internet hacks

187 Articles

A Look At The Small Web, Part 1

September 10, 2024 by 61 Comments

In the early 1990s I was privileged enough to be immersed in the world of technology during the exciting period that gave birth to the World Wide Web, and I can honestly say I managed to completely miss those first stirrings of the information revolution in favour of CD-ROMs, a piece of technology which definitely didn’t have a future. I’ve written in the past about that experience and what it taught me about confusing the medium with the message, but today I’m returning to that period in search of something else. How can we regain some of the things that made that early Web good?

We All Know What’s Wrong With The Web…

It’s likely most Hackaday readers could recite a list of problems with the web as it exists here in 2024. Cory Doctrow coined a word for it, enshitification, referring to the shift of web users from being the consumers of online services to the product of those services, squeezed by a few Internet monopolies. A few massive corporations control so much of our online experience from the server to the browser, to the extent that for so many people there is very little the touch outside those confines. Continue reading “A Look At The Small Web, Part 1”

A History Of Internet Outages

July 27, 2024 by 31 Comments

We heard a story that after the recent hurricane, a man noted that while the house was sweltering hot because the power was still out, his kids were more anxious for the internet to come back online. The Internet is practically a basic necessity for most people, but as you may have noticed with the recent CrowdStrike debacle, the Internet isn’t always reliable. Granted, the problem in that case wasn’t the Internet per se, but a problem with many critical hosts that provide services. [Thomas Germain] from the BBC took the opportunity to recall some of the more bizarre reasons we’ve had massive Internet outages in the past.

While teens after a hurricane might miss social media, global outages can be serious business. With 8.5 million computers dead, 911 services went down, medical surgeries were canceled, and — of course — around 46,000 flights were canceled in a single day. We have short memories for these outages, but as [Thomas] points out, this was far from the first massive outage, and many of them have very strange backstories.

Continue reading “A History Of Internet Outages”

Linksys Velop Routers Caught Sending WiFi Creds In The Clear

July 15, 2024 by 14 Comments

A troubling report from the Belgian consumer protection group Testaankoop: several models of Velop Pro routers from Linksys were found to be sending WiFi configuration data out to a remote server during the setup process. That would be bad enough, but not only are these routers reporting private information to the mothership, they are doing it in clear text for anyone to listen in on.

Testaankoop says that while testing out the Pro WiFi 6E and Pro 7 versions of Velop routers, they discovered that unencrypted packets were being sent to a server hosted by Amazon Web Services (AWS). In these packets, they discovered not only the SSID of the user’s wireless network, but the encryption key necessary to join it. There were also various tokens included that could be used to identify network and user.

While the report doesn’t go into too much detail, it seems this information is being sent as part of the configuration process when using the official Linksys mobile application. If you want to avoid having your information bounced around the Internet, you can still use the router’s built-in web configuration menus from a browser on the local network — just like in the good old days.

The real kicker here is the response from Linksys, or more accurately, the lack thereof. Testaankoop says they notified them of their discovery back in November of 2023, and got no response. There’s even been firmware updates for the affected routers since then, but the issue is still unresolved.

Testaankoop ends the review by strongly recommending users avoid these particular models of Linksys Velop routers, which given the facts, sounds like solid advice to us. They also express their disappointment in how the brand, a fixture in the consumer router space for decades, has handled the situation. If you ask us, things started going downhill once they stopped running Linux on their hardware.

Ask Hackaday: Has Firefox Finally Gone Too Far?

July 14, 2024 by 119 Comments

In a world where so much of our lives depend on the use of online services, the web browser used to access those services becomes of crucial importance. It becomes a question of whether we trust the huge corporate interests which control this software with such access to our daily lives, and it is vital that the browser world remains a playing field with many players in the game.

The mantle has traditionally fallen upon Mozilla’s Firefox browser to represent freedom from corporate ownership, but over the last couple of years even they have edged away from their open source ethos and morphed into an advertising company that happens to have a browser. We’re asking you: can we still trust Mozilla’s Firefox, when the latest version turns on ad measurement by default?

Such has been the dominance of Google’s Chromium in the browser world, that it becomes difficult to find alternatives which aren’t based on it. We can see the attraction for developers, instead of pursuing the extremely hard task of developing a new browser engine, just use one off-the-shelf upon which someone else has already done the work. As a result, once you have discounted browsers such as the venerable Netsurf or Dillo which are cool as heck but relatively useless for modern websites, the choices quickly descend into the esoteric. There are Ladybird and Servo which are both promising but still too rough around the edges for everyday use, so what’s left? Probably LibreWolf represents the best option, a version of Firefox with a focus on privacy and security.

We’re interested in your views on this topic, because we know you’ll have a lot to say about it. Meanwhile if you’re a Firefox user who’s upgraded to version 128 and you’re not sure what to do, don’t panic. Find the settings page, go to “Privacy and Security”, and un-check the “Website Advertising Preferences” checkbox.

Ticketmaster SafeTix Reverse-Engineered

July 11, 2024 by 49 Comments

Ticketmaster is having a rough time lately. Recently, a hacker named [Conduition] managed to reverse-engineer their new “safe” electronic ticket system. Of course, they also had the recent breach where more than half a billion accounts had personal and financial data leaked without any indication of whether or not the data was fully encrypted. But we’re going to focus on the former, as it’s more technically interesting.

Ticketmaster’s stated goals for the new SafeTix system — which requires the use of a smartphone app — was to reduce fraud and ticket scalping. Essentially, you purchase a ticket using their app, and some data is downloaded to your phone which generates a rotating barcode every 15 seconds. When [Conduition] arrived at the venue, cell and WiFi service was totally swamped by everyone trying to load their barcode tickets. After many worried minutes (and presumably a few choice words) [Conduition] managed to get a cell signal long enough to update the barcode, and was able to enter, albeit with a large contingent of similarly annoyed fans trying to enter with their legally purchased tickets.

Continue reading “Ticketmaster SafeTix Reverse-Engineered”

Credit: Xinmei Liu

The US Surgeon General’s Case For A Warning Label On Social Media

June 17, 2024 by 68 Comments

The term ‘Social Media’ may give off a benign vibe, suggesting that it’s a friendly place where everyone is welcome to be themselves, yet reality has borne out that it is anything but. This is the reason why the US Surgeon General [Dr. Vivek H. Murthy] is pleading for a health warning label on social media platforms. Much like with warnings on tobacco products, it’s not expected that such a measure would make social media safe for children and adolescents, but would remind them and their parents about the risks of these platforms.

While this may sound dire for what is at its core about social interactions, there is a growing body of evidence to support the notion that social media can negatively impact mental health. A 2020 systematic review article in Cureus by [Fazida Karim] and colleagues found anxiety and depression to be the most notable negative psychological health outcomes. A 2023 editorial in BMC Psychology by [Ágnes Zsila] and [Marc Eric S. Reyes] concurs with this notion, while contrasting these cons of social media with the pros, such as giving individuals an online community where they feel that they belong.

Ultimately, it’s important to realize that social media isn’t the end-all, be-all of online social interactions. There are still many dedicated forums, IRC channels and newsgroups far away from the prying eyes and social pressure  of social media to act out a personality. Having more awareness of how social interactions affect oneself and/or one’s children is definitely essential, even if we’re unlikely to return to the ‘never give out your real name’ days of  the pre-2000s Internet.

Finding And Resurrecting Archie: The Internet’s First Search Engine

May 20, 2024 by 11 Comments

Back in the innocent days of the late 1980s the Internet as we know it today did not exist yet, but there were still plenty of FTP servers. Since manually keeping track of all of the files on those FTP server would be a royal pain, [Alan Emtage] set to work in 1986 to create an indexing and search service called Archie to streamline this process. As a local tool, it’d regularly fetch the file listing from FTP servers in a list, making this available for easy local search.

After its initial release in 1990, its feature set was expanded to include a World Wide Web crawler by version 3.5 in 1995. Years later, it was assumed that the source for Archie had been lost. That was until the folk over at [The Serial Port] channel managed to track down a still running Archie server in Poland.

The name Archie comes from the word ‘archive’ with the ‘v’ stripped, with no relation to the Archie comics. Even so, this assumption inspired the Gopher search engines Jughead and Veronica. Of these the former is still around, and Veronica’s original database was lost, but a re-implementation of it is still around. Archie itself enjoyed a period of relative commercial success, with [Alan] starting Bunyip Information Systems in 1992 which lasted until 2003. To experience Archie today, [The Serial Port] has the Archie documentation online, along with a live server if you’re feeling like reclaiming the early Internet.

Continue reading “Finding And Resurrecting Archie: The Internet’s First Search Engine”