This Week In Security: Dating App, WooCommerce, And OpenSSH

July 21, 2023 by 4 Comments

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.

The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.

WooCommerce Under Siege

Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.

Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.

And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH”

Turning A Quartz Clock Module Into A Time Reference

July 21, 2023 by 11 Comments

If you’re looking for a 1-second time reference, you’d probably just grab a GPS module off the shelf and use the 1PPS output. As demonstrated by [InazumaDenki], though, an old quartz clock module can also do the job with just a little work.

The module was harvested from an old Seiko wall clock, and features the familiar 32.768 KHz crystal you’d expect. This frequency readily divides down by 2 multiple times until you get a useful 1 Hz output. The module, originally designed to run a clock movement, can be repurposed with some basic analog electronics to output a useful time reference. [InazumaDenki] explains various ways this can be done, before demonstrating his favored method by building the device and demonstrating it with a decade counter.

It has some benefits over a GPS time reference, such as running at a much lower voltage and needing no external signal inputs. However, it’s also not going to be quite as accurate. Whether that matters to you or not depends on your specific application. Video after the break.

Continue reading “Turning A Quartz Clock Module Into A Time Reference”

Old Style 1802 Computer Has MMU

July 21, 2023 by 8 Comments

When you think of an MMU — a memory management unit — you probably think of a modern 32-bit computer. But [Jeff Truck] has a surprise. His new RCA 1802 computer has bank switching, allowing the plucky little processor to address 256K of RAM. This isn’t just the usual bank-switching design, either.

The machine has several unique features. For example, an Arduino onboard can control the CPU so that you can remotely control the bus. It does not, apparently, stand in for any of the microprocessor support chips. It also doesn’t add additional memory or control its access.

The 256K of memory is under the control of the MMU board. This board generates two extra address bits by snooping the executing instruction and figures out what register is involved in any memory access. Memory in the MMU stores a table that lets you set different memory pages for each register. This works even if the register is not explicit and also for the machine’s DMA and instruction fetch cycles. If you know about the RCA “standard call and return technique,” which also needed a little patching for the MMU. [Jeff] covers that at the end of the video below.

This is a very simple version of a modern MMU and is an impressive trick for a 50-something-year-old CPU. We were surprised to hear — no offense to [Jeff] — that the design worked the first time. Impressive! There’s also some 3D printing and other tips to pick up along the way. But we were super impressed with the MMU. You might never have to do this yourself (although you could), but you can still marvel that it can be done at all.

We have a soft spot for the 1802s, real or emulated. The original ELF was great, but 256K is a lot better than the original 256 bytes!

Continue reading “Old Style 1802 Computer Has MMU”

An Easy Z80 And VGA Upgrade For The Apple II

July 20, 2023 by 15 Comments

The Apple II was at the forefront of the home computer revolution when it came out in 1977. In its era, nobody really cared about hooking up the Apple II to a VGA monitor, but these days, it’s far easier than sourcing an original monitor. The V2 Analog is a useful tool that will let you do just that, plus some other neat tricks, besides.

As demonstrated on Youtube by [Adrian’s Digital Basement], The V2 Analog is basically a slot-in video card for the Apple II, II+, and IIe. It’s based upon the AppleII-VGA, which uses a Raspberry Pi Pico to snoop the 6502 CPU bus and copy the video memory. It then outputs a high-quality VGA signal that is far nicer than the usual composite output options.

As a bonus, the V2 Analog can be reconfigured to run as an emulated AppliCard Z80 expansion card instead. This card was originally intended to allow Apple II users to run CP/M applications. The V2 Analog does a great job in this role, though it bears noting it can’t handle VGA output and Z80 emulation at the same time.

Project files are available on Github for the curious. The Apple II may be long out of production, but it’s certainly not forgotten. Video after the break.

Continue reading “An Easy Z80 And VGA Upgrade For The Apple II”

Giant 3D Printer Can Print Life-Sized Human Statues

July 20, 2023 by 30 Comments

We’ve seen a few makers 3D scan themselves, and use those to print their own action figures or statuettes. Some have gone so far as building life-sized statues composed of many 3D printed parts. [Ivan Miranda] is no regular maker though, and his custom 3D printer is big enough that he can print himself a life-sized statue in one go.

The printer is a gargantuan thing, using an aluminium frame and a familiar Cartesian layout. It boasts a build volume of 1110 mm x 1110 mm x 2005 mm, making it more than big enough to print human-sized statues. Dogs, cats, and some great apes may be possible, too.

Many of the components are 3D printed, including the various braces and adapters that hold the frame together. The build uses NEMA 23 stepper motors, with Duet3D hardware running the show. Notably, it uses V-wheels for the Z-axis, as linear rails would be prohibitively expensive at the sizes required.

[Ivan] shows off the printer by having it produce a statue of his body at 1:1 scale. It’s not a perfect print, with some layer shifts and an awkward moments where the filament supply was interrupted. It took 108 hours in total, with 76 hours of that being actual print time, and is made up of 4375 layers. Despite its flaws, its an incredibly impressive way to demonstrate the capabilities of the machine.

Eager to build such a printer for yourself? [Ivan] will sell you the design files for a reasonable fee.

[Ivan]’s giant printer was once a large tabletop affair; just look how far it’s come. He’s even come up with a system for using smaller printers to create large-scale construction kits, too. We can’t wait to see what mad project he comes up with next. Video after the break.

Continue reading “Giant 3D Printer Can Print Life-Sized Human Statues”

Physical Neural Network Can Be Trained Like A Digital One

July 20, 2023 by 11 Comments

Here’s an unusual concept: a computer-guided mechanical neural network (video, embedded below.) Why would one want a mechanical neural network? It’s essentially a tool to explore what it would take to make physical materials work in nonstandard ways. The main part is a lattice of interlinked mechanical components. When one applies a certain force in a certain direction on one end, it causes the lattice to deform in a non-intuitive way on the other end.

To make this happen, individual mechanical elements  in the lattice need to have their compliance carefully tuned under the guidance of a computer system. The mechanisms shown can be adjusted on demand while force is applied and cameras monitor the results.

This feedback loop allows researchers to use the same techniques for training neural networks that are used in machine learning applications. Ultimately, a lattice can be configured in such a way that when side A is pressed like this, side B moves like that.

We’ve seen compliant structures that move in unexpected ways before, and they are always fascinating. One example is this 3D-printed door latch that translates a twisting motion into a linear one. Research into physical neural networks seems like it might open the door to more complex systems, or provide insights into metamaterial design.

You can watch the video below just under the page break, or if you prefer, skip the intro and jump straight into How It Works at [2:32].

Continue reading “Physical Neural Network Can Be Trained Like A Digital One”

Smart Powermeter Uses E-Paper Display

July 20, 2023 by 17 Comments

In most places around the world, electricity is getting ever more expensive. Cutting back on your usage is one of the easier ways to escape this pain. This smart powermeter from [JGAguagdo] may prove a useful tool to achieve that goal.

The project uses an ESP32-S2 as the brains of the operation. It’s capable of reading up to six current-transformer clamps for measuring current draw in AC devices. It also features an embedded BMP280 temperature and air pressure sensor. Live data is displayed on a 2.9-inch e-Paper display, making it clear and easy to read under normal lighting conditions. By default, it’s set up to display graphs of power usage both over the last 24 hours, and the last ten days. It can even be set up with the prevailing energy rates in your area to display a realistic figure for what you’ll pay for your daily usage.

It can even be set up to work with Home Assistant for more logging and control options. We can imagine that, with a little work, you could even do some fancy plotting of energy use versus temperature to determine the performance and cost of your home HVAC setup.

If you want one with a minimum of fuss, you can score one on Tindie. Alternatively, design files are available on GitHub, too. We’ve featured some other great power meters over the years, and if you’re cooking up your own smart designs, don’t hesitate to let us know!