Hackaday Links Column Banner

Hackaday Links: January 28, 2024

From the “No good deed goes unpunished” files, this week came news of a German programmer who probably wishes he had selected better clients. According to Heise Online (English translation), a freelance programmer — referred to only as “defendant” in the article — was retained by a company to look into a database problem in their system. His investigation revealed that the customer’s database was being filled with log messages from a third-party service called Modern Solution GmbH & Co. KG. over a MySQL connection to a remote server. Assuming this connection was dedicated for his client’s use, the programmer looked at the executable used to make the connection with a text editor, which revealed a password in plain text. Upon connecting to the remote database, he found that it not only contained data for all of Modern Solution’s customers, but also data for all the end users of their customers.

Realizing he’d unintentionally wandered into verboten territory, the programmer immediately backed out and contacted Modern Solutions. They quickly fixed the issue, and then just as quickly reported him to the police. Their “investigation” revealed that the programmer had “decompiled” the executable to obtain the password, in violation of German law. The judge agreed, stating that merely looking at and using the password constituted a criminal offense, regardless of intent and despite the fact that Modern Solution had provided the password to the programmer’s client when they sold them the software. The upshot of all of this nonsense? A €3,000 fine for the programmer, if the verdict stands on appeal. It could have been worse, though; German law allows for up to three years in prison for such offenses.

Continue reading “Hackaday Links: January 28, 2024”

Maker Faire Hannover: The Right Way To Do It

On these pages we bring you plenty of reports from events, most of which are from the hacker or hardware communities. These can be great fun to attend, but they’re not the only game in town when looking at things adjacent to our community. At what you might describe as the consumer end of the market there are the Maker Faires, which bring a much more commercial approach to a tech event. While so many of us are in Germany for Chaos Communication Camp there’s a maker faire ideally placed to drop in on the way back. We took the trip to Hannover, a large and rather pleasant city just off the Berlin to Amsterdam motorway roughly central to the top half of the country. It’s got one of the German emissions zones so without the green tax sticker in the car we took a park-and-ride on one of their clean and efficient trams to alight a short walk from the congress centre.

Plenty To See, And It’s Not All For Kids

Continue reading “Maker Faire Hannover: The Right Way To Do It”

Spy Tech: Unshredding Documents

Bureaucracies generate paper, usually lots of paper. Anything you consider private — especially anything that could get you in trouble — should go in a “burn box” which is usually a locked trash can that is periodically emptied into an incinerator. However, what about a paper shredder? Who hasn’t seen a movie or TV show where the office furiously shreds papers as the FBI, SEC, or some other three-letter-agency is trying to crash the door down?

That might have been the scene in the late 1980s when Germany reunified. The East German Ministry of State Security — known as the Stasi — had records of unlawful activity and, probably, information about people of interest. The staff made a best effort to destroy these records, but they did not quite complete their task.

The collapsing East German government ordered documents destroyed, and many were pulped or burned. However, many of the documents were shredded by hand, stuffed into bags, and were awaiting final destruction. There were also some documents destroyed by the interim government in 1990. Today there are about 16,000 of these bags remaining, each with 2,500 to 3,000 pieces of pages in them.

Machine-shredded documents were too small to recover, but the hand-shredded documents should be possible to reconstruct. After all, they do it all the time in spy movies, right? With modern computers and vision systems, it should be a snap.

You’d think so, anyway.

Continue reading “Spy Tech: Unshredding Documents”

Expired Certificate Causes German Payment Meltdown

For most Hackaday readers the process of buying groceries this weekend has been a relatively painless one, however we’re guessing some of our German friends will have found their cards unexpectedly declined. The reason? A popular model of payment card terminal, the Verifone H5000, has suffered what has been described as a “software malfunction”. So exactly what has happened? The answer is as simple as it is unfortunate: a security certificate for German transaction processing stored on the device has expired.

The full story exposes the flaws in assuming that a payment terminal is an appliance rather than a computer and its associated software that needs updating like any other. The H5000 is an old terminal that ceased production back in the last decade and has reached end-of-life, however it has remained in use and perhaps more seriously, remained in the supply chain to merchants buying a terminal. With updates requiring a site visit rather than an over-the-air upgrade, it’s likely that the effects of this mess could last a while.

In case the hardware for this type of equipment interests you, we’ve had a teardown on another Verifone terminal in the past.

Hackaday Links Column Banner

Hackaday Links: July 12, 2020

Based in the US as Hackaday is, it’s easy to overload the news with stories from home. That’s particularly true with dark tales of the expanding surveillance state, which seem to just get worse here on a daily basis. So we’re not exactly sure how we feel to share not one but two international stories of a dystopian bent; one the one hand, pleased that it’s not us for a change, but on the other, sad to see the trend toward less freedom and more monitoring spreading.

The first story comes from Mexico, where apparently everything our community does will soon be illegal. We couch that statement because the analysis is based on Google translations of reports from Mexico, possibly masking the linguistic nuances that undergird legislative prose. So we did some digging and it indeed appears that the Mexican Senate approved a package of reforms to existing federal copyright laws that will make it illegal to do things like installing a non-OEM operating system on a PC, or to use non-branded ink cartridges in a printer. Reverse engineering ROMs will be right out too, making any meaningful security research illegal. There appear to be exceptions to the law, but those are mostly to the benefit of the Mexican government for “national security purposes.” It’ll be a sad day indeed for Mexican hackers if this law is passed.

The other story comes from Germany, where a proposed law would grant sweeping surveillance powers to 19 state intelligence bodies. The law would require ISPs to install hardware in their data centers that would allow law enforcement to receive data and potentially modify it before sending it on to where it was supposed to go. So German Internet users can look forward to state-sponsored man-in-the-middle attacks and trojan injections if this thing passes.

OK, time for a palate cleanser: take an hour to watch a time-lapse of the last decade of activity of our star. NASA put the film together from data sent back by the Solar Dynamics Observatory, a satellite that has been keeping an eye on the Sun from geosynchronous orbit since 2010. Each frame of the film is one hour of solar activity, which may sound like it would be boring to watch, but it’s actually quite interesting and very relaxing. There are exciting moments, too, like enormous solar eruptions and the beautiful but somehow terrifying lunar transits. More terrifying still is a massive coronal mass ejection (CME) captured in June 2011. A more subtle but fascinating phenomenon is the gradual decrease in the number of sunspots over the decade as the Sun goes through its normal eleven-year cycle.

You’ll recall that as a public service to our more gear-headed readers that we recently covered the recall of automotive jack stands sold at Harbor Freight, purveyor of discount tools in the USA. Parts for the jack stands in question had been cast with a degraded mold, making the pawls liable to kick out under load and drop the vehicle, with potentially catastrophic results for anyone working beneath. To their credit, Harbor Freight responded immediately and replaced tons of stands with a new version. But now, Harbor Freight is forced to recall the replacement stands as well, due to a welding error. It’s an embarrassment, to be sure, but to make it as right as possible, Harbor Freight is now accepting any of their brand jack stands for refund or store credit.

And finally, if you thought that the experience of buying a new car couldn’t be any more miserable, wait till you have to pay to use the windshield wipers. Exaggeration? Perhaps only slightly, now that BMW “is planning to move some features of its new cars to a subscription model.” Plans like that are common enough as cars get increasingly complex infotainment systems, or with vehicles like Teslas which can be upgraded remotely. But BMW is actually planning on making options such as heated seats and adaptive cruise control available only by subscription — try it out for a month and if you like it, pay to keep them on for a year. It would aggravate us to no end knowing that the hardware supporting these features had already been installed and were just being held ransom by software. Sounds like a perfect job for a hacker — just not one in Mexico.

The High Seas Are Open Source

One of the biggest problems of owning an older boat (besides being a money pit – that is common to all boats regardless of age) is the lack of parts and equipment, and the lack of support for those parts if you can find them at all. Like most things, this is an area that can benefit greatly from some open source solutions, which the Open Boat Projects in Germany has been able to show. (Google Translate from German)

This group has solutions for equipment problems of all kinds for essentially any sized boat. At their most recent expo, many people were interested in open source solutions for situations where there is currently only an expensive proprietary option, such as support for various plotting devices. This isn’t the only part of this project, though. It includes many separate projects, like their solutions for autopilot and navigation. There are even complete hardware packages available, all fully documented.

Open source solutions for large, expensive things like this are often few and far between for a number of reasons. There are limited options for other modes of open source transportation too, as it seems like most large companies are not willing to give up their secrets easily. Communities like this, however, give us hope that people will have other options for repairing their vehicles without having to shell out too much money.

Thanks to [mip] for the tip!

Put An Arduino Enigma In Your Pocket

The German Enigma device has always been a fascinating gadget for hackers. We’ve seen various replicas and emulators created over the years, and it was recently even the subject of our weekly Hack Chat. But if you think about it it’s not really a surprise; the Enigma has the perfect blend of historical significance and engineering wizardry, with a healthy dash of mystery thrown in. Why do the bad guys always have the coolest toys?

If you’ve ever wanted your own little Enigma replica to explore, [Mark Culross] has put together a project which makes it easier than ever. In fact, it’s so straightforward that some of you reading this post will probably be able to put one together as soon as you’ve read this post from stuff you already have lying around in the parts bin. All you need is an Arduino Uno, an Adafruit 2.8″ TFT Touch Shield, and a penchant for World War II technology.

Thanks to the relatively high-resolution touch screen, [Mark] was able to develop a user interface for his Enigma that really gives you a feel for how the original machine worked. Obviously it’s considerably simplified from the real-world version, but using a stylus to tap the rotors you want to spin or the wires you want plugged in makes for a more immersive experience than many of the previous attempts we’ve seen. With a tap you’re even able to load historical machine configurations, such as how the Enigma aboard the submarine U-262 was configured when the Allies intercepted its encoded messages in 1942.

[Mark] says this project was always about developing the software, and he leaves the actual hardware implementation as an exercise for the user. Just to play around with the software it’s enough to hook up an Arduino and the touch screen, but we’d love to see somebody really take the idea and run with it. Add some batteries, a charging circuit, and put it all in a little wooden box for that authentic Enigma look. Can’t forget that iconic wrinkle finish paint, either.

Over the years, we’ve seen replica Enigma machines in all shapes and sizes. From ones you could mount on your wrist, to full size replicas using modern components. We’ve even seen one variation that you can print out on a couple of sheets of paper. The parade of recreations shows no sign of stopping, and we wouldn’t have it any other way.

Continue reading “Put An Arduino Enigma In Your Pocket”