Hackaday Columns

4778 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR

September 30, 2022 by 13 Comments

According to researchers at GTSC, there’s an unpatched 0-day being used in-the-wild to exploit fully patched Microsoft Exchange servers. When they found one compromised server, they made the report to Microsoft through ZDI, but upon finding multiple Exchange servers compromised, they’re sounding the alarm for everyone. It looks like it’s an attack similar to ProxyShell, in that it uses the auto-discover endpoint as a starting point. They suspect it’s a Chinese group that’s using the exploit, based on some of the indicators found in the webshell that gets installed.

There is a temporary mitigation, adding a URL-based request block on the string .*autodiscover\.json.*\@.*Powershell.. The exact details are available in the post. If you’re running Exchange with IIS, this should probably get added to your system right now. Next, use either the automated tool, or run the PowerShell one-liner to detect compromise: Get-ChildItem -Recurse -Path -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200. This one has the potential to be another really nasty problem, and may be wormable. As of the time of writing, this is an outstanding, unpatched problem in Microsoft Exchange. Come back and finish the rest of this article after you’ve safed up your systems.

Continue reading “This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR”

Intranasal Vaccines: A Potential Off-Ramp For Coronavirus Pandemics

September 29, 2022 by 54 Comments

An interesting and also annoying aspect about the human immune system is that it is not a neat, centralized system where you input an antigen pattern in one spot and suddenly every T and B lymphocyte in the body knows how to target an intruder. Generally, immunity stays confined to specific areas, such as the vascular and lymph system, as well as the intestinal and mucosal (nasal) parts of the body.

The result of this is that specific types of vaccines have a different effect, as is demonstrated quite succinctly with the polio vaccines. The main difference between the oral polio vaccine (OPV) and inactivated vaccine (injected polio vaccine, or IPV) is that the former uses a weakened virus that induces strong immunity in the intestines, something that the latter does not. The effect of this is that while both protect the individual, it does not affect the fecal-oral infection route of the polio virus and thus the community spread.

The best outcome for a vaccine is when it both protects the individual, while also preventing further infections as part of so-called sterilizing immunity. This latter property is what makes the OPV vaccine so attractive, as it prevents community spread, while IPV is sufficient later on, as part of routine vaccinations. The decision to use a vaccine like the OPV versus the IPV is one of the ways doctors can tune a population’s protection against a disease.

This is where the current batch of commonly used SARS-CoV-2 vaccines are showing a major issue, as they do not provide significant immunity in the nasal passage’s mucosal tissues, even though this is where the virus initially infects a host, as well as where it replicates and infects others from. Here intranasal vaccines may achieve what OPV did for polio.

Continue reading “Intranasal Vaccines: A Potential Off-Ramp For Coronavirus Pandemics”

2022 Hackaday Prize: Congratulations To The Winners Of The Climate-Resilient Communities Challenge

September 28, 2022 by 1 Comment

Holy humanitarian hacking, Batman! We asked you to come up with your best climate-forward ideas, and you knocked it out of the ionosphere! Once again, the judges had a hard time narrowing down the field to just ten winners, but they ultimately pulled it off — and here are the prize-winning projects without much further ado.

In the Climate-Resilient Challenge, we asked you to design devices that help build communities’ resilience to severe weather and the increasing frequency of natural disasters due to climate change, and/or devices that collect environmental data that serves as hard evidence in the fight for changes in local infrastructure. While several people focused on air quality, which is something we tend to think of as a human need, plenty others thought of the flora and fauna with which we share this planet.

Continue reading “2022 Hackaday Prize: Congratulations To The Winners Of The Climate-Resilient Communities Challenge”

Japan Wants To Decarbonize With The Help Of Ammonia

September 27, 2022 by 59 Comments

With climate change concerns front of mind, the world is desperate to get to net-zero carbon output as soon as possible. While direct electrification is becoming popular for regular passenger cars, it’s not yet practical for more energy-intensive applications like aircraft or intercontinental shipping. Thus, the hunt has been on for cleaner replacements for conventional fossil fuels.

Hydrogen is the most commonly cited, desirable for the fact that it burns very cleanly. Its only main combustion product is water, though its combustion can generate some nitrogen oxides when burned with air. However, hydrogen is yet to catch on en-masse, due largely to issues around transport, storage, and production.

This could all change, however, with the help of one garden-variety chemical: ammonia. Ammonia is now coming to the fore as an alternative solution. It’s often been cited as a potential way to store and transport hydrogen in an alternative chemical form, since its formula consists of one nitrogen atom and three hydrogen atoms.However, more recently, ammonia is being considered as a fuel in its own right.

Let’s take a look at how this common cleaning product could be part of a new energy revolution.

Continue reading “Japan Wants To Decarbonize With The Help Of Ammonia”

Linux Fu: Atomic Power

September 26, 2022 by 12 Comments

People are well aware of the power of virtual machines. If you want to do something dangerous — say, hack on the kernel — you can create a virtual machine, snapshot it, screw it up a few times, restore it, and your main computer never misses a beat. But sometimes you need just a little shift in perspective, not an entire make belive computer. For example, you are building a new boot disk and you want to pretend it is the real boot disk and make some updates. For that there is chroot, a Linux command that lets you temporarily open processes that think the root of the filesystem is in a different place than the real root. The problem is, it is hard to manage a bunch of chroot environments which is why they created Atoms.

The system works with several common distributions and you install it via Flatpak. That means you can launch, for example, a shell that thinks it is running Gentoo or Centos Linux under Ubuntu.

Continue reading “Linux Fu: Atomic Power”

Reverse Engineering Hack Chat With Matthew Alt

September 26, 2022 by 1 Comment

Join us on Wednesday, September 28 at noon Pacific for the Reverse Engineering Hack Chat with Matthew Alt!

Our world is full of mysteries, from the nature of time to how exactly magnets work. There are some things that we just have to accept that no matter how hard we look, we’ll never get a complete answer, especially in the natural world. The constructed world is another thing, though. It doesn’t seem fair that only a relatively few people have the inside scoop on the workings of everyday things, like network routers, game consoles, and even the vehicles we drive. Of course, the companies that make these things have a right to profit from their intellectual property, but we as consumers also have a right to be curious about how these things work and to understand what the software running on these devices is doing on our behalf.

join-hack-chatLuckily, what can be engineered can be reverse engineered, if you have the right tools and the skills to use them. It can be a challenge, but it’s one Matthew Alt has taken on plenty of times. We’ve seen him deep-dive into JTAG, look at serial wire debugging, and recently even try some glitching attacks. In fact, he even taught a HackadayU course on reverse engineering with Ghidra. And now he’ll drop by the Hack Chat to talk all about reverse engineering. Join us with your questions, your exploits, and your ideas on how to go where no hacker has gone before.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, September 28 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Hackaday Links Column Banner

Hackaday Links: September 25, 2022

September 25, 2022 by 15 Comments

Looks like there’s trouble out at L2, where the James Webb Space Telescope suffered a mechanical anomaly back in August. The issue, which was just announced this week, involves only one of the six imaging instruments at the heart of the space observatory, known as MIRI, the Mid-Infrared Instrument. MIRI is the instrument on Webb that needs the coldest temperatures to work correctly, down to six Kelvins — we’ve talked about the cryocooler needed to do this in some detail. The problem has to do with unexpectedly high friction during the rotation of a wheel holding different diffraction gratings. These gratings are rotated into the optical path for different measurements, but apparently the motor started drawing excessive current during its move, and was shut down. NASA says that this only affects one of the four observation modes of MIRI, and the rest of the instruments are just fine at this time. So they’ve got some troubleshooting to do before Webb returns to a full program of scientific observations.

There’s an old saying that, “To err is human, but to really screw things up takes a computer.” But in Russia, to really screw things up it takes a computer and a human with a really poor grasp on just how delicately balanced most infrastructure systems are. The story comes from Moscow, where someone allegedly spoofed a massive number of fake orders for taxi rides (story in Russian, Google Translate works pretty well) through the aggregator Yandex.Taxi on the morning of September 1. The taxi drivers all dutifully converged on the designated spot, but instead of finding their fares, they just found a bunch of other taxis milling about and mucking up traffic. Yandex reports it has already added protection against such attacks to its algorithm, so there’s that at least. It’s all fun and games until someone causes a traffic jam.

Continue reading “Hackaday Links: September 25, 2022”