News

3618 Articles

This Week In Security: CIA Star Wars, Git* Prompt Injection And More

May 30, 2025 by 3 Comments

The CIA ran a series of web sites in the 2000s. Most of them were about news, finance, and other relatively boring topics, and they spanned 29 languages. And they all had a bit of a hidden feature: Those normal-looking websites had a secret login and hosted CIA cover communications with assets in foreign countries. A password typed in to a search field on each site would trigger a Java Applet or Flash application, allowing the spy to report back. This isn’t exactly breaking news, but what’s captured the Internet’s imagination this week is the report by [Ciro Santilli] about how to find those sites, and the fact that a Star Wars fansite was part of the network.

This particular CIA tool was intended for short-term use, and was apparently so effective, it was dragged way beyond it’s intended lifespan, right up to the point it was discovered and started getting people killed. And in retrospect, the tradecraft is abysmal. The sites were hosted on a small handful of IP blocks, with the individual domains hosted on sequential IP addresses. Once one foreign intelligence agency discovered one of these sites, the rest were fairly easily identified.
Continue reading “This Week In Security: CIA Star Wars, Git* Prompt Injection And More”

Washington Consumers Gain Right To Repair For Cellphones And More

May 28, 2025 by 30 Comments

Starting January 1st, 2026, Washington state’s new Right to Repair law will come into effect. It requires manufacturers to make tools, parts and documentation available for diagnostics and repair of ‘digital electronics’, including cellphones, computers and similar appliances. The relevant House Bill 1483 was signed into law last week after years of fighting to make it a reality.

A similar bill in Oregon faced strong resistance from companies like Apple, despite backing another Right to Repair bill in California. In the case of the Washington bill, there were positive noises from the side of Google and Microsoft, proclaiming themselves and their products to be in full compliance with such consumer laws.

Of course, the devil is always in the details, with Apple in particular being a good example how to technically comply with the letter of the law, while throwing up many (financial) roadblocks for anyone interested in obtaining said tools and components. Apple’s penchant part pairing is also a significant problem when it comes to repairing devices, even if these days it’s somewhat less annoying than it used to be — assuming you’re running iOS 18 or better.

That said, we always applaud these shifts in the right direction, where devices can actually be maintained and repaired without too much fuss, rather than e.g. cellphones being just disposable items that get tossed out after two years or less.

Thanks to [Robert Piston] for the tip.

NASA Is Shutting Down The International Space Station Sighting Website

May 26, 2025 by 40 Comments

Starting on June 12, 2025, the NASA Spot the Station website will no longer provide ISS sighting information, per a message recently sent out. This means no information on sighting opportunities provided on the website, nor will users subscribed via the website receive email or text notifications. Instead anyone interested in this kind of information will have to download the mobile app for iOS or Android.

Obviously this has people, like [Keith Cowing] over at Nasa Watch, rather disappointed, due to how the website has been this easy to use resource that anyone could access, even without access to a smart phone. Although the assumption is often made that everyone has their own personal iOS or Android powered glass slab with them, one can think of communal settings where an internet café is the sole form of internet access. There is also the consideration that for children a website like this would be much easier to access. They would now see this opportunity vanish.

With smart phone apps hardly a replacement for a website of this type, it’s easy to see how the app-ification of the WWW continues, at the cost of us users.

This Week In Security: Signal DRM, Modern Phone Phreaking, And The Impossible SSH RCE

May 23, 2025 by No comments

Digital Rights Management (DRM) has been the bane of users since it was first introduced. Who remembers the battle it was getting Netflix running on Linux machines, or the literal legal fight over the DVD DRM decryption key? So the news from Signal, that DRM is finally being put to use to protect users is ironic.

The reason for this is Microsoft Recall — the AI powered feature that takes a snapshot of everything on the user’s desktop every few seconds. For whatever reason, you might want to exempt some windows from Recall’s memory window. It doesn’t speak well for Microsoft’s implementation that the easiest way for an application to opt out of the feature is to mark its window as containing DRM content. Signal, the private communications platform, is using this to hide from Recall and other screenshotting applications.

The Signal blogs warns that this may be just the start of agentic AI being rolled out with insufficient controls and permissions. The issue here isn’t the singularity or AI reaching sentience, it’s the same old security and privacy problems we’ve always had: Too much information being collected, data being shared without permission, and an untrusted actor having access to way more than it should. Continue reading “This Week In Security: Signal DRM, Modern Phone Phreaking, And The Impossible SSH RCE”

Hackaday Supercon 2025 Call For Participation: We Want You!

May 22, 2025 by 12 Comments

We’re tremendously excited to be able to announce that the Hackaday Supercon is on for 2025, and will be taking place October 31st through November 2nd in Pasadena, California.

Supercon is about bringing the Hackaday community together to share our great ideas, big and small. So get to brainstorming, because we’d like to hear what you’ve been up to! Like last year, we’ll be featuring both longer and shorter talks, and hope to get a great mix of both first-time presenters and Hackaday luminaries. If you know someone you think should give a talk, point them here.

The Call for Participation form is online now, and you’ve got until July 3rd 10th to get yourself signed up.

Honestly, just the people that Supercon brings together is reason enough to attend, but then you throw in the talks, the badge-hacking, the food, and the miscellaneous shenanigans … it’s an event you really don’t want to miss. And as always, presenters get in for free, get their moment in the sun, and get warm vibes from the Hackaday audience. Get yourself signed up now!

We’ll have more news forthcoming in the next few weeks, including the start of ticket sales, so be sure to keep your eyes on Hackaday.

[Austin Blake] sitting on line follower cart in garage

Honey, I Blew Up The Line Follower Robot

May 21, 2025 by 6 Comments

Some readers may recall building a line-following robot during their school days. Involving some IR LEDs, perhaps a bit of LEGO, and plenty of trial-and-error, it was fun on a tiny scale. Now imagine that—but rideable. That’s exactly what [Austin Blake] did, scaling up a classroom robotics staple into a full-size vehicle you can actually sit on.

The robot uses a whopping 32 IR sensors to follow a black line across a concrete workshop floor, adjusting its path using a steering motor salvaged from a power wheelchair. An Arduino Mega Pro Mini handles the logic, sending PWM signals to a DIY servo. The chassis consists of a modified Crazy Cart, selected for its absurdly tight turning radius. With each prototype iteration, [Blake] improved sensor precision and motor control, turning a bumpy ride into a smooth glide.

The IR sensor array, which on the palm-sized vehicle consisted of just a handful of components, evolved into a PCB-backed bar nearly 0.5 meters wide. Potentiometer tuning was a fiddly affair, but worth it. Crashes? Sure. But the kind that makes you grin like your teenage self. If it looks like fun, you could either build one yourself, or upgrade a similar LEGO project.
Continue reading “Honey, I Blew Up The Line Follower Robot”

Overengineered Freezer Monitor Fills Market Void

May 19, 2025 by 27 Comments

A lot of projects we see around here are built not just because they can be built, but because there’s no other option available. Necessity is the mother of invention, as they say. And for [Jeff] who has many thousands of dollars of food stowed in a chest freezer, his need for something to keep track of his freezer’s status was greater than any commercial offering available. Not only are freezers hard on batteries, they’re hard on WiFi signals as well, so [Jeff] built his own temperature monitor to solve both of these issues.

The obvious solution here is to have a temperature probe that can be fished through the freezer in some way, allowing the microcontroller, battery, and wireless module to operate outside of the harsh environment. [Jeff] is using K-type thermocouples here, wired through the back of the freezer. This one also is built into a block of material which allows him to get more diffuse temperature readings than a standard probe would provide. He’s also solving some other problems with commercially available probes here as well, as many of them require an Internet connection or store data in a cloud. To make sure everything stays local, he’s tying this in to a Home Assistant setup which also allows him to easily make temperature calibrations as well as notify him if anything happens to the freezer.

Although the build is very robust (or, as [Jeff] himself argues, overengineered) he does note that since he built it there have been some additional products offered for sale that fit this niche application. But even so, we always appreciate the customized DIY solution that avoids things like proprietary software, subscriptions, or cloud services. We also appreciate freezers themselves; one of our favorites was this restoration of a freezer with a $700,000 price tag.