Day: December 22, 2023

This Week In Security: Terrapin, Seized Unseized, And Autospill

December 22, 2023 by 5 Comments

There’s a new SSH vulnerability, Terrapin (pdf paper), and it’s got the potential to be nasty — but only in an extremely limited circumstance. To understand the problem, we have to understand what SSH is designed to do. It replaces telnet as a tool to get a command line shell on a remote computer. Telnet send all that text in the clear, but SSH wraps it all inside a public-key encrypted tunnel. It was designed to safely negotiate an unfriendly network, which is why SSH clients are so explicit about accepting new keys, and alerting when a key has changed.

SSH uses a sequence counter to detect Man-in-the-Middle (MitM) shenanigans like packet deletion, replay, or reordering. That sequence isn’t actually included in the packet, but is used as part of the Message Authentication Check (MAC) of several encryption modes. This means that if a packet is removed from the encrypted tunnel, the MAC fails on the rest of the packets, triggering a complete connection reset. This sequence actually starts at zero, with the first unencrypted packet sent after the version banners are exchanged. In theory, this means that an attacker fiddling with packets in the pre-encryption phase will invalidate the entire connection as well. There’s just one problem.

The innovation from the Terrapin researchers is that an attacker with MitM access to the connection can insert a number of benign messages in the pre-encryption phase, and then silently drop the first number of messages in the encrypted phase. Just a little TCP sequence rewriting for any messages between, and neither the server nor client can detect the deception. It’s a really interesting trick — but what can we do with it?

For most SSH implementations, not much. The 9.6 release of OpenSSH addresses the bug, calling it cryptographically novel, but noting that the actual impact is limited to disabling some of the timing obfuscation features added to release 9.5.

Continue reading “This Week In Security: Terrapin, Seized Unseized, And Autospill”

Giant Demonstrator Explains How DLP Projectors Work

December 22, 2023 by 5 Comments

Texas Instruments developed digital mirror devices, and the subsequent digital light processing (DLP) projector, starting in the late 1980s. The technology is a wondrous and fanciful application of micro-scale electronics and optics. Most of us that have tangled with these devices have had to learn their mode of operation from diagrams and our own imagination. But what if you just built one at a large enough scale that you could see how it worked? Well, [jbumstead] did just that!

A real Digital Micromirror Device (DMD) consists of hundreds of thousands of mirrors, which would be impractical to recreate. This build settles for a simpler 5×5 array made using half-inch square mirrors. It uses solenoids to move each individual mirror between a flat and angled position to create the display. The solenoids are all under the command of an Arduino Mega which controls the overall state of the display and shows various patterns.

It’s not perfect, with the mirrors not quite matching in angles at all times, but it demonstrates the concept perfectly well. When you see it in action with light bouncing off it, you can easily understand how this could be used to make a display of many thousands of pixels in a projector arrangement. We’ve featured some other DLP hacks before, too, so dive in if you’re interested.

Continue reading “Giant Demonstrator Explains How DLP Projectors Work”

Open Source DC UPS Keeps The Low-Voltage Gear Going

December 22, 2023 by 27 Comments

We all like to keep our network gear running during a power outage — trouble is, your standard consumer-grade uninterruptible power supply (UPS) tends to be overkill for routers and such. Their outlet strips built quickly get crowded with wall-warts, and why bother converting from DC to AC only to convert back again?

This common conundrum is the inspiration for [Walker]’s DC UPS design, which has some interesting features. First off, the design is open source, which of course invites tinkering and repurposing. The UPS is built for a 12 volt supply and load, but that obviously can be changed to suit your needs. The battery bank is a 4S3P design using 18650 cells, and that could be customized as well. There’s an ideal diode controller that prevents DC from back-feeding into the supply when the lights go out, and a really interesting synchronous buck-boost converter in place of the power management chip you’d normally see in a UPS. The converter chip takes a PWM signal from an RP2040; there’s also an ESP32 onboard for web server and UI duties as well as an STM32 to run the BMS. The video below discusses the design and shows a little of the build.

We’ve seen a spate of DC UPS designs lately, some more elaborate than others. This one has quite a few interesting chips that most of us don’t normally deal with, and it’s nice to see how they’re used in a practical design.

Continue reading “Open Source DC UPS Keeps The Low-Voltage Gear Going”