Hackaday Columns

4302 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Cookie Monster, CyberGhost, NEXX, And Dead Angles

April 7, 2023 by 5 Comments

“Operation Cookie Monster” ranks as one of the best code names in recent memory. And it’s apropo, given what exactly went down. Genesis Market was one of those marketplaces where criminals could buy and sell stolen credentials. This one was a bit extra special.

Websites and services are getting better about detecting logins from unexpected computers. Your Google account suddenly logs in from a new computer, and a two-factor authentication challenge launches. Why? Your browser is missing a cookie indicating you’ve logged in before. But there’s more. Providers have started rolling out smart analytics that check for IP address changes and browser fingerprints. Your mix of time zone, user string, installed fonts, and selected language make a pretty unique identifier. So sites like Genesis offer Impersonation-as-a-Service (IMPaaS), which is session hijacking for the modern age.

A victim computer gets owned, and credentials are collected. But so are cookies and a browser fingerprint. Then a criminal buyer logs in, and runs a virtual browser with all that collected data. Run through a proxy to get a IP that is geolocated close enough to the victim, and Mr. Bad Guy has a cloned machine with all accounts intact.

And now back to Operation Cookie Monster, a multi-organization takedown of Genesis. It’s apparently a partial takedown, as the latest word is that the site is still online on the Tor network. But the conventional domains are down, and something like eight million credentials have been captured and added to the Have I Been Pwned database.

Another researcher team, Sector 7, has been working the case with Dutch authorities, and has some interesting details. The vector they cover was a fake activation crack for an antivirus product. Ironic. There are several extensions that get installed on the victim computer, and one of the most pernicious is disguised as Google Drive. This extension looks for a Command and Control server, using Bitcoin as DNS. A hardcoded Bitcoin address is polled for its latest transaction, and the receiving address is actually an encoded domain name, you-rabbit[.]com as of the latest check.

This extension will look for and rewrite emails that might be warning the victim about compromise. Get an email warning about a cryptocurrency withdrawal? It modifies it in the browser to be a sign-in warning. It also allows Genesis customers to proxy connections through the victim’s browser, bypassing IP address security measures. Continue reading “This Week In Security: Cookie Monster, CyberGhost, NEXX, And Dead Angles”

Retrotechtacular: Voice Controlled Typewriter Science Project In 1958

April 6, 2023 by 17 Comments

Hackaday readers might know [Victor Scheinman] as the pioneer who built some of the first practical robot arms. But what was a kid like that doing in high school? Thanks to a film about the 1958 New York City Science Fair, we know he was building a voice-activated typewriter. Don’t believe it? Watch it yourself below, thanks to [David Hoffman].

Ok, we know. Voice typing is no big deal today, and, frankly, [Victor’s] attempt isn’t going to amaze anyone today. But think about it. It was 1958! All those boat anchor ham radios behind him aren’t antiques. That’s what radios looked like in 1958. Plus, the kid is 16 years old. We’d say he did pretty darn good!

Continue reading “Retrotechtacular: Voice Controlled Typewriter Science Project In 1958”

Retrotechtacular: Solder Like Its 1944!

April 5, 2023 by 37 Comments

When we first saw this 1944 US Office of Education film about hand soldering, we figured it might still have some good information. Well, perhaps it does, but the 1944 soldering was with a giant iron, and the work looked more like metal bricks than anything we’ve soldered lately. Of course, the physics is all the same, but some of the terminology, like “sweating in” isn’t anything we’ve heard before, although we have heard of sweat soldering.

They do show some electronic soldering on components, including some interesting-looking coils. But the irons look more like a bad science fiction movie’s idea of a lightsaber. The solder is equally huge, of course.

Continue reading “Retrotechtacular: Solder Like Its 1944!”

Supercon 2022: Chris Combs Reveals His Art-World Compatibility Layer

April 4, 2023 by 12 Comments

[Chris Combs] is a full time artist who loves using technology to create unique art projects and has been building blinky artwork since about a decade now. In his 2022 Supercon talk “Art-World Compatibility Layer: How to Hang and Sell Your Blinky Goodness as Art” (Slides, PDF), [Chris] takes us behind the scenes and shows us how to turn our blinky doodads in to coveted art works. There is a big difference between a project that just works, and a work of art, and it’s the attention to small details that differentiates the two.

Just like the field of engineering and technology, the art world has its own jargon and requires knowledge of essential skills that make it intimidating to newcomers. It’s not very easy to define what makes an artwork “art” or even “Art”, and sometimes it’s difficult to distinguish if you are looking at a child’s scrawls or a master’s brushstrokes. But there are a few distinguishing requirements that a piece of artwork, particularly one revolving around the use of technology, must meet.

Continue reading “Supercon 2022: Chris Combs Reveals His Art-World Compatibility Layer”

Largest Ever Hydrogen Fuel Cell Plane Takes Flight

April 3, 2023 by 72 Comments

In the automotive world, batteries are quickly becoming the energy source of the future. For heavier-duty tasks, though, they simply don’t cut the mustard. Their energy density, being a small fraction of that of liquid fuels, just can’t get the job done. In areas like these, hydrogen holds some promise as a cleaner fuel of the future.

Universal Hydrogen hopes that hydrogen will do for aviation what batteries can’t. The company has been developing flight-ready fuel cells for this exact purpose, and has begun test flights towards that very goal.

Continue reading “Largest Ever Hydrogen Fuel Cell Plane Takes Flight”

Hackaday Links Column Banner

Hackaday Links: April 2, 2023

April 2, 2023 by 1 Comment

It may be hard to believe, but it’s time for the Hackaday Prize again! The 2023 Hackaday Prize was announced last weekend at Hackaday Berlin, and entries are already pouring in. The first-round challenge is all about “Re-engineering Education,” which means you’ve got to come up with a project idea that helps push back the veil of ignorance somehow. Perhaps you’ve got a novel teaching tool in mind, or a way to help students learn remotely. Or maybe your project is aimed at getting students involved and engaged. Whatever it is — and whatever the subject matter; it doesn’t just have to be hacking-adjacent — get an entry together, build a team, and get to work. The first round closes on April 25, so get to it!

Continue reading “Hackaday Links: April 2, 2023”

Hackaday Does Berlin

April 1, 2023 by 3 Comments

If you’re wondering why there was no newsletter last weekend, it was because we had our hands full with Hackaday Berlin. But boy, was it worth it! Besides being the launch party for the tenth annual Hackaday Prize, it was the first Hackaday gathering in Europe for four years, and it was awesome to see a bunch of familiar faces and meet many more new ones.

In a world that’s so interconnected, you might think that social media can take care of it all for you. And to some extent that’s true! If I could count the number of times I heard “I follow you on Twitter/Mastodon” over the course of the event!

But then there were tons of other meetings. People who are all interested in building and designing analog synthesizers, even some who live in the same urban megalopolis, meeting each other and talking about modules and designs. People who love flip dots. On the spot collaborations of people writing video drivers and people making huge LED walls. And somehow there’s still room for this to happen, even though the algorithms should have probably hooked these folks up by now.

From the perspective of hosting the conference, I get the most satisfaction from seeing these chance meetings and the general atmosphere of people learning not only new things, but new people. This cross-fertilization of friendships and project collaborations is what keeps our community vital, and especially coming out of the Pandemic Years, it’s absolutely necessary. I came away with a long list of new plans, and I’m sure everyone else did too. And for some reason, social media just isn’t a substitute. Take that, TwitFace!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!