Day: September 20, 2019

This Week In Security: Zeroconf Strikes Again, Lastpass Leaks Your Last Password, And All Your Data Is Belong To Us

September 20, 2019 by 18 Comments

VoIP cameras, DVRs, and other devices running the Web Services Dynamic Discovery (WSDD) protocol are being used in a new type of DDoS attack. This isn’t the first time a zeroconf service has been hijacked as part of a DDoS, as UPnP has also been abused in similar ways.

Feel like alphabet soup yet? A Denial of Service attack is one where the target is simply made unavailable, rather than actually compromised. The classic example of this is the SYN flood, where an attacker would open hundreds of connections to a web server at once, exhausting the server’s resources and interrupting legitimate use of that server. As mitigations for these attacks were developed (SYN Cookies, for example), DoS attacks were replaced by Distributed Denial of Service (DDOS) attacks. Rather than attack a weakness on the target machine, like available RAM or CPU cycles, a DDoS generally targets available network bandwidth by hitting the target website from many, many locations at once. No clever software tricks can help when your Internet connection is fully saturated with junk traffic. Continue reading “This Week In Security: Zeroconf Strikes Again, Lastpass Leaks Your Last Password, And All Your Data Is Belong To Us”

3D Printed VirtuScope Is A Raspberry Pi 4 Cyberdeck With A Purpose

September 20, 2019 by 23 Comments

William Gibson might have come up with the idea for the cyberdeck in 1984, but it’s only recently that technology like desktop 3D printing and powerful single board computers have enabled hackers and makers to assemble their own functional versions of these classic cyberpunk devices. Often the final product is little more than a cosplay prop, but when [Joe D] (better known on the tubes as [bootdsc]) started designing his VirtuScope, he wanted to create something that was actually practical enough to use. So far, it looks like he’s managed to pull it off.

Many of the cyberdeck builds we see are based around the carcass of a era-appropriate vintage computer, which looks great and really helps sell the whole retro-future vibe. Unfortunately, this can make the projects difficult and expensive to replicate. Plus there’s plenty of people who take offense to gutting a 30+ year old piece of hardware just so you can wear it around your neck at DEF CON.

[bootdsc] deftly avoided this common pitfall by 3D printing the entire enclosure for the VirtuScope, and since he’s shared all of the STLs, he’s even made it so anyone can run off their own copy. The majority of the parts can be done on any FDM printer with a 20 x 20 x 10cm build area, though there are a few detail pieces that need the resolution of an SLA machine.

Under the hood the VirtuScope is using the Raspberry Pi 4, which [bootdsc] says is key to the build’s usability as the latest version of the diminutive Linux SBC finally has enough computational muscle to make it a viable for daily computing. Granted the seven inch LCD might be a tad small for marathon hacking sessions, but you could always plug in an external display when you don’t need to be mobile. For your wireless hacking needs, the VirtuScope features an internal NooElec SDR (with HF upconverter) and a AWUS036AC long-range WiFi adapter; though there’s plenty of room to outfit it with whatever kind of payload you’d find useful while on the go.

Documentation for this project is still in the early stages, but [bootdsc] has already provided more than enough to get you started. He tells us that there are at least two more posts coming that will not only flesh out how he built the VirtuScope, but explain why it’s now become his portable SDR rig of choice. We’re excited to see more details about this build, and hope somebody out there is willing to take on the challenge of building their own variant.

In the past we’ve seen partially 3D printed cyberdecks, and at least one that also went the fully-printed route, but none of them have been quite as accessible as the VirtuScope. By keeping the geometry of the printed parts simple and utilizing commonly available components, [bootdsc] may well have laid the groundwork for hackerdom’s first “mass produced” cyberdeck.

Continue reading “3D Printed VirtuScope Is A Raspberry Pi 4 Cyberdeck With A Purpose”

British Cops Catch Shooter-Printing Villain

September 20, 2019 by 84 Comments

It’s a perennial of breathless British tabloid scare reporting that 3D printers will unleash a tide of weapons upon the streets. But perhaps it might actually be time for Brits lock up their children, because London’s Metropolitan Police have announced their first prosecution for 3D printing a handgun. The gun pictured appears to be a Repringer 5-shot .22 revolver, and was found by police during a drugs raid.

The UK has significantly restrictive firearms legislation and shooting incidents are extremely rare in the country, so while this might not raise any eyebrows on the other side of the Atlantic it’s an extremely unusual event for British police. It appears that the builder was not the type of libre firearms enthusiast who has made the news with similar work in the USA, so it has to be assumed that it was printed purely as a means to secure an illegal firearm however rough-and-ready or indeed dangerous it might be.

Stepping aside from the firearm aspect of the story, it should be of concern for any British 3D printer enthusiasts. As we’ve reported over the years with respect to drone incidents they can sometimes throw reason to the wind when faced with unfamiliar technology, indeed we’ve already seen them imagining RepRap parts to be for a firearm. We’d counsel all parties to keep sane heads, and hope that both the sentence for today’s criminal proves to be a suitable deterrent, and that no clueless fool decides to download and print another weapon for the hell of it. As always, we’ll bring you developments as they happen.