This Week In Security: Barracuda, Zyxel, And The Backdoor

June 2, 2023 by 12 Comments

Barracuda’s Email Security Gateway (ESG) has had a vulnerability in it for years. Tracked as CVE-2023-2868, this one was introduced back in version 5.1.3.001, and only got patched during the 9.2 development cycle. Specific build information on patched firmware has not been made available, but a firmware build containing the patch was deployed on May 20.

The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.

There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.

Moxa, Too

And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor”

Ask Hackaday: The Ten Dollar Digital Mixing Desk?

February 6, 2023 by 110 Comments

There comes a point in every engineer’s life at which they need a mixing desk, and for me that point is now. But the marketplace for a cheap small mixer just ain’t what it used to be. Where once there were bedroom musicians with a four-track cassette recorder if they were lucky, now everything’s on the computer. Lay down as many tracks as you like, edit and post-process them digitally without much need for a physical mixer, isn’t it great to be living in the future!

This means that those bedroom musicians no longer need cheap mixers, so the models I was looking for have disappeared. In their place are models aimed at podcasters and DJs. If I want a bunch of silly digital effects or a two-channel desk with a crossfader I can fill my boots, but for a conventional mixer I have to look somewhat upmarket. Around the three figure mark are several models, but I am both a cheapskate and an engineer. Surely I can come up with an alternative. Continue reading “Ask Hackaday: The Ten Dollar Digital Mixing Desk?”

The Story Behind The TVGuardian Curse Catcher

December 14, 2022 by 23 Comments

The recent flurry of videos and posts about the TVGuardian foul language filter brought back some fond memories. I was the chief engineer on this project for most of its lifespan. You’ve watched the teardowns, you’ve seen the reverse engineering, now here’s the inside scoop.

Gumby is Born

TVG Model 101 Gumby (Technology Connections)

Back in 1999, my company took on a redesign project for the TVG product, a box that replaced curse words in closed-captioning with sanitized equivalents. Our first task was to take an existing design that had been produced in limited volumes and improve it to be more easily manufactured.

The original PCB used all thru-hole components and didn’t scale well to large quantity production. Replacing the parts with their surface mount equivalents resulted in Model 101, internally named Gumby for reasons long lost. If you have a sharp eye, you will have noticed something odd about two parts on the board as shown in [Ben Eater]’s video. The Microchip PIC and the Zilog OSD chip had two overlapping footprints, one for thru-hole and one for SMD. Even though we preferred SMD parts, sometimes there were supply issues. This was a technique we used on several designs in our company to hedge our bets. It also allowed us to use a socketed ICs for testing and development. Continue reading “The Story Behind The TVGuardian Curse Catcher”

Beautiful Engineering In This Laser Unit From A Tornado Jet Fighter

March 13, 2022 by 18 Comments

Those of use hailing from the UK may be quite familiar with the Royal Air Force’s Tornado fighter jet, which was designed to fight in a theoretical nuclear war, and served the country for over 40 years. This flying deathtrap (words of an actual serving RAF fighter pilot this scribe met a few years ago) was an extremely complex machine, with state-of-the-art tech for its era, but did apparently have a bit of a habit for bursting into flames occasionally when in the air!

Anyway, the last fleet is now long retired and some of the tech inside it is starting to filter down into the public domain, as some parts can be bought on eBay of all places. [Mike] of mikeselectricstuff has been digging around inside the Tornado’s laser head unit,  which was part of the bomber’s laser-guided missile subsystem, and boy what a journey of mechanics and electronics this is!

Pulse-mode optically pumped YAG laser

This unit is largely dumb, with all the clever stuff happening deep in an avionics bay, but there is still plenty of older high-end tech on display. Using a xenon-discharge-tube pumped yttrium aluminum garnet (YAG) laser, operating in pulsed mode, the job of the unit is to illuminate the ground target with an IR spot, which the subsequently fired missiles will home on to.

Designed for ground-tracking, whilst the aircraft is operating at speed, the laser head has three degrees of moment, which likely is synchronized with the aircraft movement to keep the beam steady. The optical package is quite interesting, with the xenon tube and YAG rod swimming in a liquid cooling bath, inside a metal housing. The beam is bounced around inside the housing using many prisms, and gated with a Q-switch which allows the beam to build up in intensity, before be unleashed on the target. Also of note is the biggest photodiode we’ve ever seen — easily over an inch in diameter, split into four quadrants, enabling the sensor to resolve direction changes in the reflected IR spot and track its error. A separate photodiode receiver forms part of the time-of-flight optical range finder, which is also important information to have when targeting.

There are plenty of unusual 3-phase positioning motors, position sensors, and rate gyros in the mix, with the whole thing beautifully crafted and wired-up military spec. It is definitely an eye opener for what really was possible during the cold war years, even if such tech never quite filtered down to civilian applications.

We’ve seen a few bits about the Tornado before, like this over-engineered attitude indicator, and here’s the insides of an old aircraft QAR (Quick Access Recorder)

Continue reading “Beautiful Engineering In This Laser Unit From A Tornado Jet Fighter”

Save Money And Have Fun Using IEEE-488

January 31, 2022 by 32 Comments

A few months ago, I was discussing the control of GPIB equipment with a colleague. Based on only on my gut feeling and the briefest of research, I told him that the pricey and proprietary GPIB controller solutions could easily be replaced by open-source tools and Linux. In the many weeks that followed, I almost abandoned my stance several times out of frustration. With some perseverance, breaking the problems into bite-sized chunks, and lots of online searching to learn from other people’s experiences, my plan eventually succeeded. I haven’t abandoned my original stance entirely, I’ve taken a few steps back and added some qualifiers.

What is GPIB?

Example of HP-IB block diagram from the 1970s, from hp9845.net

Back in the 1960s, if test equipment was interconnected at all, there weren’t any agreed-upon methods for doing so. By the late 60s, the situation was made somewhat better by card-cage controller systems. These held a number of interface cards, one per instrument, presenting a common interface on the backplane. Although this approach was workable, the HP engineers realized they could significantly improve the concept to include these “bridging circuit boards” within the instruments and replacing the card cage backplane with passive cables. Thus began the development of what became the Hewlett-Packard Interface Bus (HP-IB). The October 1972 issue of the HP Journal introduced HP-IB with two main articles: A Practical Interface System for Electronic Instruments and A Common Digital Interface for Programmable Instruments: The Evolution of a System. Continue reading “Save Money And Have Fun Using IEEE-488”

Restoring A Vintage Tube Tester To Its Former Glory

June 9, 2021 by 36 Comments

It can be difficult for modern eyes to make much sense of electronics from the 1960s or earlier. Between the point-to-point soldering, oddball components, and the familiar looking passives blown up to comical proportions like rejected props from “Honey, I Shrunk the Kids”, even experienced hardware hackers may find themselves struggling to understand what a circuit is doing. But that didn’t stop [Cat0Charmer] from taking the time to lovingly restore this Hickok Cardmatic KS-15874-L2 tube tester.

The good news was that the machine had nearly all of its original parts, down to the Hickok branded tubes in the power supply. Unfortunately it looks like a few heavy handed repairs were attempted over the years, with a nest of new wires and components intermixed with what [Cat0Charmer] actually wanted to keep. The before and after shots of individual sections of the machine are particularly enlightening, though again, don’t feel to bad if you still can’t make heads or tails of the cleaned up version.

Hiding new capacitors inside of the old ones.

As you’d expect for a machine of this age, many of the original components were way out of spec. Naturally the capacitors were shot, but even the carbon composition resistors were worthless after all these years; with some measuring 60% away from their original tolerances.

We particularly liked how [Cat0Charmer] hollowed out the old capacitors and installed the new modern ones inside of them, preserving the tester’s vintage look. This trick wasn’t always feasible, but where it was applied, it definitely looks better than seeing a modern capacitor adrift in a sea of 60’s hardware.

After undoing ham-fisted repairs, replacing the dud components, and installing some new old stock tubes, the tester sprung to life with renewed vigor. The previously inoperable internal neon lamps, used by the tester’s voltage regulation system, shone brightly thanks to all the ancillary repairs and changes that went on around them. With a DIY calibration cell built from the schematics in an old Navy manual, [Cat0Charmer] got the tester dialed in and ready for the next phase of its long and storied career.

We love seeing old hardware get restored. It not only keeps useful equipment out of the scrap heap, but because blending new and old technology invariably leads to the kind of innovative problem solving this community is built on.

Inside The VIC-20

May 19, 2021 by 51 Comments

Commodore machines are well-loved around here, but usually when you think Commodore, you think about the Commodore 64, or maybe the PET or Amiga. But the Commodore 64 had an older sister, the VIC 20. This was the first computer to sell a million units and has a lot in common with its better-known successor. The machine was only made for a few years, and [Dubious Engineering] has been restoring one over a few videos. In the video below, he opens it up for a look inside, among other things.

If you want to get straight to the opening, you’ll need to fast forward about 5 and a half minutes. The keyboard pulls off and a nice old-fashioned set of cables made from individual wires connect to the skinny main board with all the smarts on it. No ribbon cables or flex PCBs!

Continue reading “Inside The VIC-20”