2600 Breaks Free From DRM With PDF/EPUB Subscription

July 21, 2023 by Tom Nardi 13 Comments

Hackaday has been online in some form or another since 2004, which for the Internet, makes us pretty damn old. But while that makes us one of the oldest surviving web resources for hacker types, we’ve got nothing on 2600 — they’ve been publishing their quarterly zine since 1984.

While the physical magazine can still be found on store shelves, the iconic publication expanded into digital distribution some time ago, thanks largely to the Kindle’s Newsstand service. Unfortunately, that meant Amazon’s recent decision to shutter Newsstand threatened to deprive 2600 of a sizable chunk of their income. So what would any group of hackers do? They took matters into their own hands and spun-up their own digital distribution system.

As of today you’re able to subscribe to the digital version of 2600 in DRM-free PDF or EPUB formats, directly from the magazine’s official website. Which one you pick largely depends on how you want to read it: those looking for the highest fidelity experience should go with PDF, as it features an identical layout to the physical magazine, while those who are more concerned with how the content looks on their reader of choice would perhaps be better served by the flexibility of EPUB. After signing up you can download the current Summer issue immediately, with future issues hitting your inbox automatically. Load it onto your home-built Open Book, and you can really stick it to the establishment.

While the ending of this story seems to be a happy one, we can’t help but see it as a cautionary tale. How many other magazines would have the means and experience to offer up their own digital subscriptions? Or for that matter, how many could boast readers savvy enough to utilize it? The reality is many publications will be injured by Amazon’s decision, some mortally so. That’s a lot of power to be put into the hands of just one company, no matter how quick the shipping is.

This Week In Security: Dating App, WooCommerce, And OpenSSH

July 21, 2023 by Jonathan Bennett 4 Comments

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.

The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.

WooCommerce Under Siege

Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.

Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.

And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH” →

Turning A Quartz Clock Module Into A Time Reference

July 21, 2023 by Lewin Day 11 Comments

If you’re looking for a 1-second time reference, you’d probably just grab a GPS module off the shelf and use the 1PPS output. As demonstrated by [InazumaDenki], though, an old quartz clock module can also do the job with just a little work.

The module was harvested from an old Seiko wall clock, and features the familiar 32.768 KHz crystal you’d expect. This frequency readily divides down by 2 multiple times until you get a useful 1 Hz output. The module, originally designed to run a clock movement, can be repurposed with some basic analog electronics to output a useful time reference. [InazumaDenki] explains various ways this can be done, before demonstrating his favored method by building the device and demonstrating it with a decade counter.

It has some benefits over a GPS time reference, such as running at a much lower voltage and needing no external signal inputs. However, it’s also not going to be quite as accurate. Whether that matters to you or not depends on your specific application. Video after the break.

Continue reading “Turning A Quartz Clock Module Into A Time Reference” →

Old Style 1802 Computer Has MMU

July 21, 2023 by Al Williams 8 Comments

When you think of an MMU — a memory management unit — you probably think of a modern 32-bit computer. But [Jeff Truck] has a surprise. His new RCA 1802 computer has bank switching, allowing the plucky little processor to address 256K of RAM. This isn’t just the usual bank-switching design, either.

The machine has several unique features. For example, an Arduino onboard can control the CPU so that you can remotely control the bus. It does not, apparently, stand in for any of the microprocessor support chips. It also doesn’t add additional memory or control its access.

The 256K of memory is under the control of the MMU board. This board generates two extra address bits by snooping the executing instruction and figures out what register is involved in any memory access. Memory in the MMU stores a table that lets you set different memory pages for each register. This works even if the register is not explicit and also for the machine’s DMA and instruction fetch cycles. If you know about the RCA “standard call and return technique,” which also needed a little patching for the MMU. [Jeff] covers that at the end of the video below.

This is a very simple version of a modern MMU and is an impressive trick for a 50-something-year-old CPU. We were surprised to hear — no offense to [Jeff] — that the design worked the first time. Impressive! There’s also some 3D printing and other tips to pick up along the way. But we were super impressed with the MMU. You might never have to do this yourself (although you could), but you can still marvel that it can be done at all.

We have a soft spot for the 1802s, real or emulated. The original ELF was great, but 256K is a lot better than the original 256 bytes!

Continue reading “Old Style 1802 Computer Has MMU” →