Year: 2021

This Week In Security: Watering Hole Attackception, Ransomware Trick, And More Pipeline News

May 21, 2021 by 11 Comments

In what may be a first for watering hole attacks, we’ve now seen an attack that targeted watering holes, or at least water utilities. The way this was discovered is a bit bizarre — it was found by Dragos during an investigation into the February incident at Oldsmar, Florida. A Florida contractor that specializes in water treatment runs a WordPress site that hosted a data-gathering script. The very day that the Oldsmar facility was breached, someone from that location visited the compromised website.

You probably immediately think, as the investigators did, that the visit to the website must be related to the compromise of the Oldsmar treatment plant. The timing is too suspect for it to be a coincidence, right? That’s the thing, the compromised site was only gathering browser fingerprints, seemingly later used to disguise a botnet. The attack itself was likely carried out over Teamviewer. I will note that the primary sources on this story have named Teamviewer, but call it unconfirmed. Assuming that the breach did indeed occur over that platform, then it’s very unlikely that the website visit was a factor, which is what Dragos concluded. On the other hand, it’s easy enough to imagine a scenario where the recorded IP address from the visit led to a port scan and the discovery of a VNC or remote desktop port left open. Continue reading “This Week In Security: Watering Hole Attackception, Ransomware Trick, And More Pipeline News”

Building A Quick And Dirty RC Mower With FPV

May 21, 2021 by 4 Comments

Mowing the lawn can be a tedious job. Tired of the effort involved, [i did a thing] decided to enlist the help of [Makers Muse] to build a radio controlled mower instead to make the backyard chore a little more interesting. (Video, embedded below.)

The mowing itself is done by a typical push-along garden mower with a gasoline engine. However, it’s fitted with twin DC gear motors harvested from a mobility scooter. The mowers original front wheels were also removed, replaced with casters from the same mobility scooter that donated the drive train. Off-the-shelf speed controllers were then used to run the motors, and hooked up to an RC receiver. The mower could then be steered via a radio controller set up with mixing to enable the twin-motor setup to steer and drive.

An FPV camera was then fitted on the front of the mower, sitting on a stack of kitchen sponges that act as a isolator to negate the effects of the engine vibrations on the camera. The result is a relatively smooth video feed, allowing the operator to sit at a comfortable distance and control the mower via radio and goggles.

It may not be the most effective way of trimming the lawn, but it does look like a fun project, and sometimes that’s all that matters. Of course, you could always upgrade to a fully autonomous mower instead.

Continue reading “Building A Quick And Dirty RC Mower With FPV”

With A Big Enough Laser, The World Is Your Sensor

May 21, 2021 by 31 Comments

It’s difficult to tell with our dull human senses, but everything around us is vibrating. Sure it takes more energy to get big objects like bridges and houses humming compared to a telephone pole or mailbox, but make no mistake, they’ve all got a little buzz going on. With their new automated laser, the team behind VibroSight++ believes they can exploit this fact to make city-scale sensing far cheaper and easier than ever before.

The key to the system is a turret mounted Class 3B infrared laser and photodetector that can systematically scan for and identity reflective surfaces within visual range. Now you might think that such a setup wouldn’t get much of a signal from the urban landscape, but as it so happens, the average city block is packed with retroreflectors. From street signs to road studs and license plates, the team estimates dense urban areas have approximately 7,000 reflectors per square kilometer. On top of those existing data points, additional reflectors could easily be added to particularly interesting devices that city planners might want to monitor.

Once VibroSight++ has identified its targets, the next step is to bounce the laser off of them and detect the minute perturbations in the returned signal caused by vibrations in the reflector. In the video below you can see how this basic concept could be put to practical use in the field, from counting how many cars pass over a certain stretch of road to seeing how popular a specific mailbox is. There’s a whole world of information out there just waiting to be collected, all without having to install anything more exotic than the occasional piece of reflective tape.

If this technology seems oddly familiar, it’s probably because we covered the team’s earlier work that focused (no pun intended) on using reflected laser beams for home automation in 2018. Back then they were aiming a much smaller laser at blenders and refrigerators instead of license plates and street signs, but the concept is otherwise the same. While we’ll admit the technology does give off a distinctive Orwellian vibe, it’s hard not to be intrigued by the “Big Data” possibilities afforded by the team’s upgraded hardware and software.

Continue reading “With A Big Enough Laser, The World Is Your Sensor”

Reading Floppies With An Oscilloscope

May 20, 2021 by 6 Comments

There’s a lot of data on magnetic media that will soon be lost forever, as floppies weren’t really made to sit in attics and basements for decades and still work. [Chris Evans] and [Phil Pemberton] needed to read some disks that reportedly contained source code for several BBC Micro games, including Repton 3. They turned to Greaseweazle, an interface board that can dump just about any kind of floppy disk if it is attached to the right drive. The problem is that Greaseweazle couldn’t read the disks due to CRC errors. Time to break out the oscilloscope and read the disk manually, which is what they did.

Greaseweazle provides a nice display of read sectors and shows timing coming from the floppy read head. The disk in question looked good with reasonably clean timing clocks except in the area of one sector. At that point, the clocks degenerated into noise. Looking on the disk, it was easy to see why. The actual media had a small dent in it.

Continue reading “Reading Floppies With An Oscilloscope”

Project Starline Realizes Asimov’s 3D Vision

May 20, 2021 by 36 Comments

Issac Asimov wrote Caves of Steel in 1953. In it, he mentions something called trimensional personification. In an age before WebEx and Zoom, imagining that people would have remote meetings replete with 3D holograms was pretty far-sighted. We don’t know if any Google engineers read the book, but they are trying to create a very similar experience with project Starline.

The system is one of those that seems simple on the face of it, but we are sure the implementation isn’t easy. You sit facing something that looks like a window. The other person shows up in 3D as though they were on the other side of the window. Think prison visitation without the phone handset. The camera is mounted such that you look naturally at the other person through your virtual window.

Continue reading “Project Starline Realizes Asimov’s 3D Vision”

Spherical Keyboard Build Leaves Hacker Well-Rounded

May 20, 2021 by 20 Comments

Often times we as hackers don’t know what we’re doing, and we sally forth and do it anyway. Here at Hackaday, we think that’s one of the best ways to go about a new project, and the absolute fastest way to learn a whole lot as you go. Just ask [Aaron Rasmussen] regarding this spherical, standing 5×6 dactyl manuform keyboard build, which you can see in a three-part short video series embedded after the break.

[Aaron] gets right down to it in the first video. He had to get creative right away, slicing up the dactyl manuform model to fit on a tiny print bed. However, there’s plenty of room inside the sphere for all that wiring and a pair of Elite-C microcontrollers running QMK. Be sure to turn on the sound to hear the accompanying voice-overs.

The second video answers our burning question: how exactly does one angle grind a slippery sphere without sacrificing sheen or shine? We love the solution, which involves swaddling the thing in duct tape and foam.

You may be wondering how [Aaron] is gonna use any kind of mouse while standing there at the pedestal keyboard. While there is space for a mouse to balance on top, this question is answered in the third video, where [Aaron] learns the truth behind the iconic ThinkPad nubbin and applies this knowledge to build a force-feedback joystick/trackpoint mouse. Awesome answer, [Aaron]!

Not ready to go full-tilt, sci-fi prop ergo? Dip your toe in the DIY waters with a handy macropad.

Continue reading “Spherical Keyboard Build Leaves Hacker Well-Rounded”

Shop Exhaust Fan Salvaged From Broken Microwave

May 20, 2021 by 7 Comments

You don’t have to look hard to find a broken microwave. These ubiquitous kitchen appliances are so cheap that getting them repaired doesn’t make economical sense for most consumers, making them a common sight on trash day. But is it worth picking one of them up?

The [DuctTape Mechanic] certainly thinks so. In his latest video, he shows how the exhaust fan from a dead microwave can easily and cheaply be adapted to blow smoke and fumes out of your workshop. While it’s obviously not going to move as much air as some of the massive shop fans we’ve covered over the years, if you’re working in a small space like he is, it’s certainly enough to keep the nasty stuff moving in the right direction. Plus as an added bonus, it’s relatively quiet.

Now as you might expect the exact internal components of microwave ovens vary wildly, so there’s no guarantee your curbside score is going to have the same fan as this one. But the [DuctTape Mechanic] tries to give a relatively high-level overview of how to liberate the fan, interpret the circuit diagram on the label, and wire it up so you can plug it into the wall and control it with a simple switch. Similarly, how you actually mount the fan in your shop is probably going to be different, though we did particularly like how he attached his to the window using a pair of alligator clips cut from a frayed jumper cable.

Got a donor microwave but not in the market for a impromptu shop fan? No worries. We recently saw a dud microwave reborn as a professional looking UV curing chamber that would be the perfect partner for your resin 3D printer. Or perhaps you’d rather turn it into a desktop furnace capable of melting aluminum, copper, or bronze.

Continue reading “Shop Exhaust Fan Salvaged From Broken Microwave”