Day: June 28, 2024

This Week In Security: Kaspersky Ban, Project Naptime, And More

June 28, 2024 by 10 Comments

The hot news this week is that Kaspersky is banned in the USA. More specifically, Kaspersky products will be banned from sale in the US starting on September 29. This ban will extend to blocking software updates, though it’s unclear how that will actually be accomplished. It’s reasonable to assume that payment processors will block payments to Kaspersky, but will ISPs be required to block traffic that could contain antivirus updates?

WordPress Plugin Backdoor

A Quartet of WordPress plugins have been found to have recently included backdoor code. It’s a collection of five Open Source plugins, seemingly developed by unrelated people. Malicious updates first showed up on June 21st, and it appears that all five plugins are shipping the same malicious code.

Rabbit AI API

The Rabbit R1 was released to less than thunderous applause. The idea is a personal AI device, but the execution has been disappointing, to the point of reviewers suggesting some of the earlier claims were fabricated. Now it seems there’s a serious security issue, in the form of exposed API keys that have *way* too many privileges.

The research seems to be done by the rabbitude group, who found the keys back in May. Of the things allowed by access to the API keys, the most worrying for user privacy was access to every text-to-speech call. Rabbitude states in their June 25 post, that “rabbit inc has known that we have had their elevenlabs (tts) api key for a month, but they have taken no action to rotate the api keys.” On the other hand, rabbit pushed a statement on the 26th, claiming they were just then made aware of the issue, and made the needed key rotations right away.

Continue reading “This Week In Security: Kaspersky Ban, Project Naptime, And More”

Solving Cold Cases With Hacked Together Gear

June 28, 2024 by 12 Comments

People go missing without a trace far more commonly than any of us would like to think about. Of course the authorities will conduct a search, but even assuming they have the equipment and personnel necessary, the odds are often stacked against them. A few weeks go by, then months, and eventually there’s yet another “cold case” on the books and a family is left desperate for closure.

But occasionally a small team or an individual, if determined enough, can solve such a case even when the authorities have failed. Some of these people, such as [Antti Suanto] and his brother, have even managed to close the books on multiple missing person cases. In an incredibly engrossing series of blog posts, [Antti] describes how he hacked together a pair of remotely operated vehicles to help search for and ultimately identify sunken cars.

Continue reading “Solving Cold Cases With Hacked Together Gear”

Spinning Magnets Do Your Dice Rolling For You

June 28, 2024 by 6 Comments

Dice are about the simplest machines possible, and they’ve been used since before recorded history to generate random numbers. But no machine is so simple that a little needless complexity can’t make it better, as is the case with this mechanical spinning dice. Or die. Whatever.

Inspiration for the project came from [Attoparsec]’s long history with RPG and tabletop games, which depend on different kinds of dice to generate the randomness that keeps them going — that and the fortuitous find of a seven-segment flip-dot display, plus the need for something cool to show off at OpenSauce. The flip-dot is controlled by an array of neodymium magnets with the proper polarity to flip the segments to the desired number. The magnets are attached to an aluminum disk, with each array spread out far enough to prevent interference. [Attoparsec] also added a ring of magnets to act as detents that lock the disk into a specific digit after a spin.

The finished product ended up being satisfyingly clicky and suitably random, and made a good impression at OpenSauce. The video below documents the whole design and build process, and includes some design dead-ends that [Attoparsec] went down in pursuit of a multiple-digit display. We’d love to see him revisit some of these ideas, mechanically difficult though they may be. And while he’s at it, maybe he could spice up the rolls with a little radioactivity.

Continue reading “Spinning Magnets Do Your Dice Rolling For You”