This Week In Security: WinRAR, DNS Disco, And No Silver Bullets

August 25, 2023 by Jonathan Bennett 1 Comment

So what does WinRAR, day trading, and Visual Basic have in common? If you guessed “elaborate malware campaign aimed at investment brokers”, then you win the Internet for the day. This work comes from Group-IB, another cybersecurity company with a research team. They were researching a malware known as DarkMe, and found an attack on WinRAR being used in the wild, using malicious ZIP files being spread on a series of web forums for traders.

Among the interesting tidbits of the story, apparently at least one of those forums locked down the users spreading the malicious files, and they promptly broke into the forum’s back-end and unlocked their accounts. The vulnerability itself is interesting, too. A rigged zip file is created with identically named image file and folder containing a script. The user tries to open the image, but because the zip is malformed, the WinRAR function gets confused and opens the script instead.

Based on a user’s story from one of those forums, it appears that the end goal was to break into the brokers’ trading accounts, and funnel money into attacker accounts. The one documented case only lost $2 worth of dogecoin.

There was one more vulnerability found in WinRAR, an issue when processing malicious recovery volumes. This can lead to code execution due to a memory access error. Both issues were fixed with release 6.23, so if you still have a WinRAR install kicking around, make sure it’s up to date! Continue reading “This Week In Security: WinRAR, DNS Disco, And No Silver Bullets” →

Hackaday Prize 2023: Ubo Project: Building For Builders

August 24, 2023 by Dave Rowntree 7 Comments

The Ubo Pod by [Mehrdad Majzoobi] is a very highly polished extension pack and enclosure for the Raspberry Pi 4, which shows you how far you can go to turn a bare PCB into something that rivals the hardware offerings from Google and others. Gadgets like the Sonos speakers and Amazon or Google’s covert listening devices (aka Echo, Alexa, or whatever they’re branded as) are fun to play with. Still, the difficulty of hacking custom applications into them and god-forbid adding one’s own extension hardware, makes them fairly closed ecosystems. Add in the concerns of privacy and data security; they look less and less attractive the closer you look. Luckily the Raspberry Pi and its friends have improved the accessibility to the point where it’s positively easy to create whatever you want with whatever hardware you need, and to that end we think [Mehrdad] has done a splendid job.

The custom top PCB sits below the wooden top surface, hosting a central LCD display with push buttons located around it. Also sitting atop are some IR transmitters and receivers as well as RGB LEDs for the ring lighting. This top PCB acts as a RPi hat, and plugs into an RPi4 below, which then attaches to a side board via some PCB-mounted connectors, matching up with the USB and audio connectors. This board seems to act purely as an interconnect and form-factor adaptor allowing interfaces to be presented more conveniently without needing wires. This makes for a very clean construction. Extensive use of resin printing is shown, with lots of nice details of how to solve problems such as LED diffusion and bleeding. Overall, a very slick and well-executed project, that is giving us a few ideas for our own projects.

This type of project is commonplace on these fair pages, like this DIY smart speaker for example. With the supply of pi being still a little difficult to deal with, could you roll your own or get an alternative? What about just using your old mobile phone?

Smart Garbage Trucks Help With Street Maintenance

August 24, 2023 by Lewin Day 42 Comments

If you’ve ever had trouble with a footpath, bus stop, or other piece of urban infrastructure, you probably know the hassles of dealing with a local council. It can be incredibly difficult just to track down the right avenue to report issues, let alone get them sorted in a timely fashion.

In the suburban streets of one Australian city, though, that’s changing somewhat. New smart garbage trucks are becoming instruments of infrastructure surveillance, serving a dual purpose that could reshape urban management. Naturally, though, this new technology raises issues around ethics and privacy.

Continue reading “Smart Garbage Trucks Help With Street Maintenance” →

Mass Production 3D Printing Hack Chat

August 21, 2023 by Dan Maloney 13 Comments

Join us on Wednesday, August 23 at noon Pacific for the Mass Production 3D Printing Hack Chat with Gabe Bentz!

We’ll take a wild guess and say that right now, within arm’s length of wherever you’re reading this, there’s something that was produced by injection molding. Look around; it’s there someplace, and whatever it is, thousands or perhaps millions of other identical artifacts were produced along with it, all by squeezing hot plastic into intricately machined metal tools.

It’s not much of an overstatement to say that, for good or for ill, the world is made from injection-molded plastic. But not every product can support the often considerable up-front costs associated with injection molding. The tooling needed is often remarkably complicated and correspondingly expensive, and running the machines that actually do the molding is expensive and highly specialized. Unless you’re committed to making a lot of parts, injection molding might just be out of your league.

But does that mean that medium-sized runs of parts are out of luck? Not at all! Gabe Bentz, founder and CEO of Slant 3D, is passionate about filling the manufacturing void where injection molding is prohibitive, either by virtue of start-up costs or because the part design is just not possible to manufacture. His massive print farms are busy day in and day out cranking out parts for customers that otherwise couldn’t be made. So if you’ve ever wondered what it takes to run a print farm, and what kinds of design considerations make a part a candidate for mass production by 3D printing, drop by the chat and we’ll see what he has to tell us.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, August 23 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

The Clathrate Gun Hypothesis: Unearthing Puzzles Of Warming Events Past

August 21, 2023 by Lewin Day 36 Comments

As the Earth continues to warm at a worrying rate, scientists continue to work to understand the processes and mechanisms at play. Amidst the myriad of climate-related theories and discussions, the clathrate gun hypothesis stands out not only for its intriguing name but for the profound implications it might have on our understanding of global warming events.

Delving into this hypothesis is akin to reading a detective novel written by Mother Earth, with clues hidden deep beneath the ocean and Arctic ice. It’s a great example of how scientists attempt to predict the future by unpicking the mysteries of the past.

Continue reading “The Clathrate Gun Hypothesis: Unearthing Puzzles Of Warming Events Past” →

Hackaday Links: August 20, 2023

August 20, 2023 by Dan Maloney 14 Comments

In some ways, we’ve become a little jaded when it comes to news from Mars, which almost always has to do with the Ingenuity helicopter completing yet another successful flight. And so it was with the report of flight number 54 — almost. It turns out that the previous flight, which was conducted on July 22, suffered a glitch that cut the flight short by forcing an immediate landing. We had either completely missed that in the news, or NASA wasn’t forthcoming with the news, perhaps until they knew more. But the details of the error are interesting and appear related to a glitch that happened 46 flights before, way back in May of 2021, that involves dropped frames from the video coming from the helicopter’s down-facing navigational camera. When this first cropped up back on flight six, it was only a couple of missed frames that nearly crashed the craft, thanks to confusion between the video stream and the inertial data. Flight engineers updated the aircraft’s software to allow for a little more flexibility with dropped frames, which worked perfectly up until the aborted flight 53.

Continue reading “Hackaday Links: August 20, 2023” →

Hackaday Podcast Ep 232: Chaos Communications Camp Placeholder Edition

August 18, 2023 by Elliot Williams 3 Comments

Editor-in-Chief Elliot Williams is off at Chaos Communications Camp, and Assistant Editor Tom Nardi is off on vacation, so there’s no real podcast this week.

If you need something to watch, let us suggest the talks!

Or listen to our pathetic excuses here:

Honestly, you’d be better off not downloading this one.