This Week In Security: Triangulation, ProxyCommand, And Barracuda

December 29, 2023 by 6 Comments

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Kaspersky, which just happens to be headquartered in Moscow, that’s exactly what we have today. The name Operation Triangulation was picked, based off part of the device fingerprinting code that rendered a yellow triangle on an HTML canvas.

The entire talk is available, given this week at the 37th Chaos Communication Congress, 37c3. The exploit starts with an iMessage attachment, delivered silently, that exploits an undocumented TrueType font instruction. Looking at the source code implies that it was a copy-paste error where a programmer didn’t quite get the logic right for a pointer calculation. That vulnerability gives a memory write primitive that pivots into code execution. What’s particularly interesting is that Apple silently fixed this bug January 2023, and didn’t make any public statements. Presumably there were an uptick of crash logs that pointed to this problem, but didn’t conclusively show attempted exploitation.

The exploits then moves to using NSExpression as a next stage. NSExpression is an ugly way to write code, but it does allow the exploit chain to get to the next stage, running JavaScript as an application, without Just In Time compilation. The JS payload is quite a beast, weighing in at 11,000 lines of obfuscated code. It manages to call native APIs directly from JS, which then sets up a kernel exploit. This is multiple integer overflow flaws that result in essentially arbitrary system memory reads and writes. Continue reading “This Week In Security: Triangulation, ProxyCommand, And Barracuda”

The Gopher Revival Is Upon Us

December 29, 2023 by 39 Comments

A maxim for anyone writing a web page in the mid 1990s was that it was good practice to bring the whole thing (including graphics) in at around 30 kB in size. It was a time when the protocol still had some pretence of efficient information delivery, when information was self-published, before huge corporations brought everything under their umbrellas.

Recently, this idea of the small web has been experiencing something of a quiet comeback. [Serge Zaitsev]’s essay takes us back to a time before the Internet as we know it was born, and reminds us of a few protocols that have fallen by the wayside. Finger or Gopher, both things we remember from our student days, but neither of which was a match for the browser.

All is not lost though, because the Gemini protocol is a more modern take on minimalist Internet information sharing. It’s something like the web, but intentionally without the layer upon layer of extraneous stuff, and it’s been slowly gathering some steam. Every time we look at its software list it becomes more extensive, and we live in hope that it might catch on for use with internet-connected microcontroller-based computing. The essay is a reminder that the internet doesn’t have to be the web, and doesn’t have to be bloated either.

Generating 3D Scenes From Just One Image

December 29, 2023 by 6 Comments

The LucidDreamer project ties a variety of functions into a pipeline that can take a source image (or generate one from a text prompt) and “lift” its content into 3D, creating highly-detailed Gaussian splats that look great and can even be navigated.

Gaussian splatting is a method used to render NeRFs (Neural Radiance Fields), which are themselves a method of generating complex scenes from sparse 2D sources, and doing it quickly. If that is all news to you, that’s probably because this stuff has sprung up with dizzying speed from when the original NeRF concept was thought up barely a handful of years ago.

What makes LucidDreamer neat is the fact that it does so much with so little. The project page has interactive scenes to explore, but there is also a demo for those who would like to try generating scenes from scratch (some familiarity with the basic tools is expected, however.)

In addition to the source code itself the research paper is available for those with a hunger for the details. Read it quick, because at the pace this stuff is expanding, it honestly might be obsolete if you wait too long.

Your Home Mainframe

December 28, 2023 by 36 Comments

We miss the days when computers looked like computers. You know, blinking lights, rows of switches, and cryptic displays. [Phil Tipping] must miss those days too since he built PlasMa, a “mini-mainframe simulator.”

The device would look at home on the set of any old science fiction movie. Externally, it has 540 LEDs, 100 switches, and a number of other I/O devices, including a keypad and an LCD screen. Internally, it can support three different instruction sets. Everything is run by an ATmega2560, and it has simulated paper tape, magnetic tape, and disks (all via SD cards). The magnetic tapes also have LED simulated reels to show the tape position and other status information (the round displays just above the LCD display).

Continue reading “Your Home Mainframe”

Moving Iron-Coated Polymer Particles Uphill Using External Magnetic Field

December 28, 2023 by 1 Comment
Microscopy of PMMA ferromagnetic Janus particle as used in the study (Credit: Wilson-Whitford et al., 2023)
Microscopy of PMMA ferromagnetic Janus particle as used in the study (Credit: Wilson-Whitford et al., 2023)

Granular media such as sand have a range of interesting properties that make it extremely useful, but they still will obey gravity and make their way downhill. That is, until you coat such particles with a ferromagnetic material like iron, make them spin using an external magnetic field and watch them make their way against gravity. This recent study by researchers has an accompanying video (also embedded below) that is probably best watched first before reading the study by Samuel R. Wilson-Whitford and colleagues in Nature Communications.

In the supplemental material the experimental setup is shown (see top image), which is designed to make the individual iron-coated polymer particles rotate. The particles are called Janus particles because only one hemisphere is coated using physical vapor deposition, leaving the other as uncovered PMMA (polymethyl methacrylate).

While one might expect that the rotating magnetic field would just make these particles spin in place, instead the researchers observed them forming temporary chains of particles, which were able to gradually churn their way upwards. Not only did this motion look like the inverse of granular media flowing downhill, the researchers also made a staircase obstacle that the Janus particles managed to traverse. Although no immediate practical application is apparent, these so-called ‘microrollers’ display an interesting method of locomotion in what’d otherwise be rather passive granular media.

Continue reading “Moving Iron-Coated Polymer Particles Uphill Using External Magnetic Field”

Making The Case For Wooden Wind Turbines With Swedish Modvion

December 28, 2023 by 37 Comments
Inside shot of the Modvion wooden wind turbine tower.
Inside shot of the Modvion wooden wind turbine tower.

Modern-day wind turbines are constructed using mostly concrete and steel, topped by the fiberglass composite blades mounted to the nacelle that houses the gearbox and generator, along with much of the control systems. With the ever increasing sizes of these turbines transporting the components to the installation location is a harrowing task, something which Swedish company Modvion claims to improve upon with its wooden tower elements that come mostly packaged flat, for on-site assembly. The BBC recently took a look at the first of these partially wooden wind turbine towers. At 105 meters tall, it features a standard V90-2.0MW turbine and blades.

Rather than using concrete slabs at the base with steel tower segments on top, or a fully steel tower like with most wind turbines, Modvion uses segments of layered wood which it calls ‘the module‘. These are assembled out of 144 layers of 3 mm thick spruce, with ring segments assembled on-site. This means that multiple of these modules can be stacked onto a standard truck with no concerns that come with oversized transports. According to Modvion these wooden towers should last about the same number of years as their steel counterparts. Continue reading “Making The Case For Wooden Wind Turbines With Swedish Modvion”

Copper Coating 3D Prints

December 28, 2023 by 28 Comments

We would all like to 3D print in metal, but for now, the equipment to do that is out of reach for most of us. Instead of dealing with powder printers or metal-bearing polymers, [Robert] has a simple solution. Using a process known as mechanical plating or peen plating, he deposits a layer of copper on a PLA print. The results look good, as you can see in the video below.

This isn’t electroplating, although the result is similar. With electroplating, you have to make the 3D part conductive. You also have to deal with wet chemistry and fumes. This process uses a rock tumbler, copper powder, and small ball bearings.

Continue reading “Copper Coating 3D Prints”