Slider

4834 Articles

Share Your Projects: Take Pictures

April 7, 2023 by 38 Comments

Information is diesel for a hacker’s engine, and it’s fascinating how much can happen when you share what you’re working on. It could be a pretty simple journey – say, you record a video showing you fixing your broken headphones, highlighting a particular trick that works well for you. Someone will see it as an entire collection of information – “if my headphones are broken, the process of fixing them looks like this, and these are the tools I might need”. For a newcomer, you might be leading them to an eye-opening discovery – “if my headphones are broken, it is possible to fix them”.

There’s a few hundred different ways that different hackers use for project information sharing – and my bet is that talking through them will help everyone involved share better and easier. Let’s start talking about pictures – perhaps, the most powerful tool in a hacker’s arsenal. I’ll tell you about all the picture-taking hacks and guidelines I’ve found, go into subjects like picture habits and simple tricks, and even tell you what makes Hackaday writers swoon!

To start with, here’s a picture of someone hotwiring a car. This one picture conveys an entire story, and a strong one.

Continue reading “Share Your Projects: Take Pictures”

This Week In Security: Cookie Monster, CyberGhost, NEXX, And Dead Angles

April 7, 2023 by 5 Comments

“Operation Cookie Monster” ranks as one of the best code names in recent memory. And it’s apropo, given what exactly went down. Genesis Market was one of those marketplaces where criminals could buy and sell stolen credentials. This one was a bit extra special.

Websites and services are getting better about detecting logins from unexpected computers. Your Google account suddenly logs in from a new computer, and a two-factor authentication challenge launches. Why? Your browser is missing a cookie indicating you’ve logged in before. But there’s more. Providers have started rolling out smart analytics that check for IP address changes and browser fingerprints. Your mix of time zone, user string, installed fonts, and selected language make a pretty unique identifier. So sites like Genesis offer Impersonation-as-a-Service (IMPaaS), which is session hijacking for the modern age.

A victim computer gets owned, and credentials are collected. But so are cookies and a browser fingerprint. Then a criminal buyer logs in, and runs a virtual browser with all that collected data. Run through a proxy to get a IP that is geolocated close enough to the victim, and Mr. Bad Guy has a cloned machine with all accounts intact.

And now back to Operation Cookie Monster, a multi-organization takedown of Genesis. It’s apparently a partial takedown, as the latest word is that the site is still online on the Tor network. But the conventional domains are down, and something like eight million credentials have been captured and added to the Have I Been Pwned database.

Another researcher team, Sector 7, has been working the case with Dutch authorities, and has some interesting details. The vector they cover was a fake activation crack for an antivirus product. Ironic. There are several extensions that get installed on the victim computer, and one of the most pernicious is disguised as Google Drive. This extension looks for a Command and Control server, using Bitcoin as DNS. A hardcoded Bitcoin address is polled for its latest transaction, and the receiving address is actually an encoded domain name, you-rabbit[.]com as of the latest check.

This extension will look for and rewrite emails that might be warning the victim about compromise. Get an email warning about a cryptocurrency withdrawal? It modifies it in the browser to be a sign-in warning. It also allows Genesis customers to proxy connections through the victim’s browser, bypassing IP address security measures. Continue reading “This Week In Security: Cookie Monster, CyberGhost, NEXX, And Dead Angles”

Retrotechtacular: Voice Controlled Typewriter Science Project In 1958

April 6, 2023 by 17 Comments

Hackaday readers might know [Victor Scheinman] as the pioneer who built some of the first practical robot arms. But what was a kid like that doing in high school? Thanks to a film about the 1958 New York City Science Fair, we know he was building a voice-activated typewriter. Don’t believe it? Watch it yourself below, thanks to [David Hoffman].

Ok, we know. Voice typing is no big deal today, and, frankly, [Victor’s] attempt isn’t going to amaze anyone today. But think about it. It was 1958! All those boat anchor ham radios behind him aren’t antiques. That’s what radios looked like in 1958. Plus, the kid is 16 years old. We’d say he did pretty darn good!

Continue reading “Retrotechtacular: Voice Controlled Typewriter Science Project In 1958”

If They Fire The Nukes, Will They Even Work?

April 6, 2023 by 146 Comments

2022 was a harrowing year in a long line of harrowing years. A brutal war in Europe raised the prospect of nuclear war as the leaders behind the invasion rattled sabers and made thinly veiled threats to use weapons of mass destruction. And all this as we’re still working our way through the fallout of a global pandemic.

Those hot-headed threats raise an interesting question, however. Decades have passed since either Russia or the United States ran a live nuclear weapons test. Given that, would the nukes even work if they were fired in anger?

Continue reading “If They Fire The Nukes, Will They Even Work?”

Retrotechtacular: Solder Like Its 1944!

April 5, 2023 by 37 Comments

When we first saw this 1944 US Office of Education film about hand soldering, we figured it might still have some good information. Well, perhaps it does, but the 1944 soldering was with a giant iron, and the work looked more like metal bricks than anything we’ve soldered lately. Of course, the physics is all the same, but some of the terminology, like “sweating in” isn’t anything we’ve heard before, although we have heard of sweat soldering.

They do show some electronic soldering on components, including some interesting-looking coils. But the irons look more like a bad science fiction movie’s idea of a lightsaber. The solder is equally huge, of course.

Continue reading “Retrotechtacular: Solder Like Its 1944!”

How Tattoos Interact With The Immune System Could Have Impacts For Vaccines

April 5, 2023 by 40 Comments

Tattoos are an interesting technology. They’re a way of marking patterns and designs on the skin that can last for years or decades. All this, despite the fact that our skin sloughs off on a regular basis!

As it turns out, tattoos actually have a deep and complex interaction with our immune system, which hold some of the secrets regarding their longevity. New research has unveiled more insight into how the body responds when we get inked up.

Continue reading “How Tattoos Interact With The Immune System Could Have Impacts For Vaccines”

Supercon 2022: Chris Combs Reveals His Art-World Compatibility Layer

April 4, 2023 by 12 Comments

[Chris Combs] is a full time artist who loves using technology to create unique art projects and has been building blinky artwork since about a decade now. In his 2022 Supercon talk “Art-World Compatibility Layer: How to Hang and Sell Your Blinky Goodness as Art” (Slides, PDF), [Chris] takes us behind the scenes and shows us how to turn our blinky doodads in to coveted art works. There is a big difference between a project that just works, and a work of art, and it’s the attention to small details that differentiates the two.

Just like the field of engineering and technology, the art world has its own jargon and requires knowledge of essential skills that make it intimidating to newcomers. It’s not very easy to define what makes an artwork “art” or even “Art”, and sometimes it’s difficult to distinguish if you are looking at a child’s scrawls or a master’s brushstrokes. But there are a few distinguishing requirements that a piece of artwork, particularly one revolving around the use of technology, must meet.

Continue reading “Supercon 2022: Chris Combs Reveals His Art-World Compatibility Layer”