Last Call For Hackaday Belgrade Proposals Grants You A Four-Day Reprieve

February 28, 2020 by No comments

We want you to present a talk at Hackaday Belgrade and this is the last call to send us your proposal.

Europe’s biennial conference on hardware creation returns to Serbia on May 9th for an all-day-and-into-the-night extravaganza. Core to this conference is people from the Hackaday community sharing their stories of pushing the boundaries of what’s possible on their electronics workbenches, firmware repos, and manufacturing projects.

Here at Hackaday we live a life of never ending deadlines, but we also understand that this isn’t true for everyone. In that spirit, we’re extending the deadline so that those who count procrastination as a core skill don’t miss their chance to secure a speaking slot at the last minute. You now have until 18:00 GMT (19:00 in Belgrade) next Friday to file your talk proposal.

The conference badge is being built by Voja Antonic, the inventor of Yugoslavia’s first widely-adopted personal computer. We know he has prototype PCBs on hand and plan to share more information on what he has in store for you very soon.

This Week In Security: Chrome Bugs And Non-bugs, Kr00k, And Letsencrypt

February 28, 2020 by 20 Comments

Google Chrome minted a new release to fix a trio of bugs on Monday, with exploit code already in the wild for one of them. The first two bugs don’t have much information published yet. They are an integer-overflow problem in Unicode internationalization, and a memory access issue in streams. The third issue, type confusion in V8, was also fixed quietly, but a team at Exodus Intel took the time to look at the patches and figure out what the problem was.

The actual vulnerability dives into some exotic Javascript techniques, but to put it simply, it’s possible to change a data-type without V8 noticing. This allows malicious code to write into the header area of the attacked variable. The stack, now corrupted, can be manipulated to the point of arbitrary code execution. The researchers make the point that even with Google’s fast-paced release schedule, a determined attacker could have several days of virtual zero-day exploitation of a bug mined from code changes. Story via The Register.

The Chrome Problem that Wasn’t

A second Chrome story came across my desk this week: Chrome 80 introduces a new feature, ScrollToTextFragment. This useful new feature allows you to embed a string of text in a URL, and when loading that address, Chrome will scroll the page to make that text visible. For certain use cases, this is an invaluable feature. Need to highlight a specific bit of text in a big document online?

The following bookmarklet code by [Paul Kinlan] is the easy way to start using this feature. Paste this code into the URL of a bookmark, put it on the bookmark bar, highlight some text in a webpage, and then run the bookmarklet. It should open a new tab with the new URL, ready to use or send to someone.

javascript:(function()%7Bconst%20selectedText%20%3D%20getSelection().toString()%3Bconst%20newUrl%20%3D%20new%20URL(location)%3BnewUrl.hash%20%3D%20%60%3A~%3Atext%3D%24%7BencodeURIComponent(selectedText)%7D%60%3Bwindow.open(newUrl)%7D)()

Since we’re talking about it in the security column, there must be more to the story. A privacy guru at Brave, [Peter Snyder], raised concerns about privacy implications of the feature. His argument has been repeated and misrepresented in a few places. What argument was he making? Simply put, that it’s not normal user behavior to immediately scroll to an exact position on the page. Because modern web pages and browsers do things like deferred loading of images, it could be possible to infer where in the page the link was pointing. He gives the example of a corporate network where DNS is monitored. This isn’t suggesting that the entire URL is leaked over DNS, but rather that DNS can indicate when individual components of a page are loaded, particularly when they are embedded images from other sites.

While this concern isn’t nonsensical, it seems to me to be a very weak argument that is being over-hyped in the press.

Whatsapp Groups Searchable on Google

It’s not new for search engines to index things that weren’t intended to be public. There is a bit of mystery surrounding how Google finds URLs to index, and StackExchange is full of plenty of examples of webadmins scratching their heads at their non-public folders showing up in a Google search.

That said, a story made the rounds in the last few days, that WhatsApp and Telegram group invites are being indexed by Google. So far, the official word is that all the indexed links must have been shared publicly, and Google simply picked them up from where they were publicly posted.

It appears that WhatsApp has begun marking chat invitation links as “noindex”, which is a polite way to ask search engines to ignore the link.

If it’s shown that links are getting indexed without being posted publicly online, then we have a much bigger story. Otherwise, everything is working as expected.

Letsencrypt Makes Attacks Harder

Letsencrypt has rolled out an invisible change to their validation process that makes a traffic redirection attack much harder. The new feature, Multi-Perspective Validation, means that when you verify your domain ownership, Letsencrypt will test that verification from multiple geographic regions. It might be possible to spoof ownership of a domain through a BGP attack, but that attack would be much harder to pull off against traffic originating from another country, or multiple countries simultaneously. Letsencrypt is currently using different regions of a single cloud, but plans to further diversify and use multiple cloud providers for even stronger validation.

Kr00k

Brought to us by the researchers at Eset, Krook (PDF) is a simple flaw in certain wireless chips. So far, the flaw seems to be limited to WPA2 traffic sent by Broadcom and Cypress chips. They discovered Kr00k while doing some followup research on KRACK.

Let’s talk about WPA2 for a moment. WPA2 has a 4-way handshake process that securely confirms that both parties have the shared key, and then establishes a shared Temporal Key, also known as a session key. This key is private between the two devices that performed the handshake, meaning that other devices on the same wireless network can’t sniff traffic sent by other devices.

When a device disconnects, or disassociates, that session key is reset to all 0s, and no packets should be sent until another handshake is performed. Here’s the bug: The packets already in the output buffer are still sent, but are encrypted with the zeroed key, making them trivially decrypted. As it’s simple to trigger deauthentication events, an attacker can get a sampling of in-the-clear packets. The ubiquity of TLS is a saving grace here, but any unencrypted traffic is vulnerable. Eset informed vendors about the flaw in 2019, and at least some devices have been patched.

Exchange

Microsoft Exchange got a security patch this past Tuesday that addressed a pair of bugs that together resulted in a remote code execution vulnerability. The first bug was an encryption key that is generated on Exchange server installation. That generation seemed to lack a good source of entropy, as apparently every Exchange install uses the the exact same key.

The second half of this bug is a de-serialization problem, where an encrypted payload can contain a command to run. Because the encryption key is known, any user can access the vulnerable endpoint. The process of exploitation is so trivial, be sure to patch your server right away.

TODO: Remove Vulnerabilities

This one is just humorous. An Intel virtualization feature appears to have been pushed into the Linux kernel before it was finished. Know what unfinished code tends to contain? Bugs and vulnerabilities. CVE-2020-2732, in this case. It’s unclear how exactly an exploit would work, but the essence is that a virtual guest is allowed to manipulate system state in unintended ways.

Hackaday Podcast 056: Cat Of 9 Heads, Robot Squats, PhD In ESP32, And Did You Hear About Sonos?

February 28, 2020 by No comments

Hackaday editors Elliot Williams and Mike Szczys gab on great hacks of the past week. Did you hear that there’s a new rev of the Pi 4 out there? We just heard… but apparently it’s release into the wild was months ago. Fans of the ESP8266 are going to love this tool that flashes and configures the board, especially for Sonoff devices. Bitluni’s Supercon talk was published this week and it’s a great roadmap of all the things you should try to do with an ESP32. Plus we take on the Sonos IoT speaker debacle and the wacky suspension system James Bruton’s been building into his humanoid robot.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 056: Cat Of 9 Heads, Robot Squats, PhD In ESP32, And Did You Hear About Sonos?”

A Simple Yet Feature-Packed Programmable DC Load

February 28, 2020 by 14 Comments

If you’ve got the hankering to own a lab full of high-end gear but your budget is groaning in protest, rolling your own test equipment can be a great option. Not everything the complete shop needs is appropriate for a DIY version, of course, but a programmable DC load like this one is certainly within reach of most hackers.

This build comes to us courtesy of [Scott M. Baker], who does his usual top-notch job of documenting everything. There’s a longish video below that covers everything from design to testing, while the link above is a more succinct version of events. Either way, you’ll get treated to a good description of the design basics, which is essentially an op-amp controlling the gate of a MOSFET in proportion to the voltage across a current sense resistor. The final circuit adds bells and whistles, primarily in the form of triple MOSFETS and a small DAC to control the set-point. The DAC is driven by a Raspberry Pi, which also supports either an LCD or VFD display, an ADC for reading the voltage across the sense resistor, and a web interface for controlling the load remotely. [Scott]’s testing revealed a few problems, like a small discrepancy in the actual amperage reading caused by the offset voltage of the op-amp. The MOSFETs also got a bit toasty under a full load of 100 W; a larger heatsink allows him to push the load to 200 W without releasing the smoke.

We always enjoy [Dr. Baker]’s projects, particularly for the insight they provide on design decisions. Whether you want to upgrade the controller for a 40-year-old game console or giving a voice to an RC2014, you should check out his stuff.

Continue reading “A Simple Yet Feature-Packed Programmable DC Load”

Astra Readies Secretive Silicon Valley Rocket; Firm Exits Stealth Mode, Plans Test Launch

February 28, 2020 by 27 Comments

After the end of the Second World War the United States and the Soviet Union started working feverishly to perfect the rocket technology that the Germans developed for the V-2 program. This launched the Space Race, which thankfully for everyone involved, ended with boot prints on the Moon instead of craters in Moscow and DC. Since then, global tensions have eased considerably. Today people wait for rocket launches with excitement rather than fear.

That being said, it would be naive to think that the military isn’t still interested in pushing the state-of-the-art forward. Even in times of relative peace, there’s a need for defensive weapons and reconnaissance. Which is exactly why the Defense Advanced Research Projects Agency (DARPA) has been soliciting companies to develop a small and inexpensive launch vehicle that can put lightweight payloads into Earth orbit on very short notice. After all, you never know when a precisely placed spy satellite can make the difference between a simple misunderstanding and all-out nuclear war.

More than 50 companies originally took up DARPA’s “Launch Challenge”, but only a handful made it through to the final selection. Virgin Orbit entered their air-launched booster into the competition, but ended up dropping out of contention to focus on getting ready for commercial operations. Vector Launch entered their sleek 12 meter long rocket into the competition, but despite a successful sub-orbital test flight of the booster, the company ended up going bankrupt at the end of 2019. In the end, the field was whittled down to just a single competitor: a relatively unknown Silicon Valley company named Astra.

Should the company accomplish all of the goals outlined by DARPA, including launching two rockets in quick succession from different launch pads, Astra stands to win a total of $12 million; money which will no doubt help the company get their booster ready to enter commercial service. Rumored to be one of the cheapest orbital rockets ever built and small enough to fit inside of a shipping container, it should prove to be an interesting addition to the highly competitive “smallsat” launcher market.

Continue reading “Astra Readies Secretive Silicon Valley Rocket; Firm Exits Stealth Mode, Plans Test Launch”

What Time Is It? Infinity Time

February 28, 2020 by 3 Comments

Since the dawn of the infinity craze, we’ve seen all kinds of projects — mirrors, smart mirrors, coffee tables, clocks, you name it. Unfortunately all of these cool projects sit at home, unappreciated by the public. Well, not anymore. [nolandoktor] is taking infinity to the streets with this beautiful and functional vortex watch.

Though this project is pretty darned advanced, it’s all open source and completely within reach for anyone who has the tools and the time. The watch is based around an ATmega32u4 and uses a DS3231 real-time clock to keep accurate time on the WS2812 LEDs that represent the numbers. The time is displayed using R, G, and B assigned to hour, minute, and second. Actually reading the time is bit tricky until you understand how the colors work together, but something this lovely deserves to maintain a slight air of mystery.

The watch’s case parts are all printed — metal for the bezel, and SLA for the white inner ring that lets a bit of light leak out the side in order to illuminate the USB port and the two stainless steel screws that act as touch contacts. In the future, [nolandoktor] wants to add flashlight mode that turns all the LEDs white, some gaskets to resist water, and wake-on-gesture functionality with an IMU. Take a second to check out the demo after the break.

If you prefer a more traditional timepiece of infinite interest, this clock moves more mundanely, but still looks cool.

Continue reading “What Time Is It? Infinity Time”

A Tetris To Be Proud Of, With Only A Nano

February 28, 2020 by 12 Comments

Tetris may have first arrived in the West on machines such as the PC and Amiga, but its genesis at the hands of [Alexey Pajitnov] was on an Electronika 60, a Soviet clone of an early-1970s DEC PDP-11. Thus those tumbling blocks are hardly demanding in terms of processor power, and a game can be implemented on the humblest of hardware. Relatively modern silicon such as the Atmega328 in [c0pperdragon]’s Arduino Nano Tetris console should then have no problems, but to make that assumption is to miss the quality of the achievement.

In a typical home or desktop computer of the 1980s the processor would have been assisted by plenty of dedicated hardware, but since the Arduino has none of that the feat of creating the game with a 288p video signal having four gray scales and with four-channel music is an extremely impressive one. Beside the Nano there are only a few passive components, there are no CRT controllers or sound chips to be seen.

The entire device is packaged within a clone of a NES controller, with the passives on a piece of stripboard beside the Nano. There is a rudimentary resistor DAC to produce the grey scales, and the audio is not the direct PWM you might expect but a very simple DAC created by charging and discharging a capacitor at the video line frequency. The results can be seen and heard in the video below the break, and though we’re sure we’ve heard something like that tune before, it looks to be a very playable little game.

Continue reading “A Tetris To Be Proud Of, With Only A Nano”