Author: Elliot Williams

1450 Articles

Dropping Zip Bombs On Vulnerability Scanners

July 8, 2017 by 117 Comments

If you’ve ever looked at the server logs of a computer that lives full-time on the Internet, you know it’s a rough world out there. You’ll see hundreds of attempts per day to break in to your one random little box. Are you going to take that sitting down? Christian Haschek didn’t.

Instead of simply banning IPs or closing off services, [Christian] decided to hit ’em where it hurts: in the RAM. Now, whenever a bot hits his server looking for a poorly configured WordPress install, he serves them 10 GB of zeroes, compressed down into 10 MB by gzip:

dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

The classic trick uses zip multiple times on itself, which lets you compress arbitrarily large files into just a few kB. [Christian] tried this with gzip, and discovered that it didn’t automatically recurse, so he’s taking a small bandwidth hit for the team. If you know how to get more data packed smaller using gzip, leave a note in the comments.

Nobody really knows if this works on the bad guys’ servers, but [Christian] said that they stopped hitting him after downloading a couple payloads. If you want to test out what it does to your system, click this link. If you don’t run a server, but phishing e-mails get you hot under the collar, check out [Robbie Gallagher]’s talk on phishing the phishers from last year’s Schmoocon for cathartic tales of revenge.

Tetris On A Soldering Iron

July 7, 2017 by 20 Comments

Our commenteers have all said good things about the open-source TS100 soldering iron pencil: things like “it solders well”. But we’ve all got soldering irons that solder well. What possible extra value does having open-source firmware on a soldering iron bring? [Joric] answered that question for us — it can play Tetris. (Video embedded below.)

While that’s cool and all, it wasn’t until we were reading through the README over at GitHub that the funniest part of this hack hit us. Every time you lose a game, the iron tip temperature increases by 10 degrees. Tetris for masochists? The makings of some horrible bar bets? We’re just glad that it’s open-source, because we’re not that good and it would get too hot to handle fast.

We haven’t tried out a TS100 yet, but this hack is almost pushing us to impulse purchase. There are alternative versions of the firmware if you just don’t like the font, for instance. And now, Tetris. Will this become the hot new gaming platform that you’ve been waiting for? Let us know in the comments.

Continue reading “Tetris On A Soldering Iron”

Free As In Beer, Or The Story Of Windows Viruses

July 5, 2017 by 211 Comments

Whenever there’s a new Windows virus out there wreaking global havoc, the Linux types get smug. “That’ll never happen in our open operating system,” they say. “There are many eyes looking over the source code.” But then there’s a Heartbleed vulnerability that keeps them humble for a little while. Anyway, at least patches are propagated faster in the Linux world, right?

While the Linuxers are holier-than-thou, the Windows folks get defensive. They say that the problem isn’t with Windows, it’s just that it’s the number one target because it’s the most popular OS. Wrong, that’d be Android for the last few years, or Linux since forever in the server space. Then they say it’s a failure to apply patches and upgrade their systems, because their users are just less savvy, but that some new update system will solve the problem.

There’s some truth to the viruses and the patching, but when WannaCry is taking over hospitals’ IT systems or the radiation monitoring network at Chernobyl, it’s not likely to be the fault of the stereotypical naive users, and any automatic patch system is only likely to help around the margins.

So why is WannaCry, and variants, hitting unpatched XP machines, managed by professionals, all over the world? Why are there still XP machines in professional environments anyway? And what does any of this have to do with free software? The answer to all of these questions can be found in the ancient root of all evil, the want of money. Linux is more secure, ironically, at least partly because it’s free as in beer, and upgrading to a newer version is simply cheaper.

Continue reading “Free As In Beer, Or The Story Of Windows Viruses”

[Daito Manabe] Interview: Shocking!

July 5, 2017 by 2 Comments

We’ve loved [Daito Manabe]’s work for a while now. Don’t know [Daito]? Read this recent interview with him and catch up. Is he a hacker’s artist, or an artist’s hacker?

My personal favorite hack of his is laser painting apparatus from 2011. The gimmick is that he uses the way the phosphors fade out to create a greyscale image. Saying that is one thing, but watching it all come together in time is just beautiful.

Maybe you’ve seen his facial-electrocution sequencer (words we never thought we’d write! YouTube link). He’s taken that concept and pushed it to the limit — setting up the same sequences on multiple people make them look eerily like the sacks of meat that they are, until everyone laughs at the end of the experiment and they’re all back to being human.

Anyway, if you didn’t know [Daito], check out the rest of his work. Have any other favorite tech artists that we’re missing? Drop us a line.

Hacking An Inspection Microscope

June 26, 2017 by 74 Comments

Sometimes I need to be able to take photographs of very small things, and the so-called macro mode on my point-and-shoot camera just won’t cut it. And it never hurts to have an inspection scope on hand for tiny soldering jobs, either, though I prefer a simple jeweler’s loupe in one eye for most tasks. So I sent just over $40 off to my close friend Alibaba, and a few weeks later was the proud owner of a halfway usable inspection scope that records stills or video to an SD card.

Unfortunately, it’s only halfway useable because of chintzy interface design and a wobbly mount. So I spent an afternoon, took the microscope apart, and got it under microcontroller control, complete with WiFi and a scripting language. Much better! Now I can make microscope time-lapses, but much more importantly I can take blur-free photos without touching the wiggly rig. It was a fun hack, so I thought I’d share. Read on!

Continue reading “Hacking An Inspection Microscope”

The Arduino Foundation: What’s Up?

June 19, 2017 by 65 Comments

The Arduino Wars officially ended last October, and the new Arduino-manufacturing company was registered in January 2017.  At the time, we were promised an Arduino Foundation that would care for the open-source IDE and code infrastructure in an open and community-serving manner, but we don’t have one yet. Is it conspiracy? Or foul play? Our advice: don’t fret. These things take time.

But on the other hand, the Arduino community wants to know what’s going on, and there’s apparently some real confusion out there about the state of play in Arduino-land, so we interviewed the principals, Massimo Banzi and Federico Musto, and asked them for a progress report.

The short version is that there are still two “Arduinos”: Arduino AG, a for-profit corporation, and the soon-to-be Arduino Foundation, a non-profit in charge of guiding and funding software and IDE development. The former was incorporated in January 2017, and the latter is still in progress but looks likely to incorporate before the summer is over.

Banzi, who is a shareholder of Arduino AG, is going to be the president of the Foundation, and Musto, AG’s CEO, is going to be on the executive board and both principals told us similar visions of incredible transparency and community-driven development. Banzi is, in fact, looking to get a draft version of the Foundation’s charter early, for comment by the community, before it gets chiseled in stone.

It’s far too early to tell just how independent the Foundation is going to be, or should be, of the company that sells the boards under the same name. Setting up the Foundation correctly is extremely important for the future of Arduino, and Banzi said to us in an interview that he wouldn’t take on the job of president unless it is done right. What the Arduino community doesn’t need right now is a Foundation fork.  Instead, they need our help, encouragement, and participation once the Foundation is established. Things look like they’re on track.

Continue reading “The Arduino Foundation: What’s Up?”

Hackaday Prize Entry: ESP32 Monster And Getting Started Quickly

May 28, 2017 by 19 Comments

Prolific hacker [kodera2t] is working on his own “ESP32 monster board” dev board for the still-newish ESP32 WiFi module. His board has everything: Ethernet, OLED, LiPo, and even CAN-bus. But all that peripheral connectivity is worth nothing if you can’t program the microcontroller to use it.

The Arduino environment for the ESP32 is coming along quite nicely, but it’s not yet fully featured enough to run all of [kodera2t]’s hardware. To take advantage of all that, he needs to use Espressif’s SDK — called the “IoT Development Framework” or IDF for short. In his latest project log, [kodera2t] goes through everything necessary to get the IDF up and compiling on OSX. (It’s strangely similar to the Linux procedure.) Read through the official instructions here, if you want more, but we think [kodera2t] hits all the high points.

While we’re tooting [kodera2t]’s horn, check out his old project — an Arduino shoehorned into an SD card — or watch his alter-ego [Toshiro Kodera] give a serious talk about his day job, engineering radio-frequency meta-materials.

The HackadayPrize2017 is Sponsored by: