers to their Discord server. You can also follow along on their newly published Hackaday.io page.
A modular VR headset?!?!
Our first developer kit will have modular internals allowing for you to mix and match components. Now you can upgrade components without having to buy a new headset.
Join the discussion in our discord: https://t.co/EVpxe0PuDd pic.twitter.com/iXnSRaowyx
— Atmos (@AtmosXR) May 1, 2019
-
-
7:00
»
Hack a Day
It looks like Al was right, we should all be using Emacs. On the 4th of June, [Armin Razmjou] announced a flaw in Vim that allowed a malicious text file to trigger arbitrary code execution. It’s not every day we come across a malicious text file, and the proof of concept makes use of a clever technique — escape sequences hide the actual payload. Printing the file with cat returns “Nothing here.” Cat has a “-v” flag, and that flag spills the secrets of our malicious text file. For simplicity, we’ll look at the PoC that doesn’t include the control characters. The vulnerability is Vim’s modeline function. This is the ability to include editor options in a text file. If a text file only works with 80 character columns, a modeline might set “textwidth=80”. Modeline already makes use of a sandbox to prevent the most obvious exploits, but [Armin] realized that the “:source!” command could run the contents of a file outside that sandbox. “:source! %” runs the contents of the current file — the malicious text file.
:!uname -a||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="
Taking this apart one element at a time, the “:!” is the normal mode command to run something in the shell, so the rest of the line is what gets run. “uname -a” is the arbitrary command, benign in this case. Up next is the OR operator, “||” which fully evaluates the first term first, and only evaluates what comes after the operator if the first term returns false. In this case, it’s a simple way to get the payload to run even though the rest of the line is garbage, as far as bash is concerned. “vi:” informs Vim that we have a modeline string. “:fen” enables folding, and “:fdm=expr” sets the folding method to use an expression. This feature is usually used to automatically hide lines matching a regular expression. “:fde=” is the command to set the folding expression. Here’s the exploit, the folding expression can be a function like “execute()” or “assert_fails()”, which allows calling the :source! command. This pops execution out of the sandbox, and begins executing the text file inside vim, just as if a user were typing it in from the keyboard.
[Armin] suggests disabling modelines altogether, and mentions that Debian does this by default. I’ve checked my Fedora desktop, and while I had already updated Vim to the patched version, I was surprised to see modelines still enabled. I quickly opened “/etc/virc” and added “set nomodeline” to the end of that file, and I suggest you do the same.
An Email Bug From Ages Past
The Exim email server has a remote command execution vulnerability, and it takes a week of real time to exploit. The code to be run is embedded in the send-to email address: “run{kcalc}@localhost”, and a certain code path processes that address using “expand_string()”, which helpfully includes a function to run commands. The researchers from Qualys ran into a problem trying to exploit this problem remotely: by default, Exim checks incoming email for valid destination addresses. “run{}” is pretty obviously not a valid username, so the message never interacts with the vulnerable code. The solution to this is clever, to say the least.
By default, when an email server receives a message it can’t successfully deliver, a bounce email is generated, informing the sender that the message failed. This bounce message uses the sender’s reported email address, allowing an attacker to inject commands as a part of that address. This solves one problem, but creates another. Not all messages trigger execution of the vulnerable code, and since the attacker is relying on the bounce message to trigger the exploit, he can no longer manipulate the message’s failure mode. The full exploit is to send an email from “run{…}@attackerdomain.com” to a vulnerable Exim server. When that server attempts to connect to the attacker’s MX server to deliver the bounceback message, the attacker forces the connection open for 7 days, by only sending a new byte every four minutes. Once 7 days have passed, the connection is terminated with a permanent delivery failure. This particular failure state triggers the vulnerable code, running the specified command. There is at least one report that this vulnerability is being actively exploited in the wild, so if you’re running Exim, go install the patch!
The disclosure thread includes two very old Sendmail stories, the WIZ and DEBUG vulnerability. Both are fun reads, and a reminder of the simpler days of computer security.
Your 90 Days are Up!
Google’s Project Zero is no stranger to controversy, and this week is no exception. On Tuesday, [Tavis Ormandy] announced a new Denial of Service vulnerability in a Windows Cryptography routine. You may recognize [Tavis] from last week. At this rate, we’ll need to rename the column in a few more weeks.
This particular bug results in a deadlock when processing a specific X.509 certificate. So far, there is no path to command execution for this bug, but it’s not hard to imagine an attacker taking a Windows server offline by sending this particular certificate in an email or other channel.
When Microsoft was informed of the issue, they requested an extra day, in order to release the patch on Patch Tuesday, the 11th. Even though that was technically the 91st day, the Project Zero team agreed. On the 11th, Microsoft opted not to release the patch, and the vulnerability was announced as scheduled. While some have already condemned the release of the bug, I can only observe that Microsoft was given more than enough time to roll out a fix, and Project Zero has done exactly what they agreed to do.
Hacking Cryptocurrency Wallets to Save Them
Another day, another supply chain attack. A Javascript library, electron-native-notify, was updated to include malicious code. This particular library was used in the Agama cryptocurrency wallet, developed by Komodo. The npm security team gave their perspective on the official npm blog. They discovered the malicious code, and notified projects using that library, including Komodo. This code was uploading wallet information and secrets to the attacker’s server, who were then using that information to drain money from the vulnerable wallets.
In an unexpected plot twist, the server used to store the stolen information was publicly accessible, and the Komodo security team was aware of it. Here is quite the ethical dilemma. They were watching an active attack on their users, but the only immediate solution was legally and ethically questionable. Komodo decided to bite the bullet and jump into action. Yes, they hacked their own customers, using the stolen information to move cryptocurrency out of the now vulnerable digital wallets. Komodo is still working to restore the missing funds to their users. The decision they had to make in such a short amount of time must have been very difficult, and serves as a reminder of the occasional gray area of security work.
It appears that the developer who pushed the malicious code into the library in question had been targeting the Agama wallet for some time, making genuinely useful code contributions to the Agama project. We’ve seen this style of attack in the past — event-stream is the example that first comes to mind. In both cases, a developer appeared to be a helpful contributor and was quickly given too much access to a project, only to push malicious code into the project before disappearing. I’m confident this won’t be the last time this approach is attempted — and when it happens we’ll be sure to tell you about it. Stay Tuned!
-
-
16:00
»
Hack a Day
Aquariums are amazingly beautiful displays of vibrant ocean life, or at least they can be. For a lot of people aquariums become frustrating chemistry battle to keep the ecosystem heathly and avoid a scummy cesspool where no fish want to be.
This hack sidesteps that problem, pulling off some of the most beautiful parts of a living aquarium, while keeping your gaming rig running nice and cool. That’s right, this tank is a cold mineral oil dip for a custom PC build.
It’s the second iteration [Frank Zhao] has built, with many improvements along the way. The first aquarium computer was shoe-horned inside of a very tiny aquarium — think the kind for Beta fish. It eventually developed a small crack that spread to a bigger one with a lot of mineral oil to clean up. Yuck. The new machine has a much larger tank and laser cut parts which is a step up from the hand-cut acrylic of the first version. This makes for a very nice top bezel that hangs the PC guts and provides unobtrusive input and output ports for the oil circulation. A radiator unit hidden out of sight cools the oil as it circulates through the system.
These are all nice improvements, but it’s the aesthetic of the tank itself that really make this one special. The first version was so cramped that a couple of sad plastic plants were the only decoration. But now the tank has the whole package, with coral, more realistic plants, a sunken submarine, and of course the treasure chest bubbler. Well done [Frank]!
-
-
7:00
»
Hack a Day
Nvidia’s GeForce Experience (GFE) is the companion application for the Nvidia drivers, keeping said drivers up to date, as well as adding features around live streaming and media capture. The application runs as two parts, a GUI, and a system service, using an HTTP API to communicate. [David Yesland] from Rhino Security Labs decided to look into this API, searching for interesting, undocumented behavior, and shared the results on Sunday the 2nd.
The first interesting finding was that the service was written in Javascript and run using Node.js. Javascript is a scripting language, not a compiled language — the source code of the service was open for studying. This led to the revelation that API requests would be accepted from any origin, so long as the request included the proper security token. The application includes an update mechanism, which allows an authorized API call to execute an arbitrary system command. So long as the authentication token isn’t leaked to an attacker, this still isn’t a problem, right?
Modern browsers include a mechanism to fill the clipboard with arbitrary text. You’ve used this any time you “click here to copy to clipboard”. It’s also possible to launch a file upload dialog from javascript. The researcher’s suggested exploit is to trick the user into using the ctrl+v key combination, followed by the enter key. Perhaps a dialog asking someone to paste a reference number into a field, and pressing enter to continue. What would actually happen is that the page would detect the control keystroke, fill the clipboard with the location of the security token, and launch the file upload dialog. The user presses “v”, which pastes the contents of the clipboard into the dialog, and finally “Enter” starts the file upload. As soon as an attacker has the security token, an HTTP request can be made to the local API, launching an arbitrary command.
Nvidia was made aware of the potential issue, released a patch, and has published a security bulletin about it. [David] acknowledges the fix, but points out that the underlying issue, allowing API requests from any origin, still exists. He suggests that anyone not actively using GFE go ahead and uninstall it.
Ransomware As a Service Retires
GandCrab is a Ransomware-as-a-Service (RaaS?) offering that has been run like a business since early 2018. It has an online storefront where criminals can subscribe to the service and get custom built malware. The RaaS authors take a small cut of any ransom that is paid. Apparently that business has done very well for GandCrab, as they announced their retirement. They claim to have made over $150 million in the year and a half they have run this illicit service, and are now “…leaving for a well-deserved retirement. We have proved that by doing evil deeds, retribution does not come.”
While the chutzpah is admirable, the details are probably not entirely trustworthy. A declaration like that, especially after running a ransomware service, paints a rather large target over the heads of those responsible. Time will tell if the audacity is warranted.
TOCTOU and Docker
Docker was arguably the project that brought containerization back to its current popularity. More efficient than a full virtual machine while boasting nearly the same security advantages, Docker based solutions are particularly useful. A Time Of Check Time Of Use (TOCTOU) flaw has recently been found by [Aleksa Sarai]. In a Docker function, FollowSymlinkInScope, a maliciously crafted docker image could potentially read and write to any file on the host machine during a docker copy operation.
There seems to be a tshirt for
everything
We’ve never talked about TOCTOU bugs on Hackaday, so a primer is in order. The standard pronunciation seems to be “TOCK too”, though spelling the acronym is also acceptable. FollowSymlinkInScope, for example, takes a given path and verifies that any symlinks point to locations inside the docker image, correcting any symlinks that would otherwise point to the host system. That is the “Check” in TOCTOU. The path is safely resolved, and eventually used to copy files to their correct locations, the “Use” element. The key here is the span of time between running the check, and making use of the path. An attacker can essentially race against that time span, making a change to the symlinks on the disk after the check has completed. The fundamental flaw of a TOCTOU is the assumption that once some element has been checked, it will remain in the same state until acted upon.
To understand why TOCTOU bugs are hard to fix, we have to consider how modern multitasking works, as well as atomic operations. In a single core processor, programs are constantly paused while other programs run. This idea goes all the way back to the first time-sharing systems of the 1970s. Modern multi-core processors exacerbate the potential for problem, as processes can run at the same time, all making changes to the same file system. An atomic operation is one that is completed all at once, without any other process able to observe or modify the process until it’s complete. Different operating systems and architectures provide different sets of atomic functions, making TOCTOU bugs very difficult to avoid. In the case of the Docker problem, [Aleksa] has suggested a new kernel function that allows resolving symlinks within a docker image automatically. In this case, the operation would become atomic by nature of the kernel performing the sanitization steps as part of accessing files.
Notepad and RDP
When a researcher discovers a vulnerability and writes a proof of concept, the payload launched is usually either calc.exe or notepad.exe. [Tavis Ormandy] turned this tradition on its head by discovering a vulnerability in notepad itself. In 90 days or once Microsoft fixes the issue, we’ll make sure to fill you in on the rest of the story.
The RDP vulnerability we covered a couple weeks ago, Bluekeep, is the story that keeps on giving. Two weeks after the patch was officially released, [Robert Graham] of masscan fame scanned the entire internet for vulnerable RDP services. He found at least 900,000 vulnerable machines. That’s nearly a million Windows machines that have RDP exposed to the internet that haven’t installed the security fix yet. This is why Microsoft considers Bluekeep such a huge problem.
-
-
4:00
»
Hack a Day
Imagine for a moment that you are back in 2015. Radio Shack are going to the wall, Heathkit returning from the dead, and Arduino spliting into two warring Arduinos. And someone has announced a tiny Linux-capable microprocessor board called the C.H.I.P. that will cost only $9. We all thought that last one was pretty cool at the time, didn’t we. Then Heathkit’s new products turned out to be pretty lacklustre, the warring Arduinos merged, and the C.H.I.P? The consensus was that $9 was a tall order for that BoM at the time, and then the Raspberry Pi people gave away a free Pi Zero on the front of a magazine before selling it for £5 ($6.30). It didn’t matter that the C.H.I.P. had a nifty all-in-one screen and keyboard combo called the Pocket C.H.I.P. which was a significant object of desire, the venture lasted for three years before finally hitting the rocks last year.
Now the C.H.I.P. is back, in a crowdfunding campaign fronted by one of its original engineers. It’s been renamed the Popcorn, and it comes in three variants. The Original Popcorn is a compatible C.H.I.P. by any other name, while the Super Popcorn is a much higher-spec machine that comes in quad and octacore variants with AmiLogic SoCs. All three have 32 GB eMMC on board, and the specs are suitably impressive but not out of the ordinary for a 2019 single board computer. Prices are $49, $69, and $89, which takes away that optimistic $9 price tag that made the original so attractive. There is no Pocket C.H.I.P. which is a shame because for us that was the only reason to buy a C.H.I.P, but there is a companion board called the Stovetop that provides Raspberry Pi-style desktop and display interfaces.
We wish them well, but it’s difficult to escape the conclusion that the hardware world has moved on and the window of opportunity has closed. It’s not that these boards are not good ones, more that they now join a plethora of others which come a lot closer to the low price of the original. Still, there remains a C.H.I.P. community still out there, so perhaps that will save the day for them.
We interviewed the C.H.I.P.’s creators back in 2015, and marked its passing last year.
Thanks [Rose] for the tip.
-
-
16:00
»
Hack a Day
Despite the passing of several decades since that scene in Star Trek IV, the Voyage Home in which Mr. Scott remarks “A keyboard! How quaint!“, here on earth, they remain a central plank of our user interface experience. A plank is an appropriate metaphor, for the traditional keyboard with its layout derived from typewriters and intended to minimize type bar collisions has remained the same flat and un-ergonomic device for well over a century. If like [Tom Arrell] you suffer from repetitive strain injury to your hands and wrists from using a keyboard then a more ergonomic alternative is a must. His solution was to build his own keyboard in two halves.
He was inspired by a colleague’s Ergodox, but balked at the price. Then he found the Dactyl, an open source 3D printed keyboard in two halves, and resolved to build his own. Unlike the Dactyl, however, he wanted his ‘board to be able to operate as either a linked pair operating as one or a pair of separate keyboards. In went a pair of Sparkfun Pro Micro boards to his slightly modified Dactyl, along with a full complement of Cherry MX Brown switches.
The final product lacks key labels so is not for the faint-hearted. But he persevered with it and after a couple of weeks was able to use it without a crib sheet. It’s a bit higher than its commercial equivalent so it needs some improvised wrist rests, but for the price, he’s not complaining.
This isn’t the first keyboard with two halves we’ve shown you, here’s one from 2017.
Via Hacker News.
-
-
10:00
»
Hack a Day
The computers we are used to working with are more likely to be at the smaller end of the computational spectrum. Sometimes they are very small indeed, such as tiny microcontrollers with only a few GPIOs. Others are single board machines such as a Raspberry Pi or an Arduino, and often a desktop or laptop PC. Of course, while these can be very capable machines, they don’t cut the mustard in the upper echelons of corporate computing. There the mainframe still rules, sitting in air-conditioned machine rooms and providing some of the glue that cements our economy together.
Most of us will never own a mainframe, even if sometimes we marvel at people who rescue ancient ones for museums. But it’s not impossible to run one yourself even if it isn’t cheap, and [Christian Svensson] has written a guide for the potential purchaser of a more recent IBM model.
This is a fascinating piece as an uninformed spectator because it reveals something about the marketing of these machines. A fridge-sized rack may contain much more hardware than expected because all machines ship with high specifications installed but not enabled by licensing software. In some IBM machines this software comes on an attached laptop which goes missing when the mainframe is decommissioned, we’re told without this essential component the machine is junk. The practicalities are also considered, such things as whether the appropriate interface modules are present, or how to assess how much RAM has been installed. Powering the beast is less of a problem than you might expect as they ship with PSUs able to take a wide variety of DC or AC sources.
Once upon a time the chance to own one of the earlier DEC VAX minicomputers came the way of your scribe, the passing up on which has ever since been the source of alternate regret and thankfulness at a lucky escape. The ownership of second-hand Big Iron is not for everyone, but it’s nevertheless interesting to learn about it from those who have taken the plunge. There’s a tale unfolding about the ownership of a much older IBM room-sized computer at the moment.
IBM mainframes header image: Agiorgio [CC BY-SA 4.0]
-
-
4:00
»
Hack a Day
There is a dedicated community of plotter enthusiasts who keep their often-aging X-Y axis pen drawing devices going decades after they were built, and who share plotter-generated paper artwork online. [Dhananjay Balan] was seduced by this, so acquired a second-hand HP7440A through eBay and set about bringing it to life.
Bringing it to life was in the first instance the usual progression of cleaning the mechanism and checking all was in order, before doing a bit of research to find that the missing power supply was a 10-0-10V AC item. Then some adapters and a USB-to-serial port had it talking to a modern PC, and thanks to the wonders of HPGL it was working once more. This could thus have been a very simple tale worthy of the dreaded Not A Hack moniker, had the focus then not changed from the hardware into the software.
Back in the day, a 60-byte buffer in a plotter must have seemed huge. But in 2019 a plotter can be sent data at a rate that will swiftly fill it, after which the commands are not stored and are never drawn. Introducing a delay between sending commands solves the problem, but at the expense of very slow plotting. This was solved with a very clever use of the HPGL command to send the pen position, which waits until the pen has finished moving before sending its return value. This became a handy way to detect when the plotter was ready for more, allowing speedier printing without buffer overruns.
The plotter has an expansion port into which an optional module containing trigonometric drawing functions could have been plugged, but was missing in this example. HP’s idea was that the buffer was so small that a programmer would have difficulty writing their own, but the buffer hack in the previous paragraph put paid to that. Python code for all this and more is in a handy GitHub repository.
Via Hacker News.
-
-
4:00
»
Hack a Day
Sometimes we find projects that border on the absurd but are too cool to pass up. The Comprinter is exactly that. [Mason Stooksbury] had a dream. An all-in-one scanner printer that was also a computer. What would turn heads more than walking into a hackerspace with a printer, plugging your headphones in, then opening up the top to reveal a monitor?
[Mason’s] dream became possible when friends gave him some old laptops and a dead Kodak printer. After going through the laptops, he picked a Dell Inspiron 1440 to be the donor machine. The printer and laptop were both carefully stripped down. [Mason’s] goal for the project was to build a “beautiful” printer/computer. No bodges allowed. He spent most of his time planning out how to mount the motherboard and display inside the scanner section of the chassis.
The actual assembly was quite fiddly. Working with only an inch or so of clearance, [Mason] installed standoffs for the motherboard and display. He to do all this without breaking the wires for the display and WiFi antennas.
Once the main parts of the laptop were assembled, [Mason] completed the build with a nine-port USB hub, some internally mounted speakers and a USB keyboard mounted in the paper tray. The twelve-hour operation was a complete success. What looks to be a cheap inkjet actually hides a complete laptop running Xubuntu. The only downside is that the printer doesn’t actually print, but [Mason] is quick to note that if the printer hadn’t been broken in the first place, it would work fine — all the modifications are in the scanner section.
We’ve seen some wild casemods over the years, including a Nintendo in a toaster, a modern PC stuffed into an original Xbox, and Raspberry Pi’s stuffed into just about everything.
-
-
16:00
»
Hack a Day
Did you ever start a project that you felt gained a life of its own? This project by [Paulo Constantino] is an entire CPU named dreamcatcher on breadboards, and is a beautiful jungle of digital. On top of that, it works to connect to an analog VGA display. How cool is that!
Designing an ALU and then a CPU is a typical exercise for students of digital design and is done using VerilogHDL or VHDL. It involves creating an ALU that can add, subtract etc while a control unit manages data moves and the like. There is also a memory fetch and instruction decode made up of de-mulitiplexers and a bunch of flip-flops that make up registers and flags. They are as complex as they sound if not more.
[Paulo Constantino] went ahead and designed the whole thing in Eagle as a schematic using 74HC logic chips. To build it though instead of a PCB he used breadboards. Everything from bus decoders to controlling an external VGA display is done using jumper wires. We did cover a video on the project a while back, but this update adds a video card interface to the build.
The CPU updates the display buffer on the VGA card, and in the video below shows the slow and steady update. The fact that the jungle of wires can drive a display is awesome. He has since started working on a 16-bit version of the processor and we’d love to see someone take it up a notch.
For those more accustomed to the PCB, the Z80 membership card project is a great build for 8-bit computer fans.
Thanks to [analog engineer] for the tip.
-
-
1:00
»
Hack a Day
It’s a very brave person who takes a Dremel or similar to the case of their svelte new laptop in the quest for a new connector, it sounds as foolhardy as that hoax from a while back in which people tried to drill a 3.5mm jack into their new iPhones. But that’s what [BogdanTheGeek] has done, in adding a USB-C port to his Acer.
Of course, the port in question isn’t a fully functioning USB-C one, it’s a power supply jack, and it replaces the extremely unreliable barrel jack the machine was shipped with. He’s incorporated one of those little “ZYPDS” USB-C power delivery modules we’ve no-doubt all seen in the usual cheap electronic sources, and in a move of breathtaking audacity he’s cut away part of the Acer mainboard to do so. He’s relying on the laptop’s ability to accept a range of voltages, and presumably trusting his steady hand with a rotary tool. Some Kapton tape and a bit of wire completes the work, and with a carefully reshaped hole in the outer case he’s good to go.
The result is beautifully done, and a casual observer would be hard pressed to know that it hadn’t always been a USB-C port. We’re sure there will come a moment at which someone will plug in a USB-C peripheral and expect it to work, it’s that good.
If you’d like to know a little bit more about USB-C, we’d like to direct you to our in-depth look at the subject.
-
-
8:30
»
Hack a Day
Adversarial attacks are not something new to the world of Deep Networks used for image recognition. However, as the research with Deep Learning grows, more flaws are uncovered. The team at the University of KU Leuven in Belgium have demonstrated how, by simple using a colored photo held near the torso of a man can render him invisible to image recognition systems based on convolutional neural networks.
Convolutional Neural Networks or CNNs are a class of Deep learning networks that reduces the number of computations to be performed by creating hierarchical patterns from simpler and smaller networks. They are becoming the norm for image recognition applications and are being used in the field. In this new paper, the addition of color patches is seen to confuse the image detector YoLo(v2) by adding noise that disrupts the calculations of the CNN. The patch is not random and can be identified using the process defined in the publication.
This attack can be implemented by printing the disruptive pattern on a t-shirt making them invisible to surveillance system detection. You can read the paper[PDF] that outlines the generation of the adversarial patch. Image recognition camouflage that works on Google’s Inception has been documented in the past and we hope to see more such hacks in the future. Its a new world out there where you hacking is colorful as ever.
-
-
19:01
»
Hack a Day
Twenty years ago, a cryptographic puzzle was included in the construction of a building on the MIT campus. The structure that houses what is now MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) includes a time capsule designed by the building’s architect, [Frank Gehry]. It contains artifacts related to the history of computing, and was meant to be opened whenever someone solved a cryptographic puzzle, or after 35 years had elapsed.
The puzzle was not expected to be solved early, but [Bernard Fabrot], a developer in Belgium, has managed it using not a supercomputer but a run-of-the-mill Intel i7 processor. The capsule will be opened later in May.
The famous cryptographer, [Ronald Rivest], put together what we now know is a deceptively simple challenge. It involves a successive squaring operation, and since it is inherently sequential there is no possibility of using parallel computing techniques to take any shortcuts. [Fabrot] used the GNU Multiple Precision Arithmetic Library in his code, and took over 3 years of computing time to solve it. Meanwhile another team is using an FPGA and are expecting a solution in months, though have been pipped to the post by the Belgian.
The original specification document is a fascinating read, for both the details of the puzzle itself and for [Rivest]’s predictions as to the then future direction of computing power. He expected the puzzle would take the full 35 years to solve and that there would be 10Ghz processors by 2012 when Moore’s Law would begin to tail off, but he is reported as saying that he underestimated the corresponding advances in software.
Header image: Ray and Maria Stata Center, Tafyrn (CC BY 3.0)
-
-
22:00
»
Hack a Day
Over the years we’ve seen a number of homebrew 6502 computers assembled with little more than a breadboard, a sack full of jumper wires, and an otherworldly patience that would make a Buddhist Monk jealous. Anyone who takes the time to assemble a fully functional computer on a half-dozen breadboards lined up on their workbench will always be a superstar in our book.
While we’re still too lazy to attempt one of these builds ourselves, we have to admit that the Vectron 64 by [Nick Bild] looks dangerously close to something you might be able to pull off within a reasonable amount of time. It’s still an incredible amount of work, but compared to some of the other projects we’ve seen, this one manages to keep the part count relatively low thanks to the use of a simple 16×2 LCD for output and user input provided by a PS/2 keyboard. You won’t be playing Prince of Persia on it, but at least you might be able to finish it in a weekend.
The computer is clocked at 1 MHz, and features 32KB RAM
along with 32KB EEPROM. That should be enough for anyone. [Nick] also points out he tried to use era-appropriate 7400 series ICs wherever possible, so no worries about historical revisionism here. If you’re looking for a design that somebody could have potentially knocked together back in the 1970s, this one would get you fairly close.
The astute reader might notice there’s no removable media in this build, and may be wondering how one loads programs. For that, [Nick] allowed himself a bit of modern convenience and came up with a scheme that allows an Arduino (or similar microcontroller) to connect up to the computer’s 28C256-15 EEPROM. With a Python script running on your “real” computer, you can write a new ROM image directly to the chip. He’s included the source code for a simple program which will write whatever you type on the keyboard out on the LCD, which should give you a good framework for writing additional software.
If you’re looking for a bigger challenge, don’t worry. We’ve covered 6502 breadboard computers that will make your eyes water. Incidentally, this isn’t the first time we’ve seen a similar LCD used for one of these computers, so looks like there’s no shame in sneaking in modern parts where it makes sense.
-
-
13:01
»
Hack a Day
From the title, you might think this post is going to be some lame story about someone plugging in some RAM and maybe updating a BIOS. That’s where you’d be wrong. [Downtown Doug Brown] has a much more interesting and instructive story.
[Doug] found his motherboard was rated for 8 …read more
-
-
4:00
»
Hack a Day
About a year ago when Hackaday and Tindie were at Maker Faire UK in Newcastle, we were shown an interesting retrocomputer by a member of York Hackspace. The Gigatron is a fully functional home computer of the type you might have owned in the early 1980s, but its special trick …read more
-
-
4:00
»
Hack a Day
Ever get that funny feeling that things aren’t quite what they used to be? Not in the way that a new washing machine has more plastic parts than one 40 years its senior. More like “my laptop can churn through hundreds of gigaflops, but when I scroll it doesn’t feel …read more
-
-
1:00
»
Hack a Day
Case modding exploded in the late 1990s, as computer enthusiasts the world over grew tired of the beige box and took matters into their own hands. The movement began with custom paints and finishes on existing cases, with competitions and bragging rights then taking over to further push the state …read more
-
-
13:00
»
Hack a Day
An essential tool of many sysadmins is a portable terminal ready to plug into an ailing rack-mounted server to administer first aid. At their simplest, they are simply a monitor and keyboard on a trolley, but more often they will be a laptop pre-loaded with tools for the purpose. Sysadmins …read more
-
-
10:00
»
Hack a Day
George Mallory, a famous English mountaineer, once suggested that it was of no use to climb mountains. Instead, he posited, the only reason to climb a mountain is because it is there. Likewise, when you become an expert in nurse call systems like those found in hospitals, you may find …read more
-
-
7:01
»
Hack a Day
It’s never been harder to repair your electronics. When the keyboard in your shiny new MacBook dies, you’ll have to send it to a Genius. When the battery in your iPhone dies, you’ll have to break out the pentalobe screwdrivers. Your technology does not respect your freedom, and this is …read more
-
-
10:00
»
Hack a Day
Don’t get me wrong. Like most people, there’s nothing I enjoy more than solving a long, involved math problem by hand. But, sometimes, a few pages of algebraic scratches on paper is just a means to an end. I find this especially true during electronic design sessions, be it circuit …read more
-
-
10:01
»
Hack a Day
It won’t replace your beloved Rasbperry Pi, but it’s worth saying hello to this “Strawberry Jam”, straight out of Japan. It’s an equally delicious way to get people interested in the basics of coding.
My hackerspace friend Jim is a lucky bloke, for last year he was able to take an extended holiday through a succession of East Asian countries. We were treated to online pictures of beautiful scenery and beaches, city lights, and of course exciting tech destinations such as hardware markets and hackerspaces. On his return he tossed a package on the table in front of me and …read more
-
-
13:01
»
Hack a Day
We missed this Blackhat talk back in August, but it’s so good we’re glad to find out about it now. [Christopher Domas] details his obsession with hidden processor instructions, and how he discovered an intentional backdoor in certain x86 processors. These processors have a secondary RISC core, and an undocumented procedure to run code on that core, bypassing the normal user/kernel separation mechanisms.
The result is that these specific processors have an intentional mechanism that allows any unprivileged user to jump directly to root level access. The most fascinating part of the talk is the methodical approach [Domas] took to …read more
-
-
7:01
»
Hack a Day
Filesystems for computers are not the best bet for embedded systems. Even those who know this fragment of truth still fall into the trap and pay for it later on while surrounded by the rubble that once was a functioning project. Here’s how it happens.
The project starts small, with modest storage needs. It’s just a temperature logger and you want to store that data, so you stick on a little EEPROM. That works pretty well! But you need to store a little more data so the EEPROM gets paired with a small blob of NOR flash which is much …read more
-
4:00
»
Hack a Day
The original Xbox, released in 2001 by Microsoft, was notable for being built out of largely off-the-shelf PC components. With a custom Pentium III CPU and IDE peripherals, the console was much closer to a contemporary desktop computer than any of the dedicated game consoles which had come before it. Which of course makes perfect sense if you think about it. Microsoft would want to use technology they were intimately acquainted with on their first foray into gaming market, and if there’s anything Microsoft knows better than forced system updates, it’s x86 computers.
But for their follow-up system, the Xbox …read more
-
-
4:00
»
Hack a Day
As a layperson reading about some branches of mathematics, it often seems like mathematicians are just people who really like to create and solve puzzles. And, knowing that computer science shares a lot of its fundamentals with mathematics, we can assume that most computer scientists are also puzzle-solvers as well. This latest project from [tom7] shows off his puzzle creating and solving skills with a readable file which is also a paper, which is also a compiler for C programs, which can also play music.
[tom7] started off with the instruction set for the Intel 8086 processor. Of the instructions …read more
-
-
4:00
»
Hack a Day
If you have an eye for obscure Microsoft products, you may be aware of the Microsoft PixelSense, a table-sized horizontal touchscreen designed as a collaborative workspace. It’s a multi-user computer with no traditional keyboard or mouse, instead multiple users work with documents and other files as though they were real documents on a table. It’s an impressive piece of technology, and it was the first thing that came to mind when we saw [Anitomicals C]’s dual screen portable computer. It has a form factor similar to a large laptop, in which the touchscreen folds upwards to reveal not a conventional …read more
-
-
19:00
»
Hack a Day
The electricity on the power grid wherever you live in the world will now universally come to you as AC. That is to say that it will oscillate between positive and negative polarity many times every second. The frequency of 50 or 60Hz just happens to be within the frequency range for human hearing. There’s a lot more than this fundamental frequency in the spectrum on the power lines though, and to hear those additional frequencies better you’ll have to do a little bit of signal processing.
We first featured this build back when it was still in its prototyping …read more
-
-
4:00
»
Hack a Day
If you’ve never seen an IBM AS/400 machine, don’t feel bad. Most people haven’t. Introduced in 1988 as a mid-range server line, it used a unique object-based operating system and was geared specifically towards business and enterprise customers. Unless you’re a particularly big fan of COBOL you probably won’t have much use for one today, but that doesn’t mean they aren’t worth playing around with if the opportunity presents itself.
So when a local IT company went belly up and was selling their old hardware, including a late 90’s era IBM AS/400e Series, [Rik te Winkel] jumped at the chance …read more
-
-
16:01
»
Hack a Day
This hardware badge is a computer programmed with Lisp. You can write your own programs right on the badge using the built-in keyboard, as long as you know Lisp.
If there’s one thing we really like to see, it’s people advancing their own projects based on inspiration from others. The Lisp Badge by [David Johnson-Davies] is a perfect example. With an interface inspired by [Voja Antonic’s] hardware design for the 2018 Hackaday Belgrade Conference Badge, this version is an upgrade of an earlier single-board Lisp machine, now sporting an integrated keyboard.
Unlike the Belgrade badge, which is programmed in BASIC, …read more
-
-
19:00
»
Hack a Day
An old laptop or desktop computer that’s seen better days might still have a little bit of use left in it for a dedicated task. Grabbing a lightweight flavor of Linux and running a web server, firewall, or Super Nintendo emulator might get a few more years out of it. You can also get pretty creative repurposing obsolete single purpose machines, as [Kristjan] did with some old Cisco server equipment.
The computer in question isn’t something commonly found, either. It’s an intrusion detection system meant to mount in a server rack and protect the server itself from malicious activity. While …read more
-
-
1:01
»
Hack a Day
People love their tech, and feel like something’s missing when it’s not there. This is the story of one person’s desire to have the venerable trackpoint in their new keyboard.
[Klapse] loves a Lenovo old-style non-chicklet keyboard, so, despite the cost, five were ordered. They very quickly ended up with keys that didn’t work, although the trackpoints still did. After buying a sixth which ended up the same, [Klapse] decided that maybe giving up on the Lenovo keyboards was the best idea. A quick stop at a local store scored a fill-in mechanical keyboard, but in the back of [klapse]’s …read more
-
-
4:01
»
Hack a Day
Over on the Cloudflare blog, [Marek] found himself wondering about computer memory, as we all sometimes do. Specifically, he pondered if he could detect the refresh of his SDRAM from within a running program. We’re probably not ruining the surprise by telling you that the answer is yes — with a little more than 100 lines of C and help from our old friend the Fast Fourier Transform (FFT), [Marek] was able to detect SDRAM refresh cycles every 7818.6 ns, lining right up with the expected result.
The “D” in SDRAM stands for dynamic, meaning that unless periodically refreshed by …read more
-
-
13:00
»
Hack a Day
[John Whittington] failed to win a bid for an old VT-220 serial terminal on eBay, so he decided to make his own version and improve it along the way. The result is the Whitterm-220 (or WT-220) which has at its core a Raspberry Pi and is therefore capable of more than just acting as a ‘dumb’ serial terminal.
The enclosure is made from stacked panels of laser-cut plywood with an acrylic plate on the back for labels and connectors, where [John] worked paint into the label engravings before peeling off the acrylic’s protective film. By applying paint after laser-engraving but …read more
-
-
7:01
»
Hack a Day
The greatest hardware hacks of all time were simply the result of finding software keys in memory. The AACS encryption debacle — the 09 F9 key that allowed us to decrypt HD DVDs — was the result of encryption keys just sitting in main memory, where it could be read by any other program. DeCSS, the hack that gave us all access to DVDs was again the result of encryption keys sitting out in the open.
Because encryption doesn’t work if your keys are just sitting out in the open, system designers have come up with ingenious solutions to prevent …read more
-
-
10:01
»
Hack a Day
The failed launch of Soyuz MS-10 on October 11th, 2018 was a notable event for a number of reasons: it was the first serious incident on a manned Soyuz rocket in 35 years, it was the first time that particular high-altitude abort had ever been attempted, and most importantly it ended with the rescue of both crew members. To say it was a historic event is something of an understatement. As a counterpoint to the Challenger disaster it will be looked back on for decades as proof that robust launch abort systems and rigorous training for all contingencies can save …read more
-
-
4:00
»
Hack a Day
[Frank Adams] liked the keyboard on his Lenovo ThinkPad T61 so much that he decided to design an adapter so he could use it over USB with the Teensy microcontroller. He got the Trackpoint working, and along the way managed to add support for a number of other laptop boards as well. Before you know it, he had a full-blown open source project on his hands. Those projects can sneak up on you when you least expect it…
The first step of the process is getting your laptop keyboard of choice connected up to the Teensy, but as you might …read more
-
-
10:01
»
Hack a Day
As far as computer architectures go, ARM doesn’t have anything to be ashamed of. Since nearly every mobile device on the planet is powered by some member of the reduced instruction set computer (RISC) family, there’s an excellent chance these words are currently making their way to your eyes courtesy of an ARM chip. A userbase of several billion is certainly nothing to sneeze at, and that’s before we even take into account the myriad of other devices which ARM processors find their way into: from kid’s toys to smart TVs.
ARM is also the de facto architecture for the …read more
-
4:00
»
Hack a Day
One of the first things we learn about computers is the concept of binary ones and zeroes. When we dig into implementation of digital logic, we start to learn about voltages, and currents, and other realities of our analog world. It is common for textbooks to use flow of water as an analogy to explain flow of electrons, and [Glen Anderson] turned that conceptual illustration into reality. He brought his water computer to the downtown Los Angeles Mini Maker Faire this past weekend to show people the analog realities behind their digital devices.
[Glen]’s demonstration is a translation of another …read more
-
-
4:00
»
Hack a Day
For hackers, cheap (and arguably disposable) consumer hardware makes for a ready supply of free or low-cost components. When you can walk into a big box store and pick up a new low-end laptop for $150, how many are going to spend the money to repair or upgrade the one they have now? So the old ones go to the bin, or get sold online for parts. From an ecological standpoint our disposable society is terrible, but at least we get some tech bargains out of the deal.
Case in point, the dirt cheap 32 GB eMMC SSDs [Jason Gin] …read more
-
-
7:01
»
Hack a Day
Have you ever had one of those moments, when you’re rummaging through your spare parts heap, and have a rather bizarre project idea that you can’t quite get out of your head? You know, the ones that have no clear use, but simply demand to be born, of glass and steel and silicon?
This time, the stubborn idea in question was sort of like a solar-rechargeable LED throwie, but instead of a blinking light, it has a fully cloud-accessible embedded Linux server in the form of a Raspberry Pi 3 Model B+. Your choice of embedded Linux board should work …read more
-
-
1:01
»
Hack a Day
Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.
This is a buffer overflow issue in the error handling for network packets. The kernel is expecting a fixed length of those packets but doesn’t check to prevent writing past the end of the buffer. The fact Apple’s XNU kernel powers all their products is remarkable, but issues like this are a reminder of the potential downside …read more
-
-
14:00
»
Hack a Day
You’ve no doubt heard about the “hardware implants” which were supposedly found on some server motherboards, which has led to all sorts of hand-wringing online. There’s no end of debate about the capabilities of such devices, how large they would need to be, and quite frankly, if they even exist to begin with. We’re through the looking-glass now, and there’s understandably a mad rush to learn as much as possible about the threat these types of devices represent.
[Nicolas Oberli] of Kudelski Security wanted to do more than idly speculate, so he decided to come up with a model of …read more
-
-
22:00
»
Hack a Day
We often lament that the days of repairable electronics are long gone. It used to be you’d get schematics for a piece of gear, and you could just as easily crack it open and fix something as the local repairman — assuming you had the knowledge and tools. But today, everything is built to be thrown away when something goes wrong, and you might as well check at the end of a rainbow if you’re searching for a circuit diagram for a new piece of consumer electronics.
But [Robson] writes in with an interesting story that gives us hope that …read more
-
-
13:00
»
Hack a Day
Even if you aren’t a vintage computer aficionado, you’re probably aware that older computer hard drives were massive and didn’t hold much data. Imagine a drive that weighs several pounds, and only holds 1/1000th of what today’s cheapest USB flash drives can. But what you might not realize is that if you go back long enough, the drives didn’t just have lower capacity, they utilized fundamentally different technology and relied on protocols which are today little more than historical footnotes.
A case in point is the circa 1984 Modified Frequency Modulation (MFM) drive which [Michał Słomkowski] was tasked with recovering …read more
-
-
1:00
»
Hack a Day
It’s not Apple IIs, and it’s not Raspberry Pis. The most important computing platform for teaching kids programming is the Texas Instruments graphing calculator. These things have been around in one form or another for almost three decades, and for a lot of budding hackers out there, this was the first computer they owned and had complete access to.
As hacking graphing calculators is a favorite for Maker Faires, we were pleased to see Cemetech make it out to this year’s World Maker Faire in New York last weekend. They’re the main driving force behind turning these pocket computers with …read more
-
-
16:00
»
Hack a Day
The IBM 1401 is a classic computer which IBM marketed throughout the 1960s, late enough for it to have used transistors rather than vacuum tubes, which is probably a good thing for this story. For small businesses, it was often used as their main data processing machine along with the 1403 printer. For larger businesses with mainframes, the 1401 was used to handle the slower peripherals such as that 1403 printer as well as card readers.
The Computer History Museum in Mountain View, CA has two working 1401s as well as at least one 1403 printer, and recently whenever the …read more
-
13:00
»
Hack a Day
To say that the Commodore 64 was an important milestone in the history of personal computing is probably a bit of an understatement. For a decent chunk of the 1980s, it was the home computer, with some estimates putting the total number of them sold as high as 17 million. For hackers of a certain age, there’s a fairly good chance that the C64 holds a special spot in their childhood; perhaps even setting them on a trajectory they followed for the rest of their lives.
At the risk of showing his age, [Clicky Steve] writes in to tell us …read more
-
-
13:00
»
Hack a Day
We’ve mentioned previously the challenges that come with maintaining vintage computers which in some cases are pushing 40 years old. Components, even high quality ones, eventually fail and need to be replaced. Now if it’s a fairly popular vintage machine, replacement parts usually aren’t too hard to come by. But what if you’re dealing with a machine that’s not just vintage, but was also such a commercial flop that parts are scarce?
Such is the life for anyone who owns one of the 500,000 IBM PCJrs that Big Blue managed to get out of the door during the year or …read more
-
-
1:00
»
Hack a Day
We are probably all familiar with computing history to the extent that we know the earliest computers were surprisingly simple devices. While early electronic machines such as Colossus or ENIAC were hugely complex racks of tubes, once expressed as a schematic or as a network of logic gates they would be relatively straightforward for today’s electronic engineer to understand their operation. Those who have made an in-depth study of computing history may have heard of the work of Konrad Zuse in the mid-20th century, his relay-based machines predate their fully electronic cousins by several years.
A relay-based computer can be …read more
-
-
16:00
»
Hack a Day
[Martin Malý] has put together a sweet little 8085-based single board computer called OMEN. He needed a simple one for educational purposes, and judging by the schematic we think he’s succeeded.
Now in its fourth iteration, it has a 32K EEPROM, 32K of memory, one serial and three parallel ports. In the ROM he’s put Tiny BASIC and Dave Dunfield’s MON85 Serial Monitor with Roman Borik’s improvements. His early demos include the obligatory blinking LED, playing 8-bit music to a speaker, and also a 7-segment LED display with a hexadecimal keyboard. There is also a system connector which allows you …read more
-
7:01
»
Hack a Day
Recently I was given a somewhat crusty looking ThinkPad T400 that seemed like it would make a good knock around machine to have on the bench, if it wasn’t for the fact the person who gave it to me had forgotten (or perhaps never knew) the BIOS password. Cleaning the machine up, putting more RAM in it, and swapping the wheezing hard drive for an SSD would be a relatively cheap way to wring a few more years of life from the machine, but not if I couldn’t change the boot order in BIOS.
Alright, that’s not entirely true. I …read more
-
-
13:00
»
Hack a Day
Despite becoming common over the last few years USB-C remains a bit of a mystery. Try asking someone with a new blade-thin laptop what ports it has and the response will often include an awkward pause followed by “USB-C?”. That is unless you hear “USB 3” or maybe USB 3.1. Perhaps even “a charging port”. So what is that new oval hole in the side of your laptop called? And what can it really do? [jason] at Reclaimer Labs put together a must-read series of blog posts in 2016 and 2017 plumbing the depths of the USB 3.1 rabbit hole …read more
-
-
1:01
»
Hack a Day
Every year, we demand our computers to be ever faster, capable of delivering progressively more eye-watering graphics and doing it all as reliably as ever. Unfortunately, sometimes, new designs miss the mark. [Cloakedbug] was having issues with voltage regulator temperatures on an ASUS Strix VEGA 64 — one of the latest RADEON graphics cards on the market — and decided to investigate.
Right away, issues were apparent; one of the main thermal pads was making poor contact with the FETs it was intended to carry heat for, and was poorly sized to boot. In a show of poor quality, the …read more
-
-
19:00
»
Hack a Day
There was a time when computers were far too expensive to let mere students use them. In those days, we wrote fake programs for fictitious machines and checked them by hand. That wasn’t fun, but it did teach you to think about the algorithm. You weren’t worried about how many tabs to indent code in the editor, or checking your social media feed, or changing the track on your Spotify playlist. Maybe that was the idea behind Computer Science Unplugged. The site is aimed at educators and gives them lesson plans to teach kids about computer concepts through activities that …read more
-
-
4:00
»
Hack a Day
We feature hundreds of projects here at Hackaday, and once they have passed by our front page and disappeared into our archives we often have no opportunity to return to them and see how they developed. Sometimes of course they are one-off builds, other times they wither as their creator loses interest, but just occasionally they develop and evolve into something rather interesting.
One that is taking that final trajectory is [Just4Fun]’s Z80-MBC, a single board computer with only 4 ICs, using an Atmel microcontroller to simulate the Z80 support chips. It has appeared as a revised version, on a …read more
-
-
22:00
»
Hack a Day
As William Gibson once noted, the future is already here, it just isn’t equally distributed. That’s especially true for those of us with disabilities. [Abishek Singh] wanted to do something about that, so he created a way for the hearing-impaired to use Amazon’s Alexa voice service. He did this using a TensorFlow deep learning network to convert American Sign Language (ASL) to speech and a speech-to-text converter to interpret the response. This all runs on a laptop, so it should work with any voice interface with a bit of tweaking. In particular, [Abishek] seems to have created a custom bit …read more
-
-
4:00
»
Hack a Day
We’ll go out on a limb and assume that anyone reading these words is probably familiar with the classic ping command. Depending on which operating system you worship the options might be slightly different, but every variation of this simple tool does the same thing: send an ICMP echo request and wait for a response. How long it takes to get a response from the target, if it gets one at all, is shown to the user. This if often the very first step to diagnosing network connectivity issues; if this doesn’t work, there’s an excellent chance the line is …read more
-
-
19:00
»
Hack a Day
Today’s entry comes to us from [Robert Tomsons], who was kind enough to document this crushing tale of woe so that we might all learn what true heartbreak is. If you’ve ever toiled away at getting that perfect surface finish with body filler, this one is going to hurt. In fact, you might just want to hit that “Back” button and head to safety now. There’s probably a pleasant story about some 3D printed thing being used with a Raspberry Pi of some sort that you can read instead.
For those of you brave enough to continue on, today we’ll …read more
-
1:00
»
Hack a Day
Between smartphones and tablets, computing is becoming increasingly mobile in nature. It used to be that everyone had a desktop computer, then laptops became the norm, and now many people don’t have anything beyond their mobile device. Unless you’re the kind of person who actually needs the power and versatility offered by a “real” computer, mobile devices are simply a more convenient option to browse the web and consume content.
But what if your needs are somewhere in the middle? You want an x86 computer and full operating system, but you also want something that’s more mobile than a tablet? …read more
-
-
16:00
»
Hack a Day
Today’s CPUs are so advanced that they might as well be indistinguishable from magic, right? Wrong! Fundamentally, modern CPUs can be understood logically like any other technology, it’s just that they’re very fast, very small, and very complex, which makes it hard to get to grips with their inner workings. We’ve come a long way from the dawn of the home computer in the 80s, but what if there was something even simpler again, built in such a way as to be easily understandable? Enter the DDL-4-CPU, courtesy of [Dave’s Dev Lab].
The DDL-4 is a project to build a …read more
-
-
1:00
»
Hack a Day
Ever wonder why keyboard number pads and telephone dials have reversed layouts? Theories abound, but the most plausible one is that, shrug, it just happened that way. And now we’re stuck with it.
Well, that answer’s not good enough for [Jesse], so he punched up his own keyboard design that combines the golden years of function-rich Sun and IBM keyboards with Ma Bell’s DTMF number arrangement. That’s right, Sundial has 24 function keys total, and the number pad matches Ma Bell’s all the way down to the asterisk/zero/octothorpe pattern on the bottom row. How do we know what the …read more
-
-
8:30
»
Hack a Day
With a BASIC interpreter and free run throughout their hardware, home computers like the ZX Spectrum and Commodore 64 used to be a pervasive way to light that hacker fire. With the advent of cheap single board computers like the Raspberry Pi, devices purpose built to emulate these classic systems have become fairly commonplace. [uli] built a device in this vein called the BASIC Engine which is driven by a microcontroller and a handful of hardware peripherals. Like other examples it can be attached to a keyboard, programmed in a BASIC, play video and sound, etc. But digging into the …read more
-
-
19:00
»
Hack a Day
Have you ever heard the old axiom that if you want to design a simple system, ask yourself if your grandmother could use it? Maybe that was on Wired’s mind because they asked a quantum computing expert — particularly IBM’s [Dr. Talia Gershon] — to explain what exactly quantum computing is at 5 levels. In the video they shot, which you can see below, [Dr. Gershon] talks to a younger child, a teenager, an undergraduate computer science student, a graduate student, and then a physicist.
We enjoyed some of the analogies of spinning pennies and the way she was able …read more
-
-
19:00
»
Hack a Day
How small could you make a computer? In a way, that’s a question that requires that a computer be defined, because you could measure the smallest computer simply in terms of the smallest area of silicon required to create a microprocessor. So perhaps it’s better to talk about a smallest working computer. Recent entries in the race for the smallest machine have defined a computer as a complete computer system which holds onto its program and data upon power-down, but this remains one that is hotly debated. You might for instance debate as to whether that definition would exclude machines …read more
-
16:00
»
Hack a Day
What do you do when you’re into trackball mice, but nothing out there is affordable or meets all your murine needs? You build one, of course. And if you’re like [Dangerously Explosive], who has a bunch of old optical mice squeaking around the shop, you can mix and match them to build the perfect one.
The mouse, which looks frozen mid-transformation into a rodential assassin, is a customized work of utilitarian art. Despite the excellent results, this project was not without its traps. [Dangerously] got really far into the build before discovering the USB interface chip was dead. Then he …read more
-
-
19:00
»
Hack a Day
Have you ever been watching a TV show or a movie and spotted a familiar computer? [James Carter] did and he created a website to help you identify which old computers appear in TV shows and movies. We came across this when researching another post about an old computer and wondered if it was any old movies. It wasn’t.
You can search by computer or by title. There are also ratings about how visible, realistic, and important the computer is for each item. The database only contains fictional works, not commercials or documentaries. The oldest entry we could find was …read more
-
-
16:00
»
Hack a Day
The question of whether to use a mouse versus a trackball is something of a Holy War on the level of Vi versus Emacs. We at Hackaday want no part of such things, use whatever you want, and leave us out of it. But we will go as far as to say that Team Trackball seems to take things mighty seriously. We’ve never met a casual trackball user: if they’ve got a trackball on their desk then get ready to hear all about it.
With that in mind, the lengths [LayeredDesigns] went to just to add a couple extra buttons …read more
-
-
4:00
»
Hack a Day
Most of us accumulate stuff, like drawers full of old cables and hard drives full of data. Reddit user [BaxterPad] doesn’t worry about such things though, as he built an impressive Network Attached Storage (NAS) system that can hold over 200TB of data. That’s impressive enough, but the real artistry is in how he did this. He built this system using ODroid HC2 single board computers running GlusterFS, combining great redundancy with low power usage.
The Odroid HC2 is a neat little single board computer that offers a single SATA interface and runs Linux. [BaxterPad] acquired sixteen of these, and …read more
-
-
10:01
»
Hack a Day
Among the rows of digital dinosaurs, one blinking front panel stood out. It certainly looked the part of a retro computer; with banks of blinking LEDs and multicolored paddle switches. But upon closer inspection, the laser cut wooden front panel betrays the fact that this machine is an impostor. It may have the appearance of a machine from the heady days where home computers looked like they could have doubled as a prop on the bridge of Kirk’s Enterprise, but it’s actually a product of much more modern provenance.
It’s called the Cactus, a love letter to the homebrew …read more
-
1:00
»
Hack a Day
There are a number of companies now providing turn-key computers that meet the Free Software Foundation’s criteria for their “Respects Your Freedom” certification. This means, in a general sense, that the computer is guaranteed not to spy on you or otherwise do anything else you didn’t explicitly ask it to. Unfortunately these machines often have a hefty premium tacked on, making it an unpleasant decision between privacy and performance.
Freedom-loving hacker [SolidHal] writes in to tell us about his quest to create a FSF-compliant laptop without breaking the bank. Based on a cheap Asus C201 Chromebook, his custom machine checks …read more
-
-
19:00
»
Hack a Day
It’s difficult to convey in an era when a UNIX-like operating system sits in your pocket, how there was once a time when the mere word was enough to convey an aura of immense computing power. If you ran UNIX, your computer probably filled a room, and you used it for Serious Stuff rather than just checking your Twitter feed. UNIX machines may still perform high-end tasks, but Moore’s Law has in the intervening years delivered upon its promise, and your phone with its UNIX-like OS is far more powerful than that room-sized minicomputer of the 1970s. A single chip …read more
-
-
19:00
»
Hack a Day
Getting bounced to a website by scanning a QR code is no longer an exciting feat of technology, but what if you scanned the ingredient list on your granola bar and it went to the company’s page for that specific flavor, sans the matrix code?
Bright minds at the Columbia University in the City of New York have “perturbed” ordinary font characters so the average human eye won’t pick up the changes. Even ordinary OCR won’t miss a beat when it looks at a passage with a hidden message. After all, these “perturbed” glyphs are like a perfectly legible character …read more
-
-
22:00
»
Hack a Day
Whether or not you personally agree with all the ideals of the Free Software Foundation (FSF), you’ve got to give them credit: they don’t mess around. They started by laying the groundwork for a free and open source operating system, then once that dream was realized, started pushing the idea of replacing proprietary BIOS firmware with an open alternative such as Libreboot. But apparently, even that’s not enough, as there’s still more freedom to be had. We’re playing 4D Libre Chess now, folks.
To flash your libre boot firmware on your libre OS running computer without any proprietary funny business, …read more
-
10:00
»
Hack a Day
A combination of cheap USB HID capable microcontrollers, the ability to buy individual mechanical keys online, and 3D printing has opened up a whole new world of purpose-built input devices. Occasionally these take the form of full keyboards, but more often than not they are small boards with six or so keys that are dedicated to specific tasks or occasionally a particular game or program. An easy and cheap project with tangible benefits to anyone who spends a decent amount of time sitting in front of the computer certainly sounds like a win to us.
But this build by [r0ckR2] …read more
-
-
1:00
»
Hack a Day
Many readers will be familiar with interfacing I2C peripherals. A serial line joins a string of individual I2C devices, and each of the devices has its own address on that line. In most cases when connecting a single device or multiple different ones there is no problem in ensuring that they have different addresses.
What happens though when multiple identical devices share an I2C bus? This was the problem facing [Sam Evans] at Mindtribe, and his solution is both elegant and simple. The temperature sensors he was using across multiple identical boards have three pins upon which can be set …read more
-
-
22:00
»
Hack a Day
[Tim aka tp69] built a completely silent desktop computer. It can’t be heard – at all. The average desktop will have several fans whirring inside – cooling the CPU, GPU, SMPS, and probably one more for enclosure circulation – all of which end up making quite a racket, decibel wise. Liquid cooling might help make it quieter, but the pump would still be a source of noise. To completely eliminate noise, you have to get rid of all the rotating / moving parts and use passive cooling.
[Tim]’s computer is built from standard, off-the-shelf parts but what’s interesting for us …read more
-
-
19:01
»
Hack a Day
If you doubt the power of the Hackaday community, check this one out. Stalwart reader and tipster [starhawk] has pitched in to help a friend in need, someone he met through Hackaday.io. Seems this friend’s current living arrangements are somewhat on the cramped side, and while he’s in need of a PC, even a laptop would claim too much space.
So with a quick trip to the store and a few items from the junk bin, [starhawk] whipped up an all-in-one PC the size of a tablet for his friend. As impressed as we are by the generosity, we’re more …read more
-
-
22:00
»
Hack a Day
You’ve seen printers with scanners in them, printers with copiers in them, even ones with the ancient technology known as “facsimile” built-in. But have you ever seen a printer with a full gaming computer built into it? No? Well, you still haven’t, technically. There’s no printer to be had anymore inside this re-purposed HP Photosmart 6520 case, but it’s probably the closest we’re going to get.
[Jacob Lee] wrote in to share this awesome build with us, which sees the motherboard, graphics card, ATX power supply, and hard drives all fit seamlessly into the shell of a disused “All-in-one” style …read more
-
-
19:00
»
Hack a Day
As [Matt] from [DIY Perks] was about to assemble a new PC, he decided to take a unique direction when it came to building a case. Despite the appearance of a woodworking piece with weird industrial radiators, there is actually a full-fledged, high-end PC hidden inside.
Those radiators are a pair of almost-the-biggest-you-can-buy heatsinks — one of which has been modified to fit the graphics card. Separating the graphics card’s stock cooling fan unit cut down significantly on noise and works with the stringent space requirements of the build. Those fans however keep other components on the card cool, so …read more
-
-
22:00
»
Hack a Day
“We want to put water right into your processor.” If that statement makes you sweat, that is good. Sweating is what we’re talking about, but it’s more involved than adding some water like a potted plant. Sweating works naturally by allowing liquid to evaporate, and that phase change is endothermic which is why it feels cool. Evaporative coolers that work in this way, also known as swamp coolers, haven’t been put into computers before because they are full of sloshy water. Researchers in South Korea and the United States of America have been working on an evaporative cooling system mimicking …read more
-
-
1:00
»
Hack a Day
If the computer you have isn’t particularly fast, there’s a well-documented way to get more out of it. You just need more of the same computer, and you can run your tasks on them all at the same time. Building computer clusters is an effective way of decreasing the time it takes for computers to solve certain problems, even if the computers themselves aren’t top-of-the-line hardware. Of course, with cheap enough hardware, people will build clusters out of just about anything, including the ESP32.
For this project, [Wei Lin] admits that this isn’t really a serious attempt at building speedy …read more
-
-
13:00
»
Hack a Day
Collecting old CPUs and firing them up again is all the rage these days, but how do you know if they will work? For many of these ICs, which ceased production decades ago, sorting the good stuff from the defective and counterfeit is a minefield.
Testing old chips is a challenge in itself. Even if you can find the right motherboard, the slim chances of escaping the effect of time on the components (in particular, capacitor and EEPROM degradation) make a reliable test setup hard to come by.
Enter [Samuel], and the Universal Chip Analyzer (UCA). Using an FPGA to …read more
-
-
4:00
»
Hack a Day
Imagine how hard it could be to add a touch screen to a Mac laptop. You’re thinking expensive and difficult, right? How could [Anish] and his friends possibly manage to upgrade their Mac with a touchscreen for only a dollar? That just doesn’t seem possible.
The trick, of course, is software. By mounting a small mirror over the machine’s webcam, using stiff card, hot glue, and a door hinge. By looking at the screen and deciding whether the image of a finger is touching its on-screen reflection, a remarkably simple touch screen can be created, and the promise of …read more
-
-
10:01
»
Hack a Day
I was fortunate enough to visit the Trenton Computer Festival last weekend. The show struck a very interesting mix of new and old, commercial and educational. Attendees were writing programs in BASIC on an Apple I (courtesy of the Vintage Computer Federation) not more than five feet from where students were demonstrating their FIRST robot.
The one-day event featured over fifty demonstrations, talks, and workshops on topics ranging from a crash course in lock picking to the latest advancements in quantum computing. In the vendor room you could buy a refurbished laptop while just down the hall talks were being …read more
-
-
19:00
»
Hack a Day
AI is quickly revolutionizing the security camera industry. Several manufacturers sell cameras which use deep learning to detect cars, people, and other events. These smart cameras are generally expensive though, compared to their “dumb” counterparts. [Martin] was able to bring these detection features to a standard camera with a Raspberry Pi, and a bit of ingenuity.
[Martin’s] goal was to capture events of interest, such as a person on screen, or a car in the driveway. The data for the events would then be published to an MQTT topic, along with some metadata such as confidence level. OpenCV is generally …read more
-
-
16:00
»
Hack a Day
As far as hobbies go, auditing high security external hard drives is not terribly popular. But it’s what [Raphaël Rigo] is into, and truth be told, we’re glad it’s how he gets his kicks. Not only does it make for fascinating content for us to salivate over, but it’s nice to know there’s somebody with his particular skill set out there keeping an eye out for dodgy hardware.
The latest device to catch his watchful eye is the Aigo “Patriot” SK8671. In a series of posts on his blog, [Raphaël] tears down the drive and proceeds to launch several attacks …read more
-
-
22:00
»
Hack a Day
[Rory Johnson] writes in to tell us about PlyTop Shell, a Creative Commons licensed design for a laser cut wooden laptop that he’s been working on since 2016. It’s designed to accommodate the Raspberry Pi (or other similarly sized SBCs), and aims to provide the builder with a completely customizable mobile computer. He’s got a limited run of the PlyTop up for sale currently, but if you’ve got the necessary equipment, you can start building yours while you wait for that new Pi 3B+ to arrive.
Originally [Rory] was working on a 3D printed design, but quickly ran into problems. …read more
-
-
16:00
»
SecuriTeam
Computer Associates XCOM Data Transport is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input.
-
-
5:01
»
Hack a Day
[Quinn Dunki] pulled together many months worth of work by interfacing her GPU with the CPU. This is one of the major points in her Veronica project which aims to build a computer from the ground up. We’ve seen quite a number of posts from her regarding the AVR-powered GPU. So far the development of [...]
-
-
5:00
»
Hack a Day
[Bruce Land], professor at Cornell, is a frequent submitter to our tip line. Usually he sends in a few links every semester from undergraduate electronics courses. Now the fall semester is finally over and it’s time to move on to the more ambitious master’s projects. First up is a head-mounted eye tracker, [Anil Ram Viswanathan] [...]
-
-
15:01
»
Hack a Day
This desk is also a computer case. From this view it may not seem like much, but the build log has hundreds of images which could be called metal fabrication porn. The desk surface is made of wood, but all of the other parts were crafted from stainless steel. The three components that weren’t fabricated [...]
-
14:01
»
Hack a Day
[David] is serving up files on his home network thanks to this Frankenstein’s monster of a Network Attached Storage device. It looks like he raided all the good bits from his parts bin to bring it all together. The case is a tin box which may have been for a card/board game or some holiday [...]
-
-
13:01
»
Hack a Day
This sexy beast is [DeFex's] new silent home theater PC. To give you an idea of scale, that motherboard is a Mini ITX form factor. Mounted below it is the solid state drive which is an SLC version chosen because they tend to last longer than the MLC variety. This distinction comes with a price [...]
-
6:00
»
Hack a Day
[Paul] had been kicking around his idea of a perfect computer desk for some time, and when given the opportunity to remodel his office decided it was time to build his dream computer case. The desk itself is made of hickory with a formica top to match the other workbenches in [Paul]‘s workspace, The two largest drawers [...]
-
-
13:30
»
Hack a Day
Cardboard box computer [Alistair] chapman had a Laptop with a broken screen sitting in his parts bin. He knew he had an LCD panel on hand that would probably work with it, but it wouldn’t fit in the case. His solution was to transplant all the computer parts into a cardboard box from a motherboard. [...]
-
11:30
»
Hack a Day
This one’s a riot! [Nico] got a new computer and didn’t want to change the six power supply cords he had strategically placed around his home and at work. So he just added a second charging jack that accepts a different style connector. First off the laptop is used — but it’s new to him. So cracking [...]
-
12:01
»
Hack a Day
This is the WHICH, the Wolverhampton Instrument for Teaching Computing from Harwell. It is the oldest functioning digital computer and thanks to a lengthy restoration process you can go and see it in person at The National Museum of Computing in Milton Keynes (Northwest of London in the UK). The system was first put into [...]
-
11:01
»
Hack a Day
[Tom] is doing a little show and tell with his latest .NET Micro framework based project. He managed to get a prompt-based computer running on a FEZ Cobra board. A USB keyboard serves as the input device. To give himself a familiar way to navigate and execute programs [Tom] mimicked the functionality of DOS. Above [...]
-
11:01
»
Hack a Day
[Tom] is doing a little show and tell with his latest .NET Micro framework based project. He managed to get a prompt-based computer running on a FEZ Cobra board. A USB keyboard serves as the input device. To give himself a familiar way to navigate and execute programs [Tom] mimicked the functionality of DOS. Above [...]
-
-
13:01
»
Hack a Day
[Armin] recently pulled out his Commodore 64 and looked back on the projects he did as a kid. The surprising thing is that we’re not talking quite as far in the past as you might image. He was 13 in 2002 and the family didn’t have a PC. But more than a decade before his [...]
-
-
3:01
»
Hack a Day
For those of you that like to play dance games, but [DDR] for the [PS2] uses too modern hardware for your tastes, [Hardsync] may be for you. Although the chiptune-style music coming out of the [C64] may not appeal to everyone, one would have to imagine that a game like this could have been a [...]
-
-
6:00
»
Hack a Day
Classic computers are just up [Jeff]‘s alley, so when he looked for a new project for his Pocket Mini Computer, he looked at one of the earliest microcomputers available: the COSMAC VIP, a 1.76 MHz beast from 1977. The COSMAC VIP was a single-board educational computer released by RCA in 1977. Priced at just a [...]
-
-
7:04
»
Hack a Day
[Darknezz] sent us a set of photos and some details about his damaged laptop motherboard turned into a server. A client brought him a Dell 1525 on which nothing was showing up on the LCD screen. The HDMI and VGA still worked, and he traced the problem to no signal coming out of the motherboard. [...]
-
-
13:01
»
Hack a Day
[Andrew Gibiansky] has just started a tutorial series called Computing with Transistors. It’s purpose is to pull back the many veiled layers between high level languages and the controlling of electrons. And fittingly this first post starts off by explaining voltage source, load, and current. Don’t be thrown by its simplicity though. [Andrew] quickly moves [...]
-
-
8:01
»
Hack a Day
The folks at the London-based startup GoCardless have a pool table at their office. Being the techies they are, they decided to build a system that automatically scores games. The results, while not fully complete, are still pretty impressive for something whipped up during a 48 hour hackathon. The automated score keeper uses a webcam [...]
-
-
17:00
»
SecuriTeam
Computer Associates ARCserve Backup is prone to a remote code-execution vulnerability and a denial-of-service vulnerability.
-
-
8:01
»
Hack a Day
[Doped Boron] wrote in to tell us about this waterfall swing by [Dash 7]. Naturally, we had no idea what a “waterfall swing” was. Shown at the World Maker Faire in 2011, the device is a swing set capable of accommodating one or two people using it at a time. What makes it interesting, is [...]
-
-
11:01
»
Hack a Day
Hone your fundamental understanding of computer systems by completing this online course called NAND to Tetris. The idea is to develop each fundamental unit that goes into making computer programs a reality. This starts with logic gates, which are put together into modules that eventually become a functioning computer. From there you need an operating [...]
-
-
14:01
»
Hack a Day
It can be really hard to warm up to coding in Assembly. But this tutorial looks to make it understandable and (almost) easy. It focuses on programming a game for the ZX Spectrum. But you won’t need the hardware on hand as you can just use the ZX Spin emulator as you work your way [...]
-
-
10:01
»
Hack a Day
[Optec] want his own triple monitor setup built to his specifications. It turns out to have been a pretty easy project thanks to his mastery of stock materials. The image above is just a bit dim, but if you look closely you can see the strut channel which makes up the monitor frame. When it [...]
-
-
12:25
»
SecDocs
Authors:
Andreas Lange Tags:
games Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Andreas Lange will show the very early computer games before they became a commercial product. If you ever want to know, what was really the first game this session will be the right one for you. Andreas Lange will present the hidden history of early computer games - a story that is only now beginning to be told. While mainstream history usually starts with the space shooter Computer Space, which was programmed at M.I.T. in 1962, the rich games history began much earlier. It is surprising to discover just how strong the contemporary aspects of commerce, science and entertainment were way back then. Want to know what the first game was really like? This is the session for you.
-
-
21:54
»
SecDocs
Authors:
Andreas Lange Tags:
games Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Andreas Lange will show the very early computer games before they became a commercial product. If you ever want to know, what was really the first game this session will be the right one for you. Andreas Lange will present the hidden history of early computer games - a story that is only now beginning to be told. While mainstream history usually starts with the space shooter Computer Space, which was programmed at M.I.T. in 1962, the rich games history began much earlier. It is surprising to discover just how strong the contemporary aspects of commerce, science and entertainment were way back then. Want to know what the first game was really like? This is the session for you.
-
-
4:22
»
Packet Storm Security Exploits
Sites designed by S&S Computer Imaging suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
-
-
15:01
»
Hack a Day
Do you think you could travel for the entire summer and leave your laptop at home? [Gef] did just that. With the help of his Kindle he used a Raspberry Pi as his travel computer. This was an easy association to think up, since he planned to bring the Kindle along as his reading material [...]
-
-
7:00
»
Hack a Day
A few days ago when I posted a homebrew Motorola 68000 computer spectacular, I briefly mentioned a truly spectacular homebrew computer built by [Simon Ferber]. When I posted a link to a Youtube demo of his 68k board, he was working on a website to document the architecture design, hardware, and software. That website is now [...]
-
-
21:28
»
SecDocs
Authors:
David Göthberg Tags:
P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: About p2p-algorithms for fully distributed, totally serverless, fully scalable peer-to-peer systems. Not about specific p2p-softwares. This will only be a very brief overview of p2p-algorithms. This talk is about p2p-algorithms for fully distributed, totally serverless, fully scalable, globally searchable, robust, efficient peer-to-peer systems. These algorithms make it possible to make millions or even billions of computers work together in an organised manner without any central servers, without any computer being a boss over the others. We can now make applications such as filesharing, chat, instant messaging, Internet telephoning, radio and TV (sent from a single home user computer to a billion nodes), distributed calculation systems and many more applications. Since this talk is rather short we will not talk about specific p2p-softwares, encryption, stealth or anonymity. But we will mention some never before published stuff. The talk will be held by David Göthberg who has researched p2p-algorithms since 1997 and full time since the year 2000. Before that he used to work with Internet communication and computer security in embedded systems. (Internet in cars and other machinery.) David has now finished his research and is now working on building a p2p-programming library. So that other programmers can build advanced p2p applications easily, without having to spend years on research first. David's p2p-programming library will be available free of charge for anyone making free software. If you want more information from David before or after the congress take a look at www.pjort.com/projects/ or chat with "Mole2" in the channel #p2p-hackers on the IRC-network irc.freenode.net.
-
9:01
»
Hack a Day
If you’re going to build your own computer, it probably wouldn’t do you well to exactly emulate the computer you’re looking at right now. The modern x86 and x64 chips that power your desktop or laptop contain hundreds of individual instructions, and the supposed RISC CPUs found in ARM-powered devices contain nearly as many. No, [...]
-
6:48
»
SecDocs
Authors:
David Göthberg Tags:
P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: About p2p-algorithms for fully distributed, totally serverless, fully scalable peer-to-peer systems. Not about specific p2p-softwares. This will only be a very brief overview of p2p-algorithms. This talk is about p2p-algorithms for fully distributed, totally serverless, fully scalable, globally searchable, robust, efficient peer-to-peer systems. These algorithms make it possible to make millions or even billions of computers work together in an organised manner without any central servers, without any computer being a boss over the others. We can now make applications such as filesharing, chat, instant messaging, Internet telephoning, radio and TV (sent from a single home user computer to a billion nodes), distributed calculation systems and many more applications. Since this talk is rather short we will not talk about specific p2p-softwares, encryption, stealth or anonymity. But we will mention some never before published stuff. The talk will be held by David Göthberg who has researched p2p-algorithms since 1997 and full time since the year 2000. Before that he used to work with Internet communication and computer security in embedded systems. (Internet in cars and other machinery.) David has now finished his research and is now working on building a p2p-programming library. So that other programmers can build advanced p2p applications easily, without having to spend years on research first. David's p2p-programming library will be available free of charge for anyone making free software. If you want more information from David before or after the congress take a look at www.pjort.com/projects/ or chat with "Mole2" in the channel #p2p-hackers on the IRC-network irc.freenode.net.
-
6:48
»
SecDocs
Authors:
David Göthberg Tags:
P2P Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: About p2p-algorithms for fully distributed, totally serverless, fully scalable peer-to-peer systems. Not about specific p2p-softwares. This will only be a very brief overview of p2p-algorithms. This talk is about p2p-algorithms for fully distributed, totally serverless, fully scalable, globally searchable, robust, efficient peer-to-peer systems. These algorithms make it possible to make millions or even billions of computers work together in an organised manner without any central servers, without any computer being a boss over the others. We can now make applications such as filesharing, chat, instant messaging, Internet telephoning, radio and TV (sent from a single home user computer to a billion nodes), distributed calculation systems and many more applications. Since this talk is rather short we will not talk about specific p2p-softwares, encryption, stealth or anonymity. But we will mention some never before published stuff. The talk will be held by David Göthberg who has researched p2p-algorithms since 1997 and full time since the year 2000. Before that he used to work with Internet communication and computer security in embedded systems. (Internet in cars and other machinery.) David has now finished his research and is now working on building a p2p-programming library. So that other programmers can build advanced p2p applications easily, without having to spend years on research first. David's p2p-programming library will be available free of charge for anyone making free software. If you want more information from David before or after the congress take a look at www.pjort.com/projects/ or chat with "Mole2" in the channel #p2p-hackers on the IRC-network irc.freenode.net.
-
-
5:00
»
Hack a Day
Robots can easily make their way across a factory floor; with painted lines on the floor, a factory makes for an ideal environment for a robot to navigate. A much more difficult test of computer vision lies in your living room. Finding a way around a coffee table and not knocking over a lamp present [...]
-
-
6:54
»
Hack a Day
Even though the Raspberry Pi has, from the very beginning, been touted as an educational computer, we’ve seen neither hide nor hare of coursework, lesson plans, or even computer sciencey tutorials using the Raspi. We’re guessing academia works at a much slower pace than the average hardware hacker, but [Alex Chadwick] at Cambridge University has [...]
-
-
13:00
»
Hack a Day
We’ve seen our share of homebrew computers over the years. Usually, these bare-bone systems use a small, early 80s-era microprocessor such as the Z80 or 6502. These little 8-bit machines are awesome, but somewhat limited in their capability. [BigDumbDinosaur] sent in a computer he’s been working on for a few years now featuring the infamous [...]
-
-
14:00
»
Hack a Day
In 1975, [D. L. Slotnick], CS professor at University of Illinois at Urbana-Champaign faced a problem: meteorologists were collecting a lot more data than current weather simulations could handle. [Slotnick]‘s solution was to build a faster computer to run these atmosphere circulation simulations. The only problem was the computer needed to be built quickly and cheaply, [...]
-
-
13:01
»
Hack a Day
You can do some neat stuff to the way your Ford Focus Mk2 works, but first you have to gain access to the data system. If you know some Russian, and don’t mind a bit of dongle rewiring, this guide will have you hacking the car’s CAN bus in no time. It was written by [...]
-
-
13:01
»
Hack a Day
[Michael Chen] liked the sound he was getting out of these Corsair SP2200 computer speakers, with one big exception. They were giving off some unpleasant crackling sounds. He figured this might be as easy as replacing a faulty potentiometer, but soon found out the fix was going to be more complicated than that. All said [...]
-
-
8:01
»
Hack a Day
Years and years ago, someone gave me this book as a gift. [John Knittel], a co-author thought I might find it amusing. The book, titled The Dangers of Computer Hacking, is a grade school level breakdown of, well, computer hacking and the dangers thereof. At the time, I thought it was rather fun and amusing. [...]
-
-
13:07
»
Hack a Day
It’s no secret that learning how to program is very hard, and teaching it doubly so, requiring the student to wrap their head around very unorthodox concepts. [Ubi de Feo] over at the Amsterdam tech collective Hello, Savants! has a unique solution for taking someone who knows nothing of programming and turning them into a computer aficionado capable of deftly [...]
-
-
8:02
»
Hack a Day
[Łukasz Kaiser] programmed a computer to play Tic-tac-toe. That doesn’t sound very remarkable until you realize he never told his computer the rules of Tic-tac-toe. The computer learned the rules by itself after watching a video of two people playing the game (link to actual paper - PDF warning). [Łukasz] wrote a small program in C++ to recognize [...]
-
-
4:01
»
Hack a Day
The D16/M is a 16-bit computer built using HCMOS logic chips. It’s a thing of beauty from every angle thanks to the work [John Doran] put into the hobby project. But he didn’t just take pictures of the build and slap them on a webpage. He took the time to publish a remarkable volume of [...]
-
-
10:01
»
Hack a Day
This piece of furniture begs the question, why think of a desk and a computer case as separate things? It combines Ikea furniture with electronic hardware to create the ultimate command center. First the obvious parts: there’s a nook for the computer case that hangs just below the desktop off to the side, and the twin displays are mounted [...]
-
-
21:27
»
SecDocs
Authors:
Johannes Grenzfurthner Tags:
music Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: A talk (with examples) by monochrom, presented by Johannes Grenzfurthner Bourgeois culture was paralyzed and finally overrun by modern technologies which broke through the traditional class barriers. It went into a panic and produced these very stupid technophobic manifestos and images e.g. of “the computer”. Pop music discovered and explored the computer not only as a musical instrument but also as something to sing and reflect about in a less aversive way. In doing so it influenced the conception people had of computers. The public image of computers was shaped by groups such as Kraftwerk as well as through obscure Schlager songs such as France Gall's “Computer No. 3”. Not only was that image influenced by high culture computer panic but also by naïve technomania, and so it delivered the very dialectics of the computer as a means of cultural technology in capitalist society.
-
21:27
»
SecDocs
Authors:
Johannes Grenzfurthner Tags:
music Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: A talk (with examples) by monochrom, presented by Johannes Grenzfurthner Bourgeois culture was paralyzed and finally overrun by modern technologies which broke through the traditional class barriers. It went into a panic and produced these very stupid technophobic manifestos and images e.g. of “the computer”. Pop music discovered and explored the computer not only as a musical instrument but also as something to sing and reflect about in a less aversive way. In doing so it influenced the conception people had of computers. The public image of computers was shaped by groups such as Kraftwerk as well as through obscure Schlager songs such as France Gall's “Computer No. 3”. Not only was that image influenced by high culture computer panic but also by naïve technomania, and so it delivered the very dialectics of the computer as a means of cultural technology in capitalist society.
-
7:02
»
Hack a Day
If you’re in possession of a Raspberry Pi, you may want to check out the new Chromium support for your tiny pocketable computer. With its terrifically minimal hardware requirements, the Chromium OS seems like just the thing for this $35 computer. The new Raspberry Pi supported Chromium build comes from the fruitful desktop of [Hexxeh], [...]
-
-
10:01
»
Hack a Day
Being a $35, full-fledged Linux computer, the Raspberry Pi brings a lot to the table. There’s one problem, though: this computer doesn’t come with a keyboard, mouse, display, or even a battery. Luckily, it’s pretty easy to add these devices with the help of a Motorola LapDock and turn a RasPi into a fully portable computing [...]
-
-
21:35
»
SecDocs
Authors:
Mark Vogelsberger Tags:
engineering numeric processing Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: The evolution of structure in the Universe is one of the hottest topics in Cosmology and Astrophysics. In the last years the so-called $\Lambda$-CDM-model could be established also with great help of very large computer simulations. This model describes a Universe that consists mainly of dark components: 96% are made of dark energy and dark matter. Ordinary matter made up of baryons give only 4% to the total content of the Universe. The talk will present recent results with the main focus on computational methods and challenges in that field. A state-of-the-art computer code for running these calculations will be presented in detail.
-
21:35
»
SecDocs
Authors:
Mark Vogelsberger Tags:
engineering numeric processing Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: The evolution of structure in the Universe is one of the hottest topics in Cosmology and Astrophysics. In the last years the so-called $\Lambda$-CDM-model could be established also with great help of very large computer simulations. This model describes a Universe that consists mainly of dark components: 96% are made of dark energy and dark matter. Ordinary matter made up of baryons give only 4% to the total content of the Universe. The talk will present recent results with the main focus on computational methods and challenges in that field. A state-of-the-art computer code for running these calculations will be presented in detail.
-
-
11:01
»
Hack a Day
Here’s a 3D printed electromechanical computer built by [Chris Fenton] over at NYCResistor. It uses plastic registers printed on a Makerbot, a bunch of pogo pins, and business-card sized punch cards capable of storing 32 bits of instructions and data. In case you’re wondering, this isn’t the first time we’ve seen [Chris]‘ FIBIAC. Since the last [...]
-
-
15:01
»
Hack a Day
Most bits of a computer we take for granted today – the mouse, hypertext, video conferencing, and word processing – were all invented by one team of researchers at Stanford in the late 60s. When the brains behind the operation, [Douglas Engelbart], showed this to 1000 computer researchers, the demo became known as The Mother [...]
-
-
21:31
»
SecDocs
Authors:
Sergey Bratus Tags:
hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Although most academics and industry practitioners regard "hacking" as mostly ad-hoc, a loose collection of useful tricks essentially random in nature, I will argue that hacking has in fact become a "distinct research and engineering discipline" with deep underlying engineering ideas and insights. Although not yet formally defined as such, it are these ideas and insights that drive the great contributions that hacking has been making to our understanding of computing, including the challenges of handling complexity, composition, and security in complex systems. I will argue that hacking uncovers and helps to understand (and teach) fundamental issues that go to the heart of Computer Science as we know it, and will try to formulate several such fundamental principles which I have learned from hacker research. At some point I realized that I was learning more about what really matters in computer science from hacker conventions, Phrack, Uninformed, and other hacker sources than from any academic source. Moreover, it wasn't just about exploits and vulnerabilities, it was about how systems were really designed, as opposed to how developers thought and students were taught they were. Then I realized that the reason for vulnerabilities that kept on giving were quite deeply theoretical and involved, e.g., theory of computation and information theory. Very little of this was quoted or understood in the academic publications.
-
21:31
»
SecDocs
Authors:
Sergey Bratus Tags:
hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Although most academics and industry practitioners regard "hacking" as mostly ad-hoc, a loose collection of useful tricks essentially random in nature, I will argue that hacking has in fact become a "distinct research and engineering discipline" with deep underlying engineering ideas and insights. Although not yet formally defined as such, it are these ideas and insights that drive the great contributions that hacking has been making to our understanding of computing, including the challenges of handling complexity, composition, and security in complex systems. I will argue that hacking uncovers and helps to understand (and teach) fundamental issues that go to the heart of Computer Science as we know it, and will try to formulate several such fundamental principles which I have learned from hacker research. At some point I realized that I was learning more about what really matters in computer science from hacker conventions, Phrack, Uninformed, and other hacker sources than from any academic source. Moreover, it wasn't just about exploits and vulnerabilities, it was about how systems were really designed, as opposed to how developers thought and students were taught they were. Then I realized that the reason for vulnerabilities that kept on giving were quite deeply theoretical and involved, e.g., theory of computation and information theory. Very little of this was quoted or understood in the academic publications.
-
-
21:28
»
SecDocs
Authors:
Sergey Bratus Tags:
hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Although most academics and industry practitioners regard "hacking" as mostly ad-hoc, a loose collection of useful tricks essentially random in nature, I will argue that hacking has in fact become a "distinct research and engineering discipline" with deep underlying engineering ideas and insights. Although not yet formally defined as such, it are these ideas and insights that drive the great contributions that hacking has been making to our understanding of computing, including the challenges of handling complexity, composition, and security in complex systems. I will argue that hacking uncovers and helps to understand (and teach) fundamental issues that go to the heart of Computer Science as we know it, and will try to formulate several such fundamental principles which I have learned from hacker research. At some point I realized that I was learning more about what really matters in computer science from hacker conventions, Phrack, Uninformed, and other hacker sources than from any academic source. Moreover, it wasn't just about exploits and vulnerabilities, it was about how systems were really designed, as opposed to how developers thought and students were taught they were. Then I realized that the reason for vulnerabilities that kept on giving were quite deeply theoretical and involved, e.g., theory of computation and information theory. Very little of this was quoted or understood in the academic publications.
-
8:01
»
Hack a Day
If you’ve ever thought about getting down to bare metal and building a homebrew computer from scratch [Garth Wilson] put up a great primer to the 6502, the same CPU found in Apple ][ computers, BBC Micros, Vic-20s, and the venerable Commodore 64 (a 6510 in the C64, but it's close enough). In his guide [...]
-
-
5:01
»
Hack a Day
Very rarely do we see an Instructable so complete, and so informative, that it’s a paragon of tutorials that all Instructables should aspire to. [8 Bit Spaghetti]‘s How to Build an 8-bit computer is one of those tutorials. [8 Bit Spaghetti]‘s build began on his blog. He originally planned to build a 4-bit computer but decided a [...]
-
-
13:01
»
Hack a Day
If you had a machine that could print complex mechanical parts in an hour or so, what would you do? [Chris] is doing the coolest thing we can imagine and is building an electromechanical computer from 3D printed parts. You may remember [Chris] from his efforts to getting his tiny, 1/10th scale Cray-1 supercomputer up and [...]
-
-
16:01
»
Hack a Day
[Kyle] has been hard at working building an 8-bit computer from the ground up. He’s using a set of logic IC’s for the various components, and some NVRAM chips to store the control words. What you see above is the roadmap for his instruction set. He’s just started writing them to the chips, making the [...]
-
-
11:01
»
Hack a Day
You’re going to want to do some stretching before undertaking a soldering project like this one. We’re betting that the physical toll of assembling this 4-bit discrete processor project is starting to drive [SV3ORA] just a bit crazy. This small piece of electronic real estate is playing host to 62 transistors so far, and he’s not [...]
-
-
11:01
»
Hack a Day
As a kid, [Boisy] cut his teeth on the TRS-80 Color Computer. It was a wonderful machine for its day, featuring a relatively powerful Motorola 6809 CPU. Although his CoCo was theoretically more powerful than its Commodore and Apple contemporaries, the graphics and sound capabilities of [Boisy]‘s first love paled in comparison to his friends 6502-based [...]
-
-
12:30
»
Hack a Day
[Julian Skidmore] has been busy improving the Fignition, a tiny AVR-powered educational computer, to support loading programs from a cassette tape. We first saw the Fignition after the BBC decided to cover an old-school hacker dedicated to improving computer education with a simple ‘bare-metal’ computer. [Julian]‘s Fignition harkens back to the days of very simple computers [...]
-
-
10:01
»
Hack a Day
What if you could add gesture recognition to your computer without making any hardware changes? This research project seeks to use computer microphone and speakers to recognize hand gestures. Audio is played over the speakers, with the input from the microphone processed to detect Doppler shift. In this way it can detect your hand movements [...]
-
-
12:01
»
Hack a Day
[Quinn Dunki's] homebrew computer project is moving up another evolutionary rung. She needs a more versatile user interface and this starts with the data output. Up to this point a set of 7-segment digits has served as a way to display register values. But her current work is aimed at adding VGA output to the [...]
-
-
21:42
»
SecDocs
Authors:
Cory Doctorow Tags:
warfare Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race. The problem is twofold: first, there is no known general-purpose computer that can execute all the programs we can think of except the naughty ones; second, general-purpose computers have replaced every other device in our world. There are no airplanes, only computers that fly. There are no cars, only computers we sit in. There are no hearing aids, only computers we put in our ears. There are no 3D printers, only computers that drive peripherals. There are no radios, only computers with fast ADCs and DACs and phased-array antennas. Consequently anything you do to "secure" anything with a computer in it ends up undermining the capabilities and security of every other corner of modern human society. And general purpose computers can cause harm -- whether it's printing out AR15 components, causing mid-air collisions, or snarling traffic. So the number of parties with legitimate grievances against computers are going to continue to multiply, as will the cries to regulate PCs. The primary regulatory impulse is to use combinations of code-signing and other "trust" mechanisms to create computers that run programs that users can't inspect or terminate, that run without users' consent or knowledge, and that run even when users don't want them to. The upshot: a world of ubiquitous malware, where everything we do to make things better only makes it worse, where the tools of liberation become tools of oppression. Our duty and challenge is to devise systems for mitigating the harm of general purpose computing without recourse to spyware, first to keep ourselves safe, and second to keep computers safe from the regulatory impulse.
-
21:42
»
SecDocs
Authors:
Cory Doctorow Tags:
warfare Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race. The problem is twofold: first, there is no known general-purpose computer that can execute all the programs we can think of except the naughty ones; second, general-purpose computers have replaced every other device in our world. There are no airplanes, only computers that fly. There are no cars, only computers we sit in. There are no hearing aids, only computers we put in our ears. There are no 3D printers, only computers that drive peripherals. There are no radios, only computers with fast ADCs and DACs and phased-array antennas. Consequently anything you do to "secure" anything with a computer in it ends up undermining the capabilities and security of every other corner of modern human society. And general purpose computers can cause harm -- whether it's printing out AR15 components, causing mid-air collisions, or snarling traffic. So the number of parties with legitimate grievances against computers are going to continue to multiply, as will the cries to regulate PCs. The primary regulatory impulse is to use combinations of code-signing and other "trust" mechanisms to create computers that run programs that users can't inspect or terminate, that run without users' consent or knowledge, and that run even when users don't want them to. The upshot: a world of ubiquitous malware, where everything we do to make things better only makes it worse, where the tools of liberation become tools of oppression. Our duty and challenge is to devise systems for mitigating the harm of general purpose computing without recourse to spyware, first to keep ourselves safe, and second to keep computers safe from the regulatory impulse.
-
-
16:24
»
Hack a Day
We’ve enjoyed seeing the development progress of Veronica, [Quinn Dunki's] 8-bit computer project. It started out on a breadboard, then moved to edge-connected PCBs, and now [Quinn] has given Veronica a body of her own. The donor is a Philco Model 42-327T and was produced in 1942. It was chosen because it is non-functional and [...]
-
8:01
»
Hack a Day
Because his computer is gradually turning into an all-inclusive media display device, [Shawn] figured a remote to control the volume and a video playlist would be a reasonable addition. TV remotes for computers have been around for years, but [Shawn] decided to go the DIY route and build his own computer remote. For the build, [...]
-
-
16:01
»
Hack a Day
[Richard] sent in a link to the Python controlled microcontroller he’s been working on. Unlike the previous portable Python boards we’ve seen, [Richard] thinks his pyMCU isn’t best used autonomously. This board is meant to be used only when connected to a computer and to serve as a bridge between the digital world of computers and our [...]
-
-
7:01
»
Hack a Day
Any self-identified geek that spent some time in the 80s will tell you how they used to type out programs into their ‘microcomputer’ with BASIC. It was a simpler time when a computer’s raison d’etre was simply being a BASIC interpreter. These days are long past us now; you can’t simply turn on a computer and [...]
-
7:01
»
Hack a Day
Any self-identified geek that spent some time in the 80s will tell you how they used to type out programs into their ‘microcomputer’ with BASIC. It was a simpler time when a computer’s raison d’etre was simply being a BASIC interpreter. These days are long past us now; you can’t simply turn on a computer and [...]
-
-
10:01
»
Hack a Day
One of the perks of writing for Hackaday is that we often find hacks that we’ve been meaning to do ourselves. Here’s one that will let us fix our borked ASUS computer monitor buttons. [Silviu] has the same monitor we do, an ASUS VW202, and had the same problem of stuck buttons. We already cracked [...]
-
-
7:01
»
Hack a Day
For a computer that debuted in the early 80s the MSX was a very respectable machine. Of course these were the days that superimposing graphics over a video was an amazing feat, but [Danjovic] and [Igor] are still having fun with their boxen. They designed a software interface for the Wii Nunchuck (translation) on their trusty MSX computer. [...]
-
6:01
»
Hack a Day
Who wouldn’t want to build a computer out of relays? We do, but we’ve got too many projects on our plate already. It looks like [rory] has his priorities in order because his build is one of the most amazing we’ve ever seen. We’ve seen [Harry Porter]‘s amazing relay computer and we’re familiar with [Konrad Zuse]‘s WWII era endeavours. [...]
-
-
15:27
»
Hack a Day
[Roel] had read that people won the DARPA shredder challenge, but that their technology was kept a secret, interested in this concept he also remembered an episode of the X-Files where they had reconstructed shredded paper using a computer system. Unlike most computer based TV show BS this did not seem to be too far [...]
-
-
10:01
»
Hack a Day
[Quinn Dunki] has been busy through the holidays giving her 6502 processor-based computer a place to live. The most recent part of the project (which she calls Veronica) involved designing and etching a mainboard for the device. In the picture above it’s the vertical board which is right at home in the backplane [Quinn] also [...]
-
-
14:00
»
Hack a Day
The worst computer keyboard, ever [Gerardus] found an old BBC Master Compact computer for $15. The only problem is the computer didn’t have a keyboard. It’s not a problem if you can make a keyboard out of an old breadboard. It’s not a Model M, but it works. Emergency ribbon cable repair [Thomas] works in [...]
-
-
9:01
»
Hack a Day
[Bob Alexander] wrote in to share a hobby of his that we thought was pretty timely considering the new year is quickly approaching. For several years now he has put together a custom calendar for himself, including both dates he finds important along with sweet pictures of vintage computer equipment. Friends and family found his [...]
-
-
7:01
»
Hack a Day
[Nirav] painted this masterpiece by hand… with a little help from a computer. He calls it the semi-automatic paintbrush because you do need to move it over the canvas by hand, but a computer decides when to dispense the ink. He’s using a piece of hardware we looked at back in September called the InkShield [...]
-
-
13:01
»
Hack a Day
[Victor] likes to watch movies on his laptop, but the tiny speakers in his machine don’t do [John Williams] and other perfectly fine soundtracks justice. To pump up the jams a little bit, [Victor] got a pair of Trust Mila 2.0 speakers for Sinterklaas. Unfortunately, these speakers were terrible – noise everywhere, tinny output and [...]
-
-
7:01
»
Hack a Day
If you are considering repurposing some old computer equipment to create music, be aware that the bar has been raised just a tad. YouTube user [BD594] spent some time sifting through his bin of used electronics and put together a 5-piece band that plays a pretty awesome rendition of The Animals’ “House of the Rising [...]
-
-
14:01
»
Hack a Day
When it came time to try out some old-school computing [Quinn Dunki] grabbed a 6502 processor and got to work. For those that are unfamiliar, this is the first chip that was both powerful, affordable, and available to the hobby computing market back in the 1970′s. They were used in Apple computers, Commodore 64, and [...]
-
-
10:02
»
Hack a Day
[Peter] was tired of crawling behind his desktop computer to switch between headphones and speakers. We feel his pain, as the headphone port on our computer speakers has its own demonic hum rendering the jack useless to us. His solution was to build this output selector board, then control it via the network. A relay [...]
-
-
14:01
»
Hack a Day
A few nights ago, [Chris Fenton] was hanging out at NYC Resistor putting in some time on his electromechanical computer project. You might remember [Chris] from his tiny Cray that he’s putting an OS on. It seems [Chris] is going back in time about 150 years and has set his sights on a 3D printed [...]
-
-
12:57
»
Hack a Day
It’s not that touchscreen keyboards are horrible, but it’s nearly impossible to touch type on an iPad or other tablet keyboard. A team at the Media Computing Group at Aachen University figured out how to put a series of electromagnets underneath a display to provide haptic feedback for touchscreens. They showed off their tech at [...]
-
-
7:01
»
Hack a Day
Desperately in need of a graduation paper, [Andrei] decided to build a few computer controlled recon vehicles (PDF warning), and we’re really impressed with the minimalist approach [Andrei] took. The Computer Operated Recon Entity (C.O.R.E.) mk. I is based around a laptop. Instead of an Arduino, [Andrei] used a car stereo amp to control the [...]
-
-
6:01
»
Hack a Day
Wood and electronics don’t generally mix nowadays, but if you yearn back to a time when radios and the like had a nice wooden finish, this wooden computer case may be for you. Combine that with a Wooden keyboard enclosure, and maybe even a LCD monitor stand and you’ll have a setup that should fit [...]
-
-
1:08
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
keylogger Event:
Hashdays 2010 Abstract: Hardware keyloggers are tiny devices that are plugged between a computer keyboard and a computer. They are available for PS/2 as well as USB keyboards. Once plugged, they are able to record all key strokes and store them using an internal memory. Thereby the main focus is to stay undetected. Most manufacturers promote their models cannot be detected by software and thus have an advantage over software based keyloggers. However that's not correct. Hardware keyloggers make slight changes to the interaction between the keyboard and the computer. These changes can be detected by software and used to determine whether a hardware keylogger is present. During this talk various techniques will be presented to detect hardware keyloggers theoretical and practical. Finally a PoC tool will be released, that implements these described techniques.
-
16:02
»
Hack a Day
So you bought yourself a Neato XV-11 and your floors have never been cleaner. The only problem is that you want to hack around with the hardware without losing your floor-sweeping minion. [Hash] found a solution to the issue by building a computer inside of the dustbin module. You can see at the center of [...]
-
-
18:00
»
Hack a Day
In part one I showed you that you could install a linux distro on a new computer and transplant it into a 386 computer in a short amount of time and with little effort. Now it is time to move on to bigger and beefier machines like 486′s, Pentiums and better. I am going to [...]
-
-
6:01
»
Hack a Day
[Alexis] sent in a single board computer he’s been working on. The project goal of his build was making it easily reproducible. From looking at the schematics, it’s one of the simplest fully-functional computers we’ve seen. The build runs CP/M 2.2 off of two 3.5 inch floppies. This opens up a lot of options as [...]
-
-
4:05
»
Hack a Day
If you find a crusty old IT guy and give him half a chance, he’ll probably regale you with stories of how things were done “in the old days” where no one had their own computer and everyone worked on mainframe-connected dumb terminals. [JSTN] yearned for a true to life terminal display that he could [...]
-
-
8:01
»
Hack a Day
[M. Eric Carr] came up with an interesting build for the 555 contest earlier this year, and we’re pretty sure that it would have kicked the winner of the complex category off the throne if it were completed. Although it’s a few months late, we’re happy to feature at least part of his 555-based computer [...]
-
-
7:04
»
Hack a Day
Instructables user [Jan] likes to keep close tabs on his computer’s memory usage, but wanted something more interesting to look at than the standard resource manager. He preferred to have an external display available that would show his computer’s status with a quick glance, and thus this system monitor was born. His status panel contains [...]
-
-
8:00
»
Hack a Day
[Frank], like many people, has a soft spot in his heart for the Commodore 64. He prefers to play his C64 games on his computer nowadays, but likes using his old school Competition Pro rather than some modern controller with remapped buttons. The only problem with using the controller is that his new computer doesn’t [...]
-
-
5:01
»
Hack a Day
[Hasith] sent in this project where he goes through the process of designing a one instruction CPU in Verilog. It may not win a contest for the coolest build on Hack A Day, but we really do appreciate the “applied nerd” aspect of this build. With only one instruction, an OISC is a lot simpler [...]
-
-
13:36
»
Hack a Day
[Bill's] worked on his homebrew computer for almost a decade. He didn’t start with a Z80 processor like a lot of the projects we’ve seen, but instead build the CPU itself from 74-series TTL chips and a ridiculous amount of wire wrapping to connect it all. The video after the break shows off the functionality. [...]
-
7:02
»
Hack a Day
[James] built himself a robotic band from obsolete computer parts. The band needed something to play, and [Marilyn Manson]‘s Beautiful People fit the bill. While it’s not the Rock-fire Explosion, having the [James]‘ band cover [Marilyn Manson] is nearly as terrifying. [James]‘ original plan was to cover Mad World, but the stepper motors were drowning [...]
-
-
10:30
»
Hack a Day
There’s something quite satisfying about building your own computer. Nowadays, constructing your own desktop PC is relatively easy, so if you really want to get your hands dirty, you have to take a step back in time and give some vintage hardware a spin. [YT2095] has spent a good portion of the last two months [...]
-
-
15:01
»
Hack a Day
The folks at Evil Mad Scientist Labs just put up a post on the giant mechanical binary computer they brought to last month’s Maker Faire. As a faithful reproduction of the Digi-Comp II from the 1960s, every operation is powered by balls falling onto levers. Unlike the original, the larger version is powered by billiard [...]
-
-
6:01
»
Hack a Day
[Michael Chen] found himself in possession of a thoroughly broken laptop. The hinges connecting the screen to the body of the computer were shot, and the battery was non-functional. After a bit of thinking he decided that it wouldn’t take much to resurrect the hardware by turning it into a desktop machine. At the core of this [...]
-
-
12:42
»
Hack a Day
If you think that your water cooled rig is pretty sweet, check out this creation by Dutch PC enthusiast [Peter Brands] (Google Translation). With his computer tweaked as far as he could imagine, he decided to spruce up his office a bit. In the process, he ended up tweaking his computer just a little bit [...]
-
-
18:37
»
Packet Storm Security Recent Files
This file documents law enforcements provision related to computer security that the white house is trying to get put into place. It mandates a minimal 3 year sentence for any hacker that damages critical infrastructure.
-
18:37
»
Packet Storm Security Misc. Files
This file documents law enforcements provision related to computer security that the white house is trying to get put into place. It mandates a minimal 3 year sentence for any hacker that damages critical infrastructure.
-
-
4:02
»
Hack a Day
[Ameres Valentin] writes in to let us know about his DIY particle accelerator model. The model, made mostly out of old computer stuff, mimics a linear high-energy particle accelerator which use drift tubes to toss particles around. Drift tubes work by first attracting a particle (in this case, ball bearing) until it crosses a charged [...]
-
-
4:16
»
Hack a Day
Due to computer issues I had to rob some parts from my “electronics” computer, which wasn’t bad, since I was not working on anything at the time and I felt a software project itch. I also wanted to do something with my Apple //c, which resides on my computer desk, so this ghetto brute force [...]
-
-
13:01
»
Hack a Day
How this one missed us, we’ll never know. [GG] built himself a retro-styled Z80 nanocomputer over two years using all 1980′s tech. Laid out on one of the largest pieces of perfboard we’ve ever seen on a project, the computer uses a vintage Z80 CPU running at 2.5MHz, 8K ROM, 16K RAM, RS-232 and Parallel [...]
This is actually one of the simpler vulnerabilities to understand. Randomly generated keys are only as good as the entropy that goes into the key generation. The Bluetooth specification allows negotiating how many bytes of entropy is used in generating the shared session key. By necessity, this negotiation happens before the communication is encrypted. The real weakness here is that the specification lists a minimum entropy of 1 byte. This means 256 possible initial states, far within the realm of brute-forcing in real time.
