Foreshadow: The Sky Is Falling Again For Intel Chips

August 14, 2018 by 46 Comments

It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate private regions of memory. These private regions of memory, or enclaves, were designed for VMs and DRM.

How Foreshadow Works

The Foreshadow attack utilizes speculative execution, a feature of modern CPUs most recently in the news thanks to the Meltdown and Spectre vulnerabilities. The Foreshadow attack reads the contents of memory protected by SGX, allowing an attacker to copy and read back private keys and other personal information. There is a second Foreshadow attack, called Foreshadow-NG, that is capable of reading anything inside a CPU’s L1 cache (effectively anything in memory with a little bit of work), and might also be used to read information stored in other virtual machines running on a third-party cloud. In the worst case scenario, running your own code on an AWS or Azure box could expose data that isn’t yours on the same AWS or Azure box. Additionally, countermeasures to Meltdown and Spectre attacks might be insufficient to protect from Foreshadown-NG

The researchers behind the Foreshadow attacks have talked with Intel, and the manufacturer has confirmed Foreshadow affects all SGX-enabled Skylake and Kaby Lake Core processors. Atom processors with SGX support remain unaffected. For the Foreshadow-NG attack, many more processors are affected, including second through eighth generation Core processors, and most Xeons. This is a significant percentage of all Intel CPUs currently deployed. Intel has released a security advisory detailing all the affected CPUs.

All The Badges Of DEF CON 26 (vol 1)

August 14, 2018 by 11 Comments

Two or three years back you would see a handful of really interesting unofficial badges at DEF CON. Now, there’s a deluge of clever, beautiful, and well executed badges. Last weekend I tried to see every badge and meet every badge maker. Normally, I would publish one megapost to show off everything I had seen, but this year I’m splitting it into volumes. Join me after the break for the first upload of the incredible badges of DC26!

Continue reading “All The Badges Of DEF CON 26 (vol 1)”

DIY Wind Turbine For Where The Sun Doesn’t Shine

August 14, 2018 by 25 Comments

There are plenty of places outside where you may like to have a project requiring electricity that may not get enough sun for solar power to be viable. Perhaps wind power could be used instead? [Greg] has a project to create a platform for using a small wind turbine to generate the power for your projects.

The wind turbine that [Greg] designing is a Savonius-style wind turbine that would put out between 5 and 12 volts. In a Savonius turbine, blades are mounted on a vertical axis allowing for a smaller, less complicated build than traditional horizontal axis wind turbines. The design is named for its inventor, Finnish engineer Sigurd Johannes Savonius.

After doing some research, the design will have a 2:1 height to blade ratio and use three pairs of overlapping curved blades stacked on top of each other, each pair offset by 120 degrees. This design, [Greg] figures, will come within a few percentage points of the efficiency of more exotic blade shapes while making the windmill easy to design and implement. Being half cylinders, the blades can easily be made from existing objects cut in half – pop cans, for example, but there has been some designing the blades in Fusion 360 for 3D printing. The stator board has been designed and the initial prototypes of it and the rotor have arrived, so the testing can now commence.

Once the design is finalized and the prototype working, it’d be interesting to see some projects start showing up using wind power instead of solar power. Take a look at this design for a vertical wind turbine, and this design for a simple, straightforward turbine.

The HackadayPrize2018 is Sponsored by:

 

Behind The Pin: Logic Level Outputs

August 14, 2018 by 20 Comments

There is one thing that unites almost every computer and logic circuit commonly used in the hardware hacking and experimentation arena. No matter what its age, speed, or internal configuration, electronics speak to the world through logic level I/O. A single conductor which is switched between voltage levels to denote a logic 1 or logic zero. This is an interface standard that has survived the decades from the earliest integrated circuit logic output of the 1960s to the latest microcontroller GPIO in 2018.

The effect of this tried and true arrangement is that we can take a 7400 series I/O port on an 8-bit microcomputer from the 1970s and know with absolute confidence that it will interface without too much drama to a modern single-board computer GPIO. When you think about it, this is rather amazing.

It’s tempting to think then that all logic level outputs are the same, right? And of course they are from a certain viewpoint. Sure, you may need to account for level shifting between for example 5V and 3.3V families but otherwise just plug, and go, right? Of course, the real answer isn’t quite that simple. There are subtle electrical differences between the properties of I/O lines of different logic and microcontroller families. In most cases these will never be a problem at all, but can rear their heads as edge cases which the would-be experimenter needs to know something about.

Continue reading “Behind The Pin: Logic Level Outputs”

Looking Forward To Electromagnetic Field 2018

August 14, 2018 by 18 Comments

There is an air of excitement among the hackerspaces of Europe, because this month is hacker camp season. In Denmark they have Bornhack beginning on Thursday, in Italy IHC was held earlier in the month, while here in the UK we are looking forward to Electromagnetic Field. We’re excited be at Eastnor Castle for Electromagnetic Field at the cusp of August and September for several days under canvas surrounded by our community’s best and brightest work. We’ll even have a Hackaday Readers’ Village this year!

If you’ve never been to a hacker camp before, this is one that’s not to be missed. Technically this is camping, but where every structure from the smallest tent upwards has mains power and gigabit Ethernet. It’s the equivalent of a music festival if you replace the music with technology and other cool stuff from our world. There are talks on a huge variety of fascinating subjects, the chance to see up close some of the things you’ll have read about here on Hackaday, and best of all, a significant proportion of Europe’s hackerspace communities all together in one place. They are a uniquely stimulating and exciting environment.

Continue reading “Looking Forward To Electromagnetic Field 2018”

Leather Working With A 3D Printer

August 14, 2018 by 22 Comments

No, you can’t print in leather — at least not yet. But [Make Everything] has a tutorial about how to produce a custom leather embossing jig with a 3D printer. From a 3D printing point of view, this isn’t very hard to do and you might want to skip over the first six minutes of the video if you’ve done 3D printing before.

The real action is when he has the 3D print completed. He glues the stamp down to some wood and then fits the assembly to a vise that he’ll use as a press. After wetting the leather, the wood and 3D printed assembly sandwiches the piece and the vise applies pressure for ten minutes. He did make the leather a bit oversized to make alignment more forgiving. After the embossing is complete, he trims it out.

Continue reading “Leather Working With A 3D Printer”

Virgin Orbit Readies First Launch

August 14, 2018 by 61 Comments

Ever since the Pan Am “Space Clipper” first slid into frame in 1968’s “2001: A Space Odyssey”, the world has been waiting for the day that privately funded spaceflight would become as routine as air travel. Unfortunately, it’s a dream that’s taken a bit longer to become reality than many would have hoped. The loss of Challenger and Columbia were heartbreaking reminders that travel amongst the stars is not for the faint of heart or the ill-equipped, and pushed commercial investment in space back by decades.

Although Pan Am has since folded, we now have a number of companies working hard towards making the dream of commercial spaceflight a reality. SpaceX and Rocket Lab have shown private companies developing and operating their own orbital class vehicles is a concept no longer limited to science fiction. Now that private industry has a foot in the door, more companies are coming forward with their own plans for putting their hardware into orbit. In many ways we’re seeing the dawn of a second Space Race.

If all goes according to plan, a new challenger should be entering the ring in the very near future. Scheduled to perform their first test launch before the end of the year, Virgin Orbit (a spin-off of the passenger carrying Virgin Galactic) promises to deliver small payloads to Earth orbit faster and cheaper than their competitors. But while most other commercial space companies are using fairly traditional booster rockets to do their heavy lifting, Virgin Orbit is opting for a the less common air launched approach. Before Virgin joins the ranks of commercial companies exploring the final frontier, lets take a look at their plan for getting into space and the advantages it offers compared to the competition.

Continue reading “Virgin Orbit Readies First Launch”