The Dyson Awards Definitely Do Not Suck

November 8, 2019 by 32 Comments

Named after British inventor James Dyson of cyclonic vacuum cleaner fame, the Dyson Awards are presented annually to current and recent students of engineering, industrial design, and product design, regardless of age. Students from 27 countries work alone or in groups to describe their inventions, which are then judged for their inventiveness, the production feasibility of their design, and the overall strength of the entry itself.

Much like our own Hackaday Prize, the Dyson Awards encourage and highlight innovation in all areas of science and technology. Some ideas help the suffering individual, and others seek to cure the big problems that affect everyone, like the microplastics choking the oceans. The Hackaday spirit is alive and well in these entries and we spotted at least one Hackaday prize alum — [Amitabh]’s Programmable Air. I had fun browsing through everything on offer, and you will too. This is a pretty good source of design inspiration.

Continue reading “The Dyson Awards Definitely Do Not Suck”

Josephine Peary, First Lady Of The Arctic

October 29, 2019 by 24 Comments

In the late nineteenth century, there was only one Earthly frontier left to discover: the North Pole. Many men had died or gone insane trying to reach 90°N, which, unlike the solidly continental South Pole, hides within a shifting polar sea.

One of history’s most driven Pole-seekers, Robert Peary, shocked the world when he announced that his wife Josephine would accompany him on his expedition to Greenland. The world responded, saying that she, a Washington socialite with no specialized training, had absolutely no business going there. But if it weren’t for Jo’s contributions, Robert would probably have never made it to the Pole, or even out of Greenland. Sewing and cooking skills may not seem like much, but they are vital for surviving in the Arctic climate. She also hunted, and managed the group’s Inuit employees.

Josephine Peary was more than just the woman behind the man. An Arctic explorer in her own right, she spent three winters and eight summers on the harsh and unforgiving frontier. Back at home, her Arctic accounts painted a picture of a frozen and far-off world that most could only wonder about. Jo’s writing career brought in expedition money for her husband, which sometimes turned into bailout money.

Josephine Peary, DC debutante. Image via Bowdoin College

Woman About Washington

Josephine Cecilia Diebitsch was born May 22nd, 1863 to German immigrant parents who encouraged her to explore the world. Her father, Hermann, was a linguist at the Smithsonian Institute. Because of his position, the Diebitsch family rubbed elbows with much of high society. Though Jo was raised to be a Victorian lady and upheld those values, she had progressive ideas about what women could do with themselves in addition to being wives and mothers.
Continue reading “Josephine Peary, First Lady Of The Arctic”

This Week In Security: Black Hat, DEF CON, And Patch Tuesday

August 16, 2019 by 11 Comments

Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.

First some light-hearted shenanigans. Obviously inspired by Little Bobby Tables, Droogie applied for the vanity plate “NULL”. A year went by without any problems, but soon enough it was time to renew his registration. The online registration form refused to acknowledge “NULL” as a valid license plate. The hilarity didn’t really start until he got a parking ticket, and received a bill for $12,000. It seems that the California parking ticket collection system can’t properly differentiate between “NULL” and a null value, and so every ticket without a license plate is now unintentionally linked to his plate.

In the comments on the Ars Technica article, it was suggested that “NULL” simply be added to the list of disallowed vanity plates. A savvy reader pointed out that the system that tracks disallowed plates would probably similarly choke on a “NULL” value.

Hacking an F-15

In a surprising move, Air Force officials brought samples of the Trusted Aircraft Information Download Station (TADS) from an F-15 to DEF CON. Researchers were apparently able to compromise those devices in a myriad of ways. This is a radical departure from the security-through-obscurity approach that has characterized the U.S. military for years.

Next year’s DEF CON involvement promises to be even better as the Air Force plans to bring researchers out to an actual aircraft, inviting them to compromise it in every way imaginable.

Patch Tuesday

Microsoft’s monthly dump of Windows security fixes landed this week, and it was a doozy. First up are a pair of remotely exploitable Remote Desktop vulnerabilities, CVE-2019-1222 and CVE-2019-1226. It’s been theorized that these bugs were found as part of an RDP code review launched in response to the BlueKeep vulnerability from earlier this year. The important difference here is that these bugs affect multiple versions of Windows, up to and including Windows 10.

What the CTF

Remember Tavis Ormandy and his Notepad attack? We finally have the rest of the story! Go read the whole thing, it’s a great tale of finding something strange, and then pulling it apart looking for vulnerabilities.

Microsoft Windows has a module, MSCTF, that is part of the Text Services Framework. What does the CTF acronym even stand for? That’s not clear. It seems that CTF is responsible for handling keyboard layouts, and translating keystrokes based on what keyboard type is selected. What is also clear is that every time an application builds a window, that application also connects to a CTF process. CTF has been a part of Microsoft’s code base since at least 2001, with relatively few code changes since then.

CTF doesn’t do any validation, so an attacker can connect to the CTF service and claim to be any process. Tavis discovered he could effectively attempt to call arbitrary function pointers of any program talking to the same CTF service. Due to some additional security measures built into modern Windows, the path to an actual compromise is rather convoluted, but by the end of the day, any CFT client can be compromised, including notepad.

The most interesting CFT client Tavis found was the login screen. The exploit he demos as part of the write-up is to lock the computer, and then compromise the login in order to spawn a process with system privileges.

The presence of this unknown service running on every Windows machine is just another reminder that operating systems should be open source.

Biostar 2

Biostar 2 is a centralized biometric access control system in use by thousands of organizations and many countries around the globe. A pair of Israeli security researchers discovered that the central database that controls the entire system was unencrypted and unsecured. 23 Gigabytes of security data was available, including over a million fingerprints. This data was stored in the clear, rather than properly hashed, so passwords and fingerprints were directly leaked as a result. This data seems to have been made available through an Elasticsearch instance that was directly exposed to the internet, and was found through port scanning.

If you have any exposure to Biostar 2 systems, you need to assume your data has been compromised. While passwords can be changed, fingerprints are forever. As biometric authentication becomes more widespread, this is an unexplored side effect.

Teardown: VeriFone MX 925CTLS Payment Terminal

July 8, 2019 by 53 Comments

Regular Hackaday readers may recall that a little less than a year ago, I had the opportunity to explore a shuttered Toys “R” Us before the new owners gutted the building. Despite playing host to the customary fixture liquidation sale that takes place during the last death throes of such an establishment, this particular location was notable because of how much stuff was left behind. It was now the responsibility of the new owners to deal with all the detritus of a failed retail giant, from the security camera DVRs and point of sale systems to the boxes of employee medical records tucked away in a back office.

Clipping from New York Post. September 24th, 2018.

The resulting article and accompanying YouTube video were quite popular, and the revelation that employee information including copies of social security cards and driver’s licenses were left behind even secured Hackaday and yours truly a mention in the New York Post. As a result of the media attention, it was revealed that the management teams of several other stores were similarly derelict in their duty to properly dispose of Toys “R” Us equipment and documents.

Ironically, I too have been somewhat derelict in my duty to the good readers of Hackaday. I liberated several carloads worth of equipment from Geoffrey’s fallen castle with every intention of doing a series of teardowns on them, but it’s been nine months and I’ve got nothing to show for it. You could have a baby in that amount of time. Which, incidentally, I did. Perhaps that accounts for the reshuffling of priorities, but I don’t want to make excuses. You deserve better than that.

So without further ado, I present the first piece of hardware from my Toys “R” Us expedition: the VeriFone MX 925CTLS. This is a fairly modern payment terminal with all the bells and whistles you’d expect, such as support for NFC and EMV chip cards. There’s a good chance that you’ve seen one of these, or at least something very similar, while checking out at a retail chain. So if you’ve ever wondered what’s inside that machine that was swallowing up your debit card, let’s find out.

Continue reading “Teardown: VeriFone MX 925CTLS Payment Terminal”

Ramen Lamp Has Us Feeling Hungry

July 2, 2019 by 7 Comments

Ramen comes in many forms, and whether you’re eating the 10 cent instant packets during the school year, or dining out at a fancy noodle bar, it’s a tasty meal either way. [ramenkingandi] has long been in love with the classic Japanese fare, and decided to create a homage to the dish – in lamp form.

The lamp build begins, somewhat unsurprisingly, with a lamp – but not how you’d think. A Walmart floor lamp is harvested for its lampshade, which approximates the dimensions of a typical ramen bowl. It’s then fitted with warm yellow LEDs to give it a pleasing glow. Polymer clay is used to create fake ramen ingredients – including noodles, pork, and choy sum. Jewelery wire is used to suspend the chopsticks in mid-air, before resin is poured into the bowl and the ingredients arranged on top. For a final touch, the bowl is painted with an artistic stripe to hide the electronics inside, and the lamp is complete.

It’s a great example of fake Japanese food, which is actually a huge industry in that part of the world. We’d love to have this lamp on display in our own home, fully expecting ramen consumption to increase considerably over time.

Lamps are a common feature around these parts – and some of them have even learned to leap. 

How-To: Mapping Server Hits With ESP8266 And WS2812

May 2, 2019 by 17 Comments

It has never been easier to build displays for custom data visualization than it is right now. I just finished one for my office — as a security researcher I wanted a physical map that will show me from where on the planet my server is being attacked. But the same fabrication techniques, hardware, and network resources can be put to work for just about any other purpose. If you’re new to hardware, this is an easy to follow guide. If you’re new to server-side code, maybe you’ll find it equally interesting.

I used an ESP8266 module with a small 128×32 pixel OLED display connected via an SSD1306 controller. The map itself doesn’t have to be very accurate, roughly knowing the country would suffice, as it was more a decorative piece than a functional one. It’s a good excuse to put the 5 meter WS2812B LED strip I had on the shelf to use.

The project itself can be roughly divided into 3 parts:

  1. Physical and hardware build
  2. ESP8266 firmware
  3. Server-side code

It’s a relatively simple build that one can do over a weekend. It mashes together LED strips, ESP8266 wifi, OLED displays, server-side code, python, geoip location, scapy, and so on… you know, fun stuff.

Continue reading “How-To: Mapping Server Hits With ESP8266 And WS2812”

Reviving A Casio Scientific Calculator, With A CNC Router

April 26, 2019 by 6 Comments

Before Wolfram Alpha, before the Internet, before even PCs, calculations more complex than what could be accomplished with a “four banger” required some kind of programmable calculator. There were many to choose from, if you had the means, and as time passed they became more and more sophisticated. Some even added offline storage so your painstakingly written and tediously entered programs didn’t evaporate when the calculator was turned off.

One such programmable calculator, a Casio PRO fx-1 with magnetic card storage, came across [amen]’s bench recently. Sadly, it didn’t come with any cards, so [amen] reverse engineered the card reader and brought the machine back to its 1970s glory. The oddball mag cards for it are no longer available, so [amen] had to make do with. He found some blank cards of approximately the right size for cheap, but somehow had to replicate the band of vertical stripes adjacent to the magnetic strip on the card. Reasoning that they provide an optical synchronization signal, he decided to use a CNC router to cut a series of fine-pitched slots in the plastic card. It took a little effort to get working, including tapping the optical sensor and reading the signal on an oscilloscope, but as the video below shows, the hacked cards work fine with the vintage calculator.

Kudos to [amen] for reviving this retro-cool calculator. Now that it’s back in action, it might be fun to visualize domains on the magnetic strip. A flatbed scanner can be used for that job.

Continue reading “Reviving A Casio Scientific Calculator, With A CNC Router”