This Week In Security: .zip Domains, Zip Scanning

The world may not be ready, but the .zip Top Level Domain (TLD) is here. It’s a part of the generic TLD category, which was expanded to allow applications for custom TLDs. Google has led the charge, applying for 101 such new TLDs, with .zip being one of the interesting ones. Public registration for .zip domains has been open for a couple weeks, and some interesting domains have been registered, like update.zip, installer.zip, and officeupdate.zip.

The obvious question to ask is whether this new TLD can be abused for scamming and phishing purposes. And the answer is yes, sure it can. One of the trickiest ways is to use the AT symbol @ in a URL, which denotes user info at the beginning of the URL. It usually is used to include a username and password, like http://username:password@192.168.1.1/. That is pretty obvious, but what about https://google.com@bing.com? Still looks weird. The catch that really prevents this technique being abused is that slashes are disallowed in user data, so a abusive URL like https://google.com∕gmail∕inbox@bing.com is right out.

Except, take a look at that last link. Looks like it has slashes in it, so it should take you to google, and ignore the AT symbol. But it doesn’t, it goes to Bing. You may have guessed, it’s Unicode shenanigans again. Those aren’t slashes, they’re U2215, the division slash. And that means that a .zip TLD could be really sneaky, if the apparent domain is one you trust. Continue reading “This Week In Security: .zip Domains, Zip Scanning”

Supercon 2022: Andy Geppert Is Bringing Core Memory Back

Many Hackaday readers will be familiar with the term “core memory”, likely thanks to its close association with the Apollo Guidance Computer. But knowing that the technology existed at one point and actually understanding how it worked is another thing entirely. It’s a bit like electronic equivalent to the butter churn — you’ve heard of it, you could probably even identify an image of one — but should somebody hand you one and ask you to operate it, the result probably won’t be too appetizing.

That’s where Andy Geppert comes in. He’s turned his own personal interest into magnetic core memory into a quest to introduce this fascinating technology to a whole new generation thanks to some modern enhancements through his Core64 project. By mating the antiquated storage technology with a modern microcontroller and LEDs, it’s transformed into an interactive visual experience. Against all odds, he’s managed to turned a technology that helped put boots on the Moon half a century ago into a gadget that fascinates both young and old.

In this talk at the 2022 Hackaday Supercon, Andy first talks the audience through the basics of magnetic core memory as it was originally implemented. From there, he explains the chain of events that lead to the development of the Core64 project, and talks a bit about where he hopes it can go in the future.

Continue reading “Supercon 2022: Andy Geppert Is Bringing Core Memory Back”

Microbubbles And Ultrasound: Getting Drugs Through The Blood-Brain Barrier

The brain is a rather important organ, and as such, nature has gone to great lengths to protect it. The skull provides physical protection against knocks and bumps, but there’s a lesser-known defense mechanism at work too: the blood-brain barrier. It’s responsible for keeping all the nasty stuff – like bacteria, viruses, and weird chemicals – from messing up your head.

The blood-brain barrier effectively acts as a filter between the body’s circulatory system and the brain. However, it also frustrates efforts to deliver drugs directly to the brain for treating conditions like brain tumors. Now, scientists have developed a new technique that may allow critical life saving drugs to get through the barrier with the help of ultrasound technology. 

Continue reading “Microbubbles And Ultrasound: Getting Drugs Through The Blood-Brain Barrier”

Hackaday Links Column Banner

Hackaday Links: May 14, 2023

It’s been a while since we heard from Dmitry Rogozin, the always-entertaining former director of Roscosmos, the Russian space agency. Not content with sending mixed messages about the future of the ISS amid the ongoing war in Ukraine, or attempting to hack a mothballed German space telescope back into action, Rogozin is now spouting off that the Apollo moon landings never happened. His doubts about NASA’s seminal accomplishment apparently started while he was still head of Roscosmos when he tasked a group with looking into the Apollo landings. Rogozin’s conclusion from the data his team came back with isn’t especially creative; whereas some Apollo deniers go to great lengths to find “scientific proof” that we were never there, Rogozin just concluded that because NASA hasn’t ever repeated the feat, it must never have happened.

Continue reading “Hackaday Links: May 14, 2023”

Tools Of The Trade: Dirt Cheap Or Too Dirty?

We’ve recently seen a couple reviews of a particularly cheap oscilloscope that, among other things, doesn’t meet its advertised specs. Actually, it’s not even close. It claims to be a 100 MHz scope, and it’s got around 30 MHz of bandwidth instead. If you bought it for higher frequency work, you’d have every right to be angry. But it’s also cheap enough that, if you were on a very tight budget, and you knew its limitations beforehand, you might be tempted to buy it anyway. Or so goes one rationale.

In principle, I’m of the “buy cheap, buy twice” mindset. Some tools, especially ones that you’re liable to use a lot, make it worth your while to save up for the good stuff. (And for myself, I would absolutely put an oscilloscope in that category.) The chances that you’ll outgrow or outlive the cheaper tool and end up buying the better one eventually makes the money spent on the cheaper tool simply wasted.

But that’s not always the case either, and that’s where you have to know yourself. If you’re only going to use it a couple times, and it’s not super critical, maybe it’s fine to get the cheap stuff. Or if you know you’re going to break it in the process of learning anyway, maybe it’s a shame to put the gold-plated version into your noob hands. Or maybe you simply don’t know if an oscilloscope is for you. It’s possible!

And you can mix and match. I just recently bought tools for changing our car’s tires. It included a dirt-cheap pneumatic jack and an expensive torque wrench. My logic? The jack is relatively easy to make functional, and the specs are so wildly in excess of what I need that even if it’s all lies, it’ll probably suffice. The torque wrench, on the other hand, is a bit of a precision instrument, and it’s pretty important that the bolts are socked up tight enough. I don’t want the wheels rolling off as I drive down the road.

Point is, I can see both sides of the argument. And in the specific case of the ’scope, the cheapo one can also be battery powered, which gives it a bit of a niche functionality when probing live-ground circuits. Still, if you’re marginally ’scope-curious, I’d say save up your pennies for something at least mid-market. (Rigol? Used Agilent or Tek?)

But isn’t it cool that we have so many choices? Where do you buy cheap? Where won’t you?

Hackaday Podcast 218: Open Source AI, The Rescue Of Salyut 7, The Homework Machine

This week, Editor-in-Chief Elliot Williams and Kristina Panos have much in the way of Hackaday news — the Op Amp Challenge is about halfway over, and there are roughly three weeks left in the Assistive Tech challenge of the 2023 Hackaday Prize. Show us what you’ve got on the analog front, and then see what you can do to help people with disabilities to live better lives!

Kristina is still striking out on What’s That Sound, which this week honestly sounded much more horrendous and mechanical than the thing it actually is. Then it’s on to the hacks, beginning with the we-told-you-so that even Google believes that open source AI will out-compete both Google’s own AI and the questionably-named OpenAI.

From there we take a look at a light-up breadboard, listen to some magnetite music, and look inside a pair of smart sunglasses. Finally, we talk cars, beginning with the bleeding edge of driver-less. Then we go back in time to discuss in-vehicle record players of the late 1950s.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in  the comments!

Download and savor at your leisure.

Continue reading “Hackaday Podcast 218: Open Source AI, The Rescue Of Salyut 7, The Homework Machine”

This Week In Security: TPM And BootGuard, Drones, And Coverups

Full disk encryption is the go-to solution for hardening a laptop against the worst-case scenario of physical access. One way that encryption can be managed is through a Trusted Platform Module (TPM), a chip on the motherboard that manages the disk encryption key, and only hands it over for boot after the user has authenticated. We’ve seen some clever tricks deployed against these discrete TPMs, like sniffing the data going over the physical traces. So in theory, an integrated TPM might be more secure. Such a technique does exist, going by the name fTPM, or firmware TPM. It uses a Trusted Execution Environment, a TEE, to store and run the TPM code. And there’s another clever attack against that concept (PDF).

It’s chip glitching via a voltage fault. This particular attack works against AMD processors, and the voltage fault is triggered by injecting commands into the Serial Voltage Identification Interface 2.0 (SVI2). Dropping the voltage momentarily to the AMD Secure Processor (AMD-SP) can cause a key verification step to succeed even against an untrusted key, bypassing the need for an AMD Root Key (ARK) signed board firmware. That’s not a simple process, and pulling it off takes about $200 of gear, and about 3 hours. This exposes the CPU-unique seed, the board NVRAM, and all the protected TPM objects.

So how bad is this in the real world? If your disk encryption only relies on an fTPM, it’s pretty bad. The attack exposes that key and breaks encryption. For something like BitLocker that can also use a PIN, it’s a bit better, though to really offer more resistance, that needs to be a really long PIN: a 10 digit PIN falls to a GPU in just 4 minutes, in this scenario where it can be attacked offline. There is an obscure way to enable an “enhanced PIN”, a password, which makes that offline attack impractical with a secure password.

And if hardware glitching a computer seems to complicated, why not just use the leaked MSI keys? Now to be fair, this only seems to allow a bypass of Intel’s BootGuard, but it’s still a blow. MSI suffered a ransomware-style breach in March, but rather than encrypt data, the attackers simply threatened to release the copied data to the world. MSI apparently refused to pay up, and source code and signing keys are now floating in the dark corners of the Internet. There have been suggestions that this leak impacts the entire line of Intel processors, but it seems likely that MSI only had their own signing keys to lose. But that’s plenty bad, given the lack of a revocation system or automatic update procedure for MSI firmware. Continue reading “This Week In Security: TPM And BootGuard, Drones, And Coverups”