Summer is nearly here, and with that comes the preparations for the largest gathering of security researchers on the planet. In early August, researchers, geeks, nerds, and other extremely cool people will descend upon the high desert of Las Vegas, Nevada to discuss the vulnerabilities of software, the exploits of hardware, and the questionable activities of government entities. This is Black Hat and DEF CON, when taken together it’s the largest security conference on the planet.
These conferences serve a very important purpose. Unlike academia, security professionals don’t make a name for themselves by publishing in journals. The pecking order of the security world is determined at these talks. The best talks, and the best media coverage command higher consultancy fees. It’s an economy, and of course there will always be people ready to game the system.
Like academia, these talks are peer-reviewed. Press releases given before the talks are not, and between the knowledge of security researchers and the tech press is network security theatre. In this network security theatre, you don’t really need an interesting exploit, technique, or device, you just need to convince the right people you have one.
Continue reading “Network Security Theatre”
[Saulius Lukse] has a really interesting way of turning a couple of buildings into his own addressable display. The effect is not seen in real life, but is a clever video rendering with stock he pulled from time-lapse cameras. Now if you want to play Tetris using the windows of a building you add wireless lightbulbs to every window. But that’s a lot of work. You can fake playing Tetris (or scrolling messages in this case) if you just show a video of the buildings and swap in your own image manipulation.
[Saulius] starts with a time lapse sequence of a city scape. It needs to be one with a large building or two to provide a good scrolling surface. The building is extracted from the scene with the background transparent. The really time consuming part is creating a distinct image with one window lit for each window that is going to be used. This set of windows are the ‘pixels’ used to create the scrolling images. This is accomplished by masking out one image of the building with every office light turned off, then masking out each window individually with the office illuminated. This masking means everything going on around the building (traffic, weather, people) will be preserved, while the windows can be individually manipulated.
Next the program jinx is used to create the building animation. This program is designed to create scrolling messages on LED panels. [Saulius] provides a Python script that takes the images, the output of jinx, and combines them to create the final set of moving images.
The result is a city wishing you a “Happy New Year!”
Continue reading “Scrolling a Message on a Building in a Time Lapse Video”
We’ve been sent this press release claiming a new kind of fusion reaction that works at small scales using an incredibly exotic fuel material: ultra-dense deuterium. We looked into it with an open mind, and if we’re being kind we’ll conclude that there’s a ten-year long research project being undertaken by [Leif Holmlid], a single scientist whose claims would win him one or two Nobel prizes if any of it were true.
If we drop the kindness and approach it rationally, this doesn’t smell right and can’t be believed until it has been reliably reproduced by someone not associated with the original research. Let’s delve into the claim of Deuterium powered reactions, and circle around on the cold-fusion hype we found so sadly entertaining back in the ’90s.
Continue reading “Deuterium Powered Homes and the Return of Cold Fusion Hype”
The Nordic Semiconductor nRF24L01 is the older sibling of the nRF24L01+ and is not recommended for new designs anymore. Sometimes, if you’re looking for a cheaper bargain, the older chip may the way to go. [necromant] recently got hold of a bunch of cheap nrf24l01 modules. How cheap ? Does $0.55 sound cheap enough?
Someone back east worked out how to cost-optimize cheap modules and make them even cheaper. At that price, the modules would have severe performance limitations, if they worked at all. [necromant] decided to take a look under the hood. First off, there’s no QFN package on the modules. Instead they contain a COB (chip on board) embedded in black epoxy. [necromant] guesses it’s most likely one of those fake ASICs under the epoxy with more power consumption and less sensitivity. But there’s a step further you can go in making it cheaper. He compared the modules to the reference schematics, and found several key components missing. A critical current set resistor is missing (unless it’s hiding under the epoxy). And many of the components on the transmit side are missing – which means signal power would be nowhere near close to the original modules.
The big question is if they work or not ? In one test, the radio did not work at all. In a different setup, it worked, albeit with very low signal quality. If you are in Moscow, and have access to 2.4Ghz RF analysis tools, [necromant] would like to hear from you, so he can look at the guts of these modules.
Thanks to [Andrew] for sending in this tip.
[zeptobars], the folks behind all the decapping hard work and amazing die shots are at it again. This time they decided to look under the hood of two identical looking Nordic nRF24L01+ chips.
The nRF24L01+ is a highly integrated, ultra low power (ULP) 2Mbps RF transceiver IC for the 2.4GHz ISM (Industrial, Scientific and Medical) band. Popular, widely used and inexpensive – and the counterfeit foundries are drawn to it like honey bees to nectar. But to replicate and make it cheaper than the original, one needs to cut several corners. In this case, the fakes use 350nm technology, compared to 250nm in the original and have a larger die size too.
These differences mean the fakes likely have higher power usage and lower sensitivities, even though they are functionally identical. The foundry could have marked these devices as Si24R1, which is compatible with the nRF24L01 and no one would have been wiser. But the lure of higher profits was obviously too tempting. A look through Hackaday archives will dig up several posts about the work done by [zeptobars] in identifying fake semiconductors.
[Angus Gratton] recently cracked open a pair of USB to Ethernet converters to see what’s inside. One was an Apple branded device, the other a no-name from eBay. The former rings in at $30, with the latter just $4. This type of comparison is one of our favorites. It’s especially interesting with Apple products as they are known for solid hardware choices and the knock-offs are equally infamous for shoddy imitations.
From the outside both devices look about the same. The internal differences start right away with a whole-board metal shield on the Apple dongle and none on the off-brand. But the hardware inside is actually quite similar. There’s an RJ-45 jack on the left, followed by the Ethernet isolation chip next to it. From there we start to see differences. The off-brand had a blank chip where Apple’s ASIX AX88772ALF USB to Ethernet bridge controller is located. There is also a difference with the clock; Apple is using two crystals with the other using just one.
Check out how the light hits this piece of artwork. It’s a very convincing piece of stained glass… except it’s fake. [Sdtacoma] figured out a way to mimic stained glass using a single pane. The inspiration for the project came after seeing a real stained glass panel featuring Iron Man which was available on Etsy for $4500.
Due to popular demand [Sdtacoma] posted an album of the technique he used. Starting with some art found online he made it black and white, blew it up to size (this thing’s about five feet tall) and used posterizer to print it out using multiple sheets of paper.
The frame and pane were found at a recycled building goods store. After cleaning it up he used the paper template to lay out the dividing lines between different colored sections using Liquid Lead. The product had dimension to it (kind of like puffy paint for fabrics) which looks like the lead tracks between panes of stained glass. Once dry the color was added using an eye dropper to apply glass paint.