Malware embedded in office documents has been a popular attack for years. Many of those attacks have been fixed, and essentially all the current attacks are unworkable when a document is opened in protected view. There are ways around this, like putting a notice at the top of a document, requesting that the user turn off protected view. [Curtis Brazzell] has been researching phishing, and how attacks can work around mitigations like protected view. He noticed that one of his booby-trapped documents phoned home before it was opened. How exactly? The preview pane.
The Windows Explorer interface has a built-in preview pane, and it helpfully supports Microsoft Office formats. The problem is that the preview isn’t generated using protected view, at least when previewing Word documents. Generating the preview is enough to trigger loading of remote content, and could feasibly be used to trigger other vulnerabilities. [Curtis] notified Microsoft about the issue, and the response was slightly disappointing. His discovery is officially considered a bug, but not a vulnerability.
Researchers at Kaspersky took a hard look at several VNC implementations, and uncovered a total of 37 CVEs so far. It seems that several VNC projects share a rather old code-base, and it contains a plethora of potential bugs. VNC should be treated similarly to RDP — don’t expose it to the internet, and don’t connect to unknown servers. The protocol wasn’t written with security in mind, and none of the implementations have been sufficiently security hardened.
Examples of flaws include: Checking that a message doesn’t overflow the buffer after having copied it into said buffer. Another code snippet reads a variable length message into a fixed length buffer without any length checks. That particular function was originally written at AT&T labs back in the late 90s, and has been copied into multiple projects since then.
There is a potential downside to open source that is highlighted here. Open source allows poorly written code to spread. This isn’t a knock against open source, but rather a warning to the reader. Just because code or a project uses an OSS license doesn’t mean it’s secure or high quality code. There are more vulnerabilities still in the process of being fixed, so watch out for the rest of this story. Continue reading “This Week In Security:Malicious Previews, VNC Vulnerabilities, Powerwall, And The 5th Amendment”
Elon Musk isn’t just the greatest human being — he’s also a great inventor. He’s invented the reusable rocket, the electric car, and so much more. While those are fantastic achievements, Elon’s greatest invention is probably the PowerWall. The idea of a PowerWall is simple and has been around for years: just get a bunch of batteries and build a giant UPS for your house. Elon brought it to the forefront, though, and DIYers around the world are building their own. Thanks, Elon.
Of course, while the idea of building your own PowerWall is simple, the devil is in the details. How are you going to buy all those batteries? How are you going to connect them together? How do you connect it to your fuse box? It’s a systems integration nightmare, made even more difficult by the fact that lithium cells can catch fire if you do something wrong. [jehugarcia] is building his own PowerWall, and he might have hit upon an interesting solution. He’s built a modular system to store and charge hundreds of 18650 cells. It looks great, and this might be the answer to anyone wanting to build their own PowerWall.
Aside from acquiring hundreds of 18650 cells, the biggest problem in building a PowerWall is simply connecting all the cells together. This can be done with 3D printed battery holders, solder, and bus bars, with a few people experimenting with spot welding wires directly onto the cells. This project might be a better solution: it uses standard plastic battery holders easily acquired from your favorite Chinese retailer and a PCB to turn cells into a battery.
The design of this battery module consists of a PCB with sufficiently wide traces, an XT60 power connector, and a few headers for the balance connector of a charger. This is a seven cell setup, and in contrast to the hundreds of hours that go into making a PowerWall the old fashioned way, these modules can be assembled pretty quickly.
Testing of these modules revealed no explosions, and everything worked as intended. There was a problem, though: when drawing a high load, the terminals of these cheap battery connectors got up to 150°. That makes these modules unsuitable for high load applications like an e-bike, but it should be okay if you’re putting hundreds of these modules together to power your house. It might be a good idea to invest in some cooling, though.
Continue reading “The Quick-Build PowerWall”
Every now and then a hacker gets started on a project and forgets to stop. That’s the impression we get from [HBPowerwall]’s channel anyway. He’s working on adding a huge number of 18650 Lithium cells to his home’s power grid and posting about his adventures along the way. This week he gave us a look at the balancing process he uses to get all of these cells to work well together. Last month he gave a great overview of the installed system.
His channel starts off innocently enough. It’s all riding small motor bikes around and having a regular good time. Then he experiments a bit with the light stuff, like a few solar panels on the roof. However, it seems like one day he was watching a news brief about the Powerwall (Tesla’s whole-home battery storage system) and was like, “hey, I can do that.”
After some initial work with the new substance it wasn’t long before he was begging, borrowing, and haggling for every used 18650 lithium battery cell the local universe in Brisbane, Australia could sell him. There are a ton of videos documenting his madness, but he’s all the way up to a partly off-grid house with a 20kWh battery bank, for which he has expansion plans.
There’s a lot of marketing flim flam and general technical pitfalls in the process of generating your own non-grid electricity. But for hackers in sunny areas who want to dump those rays into local storage this is an interesting blueprint to start with.
Continue reading “Homebrew Powerwall Sitting At 20kWh”
Some of the most inefficient appliances in the home are AC mains-powered clocks. You can’t exactly turn them off and they use a whole lot of energy considering how often they’re looked at. [t3andy] came up with a great low power AC Mains clock that is only on 3% of the time. As a neat bonus, it also looks really, really cool.
[t3andy] is using a Teensy 3 as the brains of this clock, and the serial interface on the board provides a relatively easy means of setting the time without having to use buttons or tact switches. The clock face consists of 13 neopixels, with two red pixels showing the hour and a single green pixel showing the minutes. The time is measured with a DS3232 I2C real time clock with a battery backup.
The design is remarkably efficient since the LEDs are off 97% of the time, only being lit at the top of the minute. There are provisions for IR control and a PIR sensor to display the time whenever it’s needed, but that would obviously mean a hit to the energy efficiency.
There’s no denying that giant video walls are awesome, but creating one usually means a fairly complex setup with either multiple computers or very expensive video cards. Now, with Pi Wall, you can make a video wall as large as your wallet will allow with only one Raspi per monitor, and a single master pi to control the whole shebang.
As long as you have a few displays with an HDMI input, it’s easy to turn them into a giant monitor. Just plug one Pi per monitor into a network switch, have a Pi (or other Linux box) transmit a video to all the video tiles, and sit back and enjoy the show.
Right now there is an installation guide for creating a Pi Wall, but there are a few limitations; this software only works with the video player provided with the Raspberry Pi, omxplayer. If you’re looking to create an enormous display for a flight simulator or what have you, you might need to do a bit of tinkering under the hood.
This custom circuit board picks up some of the pieces from a wall wart to drive a high-power LED. The basic concept is to keep the high-voltage components and swap out the low voltage ones for parts that will be able to drive the 10W load.
The PCB is custom designed, but you can see that it was shaped to match the wall wort’s original board. To the right is the original 500mA transformer. The low-voltage side uses an LM393 because of its dual-comparators. This provides feedback for both current and voltage and is a perfect compliment for the TOP242. We haven’t seen that part before, but [Mincior] says that it’s nice for this application as it has safety features that lock down the chip if power or temperature are above spec. Once the replacement is nestled inside of the plastic case it looks stock and makes sure that your custom LED fixtures will stand the test of time safely.
Instructables user [txoof] was unhappy with the fact that Olympus didn’t manufacture a wall power adapter for the E-510 camera and decided to do something about it. The resulting new power adapter is described in this article. What it amounts to is a fake battery pack made out of plywood.
A 2.5mm DC power adapter is attached as seen in the picture above and the fake battery contacts are made with a thin brass or steel plate. According to the article, a steel soda can or bean tin works well for this. Google sketchup with the slicer plugin is used to make slices of wood to be glued together in a “battery” shape. Alternatively, something like this would be a good project for a 3D printer or CNC router.
Although there is nothing that revolutionary about this hack, it solves a problem that many people have with cameras or other electronics without a readily available wall power supply. This can be especially evident when trying to do time-lapse photography or other activities that need a long time span. For another hacked-together wooden camera project, check out this remote trigger built using plywood and air freshener components.