This Week In Security: DeepSeek’s Oopsie, AI Tarpits, And Apple’s Leaks

January 31, 2025 by Jonathan Bennett 8 Comments

DeepSeek has captured the world’s attention this week, with an unexpected release of the more-open AI model from China, for a reported mere $5 million training cost. While there’s lots of buzz about DeepSeek, here we’re interested in security. And DeepSeek has made waves there, in the form of a ClickHouse database unintentionally opened to the world, discovered by the folks from Wiz research. That database contained chat history and log streams, and API keys and other secrets by extension.

Finding this database wasn’t exactly rocket science — it reminds me of my biggest bug bounty win, which was little more than running a traceroute and a port scan. In this case it was domain and sub domain mapping, and a port scan. The trick here was knowing to try this, and then understanding what the open ports represented. And the ClickHouse database was completely accessible, leaking all sorts of sensitive data. Continue reading “This Week In Security: DeepSeek’s Oopsie, AI Tarpits, And Apple’s Leaks” →

A History Of Copper Pours

January 31, 2025 by Al Williams 39 Comments

If you compare a modern PCB with a typical 1980s PCB, you might notice — like [lcamtuf] did — that newer boards tend to have large areas of copper known as pours instead of empty space between traces. If you’ve ever wondered why this is, [lcamtuf] explains.

The answer isn’t as simple as you might think. In some cases, it is just because the designer is either copying the style of a different board or the design software makes it easy to do. However, the reason it caught on in the first place is a combination of high-speed circuitry and FCC RF emissions standards. But why do pours help with unintentional emissions and high-speed signals?

Continue reading “A History Of Copper Pours” →

Handy Online Metric Screw, Nut, And Washer Generator

January 31, 2025 by Donald Papp 18 Comments

For those times when you could really use a quick 3D model, this metric screw generator will do the trick for screws between M2 and M16 with matching nuts and washers. Fastener hardware is pretty accessible, but one never knows when a 3D printed piece will hit the spot. One might even be surprised what can be usefully printed on a decent 3D printer at something like 0.08 mm layer height.

Behind the scenes, [Jason]’s tool is an OpenSCAD script with a very slick web-based interface that allows easy customization of just about any element one might need to adjust, including fine-tuning the thread sizing. We’re fans of OpenSCAD here and appreciate what’s going on behind the scenes, but one doesn’t need to know anything about it to use the online tool.

Generated models can be downloaded as .3mf or .stl, but if you really need a CAD model you’re probably best off looking up a part and downloading the matching 3D model from a supplier like McMaster-Carr.

Prefer to just use the OpenSCAD script yourself, instead of the web interface? Select “Download STL/CAD Files” from the dropdown of the project page to download ScrewGenerator.scad for local use, and you’re off to the races.