This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day

May 1, 2019 by 33 Comments

Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, with no warning and no way to opt out.

The amount of terrible here is mind-boggling, but perhaps we need a new security rule-of-thumb for these kind of situations. Don’t ever give an online service the password to a different service. In order to make use of a password in this case, it’s necessary to handle it in plain-text. It’s not certain how long Facebook stored these passwords, but they also recently disclosed that they have been storing millions of Facebook and Instagram passwords in plain-text internally.

This isn’t the first time Facebook has been called out for serious privacy shenanigans, either: In early 2018 it was revealed that the Facebook Android app had been uploading phone call records without informing users. Mark Zuckerberg has recently outlined his plan to give Facebook a new focus on privacy. Time will tell whether any real change will occur.

Cyber Can Mean Anything

Have you noticed that “cyber” has become a meaningless buzz-word, particularly when used by the usual suspects? The Department of Energy released a report that contained a vague but interesting sounding description of an event: “Cyber event that causes interruptions of electrical system operations.” This was noticed by news outlets, and people have been speculating ever since. What is frustrating about this is the wide range of meaning covered by the term “cyber event”. Was it an actual attack? Was Trinity shutting down the power stations, or did an intern trip over a power cord?
Continue reading “This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day”

The Vintage Computer Festival East Is Happening This Weekend

May 1, 2019 by 18 Comments

This weekend is the premier vintage computer meetup on the East Coast. It’s VCF East, and it’s all going down this weekend, Friday to Sunday afternoon, in Wall, New Jersey.

2019 is a fantastic year for computer history, being the 50th anniversary of Unix, and the 40th anniversary of Atari. For that, there will be exhibits of dozens of systems running some sort of *nix, including systems from Apple, AT&T, DEC, IBM, NeXT, SGI, and Sun. For the Atari extravaganza, you’re getting the full line of Atari 8-bitters, some STs, and a Falcon 030. There will be other exhibits about POTS, so bring a landline phone, a progress update on a 1/10th scale, pulse-level simulator of the ENIAC, and someone will assuredly have Super Mario Brothers for the C64 running.

Keynotes reflect this great year of computer history with a keynote by the one and only Ken Thompson, co-inventor of Unix. On Sunday, there’s a talk with Joe Decuir, engineer who helped develop the Atari VCS and Atari 800. There’s also a Homebrew Computing Discussion Panel.

As always, there will be a flea market, an understated highlight of any Vintage Computer Festival. It’s like a museum you can buy. One time there was an LCD for an Apple IIc. Too rich for my blood, but technically the first Apple laptop.

As with all VCF East events, it’s held at the InfoAge Science & History Center the site of the Camp Evans Signal Corps R&D lab during World War II. It’s basically the site of what would become DARPA. You’ve also got the Silverball pinball museum just up the road in Asbury Park. There’s plenty to do and see on the Jersey Shore this weekend, and it’s not even Labor Day.

The Stratolaunch Is Flying, But Can It Do Cargo?

May 1, 2019 by 32 Comments

The world’s largest aircraft is flying. Stratolaunch took to the skies in test flights leading up to its main mission to take rockets up to 20,000 feet on the first stage of their flight to space. But the Stratolaunch is a remarkable aircraft, a one-of-a-kind, and unlike anything ever built before. It can lift a massive 250 tons into the air, and it can bring it back down again.

By most measures that matter, the Stratolaunch is the largest aircraft ever flown. It has the largest wingspan of any aircraft, and it has the largest cargo capacity of any aircraft. In an industry that is grasping at interesting and novel approaches to spaceflight like rockoons and a small satellite launcher from a company whose CTO is still a junior in college, the Stratolaunch makes unexpected sense; this is a launch platform above the clouds, that can deliver a rocket to orbit, on time.

But the Stratolaunch is much more than that. This is an aircraft whose simple existence deserves respect. And, like others of its kind, the Antonov AN-225, the Spruce Goose, there is only one. Even if it never launches a rocket, the Stratolaunch will live on by the simple nature of its unique capabilities. But what are those capabilities? Is it possible for the Stratolaunch to serve as a cargo plane? The answer is more interesting than you think.

Continue reading “The Stratolaunch Is Flying, But Can It Do Cargo?”

Parasite ATtiny Resets Your ESP32 For You

May 1, 2019 by 28 Comments

Embedded development can be a tough process. Between weird electrical gremlins, obscure bugs and our own mistakes, it can be a real struggle at times. To keep cognitive loads to a minimum, it’s best to make sure your tools are as simple and easy to use as possible. [tech] got tired of having to push a button to prepare the ESP32 for programming, and decided to solve the problem.

The solution comes via another microcontroller, in this case an ATtiny9. The small device listens in on the ESP32’s serial receiving pin. When it detects the Arduino IDE’s boot sequence on the line, it switches the BOOT0 and RESET lines on the ESP32, emulating the button presses to force it into programming mode.

Once you’ve become accustomed to one-click programming your ESP boards, you’re not going to want to go back. We could imagine this hack being replicated in a tidy piggyback format so it could be moved from board to board as workflow dictates.

If you’ve got an ESP32 lying around and don’t know what to do with it, you could always consider getting into game development.

 

Battlebots To The Skies!

May 1, 2019 by 10 Comments

If you’re too young to remember Battlebots on the television, there are two things that you should know. First is that there are plenty of highlights of this epic robot battle royale on YouTube, and the second is that now there’s an even better version with drones instead of robots merely confined to land. It’s called DroneClash 2019, and it looks like it was amazing.

Not only were the robots set up in a box and asked to battle each other, they first had to navigate down a corridor with anti-drone measures. The drones have to make it through and into a battle royale in the final room. If this wasn’t good enough, the event was opened by a prince of the Netherlands and is put on by a university.

This is an annual event to push the state of the art in drone and anti-drone tech, but we’d be happy to see it optioned for a TV show. If it doesn’t, you might be satisfied with a giant human-driven robot competition from a while back, or maybe just head down the rabbit hole of old Battlebots clips.

Continue reading “Battlebots To The Skies!”

A Physical Knob For Browser Tabs

April 30, 2019 by 35 Comments

If you’re like most of us, you have about twenty browser tabs open right now. What if there were a way to move through those tabs with a physical interface? That’s what [Zoe] did, and it’s happening with the best laptop ever made.

The hardware for this build is simply an Arduino and a rotary encoder, no problem there. The firmware on the Arduino simply reads the encoder and sends a bit or two of data over the serial port. This build gets interesting when you connect it to a Firefox extension that allows you to get data from a USB or serial port, and there’s a nice API to access tabs. Put all of this together, and you have a knob that will scroll through all your open tabs.

This build gets really good when you consider there’s also a 3D printed mount, meant to attach to a Thinkpad X220, the greatest laptop ever made. At the flick of a knob, you can scroll through all your tabs. It’s handy if you’re reading three or four or five documents simultaneously, or if you’re just editing video and trying to go through your notes at the same time. A great invention, and we’re waiting for this to become a standard device on keyboards and mice. Check out the video below.

Continue reading “A Physical Knob For Browser Tabs”

MIT Cryptographers Are No Match For A Determined Belgian

April 30, 2019 by 9 Comments

Twenty years ago, a cryptographic puzzle was included in the construction of a building on the MIT campus. The structure that houses what is now MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) includes a time capsule designed by the building’s architect, [Frank Gehry]. It contains artifacts related to the history of computing, and was meant to be opened whenever someone solved a cryptographic puzzle, or after 35 years had elapsed.

The puzzle was not expected to be solved early, but [Bernard Fabrot], a developer in Belgium, has managed it using not a supercomputer but a run-of-the-mill Intel i7 processor. The capsule will be opened later in May.

The famous cryptographer, [Ronald Rivest], put together what we now know is a deceptively simple challenge. It involves a successive squaring operation, and since it is inherently sequential there is no possibility of using parallel computing techniques to take any shortcuts. [Fabrot] used the GNU Multiple Precision Arithmetic Library in his code, and took over 3 years of computing time to solve it. Meanwhile another team is using an FPGA and are expecting a solution in months, though have been pipped to the post by the Belgian.

The original specification document is a fascinating read, for both the details of the puzzle itself and for [Rivest]’s predictions as to the then future direction of computing power. He expected the puzzle would take the full 35 years to solve and that there would be 10Ghz processors by 2012 when Moore’s Law would begin to tail off, but he is reported as saying that he underestimated the corresponding advances in software.

Header image: Ray and Maria Stata Center, Tafyrn (CC BY 3.0)