Hackaday Links Column Banner

Hackaday Links: November 10, 2019

In the leafy suburbs of northern Virginia, a place ruled by homeowner’s associations with tremendous power to dictate everything from the color of one’s front door to the length of grass in the lawn, something as heinous as garage doors suddenly failing to open on command is sure to cause a kerfuffle. We’ve seen this sort of thing before, where errant RF emissions cause unintentional interference, and such stories aren’t terribly interesting because the FCC usually steps in and clears things up. But this story is a little spicier given the source of the interference: Warrenton Training Center, a classified US government communications station located adjacent to the afflicted neighborhood. WTC is known to be a CIA signals intelligence station, home to spooks doing spooky stuff, including running high-power numbers stations. The interference isn’t caused by anything as cloak-and-dagger as that, though; rather, it comes from new land-mobile radios that the Department of Defense is deploying. The new radios use the 380-400 MHz band, which is allocated to the Federal Government and unlicensed Part 15 devices, like garage door remotes. But Part 15 rules, which are clearly printed on every device covered by them, state that the devices have to accept unwanted interference, even when it causes a malfunction. So the HOA members who are up in arms and demanding that the government buy them new garage door openers are likely to be disappointed.

Speaking of spooks, if you’re tired of the prying electronic eyes of facial recognition cameras spoiling your illusion of anonymity, have we got a solution for you. The Opt-Out Cap is the low-tech way to instantly change your face for a better one, or at least one that’s tied to someone else. In a move which is sure not to arouse suspicion in public, doffing the baseball cap deploys a three-piece curtain of semi-opaque fabric, upon which is printed the visage of someone who totally doesn’t look creepy or sketchy in any way. Complete instructions are provided if you want to make one before your next trip to the ATM.

It’s always a great day when a new Ken Shirriff post pops up in our feed, and his latest post is no exception. In it, Ken goes into great detail about the history of the 80×24 (or 25) line standard for displays. While that may sound a bit dry, it’s anything but. After dispelling some of the myths and questionable theories of the format’s origin – sorry, it’s not just because punch cards had 80 columns – he discusses the transition from teletypes to CRTs, focusing on the very cool IBM 2260 Display Station. This interesting beast used an acoustic delay line made of 50′ (15 m) of nickel wire. It stored data as a train of sound pulses traveling down the wire, which worked well and was far cheaper than core memory, even if it was susceptible to vibrations from people walking by it and needed a two-hour warm-up period before use. It’s a fascinating bit of retrocomputing history.

A quick mention of a contest we just heard about that might be right up your alley: the Tech To Protect coding challenge is going on now. Focused on applications for public safety and first responders, the online coding challenge addresses ten different areas, such as mapping LTE network coverage to aid first responders or using augmented reality while extricating car crash victims. It’s interesting stuff, but if you’re interested you’ll have to hurry – the deadline is November 15.

And finally, Supercon starts this week! It’s going to be a blast, and the excitement to hack all the badges and see all the talks is building rapidly. We know not everyone can go, and if you’re going to miss it, we feel for you. Don’t forget that you can still participate vicariously through our livestream. We’ll also be tweet-storming and running a continuous chat on Hackaday.io to keep everyone looped in.

Hackaday Podcast 043: Ploopy, Castlevania Cube-Scroller, Projection Map Your Face, And Smoosh Those 3D Prints

Before you even ask, it’s an open source trackball and you’re gonna like it. Hackaday Editors Mike Szczys and Elliot Williams get down to brass tacks on this week’s hacks. From laying down fatter 3D printer extrusion and tricking your stick welder, to recursive Nintendos and cubic Castlevania, this week’s episode is packed with hacks you ought not miss.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 043: Ploopy, Castlevania Cube-Scroller, Projection Map Your Face, And Smoosh Those 3D Prints”

This Week In Security: BGP Bogons, Chrome Zero Day, And Save Game Attacks

Our own [Pat Whetman] wrote about a clever technique published by the University of Michigan, where lasers can be used to trigger a home assistant device. It’s an interesting hack, and you should go read it.

Borrowing IP Addresses

We’ve lived through several IPv4 exhaustion milestones, and the lack of available addresses is really beginning to show, even for trolls and scammers. A new approach takes advantage of the weak security of the Border Gateway Protocol, and allows bad actors to temporarily take over reserved address blocks. These particular providers operate out of Russia, operating network services they advertise as “bulletproof”, or immune to takedown requests. What better way to sidestep takedowns than to use IP addresses that aren’t really yours to begin with?

BGP spoofing has been at the center of other types of attacks and incidents, like in 2018 when a misconfiguration in a Nigerian ISP’s BGP tables routed traffic intended for Google’s servers through Chinese and Russian infrastructure. In that case it appeared to be a genuine mistake, but little prevents malicious BGP table poisoning.

Chrome Zero-day

Google released an update to Chrome on the 31st that addresses two CVEs, one of which is being actively exploited. That vulnerability, CVE-2019-13720, is a race condition resulting in a potential use-after-free. Kaspersky Labs found this one being actively used on a Korean news site. The attack runs entirely from Javascript, and simply visiting a malicious site is enough for compromise, so update Chrome if it’s installed.

Anti-anti-doping

What do you do when you feel you’ve been unfairly targeted by an anti-doping investigation? Apparently hacking the investigating agency and releasing stolen information is an option. It seems like this approach is more effective when there are shenanigans revealed in the data dump. In this case, the data being released seems rather mundane.

Firefox Blocking Sideload Extensions

Mozilla made a controversial announcement on the 31st. They intend to block “sideload” browser extensions. Until this change, it was possible to install browser extensions by copying them to a particular folder on the computer. Some legitimate extensions used this installation method, but so did malware, adware, and other unwanted software. While this change will block some malicious add-ons, it does present a bit of a challenge to a user installing an extension that isn’t on the official Mozilla store or signed by Mozilla.

As you might imagine, the response has been… less than positive. While making malware harder to install is certainly welcome, this makes some use cases very difficult. An example that comes to mind is a Linux package that includes a browser extension. It remains to be seen exactly how this change will shake out.

Save Games as Attack Vector

An oddball vulnerability caught my eye, published by [Denis Andzakovic] over at Pulse Security. He discovered that a recent indy game, Untitled Goose Game, can be manipulated into running arbitrary code as a result of loading a maliciously modified save file. The vulnerability is rooted in a naive deserialization routine.

If you’re interested in a deeper dive into .net deserialization bugs, a great paper was submitted to Blackhat 2012 discussing the topic. The short version is that if a programmer isn’t careful, the deserialization routine can overwrite variables in unexpected ways, potentially leading to code execution.

At first glance, a vulnerability triggered by a malicious save file seems relatively harmless. The level of access needed to modify a save file on a hard drive is enough to compromise that computer in a multitude of better ways. Enter cloud save synchronization. Steam, for instance, will automatically sync save games across a user’s install locations. This is a very useful feature for those of us that might play the same game on a laptop and a desktop. Having the save game automatically synced to all your devices is quite useful, but if an attacker compromised your Steam account, your save games could be manipulated. This leads to the very real possibility that an attacker could use a save game vulnerability to turn a Steam account compromise into an attack on all your machines with Steam installs.

Found Footage: Elliot Williams Talks Nexus Technologies

Back at the 2017 Superconference, Hackaday Managing Editor Elliot Williams started his talk about the so-called “Internet of Things” by explaining the only part he doesn’t like about the idea is the Internet… and the things. It’s a statement that most of us would still agree with today. If anything, the situation has gotten worse in the intervening years. Commercial smart gadgets are now cheaper and more plentiful than they’ve ever been, but it seems like precious little has been done to improve their inherent privacy and security issues.

But his talk doesn’t serve to bash the companies producing these devices or even the services that ultimately folded and left their customers with neigh useless gadgets. That’s not his style. The central theme of Nexus Technologies: Or How I Learned to Love WiFi” is that a smart home can be wonderful thing, assuming it works the way you want it to. Elliot argues that between low-cost modular hardware and open source software, the average hacker has everything they need to build their own self-contained home automation ecosystem. One that’s not only cheaper than what they’re selling at the Big Box electronics store, but also doesn’t invite any of the corporate giants to the party.

Of course, it wasn’t always so. A decade ago it would have been all but impossible, and five years ago it would have been too expensive to be practical. As Elliot details his journey towards a truly personal smart home, he explains the advances in hardware and software that have made it not just possible on the DIY level, but approachable. The real takeaway is that once more people realize how cheap and easy it is to roll your own smart home gadgets, they may end up more than willing to kick Big Brother to the curb and do IoT on their own terms.

This previously unpublished recording somehow slipped between the cracks of the editing room floor but upon recent discovery, it’s still just as relevant today. Take a look at Elliot’s view on Nexus Technologies, then join us after the break for a deeper dive. Make sure to subscribe to Hackaday’s YouTube channel to get in on the 2019 Hackaday Superconference live stream starting Saturday, November 16th.

Continue reading “Found Footage: Elliot Williams Talks Nexus Technologies”

Supercon Keynote: Dr. Megan Wachs On RISC-V

Hackaday has open-source running deep in our veins — and that goes for hardware as well as software. After all, it’s great to run open-source software, but if it’s running on black-box hardware, the system is only half open. While software has benefited mightily from all of the advantages of community development, the hardware world has been only recently catching up. And so we’ve been following the RISC-V open-source CPU development with our full attention.

Dr. Wachs, making her own wedding ring.

Our keynote speaker for the 2019 Hackaday Superconference is Dr. Megan Wachs, the VP of Engineering at SiFive, the company founded by the creators of the RISC-V instruction-set architecture (ISA). She has also chaired the RISC-V Foundation Debug Task Group, so it’s safe to say that she knows RISC-V inside and out. If there’s one talk we’d like to hear on the past, present, and future of the architecture, this is it.

The RISC-V isn’t a particular chip, but rather it’s a design for how a CPU works, and a standard for the lowest-level language that the machine speaks. In contrast to proprietary CPUs, RISC-V CPUs from disparate vendors can all use the same software tools, unifying and opening their development. Moreover, open hardware implementations for the silicon itself mean that new players can enter the space more easily, bring their unique ideas to life faster, and we’ll all benefit. We can all work together.

It’s no coincidence that this year’s Supercon badge has two RISC-V cores running in its FPGA fabric. When we went shopping around for an open CPU core design, we had a few complete RISC-V systems to pick from, full compiler and development toolchains to write code for them, and of course, implementations in Verilog ready to flash into the FPGA. The rich, open ecosystem around RISC-V made it a no-brainer for us, just as it does for companies making neural-network peripherals or even commodity microcontrollers. You’ll be seeing a lot more RISC-V systems in the near future, on your workbench and in your pocket.

We’re tremendously excited to hear more about the project from the inside, and absolutely looking forward to Megan’s keynote speech!

The Hackaday Superconference is completely sold out, but that doesn’t mean that you have to miss out. We’ll be live-streaming the keynote and all other talks on the Supercon main stage, so subscribe our YouTube channel and you won’t miss a thing.

The Murky Business Of Stopping Oil Spills

Six years before Deepwater Horizon exploded in April 2010, the force of Hurricane Ivan blew an offshore drilling platform off its legs and into the Gulf of Mexico. For the last 14 years, that well’s pipes, long buried in mud and debris have been spilling oil into the Gulf every single day. That makes it the longest-running spill in history. Every day for fourteen years. Let that sink in for a bit.

Taylor Energy’s platform sat just 10 miles off the coast, much closer to the Louisiana shore than Deepwater Horizon was. Since the hurricane hit, Taylor has tried a number of unsuccessful things to stop the spill. They’ve only been able to plug 9 of the 25 broken pipes so far. The rest are buried deep in mud and debris. Why on Earth haven’t you heard about this before? Taylor spent six years covering it up. And they might have gotten away with it, too, if it weren’t for pesky watchdog groups surveying the Gulf after Deepwater Horizon exploded.

So how are oil spills stopped, anyway? The answer depends on many things. Most immediately, the answer depends whether the spill happened onshore or offshore, and the inciting incident that caused the spill. Underwater oil spills are much more difficult to stop because of the weight and existence of the ocean. In Taylor Energy’s case, the muddy Gulf bed has become a murky tomb for the broken and buried pipes, which makes it even more messy.

Continue reading “The Murky Business Of Stopping Oil Spills”

Circuit Sculpture Hack Chat

Join us on Wednesday, November 6 at noon Pacific for the Circuit Sculpture Hack Chat with Mohit Bhoite!

For all the effort engineers put into electronic design, very few people ever get to appreciate it. All the hard work that goes into laying out a good PCB and carefully selecting just the right components is hidden the moment the board is slipped into an enclosure, only to be interacted with again through a user interface that gets all the credit for the look and feel of the product.

And yet there are some who design circuits purely as works of art. They may do something interesting or useful, but function is generally secondary to form for these circuit sculptors. Often consisting of skeletons of brass wire bent at precise angles to form intricate structures, circuit sculptures are the zen garden of electronic design: they’re where the designer turns to quiet the madness of making deadlines and meeting specs by focusing on the beauty of components themselves and putting them on display for all to enjoy.

By day, our host Mohit designs and builds hardware at Particle. By night, however, the wires and pliers come out, and he makes circuit sculptures that come alive. Check out his portfolio; you won’t be disappointed. This Hack Chat will be your chance to find out everything that goes into making these sculptures. Find out where Mohit gets his inspiration, learn his secrets for such precise, satisfyingly crisp wire-bending, and see what it takes to turn silicon into art.

join-hack-chat

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, November 6 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Circuit Sculpture Hack Chat”