This Week In Security: APT Targeting Researchers, And Someone Watching All The Cameras

Microsoft’s Patch Tuesday just passed, and it’s a humdinger. To add the cherry on top, two seperate BSOD inducing issues led to Microsoft temporarily pulling the update.

Among the security vulnerabilities fixed is CVE-2021-26897, another remote code exploit in the Windows DNS server. It’s considered a low-complexity attack, but does require local network access to pull off. CVE-2021-26867 is another of the patched vulnerabilities that sounds very serious, allowing an attacker on a Hyper-V virtual machine to pierce the barrier and run code on the hypervisor. The catch here is that the vulnerability is only present when using the Plan 9 filesystem, which surely limits the scope of the problem to a small handful of machines.

The most interesting fixed flaw was CVE-2021-26411 a vulnerability that allowed remote code execution when loading a malicious web page in either IE or pre-chromium Edge. That flaw was actively being exploited in a unique APT campaign, which we’ll cover right after the break.

Continue reading “This Week In Security: APT Targeting Researchers, And Someone Watching All The Cameras”

Rex Wasn’t Really A PDA, It Was The First Great Digital Rolodex

Back in the 1990s I was fascinated with small computers. I used the HP200LX palmtop computer for almost ten years, which I wrote about back in December. Naturally, the Franklin Rex 3 PCMCIA-sized organizer caught my attention when it was released in 1997. Here was a Personal Digital Assistant (PDA) the size of a credit card that could fit not just in your pocket, but in your shirt pocket.

Viewed today, it was an interesting paradigm. The screen takes up almost the entire front face of the device with a few buttons for navigation. But isn’t it a deal-breaker that you can’t enter or edit contact info on the device itself? This was long before cellphones were pervasive, and if you had the option to connect to the internet a telephone or Ethernet cable was involved. The ability to have a large data set in your pocket viewable without slapping a brick-like laptop on a table was pretty huge.

I think the killer feature was the PCMCIA interface. I challenged myself to reverse engineer the API so that I could sync data outside of the

Continue reading “Rex Wasn’t Really A PDA, It Was The First Great Digital Rolodex”

Ask Hackaday: What’s Your Favourite Build Tool? Can Make Ever Be Usurped?

What do you do whilst your code’s compiling? Pull up Hackaday? Check Elon Musk’s net worth? Research the price of a faster PC? Or do you wonder what’s taking so long, and decide to switch out your build system?

Clamber aboard for some musings on Makefiles, monopolies, and the magic of Ninja. I want to hear what you use to build your software. Should we still be using make in 2021? Jump into the fray in the comments.

Continue reading “Ask Hackaday: What’s Your Favourite Build Tool? Can Make Ever Be Usurped?”

Allan McDonald’s Legacy And The Ethics Of Decision-Making

The Space Shuttle Challenger disaster on January 28, 1986 was a life-altering event for many, ranging from people who had tuned in to watch the launch of a Space Shuttle with America’s first teacher onboard, to the countless people involved in the manufacturing, maintenance and launching of these complex spacecraft. Yet as traumatizing as this experience was, there was one group of people for whom their dire predictions and warnings to NASA became suddenly reality in the worst way possible.

This group consisted of engineers at Morton-Thiokol, responsible for components in the Shuttle’s solid rocket boosters (SRBs). They had warned against launching the Shuttle due to the very cold weather, fearing that the O-ring seals in the SRBs at these low temperatures would not be able to keep the SRB’s hot gases from destroying the SRB and the Shuttle along with it.

Allan McDonald was one of these engineers who did everything they could to stop the launch. Until his death on March 6th of 2021, the experiences surrounding the Challenger disaster led him to become an outspoken voice on the topic of ethical decision-making, as well as a famous example of making the right decision, no matter how difficult the circumstances.

Continue reading “Allan McDonald’s Legacy And The Ethics Of Decision-Making”

Teardown: Go Warmer USB Rechargeable Hand Heater

Under normal circumstances, if an electronic gadget in your pocket suddenly became hot to the touch, it would be cause for alarm. But not so with the Go Warmer. This lozenge shaped device is not only a USB power bank that can keep your mobile devices topped up, but is also doubles as a miniature heater that the manufacturer claims can bring its surface temperature up to 48 °C (120 °F) for several hours. You can hold in in your hand, put it in your pocket, maybe even sit on it if you’re particularly daring. The possibilities are endless, at least until the 4,000 mAh battery runs down.

For $14.99 USD, the Go Warmer certainly isn’t much of a deal when compared to other battery packs. Even if it does come with a swanky velveteen carrying pouch. But is it a good deal for one that can heat itself up without exploding? Let’s crack this metallic egg and find out.

Continue reading “Teardown: Go Warmer USB Rechargeable Hand Heater”

What Can A $30 USB Spectrum Analyser Do For Me?

As mildly exotic silicon has become cheaper and the ingenuity of hardware hackers has been unleashed upon it, it’s inevitable that some once-unattainably expensive instruments will appear as cheap modules from China. The LTDZ spectrum analyser on the bench today covers 35 MHz to 4.4 GHz, and has a USB interface and tracking source. It has been available from all the usual outlets for a while now either as a bare PCB or in a metal box about the size of a pack of cards.

We’ve already taken a look at the $50 VNA, and this time it’s the turn of the $30 spectrum analyser, in the form of a little device that I succumbed to while browsing Banggood.

I ordered one, along with an attenuator and RF bridge for SWR measurements, and after the usual wait for postage my anonymous grey package arrived and it was time to give it a look and consider its usefulness. It’s a design derived from one published in Germany’s Funkamateur (“amateur radio”) magazine early in the last decade, and unscrewing the end plate to slide out the board from its extruded enclosure we can see what makes it tick. Continue reading “What Can A $30 USB Spectrum Analyser Do For Me?”

Decapping Components Hack Chat With John McMaster

Join us on Wednesday, March 10 at noon Pacific for the Decapping Components Hack Chat with John McMaster!

We treat them like black boxes, which they oftentimes are, but what lies beneath the inscrutable packages of electronic components is another world that begs exploration. But the sensitive and fragile silicon guts of these devices can be hard to get to, requiring destructive methods that, in the hands of a novice, more often than not lead to the demise of the good stuff inside.

To help us sort through the process of getting inside components, John McMaster will stop by the Hack Chat. You’ll probably recognize John’s work from Twitter and YouTube, or perhaps from his SiliconPr0n.org website, home to beauty shots of some of the chips he has decapped. John is also big in the reverse engineering community, organizing the Mountain View Reverse Engineering meetup, a group that meets regularly to discuss the secret world of components. Join us as we talk to John about some of the methods and materials used to get a look inside this world.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, March 10 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
Continue reading “Decapping Components Hack Chat With John McMaster”