News

3616 Articles

This Week In Security: Ukraine, Nvidia, And Conti

March 4, 2022 by 11 Comments

The geopolitics surrounding the invasion of Ukraine are outside the scope of this column, but the cybersecurity ramifications are certainly fitting fodder. The challenge here is that almost everything of note that has happened in the last week has been initially linked to the conflict, but in several cases, the reported link hasn’t withstood scrutiny. We do know that the Vice Prime Minister of Ukraine put out a call on Twitter for “cyber specialists” to go after a list of Russian businesses and state agencies. Many of the sites on the list did go down for some time, the digital equivalent of tearing down a poster. In response, the largest Russian ISP stopped announcing BGP routes to some of the targeted sites, effectively ending any attacks against them from the outside.

A smattering of similar events have unfolded over the last week, like electric car charging stations in Russia refusing to charge, and displaying a political message, “GLORY TO UKRAINE”. Not all the attacks have been so trivial. Researchers at Eset have identified HermeticWiper, a bit of malware with no other purpose but to destroy data. It has been found on hundreds of high-value targets, likely causing much damage. It is likely the same malware that Microsoft has dubbed FoxBlade, and published details about their response. Continue reading “This Week In Security: Ukraine, Nvidia, And Conti”

The Battlefield That’s 5 KHz Wide

March 4, 2022 by 36 Comments

The airwaves are full of news from the battle in Ukraine, with TV and radio journalists providing coverage at all hours. But for those with a bit of patience there’s something else from the conflict that can be found with a radio receiver, the battle over 5 kHz of spectrum starting at 4625 kHz. This has for many years been the location on the dial for “the Buzzer“, a Russian military transmitter whose nickname describes its monotonous on/off buzzing transmission perfectly. As the current Ukrainian situation has taken shape it has become a minor battleground, and the Buzzer now shares its frequency with a variety of other stations broadcasting music, spectrograms, and other radio junk intended to disrupt it.

A spectrogram showing the wavy line of an air raid siren
The air raid siren produces a particularly distinctive spectrogram.

For the curious this can be watched unfolding on a spectrogram or through headphones by anyone within range who has an HF receiver, or for everyone else, with a WebSDR. In Western Europe it’s best listened to in hours of darkness, we suggest you consult the webSDR.org list to see which has the best signal. We’ve heard it on receivers in Poland, Russia, and the ever-reliable uTwente WebSDR in the Netherlands. Over the time we’ve been monitoring it we’ve heard overlaying speech, and music varying from the Soviet and American anthems through dance music and K-pop to 1960s British rock and of course Boney M’s Rasputin, with a few slightly macabre choices such as Final Countdown and an air raid siren. We’ve even heard TV intros from the Benny Hill Show, the A-Team and Mission Impossible, so whoever is doing this has a wide taste.

Alongside the music at about 4628kHz meanwhile we’ve watched a series of spectrogram messages scroll past in Ukrainian, Russian, and English, ranging from “Stop war” to lewd suggestions about the Russian President. It’s fair to say that none of these transmissions have obscured the Buzzer, but they have had the effect of significantly increasing the noise on the channel.

To have a listen yourself, point a receiver within range at the appropriate time of day towards 4625 kHz and select USB demodulation and a 5 kHz bandwidth. Meanwhile, for some background on the Cold War HF relics, have a read about numbers stations.

The Antonov An-225 Seems To Have Been Destroyed After All

March 3, 2022 by 49 Comments

Something that probably unites most Hackaday readers is a love of machines, particularly unique or interesting ones. In the world of aircraft for example, we’ve run several stories about those which push the edges of the size envelope, be they the Hughes Hercules troop carrier, the Scaled Composites Stratolifter space launcher, or the Antonov An-225 Mriya cargo plane. This last machine has been in the news for all the wrong reasons over the last few days, with reports emerging that it may have been destroyed in the fighting around its base at Hostomel near Kyiv. There has been some uncertainty around this news as it has alternately been claimed to have been destroyed or to have miraculously survived, but now a set of photographs have emerged showing what appears to be the An-225 burning in its damaged hangar.

The An-225 is a unique aircraft not only in the sense that there is no other model quite like it, but also because it was manufactured for the special purpose of being the transport carrier of the Soviet Union’s Buran space shuttle, and thus only one airframe was completed. Its characteristic twin tail served to avoid the turbulence that would have resulted from a Buran mounted on top of its enormous fuselage, and the six engine configuration required to move such a behemoth was in part the clue to identifying it in the photograph. Those readers who were lucky enough to see it take off or land in person will attest to its impressive physical presence, while the rest of us remain sad to have missed that chance.

It seems crass to talk about the destruction of an aircraft when compared to the scale of the unfolding tragedy in Ukraine, but we think perhaps our British and French readers who grew up with Concorde in the sky will understand the power of such a machine as a source of pride. We hope that the Antonov company will return to the design of huge cargo aircraft in peacetime, and Ukranians can again have pride in a monster aircraft that the rest of us will drive for miles just to watch taking off or landing.

The issue of which aircraft is the world’s largest can be a complex one, as we’ve explored in the past.

Header image: Vasiliy Koba, CC BY-SA 4.0.

Where Do You Want To Go Today? Perhaps To A Linux With A Familiar Interface?

March 2, 2022 by 72 Comments

Sometimes we cover works of extreme technological merit here at Hackaday, other times we cover interesting projects that while they might not lie at the bleeding edge are interesting enough that they deserve a wider audience. Sometimes though, we bring you something in this field simply because it amuses us and we think it will you too. Such is the case with [Bryan Lunduke]’s look at making a Linux desktop look like Windows 95. And lest you think that it might be yet another skin to make Windows users transition to Linux a bit easier, the aim and result is to make it look exactly like Microsoft’s mid-90s desktop.

Underneath it all is the relatively familiar xUbuntu distribution, with a deliciously troll-worthy project called Chicago95 atop it. This takes some existing Windows 95 theme and icon projects, and adds GTK themes, an MS-DOS shell theme, the ability to install those cheesy ’90s Plus! themes, and a Microsoft Office 95 theme for LibreOffice. It really does deliver an experience very close to the Redmond original.

So, what’s the point here in 2022? In the first instance it’s an excellent opportunity to troll open-source enthusiast friends with a crusty laptop seemingly running ’95 and showing YouTube videos on Netscape Navigator 3. But beyond the jokes there is a serious use for it. There may be many criticisms that can be leveled at Windows 95, but it’s safe to say that its GUI was a significant success whose echoes can be found in many desktops here in 2022. There are a huge number of people in the world who are completely at home in a Windows 95 environment who might struggle with a Linux desktop, and this gives them a way to be immediately productive.  Would you give your grandmother a Linux box with this desktop?

Neon, Ukraine, And The Global Semiconductor Industry

February 27, 2022 by 34 Comments

On our news feeds and TV channels at the moment are many stories concerning the war in Ukraine, and among them is one which may have an effect on the high-tech industries. It seems that a significant percentage of the world’s neon gas is produced in Ukrainian factories, and there is concern among pundits and electronics manufacturers that a disruption of this supply could be a further problem for an industry already reeling from the COVID-related chip shortage. It’s thus worth taking a quick look at the neon business from an engineering perspective to perhaps make sense of some of those concerns.

As most readers will know from their high school chemistry lessons, neon is one of the so-called inert gasses, sitting in the column at the extreme right of the Periodic table. It occurs in nature as a small percentage of the air we breathe and is extracted from the air by fractional distillation of the liquid phase. The important point from the above sentences is that the same neon is all around us in the air as there is in Ukraine, in other words, there is no strategic neon mine in the Ukrainian countryside about to be overrun by the Russian invaders.

So why do we source so much neon from Ukraine, if we’re constantly breathing the stuff in and out everywhere else in the world? Since the air separation industry is alive and well worldwide for the production of liquid nitrogen and oxygen as well as the slightly more numerous inert gasses, we’re guessing that the answer lies in economics. It’s a bit harder to extract neon from air than it is argon because there is less of it in the air. Since it can be brought for a reasonable cost from the Ukrainians who have made it their business to extract it, there is little benefit in American or Western European companies trying to compete. Our take is that if the supply of Ukrainian neon is interrupted there may be a short period of neon scarcity. After that, air extraction companies will quite speedily install whatever extra plant they need in order to service the demand. If that’s your area of expertise, we’d love to hear from you in the comments.

Here at Hackaday we are saddened beyond words at what has happened in Ukraine, and we hope our Ukrainian readers and those Ukrainian hackers whose work we’ve featured make it through safely. We sincerely hope that this madness can be ended and that we can mention the country in the context of cool hacks again rather than war.

If you are interested in the strategic value of inert gasses, have a read about the global helium supply.

Header image: Lestat (Jan Mehlich), CC BY-SA 3.0.

This Week In Security: Updraft, Termux, And Magento

February 25, 2022 by 7 Comments

One of the most popular WordPress backup plugins, UpdraftPlus, has released a set of updates, x.22.3, that contain a potentially important fix for CVE-2022-23303. This vulnerability exposes existing backups to any logged-in WordPress user. This bug was found by the guys at Jetpack, who have a nice write-up on it. It’s a combination of instances of a common problem — endpoints that lacked proper authentication. The heartbeat function allows any user to access it, and it returns the latest backup nonce.

A cryptographic nonce is a value that’s not exactly a cryptographic secret, but is only used once. In some cases, this is to mitigate replay attacks, or is used as an initialization vector. In the case of UpdraftPlus, the nonce works as a unique identifiers for individual backups. The data leak can be combined with another weak validation in the maybe_download_backup_from_email() function, to allow downloading of a backup. As WordPress backups will contain sensitive information, this is quite the problem. There are no known in-the-wild instances of this attack being used, but as always, update now to stay ahead of the game.

Continue reading “This Week In Security: Updraft, Termux, And Magento”

Homemade Toy Wind Tunnel Blows (Really Well)

February 18, 2022 by 6 Comments

Sometimes a kid wakes up on Christmas morning and runs downstairs, only hoping to see one thing: a shiny new wind tunnel. This past December, that’s exactly what [SparksAndCode]’s son found under beside the tree, complete with a bag of scarves, ping-pong balls, and other fun things to launch through it (in the name of physics, of course).

The real story here starts about a week before Christmas, when [SparksAndCode]’s son was enthralled by a similar device at a science museum. At his wife’s suggestion, [SparksAndCode] got to work designing a and building a wind tunnel with hardware-store parts, his deadline looming ahead. The basic structure of the tunnel is three rods which support plywood collars. The walls are formed by plastic sheets rolled inside the collars to make a tube. Underneath, a Harbor Freight fan supplies a nice, steady stream of air for endless entertainment.

After finding a few bugs during his son’s initial beta testing on Christmas morning, [SparksAndCode] brought the wind tunnel back into the shop for a few tweaks and upgrades, including a mesh cover on the air intake to stop things from getting sucked into the fan. The final result was a very functional (and fun!) column of air. Looking for even more function (but not necessarily less fun)? We’ve got you covered too with this home-built research wind tunnel from a few years back.

Continue reading “Homemade Toy Wind Tunnel Blows (Really Well)”