Global Cyber Attack Halted: Autopsy Time

May 13, 2017 by 131 Comments

Friday saw what looked like the most dangerous ransomware infection to date. The infection known as WannaCry was closing down vital hospital IT systems across the UK canceling major operations and putting lives at risk.

Spread Halted?

It spread further around the world and almost became a global pandemic. Although machines are still encrypted demanding Bitcoin, one security blogger [MalwareTech] halted the ransomware by accident. As he was analyzing the code he noticed that the malware kept trying to connect to an unregistered domain name “iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com”. So he decided to register the domain to see if he could get some analytics or any information the worm was trying to send home. Instead much to his surprise, this halted the spread of the ransomware. Originally he thought this was some kind of kill switch but after further analysis, it became clear that this was a test hard-coded into the malware which was supposed to detect if it was running in a virtual machine. So by registering the domain name, the ransomware has stopped spreading as it thinks the internet is a giant virtual machine.

Why was the UK’s NHS Hit So Badly?

According to the [BBC] Information obtained by software firm Citrix under Freedom of Information laws in December suggest up to 90% of NHS trusts were still using Windows XP, However NHS Digital says it is a “much smaller number”. Microsoft has rolled out a free security update to Windows XP, Windows 8, and Windows Server 2003 “to protect their customers”. There was much warning about XP no longer receiving updates etc, the 2001 operating system just needs to die however so many programs especially embedded devices rely upon the fact that the OS running is Windows XP, This is a problem that needs sorted sooner rather than later. There is still obvious problems facing the NHS as all outpatients appointment’s have been canceled at London’s Barts Health NHS Trust which happens to be the largest in the country. However [Amber Rudd], Home Secretary, said 97% of NHS trusts were “working as normal” and there was no evidence patient data was affected. Let’s just hope they update their systems and get back to fixing people as soon as they can.

Where Else Was Hit?

There was quite a few other places hit as well as the UK’s NHS including The Sunderland Nissan Plant also in the UK, Spanish telecoms giant Telefonica along with some gas companies in Spain. In the US FedEx was affected, France has seen production in some of it’s Renault factories halted. Finally, Russia reported 1000 governmental computer systems has been hit.

So is this the end for ransomware?

No, this infection was stopped by accident the infected are either still infected or have paid up, had they not included the sloppy code in the first place then who knows what would have happened. Microsoft had rolled out patches but some people/organizations/Governments are lazy and don’t bother to apply them. Keep your computers up to date, Good luck because we think we will be seeing a lot more ransomware malware in the coming years.

[Update WannaCry v. 2.0 has been released without the “kill switch”, We wonder what will happen now. Probably not a lot as the media attention has been quite intense so it may not be that big an infection however there is always a few who live in the land where news doesn’t exist and will go a long their day until BAM! Ransom Ware installed and pockets emptied.]

From Amritsar To Busselton; More World Create Day Stories

May 13, 2017 by 2 Comments

A few weeks ago, we took Hackaday IRL and into hackerspaces around the globe. This was World Create Day, a community effort to come together and build something that matters. Think of it as the pre-game for the Hackaday Prize, our online competition to change the world by building hardware. The groups at these hacker meetups have sent in pictures and reported on what they created. What happened during this worldwide hacker meetup? So much awesome stuff.

The SupplyFrame Design Lab

Did you know Hackaday has its own Hackerspace? It’s true! We have an eight-foot ShopBot, a Tormach, we just got a rig to do injection molding, and apparently, the intern is busy setting up a resin printer.

There are a ton of really talented people associated with the Design Lab, and they were out in full force on World Create Day. [Diego] from Deezmaker has been working on robot muscles and customizable linear actuators for a while, so that was obviously the focus of his World Create Day. Everyone needs mirrored LED-equipped welding/steampunk goggles, so that was [Rich Cameron]’s build, pictured to the right.

A fabulous time was had by all, but just because this was only one of three World Create Day meetups hosted ‘officially’ by Hackaday doesn’t mean it was the biggest or the best. There was plenty of fun the world over.

Amritsar, India

World Create Day is a worldwide event, so of course we had a few events in the second most populous country on Earth. [Inderpreet], [Shubham], [Simrat], and [Navjeet] put together a World Create Day event at the Department of Electronics Technology at GNDU Amritsar, their local university. A slew of people showed up, [Inderpreet] gave a talk on The Hackaday Prize, and much fun was had by all.

FabLab San Diego

The Fab Lab in San Diego also hosted a World Create Day event, Projects that made the cut included a real time, IRL closed captioning device. Think of this one as a universal translator, but only one language, with a screen. Or a voice to text thing running on a phone. Either way. Other ideas included an improved mobility cart, an underwater autonomous robot, wireless communication nodes, pressurized algae incubators, and a whole bunch more.

The folks at the San Diego Fab Lab also produced a short video of their World Create Day activities, you can check that out below.

Continue reading “From Amritsar To Busselton; More World Create Day Stories”

Say Hello To This Cortana Hologram

May 13, 2017 by 27 Comments

Halo’s Cortana enters the real world with this internet appliance. [Jarem Archer] has built an amazing “holographic” home for Cortana of Halo and Windows fame. The display isn’t really a hologram, it uses the age-old Pepper’s ghost illusion. A monitor reflects onto 3 angled half mirrored panels. This creates a convincing 3D effect. Cortana herself is a 3D model. [Jarem’s] wife provided gave Cortana her moves by walking in front of dual Kinect depth-sensing cameras. This motion capture performance drives the 3D Cortana model on the screen.

The brain behind this hack is the standard Windows 10 Cortana voice assistant. Saying “Hey Cortana” wakes the device up. To make the whole experience more interactive, [Jarem] added a face detection camera to the front of the device. When a face is detected, the Cortana model turns toward the user. Even if several people are watching the device, it would seem as if Cortana was “talking to” one person in the audience.

The cherry on top of this hack is the enclosure. [Jarem] 3D printed a black plastic stage. An Arduino drives RGB LEDs whenever Cortana is activated. The LEDs project a blue glue that works well with the Pepper’s ghost illusion. The result is a project that looks like something Microsoft might have cooked up in one of their research labs.

Continue reading “Say Hello To This Cortana Hologram”

Transparent 3D Printing?

May 13, 2017 by 12 Comments

Transparent plastic is nothing new. However, 3D prints are usually opaque or–at best–translucent. [Thomas Sanladerer] wanted to print something really transparent. He noticed that Colorfabb had an article about printing transparent pieces with their HT filament. [Thomas] wanted to try doing the same thing with standard (and cheaper) PETG, which is chemically similar to the HT. Did he succeed? Watch the video below and find out.

You can get lots of clear plastic filament, but the process of printing layers makes the transparency turn cloudy, apparently mostly due to the small gaps between the layers. The idea with the HT filament is to overextrude at a high enough temperature that the layers can fuse together.

[Thomas] wanted to create some clear parts and diffusers for lamps. The diffusers print using vase mode and the lamps he creates when them look great even without clear diffusers.

His first experiments involved layer height and extrusion rates. He tried to determine what was making things better and worse and modifying his technique based on that. There were also some post-processing steps he tried.

If you want to see what the Colorfabb HT parts made by someone other than Colorfabb look like, check out the second video below from [3D Printing Professor]. The prints he is making don’t look very clear until he does some post processing. Even after the post processing, it isn’t going to fool anyone into thinking it is glass-clear. However, the parts that Colorfabb shows on their blog post about the material do look amazing. Between the overextrusion used to prevent gaps and the post processing steps, [3D Printing Professor] warns that it won’t be easy to get parts with precise dimensions using this technique.

If you have a big budget, you could try printing with actual glass. There seem to be several ways to do that.

Javascript Art Is In The URL

May 13, 2017 by 9 Comments

[Alexander Reben] makes tech art, and now he’s encouraging you to do the same — within a URL. The gimmick? Making the code small enough to fit the data portion of a link. And to help with that, he has set up a webpage that uncompresses and wraps code from the URL and inserts it into the HTML on the fly. His site essentially applies or un-applies all the tricks of JS minification in the URL, and turns that into content.

So, for instance,https://4QR.xyz/c/?eJzzSM3JyVcIzy_KSVEEABxJBD4 uncompresses to a webpage that says “Hello World!”. But the fun really starts when you start coding up “art” in Javascript or HTML5. There are a few examples up in the gallery right now, but [Alexander] wants you to contribute your own. The banner is from this link.

Something strikes us as fishy about passing JS code opaquely in links, but since the URL decodes on [Alexander]’s server, we don’t see the XSS attack just yet. If you can find the security problem with this setup, or better yet if you write up a nice animation, let us know in the comments.

Microcontroller Load Meter Tells You How Hard It’s Currently Working

May 13, 2017 by 19 Comments

Writing code for embedded applications can be difficult. There are all sorts of problems you can run into – race conditions, conflicting peripherals, unexpected program flow – any of these can cause havoc with your project. One thing that can really mess things up is if your microcontroller is getting stuck on a routine – without the right debugging hardware and software, this can be a tricky one to spot. [Terry] developed a microcontroller load meter just for this purpose.

It’s a simple setup – a routine named loadmeter-task on the microcontroller sends a train of pulses to a mechanical ammeter. The ammeter is then adjusted with a trimpot to read “0” when the chip is unloaded. As other tasks steal CPU time, there’s less time for loadmeter-task to send its pulses, so the meter falls to the left.

Overall it’s a quick and easy bit of code you could add to any project with a spare GPIO pin, that might help you debug. Plus it’s cool to know how hard your project is pushing the silicon.

If you’d like to know more about what your chip is doing, check out this post about the usefulness of in-circuit debugging, or read about Bil Herd’s experiments with ICE and OBD-II.

Hacklab’s Logo Changes With The Habitat Of A Beet Plant

May 12, 2017 by 2 Comments

Zaragoza, Spain hacklab La Remolacha (“The Beet”) sports a logo which responds to human interaction with a beet plant growing in the space. Sensors keep track of temperature as well as humidity for both air and ground, while buttons add more water, plant food, light, and music.

The shape and activity of the visualization responds to the sensors. The higher the temperature, the more folds in the shape. More distortions appear when there’s more humidity in the soil, while rotation speed increases with air humidity. Adding food increases the size of the visualization, and music triggers more vibrations.

An Arduino keeps track of the buttons and humidity sensors, while a nearby computer, connected via USB, sends the data to a node.js server. The data are displayed on the website through the torus visualization, which is done in WebGL.

The beet’s environment also signals the health of the space, because if no one is visiting, no one can feed the plant. On the other hand, could too many visitors actually kill the thing?

The project was created by [Innovart],  [Miguel Frago], and [Santi Grau] with help from other folks.

Thanks [Esther Borao Moros] for the tip!

Continue reading “Hacklab’s Logo Changes With The Habitat Of A Beet Plant”