This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning

October 6, 2023 by 8 Comments

This week starts out with a nifty vulnerability in the glibc dynamic loader. This is an important step in running a binary executable on Linux, as it pulls the list of required shared libraries, and loads those libraries into memory. Glibc also includes a feature to adjust some runtime settings, via the GLIBC_TUNABLES environment variable. That’s where the vulnerability resides, and researchers from Qualsys obviously had a bit of fun in taking inspiration to pick the vulnerability name, “Looney Tunables”.

The problem is memory handling in the sanitizing parser. This function iterates through the environment variable, looking for strings of tunable1=aa, separated by colons. These strings get copied to the sanitized buffer, but the parsing logic goes awry when handling the malformed tunable1=tunable2=AAA. The first equals sign is taken at face value, copying the rest of the string into the buffer. But then the second equals sign is also processed as another key=value pair, leading to a buffer overflow.

The reason this particular overflow is interesting is that if the binary to be run is a Set-User-ID (SUID) root application, the dynamic loader runs as root, too. If the overflow can achieve code execution, then it’s a straightforward privilege escalation. And since we’re talking about it, you know there’s a way to execute code. It turns out, it’s possible to overwrite the pointer to the library search path, which determines where the dynamic loader will look for libraries. Tell it to look first in an attacker-controlled location, and you can easily load a malicious libc.so for instant code execution.

This vulnerability affects many Linux distros, and there’s already a Proof of Concept (PoC) published. So, it’s time to go check for updates for cve-2023-4911. Continue reading “This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning”

Wok Your Way To The Center Of The Galaxy

October 6, 2023 by 14 Comments

The round bottom of a proper wok is the key to a decent stir fry, but it also makes it hard to use on traditional Western stoves. That’s why many woks end up in a dark kitchen cabinet, unused and unloved. But wait; it turns out that the round bottom of a wok is the perfect shape for gathering something else — radio waves, specifically the 21-cm neutral hydrogen emissions coming from the heart of our galaxy.

Turning a wok into an entry-level radio telescope doesn’t appear to be all that hard, at least judging by what [Leo W.H. Fung] et al detail in their paper (PDF) on “WTH” or “Wok the Hydrogen.” Aside from the wok, which serves as the main reflector, you’ll need a bit of coaxial cable and some stiff copper wire to fashion a small dipole antenna and balun, plus some plastic tubing to support it at the focal point of the reflector. Measuring the wok’s shape and size, which in turn determines its focal point, is probably the hardest part of the build; luckily, the paper includes tips on doing just that. The authors address the controversy of parabolic versus spherical reflectors and arrive at the conclusion that for a radio telescope fashioned from a wok, it just doesn’t matter.

As for the signal processing chain, WTH holds few surprises. A Nooelec Sawbird+ H1 acts as preamp and filter for the 1420-MHz hydrogen line signal, which feeds into an RTL-SDR dongle. Careful attention is paid to proper grounding and shielding to keep the noise floor as low as possible. Mounting the antenna is a decidedly ad hoc affair, and aiming is as simple as eyeballing various stars near the center of the galactic plane — no need to complicate things.

Performance is pretty good: WTH measured the recession velocity of neutral hydrogen to within 20 km/s, which isn’t bad for something cobbled together from scrap. We’ve seen plenty of DIY hydrogen line observatories before, but WTH probably wins the “get on the air tonight” award.

Thanks to [Heinz-Bernd Eggenstein] for the tip.

Creating An Automated Hydrogen Generator At Home

October 6, 2023 by 34 Comments

Everyone and their pet hamster probably knows that the most common way to produce hydrogen is via the electrolysis of water, but there are still a number of steps between this elementary knowledge and implementing a (mostly) automated hydrogen generator. Especially if your end goal is to create liquid hydrogen when everything is said and done. This is where [Hyperspace Pirate]’s latest absolutely not dangerous project commences, with the details covered in the recently published video.

Automated hydrogen generator setup, courtesy of [Hyperspace Pirate]'s dog drinking bowl.
Automated hydrogen generator setup, courtesy of [Hyperspace Pirate]’s dog drinking bowl.
Since electrolysis cannot occur with pure water, sodium hydroxide (NaOH) is used in the solution to provide the ions. The electrodes are made of 316 stainless steel, mostly because this is cheap and good enough for this purpose. Although the original plan was to use a stacked series of electrodes with permeable membranes like in commercial electrolysers, this proved to be too much of a hassle to seal up leak-tight. Ergo the demonstrated version was attempted, where an upturned glass bell provides the barrier for the produced hydrogen and oxygen. With this system it’s easy to measure the volume of the produced hydrogen due to the displaced water in the bell.

Once enough hydrogen gas is produced, a vacuum pump is triggered by a simple pair of electrodes to move the hydrogen gas to a storage container. Due to hydrogen embrittlement concerns, an aluminium tank was used rather than a steel one. Ultimately enough hydrogen gas was collected to fill a lot of party balloons, and with the provided information in the video it should be quite straightforward to reproduce the system.

Where the automation comes into play is with a control system that monitors for example how long the vacuum pump has been running, and triggers a fail safe state if it’s more than a set limit. With the control system in place, [Hyperspace Pirate] was able to leave the hydrogen generator running for hours with no concerns. We’re hopeful that his upcoming effort to liquify this hydrogen will be as successful, or the human-rated blimp, or whatever all this hydrogen will be used for.

Continue reading “Creating An Automated Hydrogen Generator At Home”

Just What Is Tone, In A Microphone?

October 5, 2023 by 23 Comments

As long-time Hackaday readers will know, there is much rubbish spouted in the world of audio about perceived tone and performance of different hi-fi components. Usually this comes from audiophiles with, we’d dare to suggest, more money than sense. But oddly there’s an arena in which the elusive tone has less of the rubbish about it and it in fact, quite important. [Jim Lill] is a musician, and like all musicians he knows that different combinations of microphones impart a different sound to the recording. But as it’s such a difficult property to quantify, he’s set out to learn all he can about where the tone comes from in a microphone.

He’s coming to this from the viewpoint of a musician rather than an engineer, but his methodology is not diminished by this. He’s putting each mic on test in front of the same speaker at the same position, and playing a standard piece of music and a tone sweep through each. He doesn’t have an audio analyser, reference speaker and microphone, or anechoic chamber, so he’s come up with a real-world standard instead. He’s comparing every mic he can find with a Shure SM57, the go-to general purpose standard in the world of microphones for as long as anyone can remember, being a 1960s development of their earlier Unidyne series. His reasoning is that while its response is not flat the sound of the SM57 is what most people are used to hearing from a microphone, so it makes sense to measure the others against its performance.

Along the way he tests a huge number of microphones including famous and expensive ones from exclusive studios and finally one he made himself by mounting a cartridge atop a soda can. You’ll have to watch the video below the break for his conclusions, we can promise it’s worth it.

Continue reading “Just What Is Tone, In A Microphone?”

Hackaday Superconference 2023: First Round Of Speakers Announced!

October 5, 2023 by 7 Comments

Hackaday Supercon 2023 is almost upon us, and looking over the roster of fantastic talks gets us in the mood already.  We hope that it has the same effect on you too.

Supercon is the Ultimate Hardware Conference and you need to be there! We’ll announce the rest of the speakers, the workshops, and give you a peek at the badge over the next couple weeks. Supercon will sell out so get your tickets now before it’s too late. And stay tuned for the next round of reveals on Tuesday! Continue reading “Hackaday Superconference 2023: First Round Of Speakers Announced!”

Social Engineering Chatbots With Sad-Sob Stories, For Fun And Profit

October 5, 2023 by 23 Comments

By this point, we probably all know that most AI chatbots will decline a request to do something even marginally nefarious. But it turns out that you just might be able to get a chatbot to solve a CAPTCHA puzzle (Nitter), if you make up a good enough “dead grandma” story.

Right up front, we’re going to warn that fabricating a story about a dead or dying relative is a really bad idea; call us superstitious, but karma has a way of balancing things out in ways you might not like. But that didn’t stop X user [Denis Shiryaev] from trying to trick Microsoft’s Bing Chat. As a control, [Denis] first uploaded the image of a CAPTCHA to the chatbot with a simple prompt: “What is the text in this image?” In most cases, a chatbot will gladly pull text from an image, or at least attempt to do so, but Bing Chat has a filter that recognizes obfuscating lines and squiggles of a CAPTCHA, and wisely refuses to comply with the prompt.

On the second try, [Denis] did a quick-and-dirty Photoshop of the CAPTCHA image onto a stock photo of a locket, and changed the prompt to a cock-and-bull story about how his recently deceased grandmother left behind this locket with a bit of their “special love code” inside, and would you be so kind as to translate it, pretty please? Surprisingly, the story worked; Bing Chat not only solved the puzzle, but also gave [Denis] some kind words and a virtual hug.

Now, a couple of things stand out about this. First, we’d like to see this replicated — maybe other chatbots won’t fall for something like this, and it may be the case that Bing Chat has since been patched against this exploit. If [Denis]’ experience stands up, we’d like to see how far this goes; perhaps this is even a new, more practical definition of the Turing Test — a machine whose gullibility is indistinguishable from a human’s.

Bleep Remover Censors Those **** Bleeps

October 4, 2023 by 20 Comments

One of the more interesting cultural phenomena is the ‘bleep’ that replaces certain words in broadcasts, something primarily observed in the US. Although ostensibly applied to prevent susceptible minds from being exposed to the unspeakable horrors of naughty words, the applied 1 kHz censoring tone is decidedly loud and obnoxious enough that its entertainment level falls somewhere between ‘truck backing up’ and ‘loud claxon in busy traffic’. There is thus a definite argument to be made to censor the censoring beep to preserve one’s sanity, which is the goal of [Oona Räisänen]’s Bleep-be-gone project on GitHub.

Using a Perl-based wrapper, the versatile ffmpeg framework is used to filter a provided video that was afflicted with bleepitus, before outputting a pristine version where the infernal noise is replaced with blissful silence. This use of silence for censoring naughty words is incidentally becoming more commonplace over an ear-piercing beep, but a tool like Bleep-be-gone can be used to hasten the demise of its terror. Considering that the point of the 1 kHz back-up alarm beep is to draw a person’s attention to a piece of heavy equipment moving about, there is clearly no good reason why the replacement of a naughty word should warrant a similar drawing of attention.