Day: December 30, 2022

This Week In Security: Adblock For Security, ProxyNotShell Lives, And CVSS 10 To Not Worry About

December 30, 2022 by 14 Comments

The ubiquity of ransomware continues, this time with The Guardian announcing they were partially shut down from an attack. Staff are working from home as the incident is being investigated and data is recovered. Publishing seems to be continuing, and the print paper ran as expected.

There have been a couple reports published recently on how ransomware and other malware is distributed, the first being a public service announcement from the FBI, detailing what might be a blindly obvious attack vector — search engine advertising. A bad actor picks a company or common search term, pays for placement on a search engine, and then builds a fake web site that looks legitimate. For bonus points, this uses a typosquatted domain, like adobe[dot]cm or a punycode domain that looks even closer to the real thing.

The FBI has a trio of recommendations, one of which I whole-heartedly agree with. Their first suggestion is to inspect links before clicking them, which is great, except for the punycode attack. In fact, there are enough lookalike glyphs to make this essentially useless. Second is to type in URLs directly rather than using a search engine to find a company’s site. This is great so long as you know the URL and don’t make a typo. But honestly, haven’t we all accidentally ended up at website[dot]co by doing this? Their last recommendation is the good one, and that is to run a high-quality ad-blocker for security. Just remember to selectively disable blocking for websites you want to support. (Like Hackaday!) Continue reading “This Week In Security: Adblock For Security, ProxyNotShell Lives, And CVSS 10 To Not Worry About”

The macropad PCB panel next to an assembled macropad

A Fun Low-Cost Start For Your Macropad Hobby

December 30, 2022 by 7 Comments

If you were ever looking for a small relaxing evening project that you could then use day-to-day, you gotta consider the Pico Hat Pad kit by [Natalie the Nerd]. It fits squarely within the Pi Pico form-factor, giving you two buttons, one rotary encoder and two individually addressable LEDs to play with. Initially, this macropad was intended as an under-$20 device that’s also a soldering practice kit, and [Natalie] has knocked it out of the park.

You build this macropad out of a stack of three PCBs — the middle one connecting the Pi Pico heart to the buttons, encoders and LEDs, and the remaining ones adding structural support and protection. All the PCBs fit together into a neat tab-connected panel — ready to be thrown into your favorite PCB service’s shopping cart. Under the hood, this macropad uses KMK, a CircuitPython-based keyboard firmware, with the configuration open-source. In fact everything is open-source, just the way we like it.

If you find yourself with an unexpected affinity for macropads after assembling this one, don’t panic. It’s quite a common side-effect. Fortunately, there are cures, and it’s no longer inevitable that you’ll go bananas about it. That said, if you’re fighting the urges to go bigger, you can try a different hand-wireable Pico-based macropad with three more keys. Come to find that one not enough? Here’s a 2×4 3D printable one.

Now, if you eventually find yourself reading every single Keebin’ With Kristina episode as soon as it comes out, you might be too far gone, and we’ll soon find you spending hundreds of dollars building tiny OLED screens into individual keys — in which case, make sure you document it and share it with us!

Continue reading “A Fun Low-Cost Start For Your Macropad Hobby”

Robot Rebellion Brings Back BBC Camera Operators

December 30, 2022 by 22 Comments

The modern TV news studio is a masterpiece of live video and CGI, as networks vie for the flashiest presentation. BBC News in London is no exception, and embraced the future in 2013 to the extent of replacing its flesh-and-blood camera operators with robotic cameras. On the face of it this made sense; it was cheaper, and newsroom cameras are most likely to record as set range of very similar shots. A decade later they’re to be retired in a victory for humans, as the corporation tires of the stream of viral fails leaving presenters scrambling to catch up.

A media story might seem slim pickings for Hackaday readers, however there’s food for thought in there for the technically minded. It seems the cameras had a set of pre-programmed maneuvers which the production teams could select for their different shots, and it was too easy for the wrong one to be enabled. There’s also a suggestion that the age of the system might have something to do with it, but this is somewhat undermined by their example which we’ve placed below being from when the cameras were only a year old.

Given that a modern TV studio is a tightly controlled space and that detecting the location of the presenter plus whether they are in shot or not should not have been out of reach in 2013, so we’re left curious as to why they haven’t taken this route. Perhaps OpenCV to detect a human, or simply detecting the audio levels on the microphones before committing to a move could do the job. Either way we welcome the camera operators back even if we never see them, though we’ll miss the viral funnies.

Continue reading “Robot Rebellion Brings Back BBC Camera Operators”