This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day

May 1, 2019 by Jonathan Bennett 33 Comments

Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, with no warning and no way to opt out.

The amount of terrible here is mind-boggling, but perhaps we need a new security rule-of-thumb for these kind of situations. Don’t ever give an online service the password to a different service. In order to make use of a password in this case, it’s necessary to handle it in plain-text. It’s not certain how long Facebook stored these passwords, but they also recently disclosed that they have been storing millions of Facebook and Instagram passwords in plain-text internally.

This isn’t the first time Facebook has been called out for serious privacy shenanigans, either: In early 2018 it was revealed that the Facebook Android app had been uploading phone call records without informing users. Mark Zuckerberg has recently outlined his plan to give Facebook a new focus on privacy. Time will tell whether any real change will occur.

Cyber Can Mean Anything

Have you noticed that “cyber” has become a meaningless buzz-word, particularly when used by the usual suspects? The Department of Energy released a report that contained a vague but interesting sounding description of an event: “Cyber event that causes interruptions of electrical system operations.” This was noticed by news outlets, and people have been speculating ever since. What is frustrating about this is the wide range of meaning covered by the term “cyber event”. Was it an actual attack? Was Trinity shutting down the power stations, or did an intern trip over a power cord?
Continue reading “This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day” →

A Physical Knob For Browser Tabs

April 30, 2019 by Brian Benchoff 35 Comments

If you’re like most of us, you have about twenty browser tabs open right now. What if there were a way to move through those tabs with a physical interface? That’s what [Zoe] did, and it’s happening with the best laptop ever made.

The hardware for this build is simply an Arduino and a rotary encoder, no problem there. The firmware on the Arduino simply reads the encoder and sends a bit or two of data over the serial port. This build gets interesting when you connect it to a Firefox extension that allows you to get data from a USB or serial port, and there’s a nice API to access tabs. Put all of this together, and you have a knob that will scroll through all your open tabs.

This build gets really good when you consider there’s also a 3D printed mount, meant to attach to a Thinkpad X220, the greatest laptop ever made. At the flick of a knob, you can scroll through all your tabs. It’s handy if you’re reading three or four or five documents simultaneously, or if you’re just editing video and trying to go through your notes at the same time. A great invention, and we’re waiting for this to become a standard device on keyboards and mice. Check out the video below.

Continue reading “A Physical Knob For Browser Tabs” →

MIT Cryptographers Are No Match For A Determined Belgian

April 30, 2019 by Jenny List 9 Comments

Twenty years ago, a cryptographic puzzle was included in the construction of a building on the MIT campus. The structure that houses what is now MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) includes a time capsule designed by the building’s architect, [Frank Gehry]. It contains artifacts related to the history of computing, and was meant to be opened whenever someone solved a cryptographic puzzle, or after 35 years had elapsed.

The puzzle was not expected to be solved early, but [Bernard Fabrot], a developer in Belgium, has managed it using not a supercomputer but a run-of-the-mill Intel i7 processor. The capsule will be opened later in May.

The famous cryptographer, [Ronald Rivest], put together what we now know is a deceptively simple challenge. It involves a successive squaring operation, and since it is inherently sequential there is no possibility of using parallel computing techniques to take any shortcuts. [Fabrot] used the GNU Multiple Precision Arithmetic Library in his code, and took over 3 years of computing time to solve it. Meanwhile another team is using an FPGA and are expecting a solution in months, though have been pipped to the post by the Belgian.

The original specification document is a fascinating read, for both the details of the puzzle itself and for [Rivest]’s predictions as to the then future direction of computing power. He expected the puzzle would take the full 35 years to solve and that there would be 10Ghz processors by 2012 when Moore’s Law would begin to tail off, but he is reported as saying that he underestimated the corresponding advances in software.

Header image: Ray and Maria Stata Center, Tafyrn (CC BY 3.0)

A Nearly Practical 6502 Breadboard Computer

April 19, 2019 by Tom Nardi 21 Comments

Over the years we’ve seen a number of homebrew 6502 computers assembled with little more than a breadboard, a sack full of jumper wires, and an otherworldly patience that would make a Buddhist Monk jealous. Anyone who takes the time to assemble a fully functional computer on a half-dozen breadboards lined up on their workbench will always be a superstar in our book.

While we’re still too lazy to attempt one of these builds ourselves, we have to admit that the Vectron 64 by [Nick Bild] looks dangerously close to something you might be able to pull off within a reasonable amount of time. It’s still an incredible amount of work, but compared to some of the other projects we’ve seen, this one manages to keep the part count relatively low thanks to the use of a simple 16×2 LCD for output and user input provided by a PS/2 keyboard. You won’t be playing Prince of Persia on it, but at least you might be able to finish it in a weekend.

The computer is clocked at 1 MHz, and features 32KB RAM
along with 32KB EEPROM. That should be enough for anyone. [Nick] also points out he tried to use era-appropriate 7400 series ICs wherever possible, so no worries about historical revisionism here. If you’re looking for a design that somebody could have potentially knocked together back in the 1970s, this one would get you fairly close.

The astute reader might notice there’s no removable media in this build, and may be wondering how one loads programs. For that, [Nick] allowed himself a bit of modern convenience and came up with a scheme that allows an Arduino (or similar microcontroller) to connect up to the computer’s 28C256-15 EEPROM. With a Python script running on your “real” computer, you can write a new ROM image directly to the chip. He’s included the source code for a simple program which will write whatever you type on the keyboard out on the LCD, which should give you a good framework for writing additional software.

If you’re looking for a bigger challenge, don’t worry. We’ve covered 6502 breadboard computers that will make your eyes water. Incidentally, this isn’t the first time we’ve seen a similar LCD used for one of these computers, so looks like there’s no shame in sneaking in modern parts where it makes sense.

Windows 3.1 In My BIOS? It’s More Likely Than You Think

April 10, 2019 by Tom Nardi 66 Comments

It might be difficult for modern audiences to believe, but at one point Microsoft Windows fit on floppy disks. This was a simpler time, with smaller hard drives, lower resolution displays, and no hacker blogs for you to leave pessimistic comments on. A nearly unrecognizable era, to be sure. But if you’re one of the people who looks back on these days fondly, you might wonder why we don’t see this tiny graphical operating system smashed into modern hardware. After all, SkiFree sure ain’t gonna play itself.

Well, wonder no more. A hacker by the name of [redsPL] thought that Microsoft’s latest and greatest circa 1992 might do well crammed into the free space remaining on a ThinkPad X200’s firmware EEPROM. It would take a little fiddling, plus the small matter of convincing the BIOS to see the EEPROM as a virtual floppy drive, but clearly those are all minor inconveniences for anyone mad enough to boot their hardware into a nearly 30 year old copy of Visual Basic for a laugh.

The adventure starts when [redsPL] helped a friend install libreboot and coreboot on a stack of old ThinkPads by using the Raspberry Pi as an SPI flasher, a pastime we’re no strangers to ourselves. Once the somewhat finicky software and hardware environment was up and running, it seemed a waste not to utilize it further. Especially given the fact most firmware replacements only fill a fraction of the X200’s 8 MB chip.

Of course, Windows 3.1 was not designed for modern hardware and no proper drivers exist for much of it. Just getting the display resolution up to 1024×768 (and still with only 256 colors) required patching the original video drivers with ones designed for VMWare. [redsPL] wasn’t able to get the sound hardware working, but at least the PC speaker makes the occasional buzz. The last piece of the puzzle was messing around the zip and xz commands until the disk image was small enough to sneak onto the chip.

Believe it or not, this isn’t the first time we’ve seen Windows from this era running on a (relatively) modern ThinkPad. For whatever reason, these two legends of the computing world seem destined to keep running into each other.

[Thanks to Renard for the tip.]

Hacking 16GB Into An Old PC That Doesn’t Want That Much

April 6, 2019 by Al Williams 23 Comments

From the title, you might think this post is going to be some lame story about someone plugging in some RAM and maybe updating a BIOS. That’s where you’d be wrong. [Downtown Doug Brown] has a much more interesting and instructive story.

[Doug] found his motherboard was rated for 8 GB maximum and decided he’d make 16 GB of RAM work despite the limitation. He updated the BIOS and it worked — in Linux. He was able to see all the memory and it tested good. If that was it, you wouldn’t be reading about it here. The story gets interesting when he tried to boot Windows 10 and it refused, showing its kinder and gentler blue screen of death. For many people, that would be the end of the story, especially since Windows 10 doesn’t give you much information about why it crashed.

Like so many problems, this one had to be peeled back like an onion. The first thing to do was to change the Windows registry to allow the blue screen to output some technical information that was present in older versions of Windows. The error code indicated that the issue had to do with the BIOS reporting overlapping memory regions.

With some investigating in Linux, whose log files get a lot more BIOS information, [Doug] realized the E820 interface was returning a memory region that conflicted with ACPI’s information. It seems as though the motherboard was reserving space at the top of the 8 GB range for PCI operations which was punching a hole in the system’s (now larger) memory. Turning off a setting in the BIOS fixed the problem, but only because it makes Linux and Windows both see only 4GB of memory. That also wouldn’t be a very interesting story. [Doug] theorized that if he could move the mapping area to the top of the 16 GB range, things would work.

What follows is a great exposition of the Linux tools for reading and changing system information. Did he get it to work? Read the post and find out. But we will tell you that he did manage to have grub patch his system information.

Most of the motherboard hacks we’ve seen relate to hardware, not software. Of course, you could just buy a new motherboard. If you need ideas for what to do with the old one, here you go.

How The Gigatron TTL Microcomputer Works

March 25, 2019 by Jenny List 26 Comments

About a year ago when Hackaday and Tindie were at Maker Faire UK in Newcastle, we were shown an interesting retrocomputer by a member of York Hackspace. The Gigatron is a fully functional home computer of the type you might have owned in the early 1980s, but its special trick is that it does not contain a microprocessor. Instead of a 6502, Z80, or other integrated CPU it only has simple TTL chips, it doesn’t even contain the 74181 ALU-in-a-chip. You might thus expect it to have a PCB the size of a football pitch studded with countless chips, but it only occupies a modest footprint with 36 TTL chips, a RAM, and a ROM. Its RISC architecture provides the explanation, and its originator [Marcel van Kervinck] was recently good enough to point us to a video explaining its operation.

It was recorded at last year’s Hacker Hotel hacker camp in the Netherlands, and is delivered by the other half of the Gigatron team [Walter Belgers]. In it he provides a fascinating rundown of how a RISC computer works, and whether or not you have any interest in the Gigatron it is still worth a watch just for that. We hear about the design philosophy and the choice of a Harvard architecture, explained the difference between CISC and RISC, and we then settle down for a piece-by-piece disassembly of how the machine works. The format of an instruction is explained, then the detail of their 10-chip ALU.

The display differs from a typical home computer of the 1980s in that it has a full-color VGA output rather than the more usual NTSC or PAL. The hardware is simple enough as a set of 2-bit resistor DACs, but the tricks to leave enough processing time to run programs while also running the display are straight from the era. The sync interval is used to drive another DAC for audio, for example.

The result is one of those what-might-have-been moments, a glimpse into a world in which RISC architectures arrived at the consumer level years earlier than [Sophie Wilson]’s first ARM design for an Acorn Archimedes. There’s no reason that a machine like this one could not have been built in the late 1970s, but as we know the industry took an entirely different turn. It remains then the machine we wish we’d had in the early 1980s, but of course that doesn’t stop any of us having one now. You can buy a Gigatron of your very own, and once you’ve soldered all those through-hole chips you can run the example games or get to grips with some of the barest bare-metal RISC programming we’ve seen. We have to admit, we’re tempted!

Continue reading “How The Gigatron TTL Microcomputer Works” →