This Week In Security: Leaking Partial Bits, Apple News, And Overzealous Contact Tracing

May 29, 2020 by 11 Comments

Researchers at the NCCGroup have been working on a 5-part explanation of a Windows kernel vulnerability, targeting the Kernel Transaction Manager (KTM). The vulnerability, CVE-2018-8611, is a local privilege escalation bug. There doesn’t seem to be a way to exploit this remotely, but it is an interesting bug, and NCCGroup’s work on it is outstanding.

They start with a bit of background on what the KTM is, and why one might want to use it. Next is a handy guide to reverse engineering Microsoft patches. From there, they describe the race condition and how to actually exploit it. They cover a wide swath in the series, so go check it out.

Left4Dead 2

Just a reminder that bugs show up where you least expect them, [Hunter Stanton] shares his story of finding a code execution bug in the popular Valve game, Left4Dead 2. Since the game’s code isn’t available to look at, he decided to go the route of fuzzing. The specific approach he took was to fuzz the navigation mesh data, part of the data contained in each game map. Letting the Basic Fuzzing Framework (BFF) run for three days turned up a few possible crashes, and the most promising turned out to have code execution potential. [Hunter] submitted the find through Valve’s HackerOne bug bounty program, and landed a cool $10k bounty for his trouble.

While it isn’t directly an RCE, [Hunter] does point out that malicious mesh data could be distributed with downloadable maps on the Steam workshop. Alternatively, it should be possible to set up a fake game server that distributes the trapped map. Continue reading “This Week In Security: Leaking Partial Bits, Apple News, And Overzealous Contact Tracing”

Toilet Paper Chase And Indoor Cycling Race With Unity And Arduino

May 29, 2020 by 4 Comments

While we’re still far away from returning to a pre-Corona everyday life, people seem to have accepted that toilet paper will neither magically cease to exist, nor become our new global currency. But back at the height of its madness, like most of us, [Jelle Vermandere] found himself in front of empty shelves, and the solution seemed obvious to him: creating a lifelike toilet paper chasing game in hopes to distract the competition.

Using Unity, [Jelle] created a game world of an empty supermarket, with the goal to chase after distribution tubes and collect toilet paper packs into a virtual cart. Inspired by the Wii Wheel, he imitated a shopping cart handle built from — as it appears — a sunshade pole that holds an Arduino and accelerometer in a 3D-printed case as game controller. For an even more realistic feel, he added a sound sensor to the controller, and competing carts to the game, which can be pushed out of the way by simply yelling loud enough. You can witness all of this delightful absurdity in his build video after the break.

From racing shopping carts to racing bicycles

But that’s not all. With the toilet paper situation sorted out, [Jelle] found himself in a different dilemma: a cloud foiled his plans of going for a bicycle ride. In the same manner, he ended up building a cycling racing game, once again with Unity and Arduino. From a 3D-scanned model of himself and his bicycle, to automatically generating tracks on the fly and teaching an AI to ride a bike, [Jelle] clearly doesn’t joke around while he’s joking around.

However, the best part about the game has to be the controller, which is his actual bicycle. Using a magnetic door sensor to detect the speed, and a potentiometer mounted with an obscure Lego construction to the handlebar, it’s at least on par with the shopping cart handle — but judge for yourself in another build video, also attached after the break. The only thing missing now is to level up the difficulty by powering the Arduino with the bicycle itself.

Continue reading “Toilet Paper Chase And Indoor Cycling Race With Unity And Arduino”

Two Way Mirror Improves Video Conferencing

May 29, 2020 by 12 Comments

Like everyone lately, [Matt] has been spending more time doing video conferencing lately. The problem is you naturally want to look at the screen, but that means you aren’t looking at the camera and, thus, you aren’t making eye contact. If you use a laptop, there is a relatively easy fix, although it isn’t particularly stylish. [Matt] built a black shroud out of foam board and put in two-way mirror. How does that help? Well, with the set up, you can put a very thin black web camera pointing up towards the mirror. Because the shroud is dark, you can see the screen through the mirror, but the camera sees you.

Where do you get a thin black web camera? You make one from an old laptop camera. They are tiny and easy to repurpose, a trick [Matt] has shared before. As a bonus, the post shows an easy way to take an LED strip and make a diffused light for lighting up your webcam call.

Continue reading “Two Way Mirror Improves Video Conferencing”

Building A 3270 Terminal Controller

May 28, 2020 by 56 Comments

We like to talk about how most of our computers today would have been mainframes a scant 40 or 50 years ago. Because of that, many people who want to run IBM mainframes such as the IBM 360 or 370 use the Hercules emulator to run the big iron on their PCs. However, mainframe IBM computers used an odd style of terminal and emulating it on a PC isn’t always as satisfying. At least, that’s what [lowobservable] thought, so he decided to get a 3270 terminal working with Hercules.

Back in the bad old days of computing, there were two main styles of terminals. Some companies, for example DEC, essentially used terminals as a “glass teletype.” That is, the screen was an analog of a roll of paper — more or less — and the keyboard immediately sent things to the remote system. However, companies like IBM and HP favored a different approach. Their terminals dealt with screens full of data. The terminal was smart enough to let you fill in forms, edit text on the screen, and then you’d send the entire screen in one gulp. Both systems had pros and cons, but — as you might expect — the screen-oriented terminals were more complex.

Continue reading “Building A 3270 Terminal Controller”

What Rhymes With Spice And Simulates Huge Circuits?

May 28, 2020 by 9 Comments

Most of us have computers on our desk that would have been considered supercomputers not long ago. We always wonder how many of them get any actual workout other than decoding video. If you want to simulate circuits you may very well start chewing up significant CPU time, so you might consider Xyce, an open source high-performance analog circuit simulator from Sandia National Labs. As you’d expect from a giant government lab it is able to support large scale parallel computing, but will also work on common desktop systems. On Linux, it will do what they call “small-scale parallelism.” In addition, it can deal with simulations of things as diverse as neural networks and power grids.

The code is open source, but oddly you do have to register to download it. Xyce has been around for a bit, but version 7.0 just arrived in April. Many of the changes are to improve compatibility with other Spice programs, notably HSpice.

Continue reading “What Rhymes With Spice And Simulates Huge Circuits?”

Psst – Wanna Buy A Control Panel From A Nuclear Power Station?

May 28, 2020 by 73 Comments

Doing the rounds today is an interesting lot in an otherwise unexciting industrial dispersal auction in Lincolnshire, UK. On sale is an “Ex nuclear plant reactor control/monitoring system“, at the time of writing attracting the low low bid of £220 ($270), but we guess it will rise. Everyone who has watched Chernobyl (or maybe The Simpsons) is now gazing awestruck at a crescent of metal consoles covered in screens, buttons, and joysticks just waiting for a staff of white-coated technicians to pore over them.

Chernobyl Unit 3 control room (still active). [Source: IAEA Imagebank on Flickr CC-SA 2.0]
It’s a very cool lot indeed, but it raises more questions than it answers. The auction house has very little information indeed, so we’re left guessing, where did it come from? From this image showing the unit 3 control room at Chernobyl it’s obvious didn’t come from there (/s). Since it is for sale in the UK, and the country has decommissioned the majority of its first-generation reactors by now, so there is no shortage of candidates. But that intriguing possibility raises another question. Is it even a reactor control panel in the first place?

British civilian nuclear plants have tight security but they are hardly a secret, so plenty of photos are online showing their interiors. And in studying those we hit a problem, this panel doesn’t resemble any of the control panel images we can find. The first generation of Magnox (Magnetic Oxide Magnesium Non Oxidising) plants had panels covered in analogue dials and chart recorders so it’s unlikely to be one of those. The second-generation AGR (Advanced Gas-cooled Reactor) stations had similarly complex panels, and it’s evidently not one of them.

Looking closely at the photos it becomes apparent that there are a lot of camera controls and monitors, and even what looks like a uMatic video recorder. It’s definitely nuclear-related and the 1980s look of it suggests maybe it could have come from an Advanced Gas-Cooled Reactor (AGR) station, but could it be a little closer to Sector 7G than the centre of the action? Is it a video monitoring console used to keep a physical eye on its operation?

Be careful if you bid, you could end up with a rather cool but absurdly large 1980s CCTV system. Can any of our readers shed any light on the matter?

Thanks [Gregg “Cabe” Bond] for the tip.

Bluetooth Takes Keyboard From DIY To Super Fly

May 28, 2020 by 8 Comments

They say you should never cheap out on anything that comes between you and the ground, like tires, shoes, and mattresses. We would take that a little further into the 21st century and extend it to anything between you and work. In our case, ‘buy nice or buy twice’ includes keyboards and mice.

[Marcus Young] is a fan of ortholinear ergonomic comfort, but not of cables. He gave [adereth]’s dactyl keyboard some wings by using a Bluetooth micro, and the Pterodactyl was born. Of course, the two halves still use a TRRS cable to communicate, and wires are required to charge batteries, but it’s the principle of the thing.

That’s not all [Marcus] did to make the dactyl his own — it also has a modified full-fat base that gives him all the room in the world to wire up the keyswitch matrix compared to the original streamlined design.

Instead of the usual Teensy, Pro Micro, or Proton-C, the pterodactyl has a Feather 32u4 in its belly. [Marcus] is clacking on Holy Panda switches which we’ve been meaning to try, and individual PCBs for each switch, which seems like it might negate gluing the switches in place so they survive through keycap changes. Check out [Marcus]’ write-up to see what he learned during this build.

This isn’t the first modified dactyl we’ve seen flying around here, and it won’t be the last. Here’s one with a dual personality — both halves can work together or alone.

Via r/mk