This Week In Security: Operation Endgame, Appliance Carnage, And Router Genocide

May 31, 2024 by Jonathan Bennett 3 Comments

This week saw an impressive pair of takedowns pulled off by law enforcement agencies around the world. The first was the 911 S5 botnet, Which the FBI is calling “likely the world’s largest botnet ever”. Spreading via fake free VPN services, 911 was actually a massive proxy service for crooks. Most lately, this service was operating under the name “Cloud Router”. As of this week, the service is down, the web domain has been seized, and the alleged mastermind, YunHe Wang, is in custody.

The other takedown is interesting in its own right. Operation Endgame seems to be psychological warfare as well as actual arrests and seizures. The website features animated shorts, a big red countdown clock, and a promise that more is coming. The actual target was the ring that manage malware droppers — sort of middlemen between initial shellcode, and doing something useful with a compromised machine. This initial volley includes four arrests, 100+ servers disrupted, and 2,000+ domains seized.

The arrests happened in Armenia and Ukraine. The messaging around this really seems to be aimed at the rest of the gang that’s out of reach of law enforcement for now. Those criminals may still be anonymous, or operating in places like Russia and China. The unmistakable message is that this operation is coming for the rest of them sooner or later. Continue reading “This Week In Security: Operation Endgame, Appliance Carnage, And Router Genocide” →

FLOSS Weekly Episode 785: Designing GUIs And Building Instruments With EEZ

May 29, 2024 by Jonathan Bennett 8 Comments

This week Jonathan Bennett chats with Dennis and Goran about EEZ, the series of projects that started with an Open Source programmable power supply, continued with the BB3 modular test bench tool, and continues with EEZ Studio, a GUI design tool for embedded devices.

Continue reading “FLOSS Weekly Episode 785: Designing GUIs And Building Instruments With EEZ” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Auto Harp Typewriter

May 28, 2024 by Kristina Panos 6 Comments

An extremely large split keyboard with giant knobs, and pedals underneath the desk. — Image by [crazymittens-r] via reddit

Where do I even begin with this one? Let’s start with the reasoning behind this giant beast’s existence, and that is medical necessity. [crazymittens-r] needed something that would let them keep working, and after many hours and many versions, this is the current iteration of their ArcBoard, which looks like it could control a spaceship.

You can read all about this version on GitHub, but here’s the gist — you’re looking at a split keyboard with dual macro pads, rotary encoders, and a built-in trackball. And oh yeah, there are pedals, too. Those are a whole other thing.

In this revision, [crazymittens-4] said no to hand-wiring and instead went with custom flexible PCBs. The encoders now have push-button LED screens, and overall, there are “more LEDs than QMK can handle”. There’s even a secret keyboard within the keyboard! I can’t express how much I want to put my hands on this thing.

Continue reading “Keebin’ With Kristina: The One With The Auto Harp Typewriter” →

Camera And Lens Repair Hack Chat

May 27, 2024 by Dan Maloney 13 Comments

Join us on Wednesday, May 29 at noon Pacific for the Camera and Lens Repair Hack Chat with Anthony Kouttron!

Unlike the normies, most of us are pretty comfortable looking under the hood of just about anything electronic or mechanical. Whether it’s to effect a repair, make a modification, or just to take a look around, voiding warranties is what we do. A lot of us have hard limits, though, and will shy away from certain types of equipment. High voltages and radiation come to mind, as well as machines with lots of spinny bits that can devour your hands in a trice. One mustn’t be foolhardy, after all.

But one place that we’ve always feared to tread for some reason is camera equipment. Perhaps it has to do with all those impossibly tiny screws with subtly different lengths and the knowledge that putting the wrong screw in the wrong hole could have disastrous results. Or maybe it’s just the general fear that messing around with the insides of lenses could knock something slightly off-kilter and ruin the optics.

We’re certainly glad that Anthony Kouttron doesn’t share this trepidation. We recently featured a lens repair that he accomplished that was packed with tips and tricks for optical repairs. It turns out that Anthony has been repairing cameras for leisure since 2010, and has serviced both consumer and high-end cinema equipment — so he’s seen his fair share of broken camera bits. We’ve asked him to drop by the Hack Chat, so if you’ve been hesitant to dive into optical fixes, now might be your chance to learn about the dos and don’ts of camera and lens repair.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 29 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Hackaday Links: May 26, 2024

May 26, 2024 by Dan Maloney 5 Comments

Another day, another crop of newly minted minimal astronauts, as Blue Origin’s New Shepard made a successful suborbital flight this week. Everything seemed to go according to plan, at least until right at the end, when an “unexpected foliage contingency” made astronaut egress a little more complicated than usual. The New Shepard capsule had the bad taste to touch down with a bit of West Texas shrubbery directly aligned with the hatch, making it difficult to find good footing for the platform used by the astronauts for the obligatory “smile and wave” upon exiting. The Blue Origin ground crew, clad in their stylish black and blue outfits that must be murderously impractical in the West Texas desert, stamped down the brush to place the stairway, but had a lot of trouble getting it to sit straight. Even with the impromptu landscaping, the terrain made it tough to get good footing without adding random bits of stuff to prop up one leg, an important task considering that one of the new astronauts was a 90-year-old man. It seems pretty short-sighted not to have adjustable legs on the stairway, but there it is.

Continue reading “Hackaday Links: May 26, 2024” →

Hackaday Podcast Episode 272: Desktop EDM, Silence Of The Leaves, And The Tyranny Of The Rocket Equation

May 24, 2024 by Dan Maloney 1 Comment

With Elliot off on vacation, Tom and Dan made a valiant effort to avoid the dreaded “clip show” and provide you with the tastiest hacker treats of the week. Did they succeed? That’s not for us to say, but if you’re interested in things like non-emulated N64 games and unnecessarily cool filament sensors, this just might be one to check out.

We also came across a noise suppressor for a leaf blower, giant antennae dangling from government helicopters, and a desktop-friendly wire EDM setup that just might change the face of machining. We waxed on about the difference between AI-generated code and just pulling routines from StackExchange, came to the conclusion that single-stage-to-orbit is basically just science fiction, and took a look at the latest eclipse from 80,000 feet, albeit a month after the fact.

Worried about attracting the Black Helicopters? Download the DRM-free MP3 and listen offline, just in case.

Continue reading “Hackaday Podcast Episode 272: Desktop EDM, Silence Of The Leaves, And The Tyranny Of The Rocket Equation” →

This Week In Security: Drama At The C-Level, Escape Injection, And Audits

May 24, 2024 by Jonathan Bennett 6 Comments

There was something of a mystery this week, with the c.root-servers.net root DNS server falling out of sync with it’s 12 siblings. That’s odd in itself, as these are the 13 servers that keep DNS working for the whole Internet. And yes, that’s a bit of a simplification, it’s not a single server for any of the 13 entities — the C “server” is actually 12 different machines. The intent is for all those hundreds of servers around the world to serve the same DNS information, but over several days this week, the “C” servers just stopped pulling updates.

The most amusing/worrying part of this story is how long it took for the problem to be discovered and addressed. One researcher cracked a ha-ha-only-serious sort of joke, that he had reported the problem to Cogent, the owners of the “C” servers, but they didn’t “seem to understand that they manage a root server”. The problem first started on Saturday, and wasn’t noticed til Tuesday, when the servers were behind by three days. Updates started trickling late Tuesday or early Wednesday, and by the end of Wednesday, the servers were back in sync.

Cogent gave a statement that an “unrelated routing policy change” both affected the zone updates, and the system that should have alerted them to the problem. It seems there might room for an independent organization, monitoring some of this critical Internet Infrastructure.

Continue reading “This Week In Security: Drama At The C-Level, Escape Injection, And Audits” →