This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR

According to researchers at GTSC, there’s an unpatched 0-day being used in-the-wild to exploit fully patched Microsoft Exchange servers. When they found one compromised server, they made the report to Microsoft through ZDI, but upon finding multiple Exchange servers compromised, they’re sounding the alarm for everyone. It looks like it’s an attack similar to ProxyShell, in that it uses the auto-discover endpoint as a starting point. They suspect it’s a Chinese group that’s using the exploit, based on some of the indicators found in the webshell that gets installed.

There is a temporary mitigation, adding a URL-based request block on the string .*autodiscover\.json.*\@.*Powershell.. The exact details are available in the post. If you’re running Exchange with IIS, this should probably get added to your system right now. Next, use either the automated tool, or run the PowerShell one-liner to detect compromise: Get-ChildItem -Recurse -Path -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200. This one has the potential to be another really nasty problem, and may be wormable. As of the time of writing, this is an outstanding, unpatched problem in Microsoft Exchange. Come back and finish the rest of this article after you’ve safed up your systems.

Continue reading “This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR”

Slap This Big Red Button For An Instant Social Media Detox

Dangerous machines, like ones that can quickly reduce you to a fine red mist or a smoking cinder, tend to have a Big Red Button™ to immediately stop whatever the threat is. Well, if a more dangerous machine than social media has ever been invented, we’re not sure what it would be, which is why we’re glad this social media kill switch exists.

The idea behind [Gunter Froman]’s creation is to provide a physical interface to SocialsDetox, a service that blocks or throttles connectivity to certain apps and websites. SocialDetox blocks access using either DNS over HTTPS (DoH) or, for particularly pesky and addictive apps, a service-specific VPN. The service does require a subscription, the cost of which varies by the number of devices you want to protect, but the charges honestly seem pretty reasonable.

While SocialsDetox can be set up to block access on a regular schedule, say if you want to make the family dinner a social-free time, there may be occasions where killing social access needs to happen right now. This is where the Big Red Button comes into it, which is attached to a Wemos D1 Mini. Pressing the kill switch sends an API request to either enable or disable the service, giving you a likely much-needed break from the swirling vortex of hate and envy that we all can’t seem to live without. Except for Hackaday, of course — it’s totally not like that here.

The irony of using an IoT appliance to restrict access to social media is not lost on us, but you work with the tools you’ve got. And besides, we like the physical interface here, which sort of reminds us this fitting enclosure for a PiHole.

This Computer Is Definitely Not A Toy

If you’ve ever eyed up a kids laptop and wondered whether it could take an upgrade with a single board computer, you’re not alone. [Labz] have taken a couple of Brazilian Max Steel toy computers from a decade or more ago, and made them into usable if unconventional portable computers (Brazilian Portuguese, but YouTube’s subtitle translation is your friend).

The computers are similar to the ones you may be familiar with from the likes of VTech, a QWERTY keyboard and fairly conventional form factor but with a tiny monochrome LCD and a few built-in games. In the video below the break we see both the laptop and desktop variants butchered with a rotary tool to receive new larger screens, with the laptop getting a Raspberry Pi and the desktop getting a small form factor PC. The laptop needed a 3D printed extension to make extra space, while the desktop received a PCI Express extension cable for a video card. Finally, an Arduino took care of the keyboard.

The cherry on the cake for this video comes at the end, when they find the now-grown-up kid from the original advert. Meanwhile, kids computers have featured here before a few times.

Continue reading “This Computer Is Definitely Not A Toy”

Building A Replica Of An Obscure Romanian Computer

We’ve all seen emulated Apple II and Commodore 64 boards about the place. Few of us have heard of the Romanian ZX Spectrum clone known as the Cobra, let alone any efforts to replicate one. However, [Thomas Sowell] has achieved just that, and has shared the tale with us online.

The Cobra was named for its origins in the city of Brasov – hence, COmputer BRasov. The replica project was spawned for a simple reason. Given that sourcing an original Romanian Cobra would be difficult, [Thomas] realized that he could instead build his own, just as many Romanians did in the 1980s. He set about studying the best online resources about the Cobra, and got down to work.

The build started with board images sourced from Cobrasov.com, and these were used to get a PCB made. [Thomas] decided to only use vintage ICs sourced from the Eastern Bloc for authenticity’s sake, too. Most came from the former USSR, though some parts were of East German, Romanian, or Czechoslovakian manufacture. The project took place prior to the Russian invasion of Ukraine, so there weren’t any hassles shipping across borders.

With everything hooked up and the EEPROMs given a real Cobra ROM image, the computer burst into life. There were some hiccups, with an overheating video IC and some memory glitches. However, with some nifty tweaks and replacements subbed in, the computer came good. Other work involved adding a custom keyboard and modifying 3.5″ floppy drives to work with the system.

Overall, the build is a faithful tribute to what was an impressive piece of engineering from behind the Iron Curtain. [Thomas]’s work also embodies the DIY ethos behind many homebrew Cobra computers built back in the day.

If all this talk has got you curious about the full history of the Cobra and Romania’s underground computer movement, we have everything you’re looking for right here!

picture showing the re-built scale with an extra blue box with electronics on the bottom of it. on the scale, there's a transparent food-grade plastic glass with measurement marks on the side.

Urine Flow Measurement Made Accessible With UroFlow

If you’re dealing with a chronic illness, the ability to continuously monitor your symptoms is indispensable, helping you gain valuable insights into what makes your body tick – or, rather, mis-tick. However, for many illnesses, you need specialized equipment to monitor them, and it tends to be that you can only visit your doctor every so often. Thankfully, we hackers can figure out ways to monitor our conditions on our own. With a condition called BPH (Benign Prostate Hyperplasia), one of the ways to monitor it is taking measurements of urinary flow rate. Being able to take these measurements at home provides better insights, and, having found flow rate measurement devices to be prohibitively expensive to even rent, [Jerry Smith] set out to build his own.

This build is truly designed to be reproducible for anyone who needs such a device. Jerry has intricately documented the project and its inner workings – the 31-page document contains full build instructions, BOM for ordering, PCB description and pinout diagrams, calibration and validation instructions, and even software flowcharts; the GitHub repo has everything else you might need. We’re pleasantly surprised – this amount of documentation isn’t typically seen in hacker projects, and is even more valuable considering that this is a medical device that other hackers in need will want to reproduce.

Graph titled "Flow", with X axis saying "seconds" and Y axis saying "ml/Sec". There's differently colored plots on the graph, each apparently corresponding to a different measurement.For the hardware, [Jerry] took a small digital scale of a certain model and reused its load cell-based weighing mechanism using an HX711 amplifier, replacing the screen and adding an extra box for control electronics. With an Arduino MKR1010 as brains of the operation, the hardware’s there to log flow data, initially recorded onto the SD card, with WiFi connectivity to transfer the data to a computer for plotting; a DS3234 RTC breakout helps keep track of the time, and a custom PCB ties all of these together. All of these things are easy to put together, in no small part due to the extensive instructions provided.

Continue reading “Urine Flow Measurement Made Accessible With UroFlow”

Casting Metal With A Microwave And Vacuum Cleaner

Metalworking might conjure images of large furnaces powered by coal, wood, or electricity, with molten metal sloshing around and visible in its crucible. But metalworking from home doesn’t need to use anything more fancy than a microwave, at least according to [Denny] a.k.a. [Shake the Future]. He has a number of metalworking tools designed to melt metal using a microwave, and in this video he uses them to make a usable aluminum pencil with a graphite core.

Before getting to the microwave kiln, the pencil mold needs to be prepared. A 3D-printed pencil is first created with the graphite core, and then [Denny] uses a plaster of Paris mixture to create the mold for the pencil. The 3D printed plastic is left inside the mold and placed in the first microwave kiln, which is turned on just enough to melt the plastic out of the mold, leaving behind the graphite core. From there a second kiln goes into the microwave to melt the aluminum.

Once the molten aluminum is ready, it is removed from the kiln and poured in the still-warm pencil mold. This is where [Denny] has another trick up his sleeve. He’s using a household vacuum cleaner to suck the metal into place before it cools, creating a rudimentary but effective vacuum forming machine. The result is a working pencil, at least after he wears down a few razor blades attempting to sharpen the metal pencil. For more information about how [Denny] makes these microwave kilns, take a look at some of his earlier projects.

Continue reading “Casting Metal With A Microwave And Vacuum Cleaner”

Teensy Becomes Tiny Handheld Computer, Plays Emulators

Science fiction predicted that we would one day all carry around tiny computers of great power. While smartphones are great, those predictions were more based on cuter systems that more closely approximated existing computers, with keyboards and screens. [Jean-Marc Harvengt] has built something along those very lines, and it’s called the T-COMPUTER.

This build centers around the mighty Teensy 4.1. That means it’s got an 800 MHz Cortex-M7 processor, 1 MB of RAM, and 8 MB of flash – eclipsing the specs of many retrocomputers of yesteryear. [Jean-MarcHarvengt] has paired the Teensy with a 42-key keyboard and a TFT screen, making a compact handheld computer platform. It’s also got VGA out for display on a bigger screen, along with USB and an old-school Atari joystick port! Power is via a small rechargeable lithium cell on the back, and 16-bit stereo audio is available via a standard 3.5mm jack. There’s also a little GPIO available if you need to interface with something.

It’s capable of emulating the Commodore 64 and Super Nintendo, as well as more obscure systems like the Atari Lynx. And before you ask – yes, it can run DOOM. It’s a fun little platform that would be enjoyable for retrogaming and hacking on the go. If you want to build your own, files are readily available on Github to recreate the system.

Handheld computer builds are always growing in popularity now that so much computing power can be had in a tiny devboard formats. If you’ve built your own neat little rig, be sure to let us know! Video after the break.

Continue reading “Teensy Becomes Tiny Handheld Computer, Plays Emulators”