This Week In Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware

July 16, 2021 by Jonathan Bennett 16 Comments

The funniest thing happened to REvil this week. Their online presence seems to have disappeared.
Their Tor sites as well as conventional sites all went down about the same time Tuesday morning, leading to speculation that they may have been hit by a law enforcement operation. This comes on the heels of a renewed push by the US for other countries, notably Russia, to crack down on ransomware groups operating within their borders. If it is a coordinated takedown, it’s likely a response to the extremely widespread 4th of July campaign launched via the Kaseya platform. Seriously, if you’re going to do something that risks ticking off Americans, don’t do it on the day we’re celebrating national pride by blowing stuff up.

All REvil sites are down, including the payment sites and data leak site. 🤔

The public ransomware gang represenative, Unknown, is strangely quiet.

— Lawrence Abrams (@LawrenceAbrams) July 13, 2021

Speaking of Kaseya, they have finished their analysis, and published a guide for safely powering on their VSA on-premise hardware. Now that the fixes are available, more information about the attack itself is being released. Truesec researchers have been following this story in real time, and even provided information about the attack back to Kaseya, based on their observations. Their analysis shows that 4 separate vulnerabilities were involved in the attack. First up is an authentication bypass. It takes advantage of code that looks something like this: Continue reading “This Week In Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware” →

New Video Series: Learning Antenna Basics With Karen Rucker

July 15, 2021 by Dan Maloney 21 Comments

We don’t normally embrace the supernatural here at Hackaday, but when the topic turns to the radio frequency world, Arthur C. Clarke’s maxim about sufficiently advanced technology being akin to magic pretty much works for us. In the RF realm, the rules of electricity, at least the basic ones, don’t seem to apply, or if they do apply, it’s often with a, “Yeah, but…” caveat that’s sometimes hard to get one’s head around.

Perhaps nowhere does the RF world seem more magical than in antenna design. Sure, an antenna can be as simple as a straight piece or two of wire, but even in their simplest embodiments, antennas belie a complexity that can really be daunting to newbie and vet alike. That’s why we were happy to recently host Karen Rucker’s Introduction to Antenna Basics course as part of Hackaday U.

The class was held over a five-week period starting back in May, and we’ve just posted the edited videos for everyone to enjoy. The class is lead by Karen Rucker, an RF engineer specializing in antenna designs for spacecraft who clearly knows her business. I’ve watched the first video of the series and so far and really enjoy Karen’s style and the material she has chosen to highlight; just the bit about antenna polarization and why circular polarization makes sense for space communications was really useful. I’m keen to dig into the rest of the series playlist soon.

The 2021 session of Hackaday U may be wrapped up now, but fear not — there’s plenty of material available to look over and learn from. Head over to the course list on Hackaday.io, pick something that strikes your fancy, and let the learning begin!

Continue reading “New Video Series: Learning Antenna Basics With Karen Rucker” →

The Case Of The Mysterious Driveline Noise

July 14, 2021 by Lewin Day 31 Comments

Spend enough time on the automotive classifieds and you’ll end up finding a deal that’s too good to pass up. The latest of these in one’s own case was a Mercedes-Benz sedan, just past its twentieth birthday and in surprisingly tidy condition. At less than $3,000, the 1998 E240 was too good to pass up and simply had to be seen.

The car in question. Clean bodywork is too tempting to resist, even if there are mechanical issues.

The car was clean, too clean for asking price. Of course, a test drive revealed the car had one major flaw – an annoying hum from the drivetrain that seemed to vary with speed. Overall though, mechanical problems are often cheaper and easier to fix than bodywork, so a gamble was taken on the German sedan. The first order of business was to diagnose and rectify the issue.

Characterise, Research, Investigate

The first step to hunting down any noise is to characterise it as much as possible. In this case, the noise was most noticeable when the car was traveling at speeds from 40 km/h – 60 km/h, present as a vibrational humming noise. The location of the noise source was unclear. Importantly, the noise varied with the speed of the car, raising in pitch at higher speeds and dropping as speeds decreased. Engine speed had no effect on noise whatsoever, and the noise was present regardless of gear selected in the transmission, including neutral. Continue reading “The Case Of The Mysterious Driveline Noise” →

Retrotechtacular: The Secret Life Of The Electric Light

July 13, 2021 by Dan Maloney 22 Comments

Normally, when we pick out something to carry the “Retrotechtacular” banner, it’s a film from the good old days when technology was young and fresh, and filmmakers were paid by one corporate giant or another to produce a film extolling the benefits of their products or services, often with a not-so-subtle “celebrate the march of progress” undertone.

So when we spied this remastered version of The Secret Life of the Electric Light, an episode from [Tim Hunkin]’s fabulous educational The Secret Life of Machines TV series, we didn’t really think it would be good Retrotechtacular fodder. But just watching a few minutes reminded us of why the series was must-see TV back in the 1990s (when it first aired widely here in the States), especially for the budding geek. When viewed with eyes more used to CGI animations and high production values, what [Tim] and his collaborator, the late [Rex Garrod], accomplished with each of these programs is truly astounding. Almost every bit of the material, as well as the delivery, has an off-the-cuff quality to it that belies what must have taken an enormous amount of planning and organization to pull off. [Tim] and [Rex] obviously went to a lot of trouble to make it look like they didn’t go to a lot of trouble, and the result is films that home in on the essentials of technology in a way few programs have ever managed, and none since. And the set-piece at the end of each episode — often meeting its pyrotechnic destruction — always were real crowd-pleasers. They still are.

We have to say the remastered versions of The Secret Life episodes, all of which appear to be posted at [Tim]’s YouTube channel, look just great, and the retrospectives at the end of each episode where he talks about the travails of production are priceless. Also posted are his more recent The Secret Life of Components, which is a treasure trove of practical tips for makers and backyard engineers that’s well worth watching too.

Continue reading “Retrotechtacular: The Secret Life Of The Electric Light” →

Virginia Apgar May Have Saved Your Life

July 13, 2021 by Kristina Panos 28 Comments

Between the 1930s and the 1950s, something sort of strange happened in the United States. The infant mortality rate went into decline, but the number of babies that died within 24 hours of birth didn’t budge at all. It sounds terrible, but back then, many babies who weren’t breathing well or showed other signs of a failure to thrive were usually left to die and recorded as stillborn.

As an obstetrical anesthesiologist, physician, and medical researcher, Virginia Apgar was in a great position to observe fresh newborns and study the care given to them by doctors. She is best known for inventing the Apgar Score, which is is used to quickly rate the viability of newborn babies outside the uterus. Using the Apgar Score, a newborn is evaluated based on heart rate, reflex irritability, muscle tone, respiratory effort, and skin color and given a score between zero and two for each category. Depending on the score, the baby would be rated every five minutes to assess improvement. Virginia’s method is still used today, and has saved many babies from being declared stillborn.

Virginia wanted to be a doctor from a young age, specifically a surgeon. Despite having graduated fourth in her class from Columbia University College of Physicians and Surgeons, Virginia was discouraged from becoming a surgeon by a chairman of surgery and encouraged to go to school a little bit longer and study anesthesiology instead. As unfortunate as that may be, she probably would have never have created the Apgar Score with a surgeon’s schedule. Continue reading “Virginia Apgar May Have Saved Your Life” →

Teardown: VTech Smart Start

July 12, 2021 by Tom Nardi 12 Comments

Regular readers may be aware that I have a certain affinity for vintage VTech educational toys, especially ones that attempted to visually or even functionally tie in with contemporary computer design. In the late 1980s, when it became obvious the personal computer was here to stay, these devices were seen as an affordable way to give kids and even young teens hands-on time with something that at least somewhat resembled the far more expensive machines their parents were using.

A perfect example is the PreComputer 1000, released in 1988. Featuring a full QWERTY keyboard and the ability to run BASIC programs, it truly blurred the line between toy and computer. In fact from a technical standpoint it wasn’t far removed from early desktop computers, as it was powered by the same Zilog Z80 CPU found in the TRS-80 Model I.

By comparison, the Smart Start has more in common with a desktop electronic calculator. Even though it was released just two years prior to the PreComputer 1000, you can tell at a glance that it’s a far more simplistic device. That’s due at least in part to the fact that it was aimed at a younger audience, but surely the rapid advancement of computer technology at the time also played a part. Somewhat ironically, VTech did still at least attempt to make the Smart Start look like a desktop computer, complete with the faux disk drive on the front panel.

Of course, looks can be deceiving. While the Smart Start looks decidedly juvenile on the outside, that doesn’t mean there aren’t a few surprising technical discoveries lurking under its beige plastic exterior. There’s only one way to find out.

Continue reading “Teardown: VTech Smart Start” →

SCADA Security Hack Chat

July 12, 2021 by Dan Maloney 18 Comments

Join us on Wednesday, July 14 at noon Pacific for the SCADA Security Hack Chat with Éireann Leverett!

As a society, we’ve learned a lot of hard lessons over the last year and a half or so. But one of the strongest lessons we’ve faced is the true fragility of our infrastructure. The crumbling buildings and bridges and their tragic consequences are one thing, but along with attacks on the food and energy supply chains, it’s clear that our systems are at the most vulnerable as their complexity increases.

And boy are we good at making complex systems. In the United States alone, millions of miles of cables and pipelines stitch the country together from one coast to the other, much of it installed in remote and rugged places. Such far-flung systems require monitoring and control, which is the job of supervisory control and data acquisition, or SCADA, systems. These networks have grown along with the infrastructure, often in a somewhat ad hoc manner, and given their nature they can be tempting targets for threat actors.

Finding ways to secure such systems is very much on Éireann Leverett’s mind. As a Senior Risk Researcher at the University of Cambridge, he knows about the threats to our infrastructure and works to find ways to mitigate them. His book Solving Cyber Risk lays out a framework for protecting IT infrastructure in general. For this Hack Chat, Éireann will be addressing the special needs of SCADA systems, and how best to protect these networks. Drop by with your questions about infrastructure automation, mitigating cyber risks, and what it takes to protect the endless web of pipes and wires we all need to survive.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 14 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.