This Week In Security: In Mudge We Trust, Don’t Trust That App Browser, And Firefox At Pwn2Own

There’s yet another brouhaha forming over Twitter, but this time around it’s a security researcher making noise instead of an eccentric billionaire. [Peiter Zatko] worked as Twitter’s security chief for just over a year, from November 2020 through January 2022. You may know Zatko better as [Mudge], a renowned security researcher, who literally wrote the book on buffer overflows. He was a member at L0pht Heavy Industries, worked at DARPA and Google, and was brought on at Twitter in response to the July 2020 hack that saw many brand accounts running Bitcoin scans.

Mudge was terminated at Twitter January 2022, and it seems he immediately started putting together a whistleblower complaint. You can access his complaint packet on archive.org, with whistleblower_disclosure.pdf (PDF, and mirror) being the primary document. There are some interesting tidbits in here, like the real answer to how many spam bots are on Twitter: “We don’t really know.” The very public claim that “…<5% of reported mDAU for the quarter are spam accounts” is a bit of a handwave, as the monetizable Daily Active Users count is essentially defined as active accounts that are not bots. Perhaps Mr. Musk has a more legitimate complaint than was previously thought.
Continue reading “This Week In Security: In Mudge We Trust, Don’t Trust That App Browser, And Firefox At Pwn2Own”

You Paid For This Paper. Now You Can Read It Without Paying Again

There is probably very little among the topics covered here at Hackaday that doesn’t have its roots somewhere in scientific research. Semiconductor devices for example didn’t simply pop into being in Bell Labs or Texas Instruments, the scientists and engineers who created them did so standing on the shoulders of legions of earlier researchers who discovered the precursor steps that made them possible. As many readers will know, scientific research for its own sake is expensive, so much so that much of it is funded by governments, from your taxes. The research papers with the findings are then hidden from public view behind paywalls by the publishers who distribute them, an injustice which should soon be over for Americans, thanks to a White House memorandum paving the way for federally funded research to be freely available to the public at no cost by no later than 2025.

The academic publishing business originates in the days when paper was king, and it has several tiers. Officially an academic journal is usually the product of a professional body in its field, but it is normal for the publishing itself to be contracted out to a specialist academic publishing company. They accept submissions of papers, edit them, and arrange peer reviewers, before publishing the journals. Originally this was a paper process, but while journals are still printed it’s the Internet through which they are now read. The publishers pay nothing to the researcher for their paper and often only a nominal sum to the reviewers for their input, but charge a hefty subscription for access to the content. As you might imagine it’s an extremely lucrative business, so as this Hackaday scribe saw when she worked in that industry, the publishers and the learned bodies are in no hurry to kill their golden goose.

This move to open access may make few immediate waves outside the world of scientific publishing, but it affirms the principle that taxpayers should be able to see the fruits of their spending. As such it will be of benefit to less-well-off researchers and institutions worldwide. Rest in peace Aaron Swartz, if only you could have seen this day!

White House pic: Matt H. Wade, CC BY-SA 3.0.

Simple Breadboard SDR For Shortwave

One of the best ways to learn about radios is to build your own, even in the age of cheap SDR dongles. [Aniss Oulhaci] demonstrates this with a simple HF SDR receiver built on a breadboard.

The receiver takes the form of a simplified Tayloe detector. An RF preamp circuit amplifies the signal from a shortwave antenna and feeds it into a 74HC4066D analog switch, which acts as a switching mixer. It mixes the input signal with the local oscillator’s I and Q signals to produce the intermediate frequency signals. The local oscillator consists of a SI5351 clock generator with a 74HC74D flip-flop to generate the I and Q pair. The signals pass through a low pass filter stage and get amplified by an LM358 op amp, resulting in the IQ signal pair being fed to a computer’s stereo sound card.

An Arduino is used to control the SI5351 clock generator, which in turn is controlled by the same program created for the SDR Shield. With the audio signal fed to HDSDR, [Aniss] was able to pick up a shortwave radio broadcaster.

While this is by no means a high-performance receiver, building an SDR on a breadboard is still a great weekend project, with plenty of potential for further experimentation.

Continue reading “Simple Breadboard SDR For Shortwave”