News

3607 Articles

This Week In Security: No More CVEs, 4chan, And Recall Returns

April 18, 2025 by 7 Comments

The sky is falling. Or more specifically, it was about to fall, according to the security community this week. The MITRE Corporation came within a hair’s breadth of running out of its contract to maintain the CVE database. And admittedly, it would be a bad thing if we suddenly lost updates to the central CVE database. What’s particularly interesting is how we knew about this possibility at all. An April 15 letter sent to the CVE board warned that the specific contract that funds MITRE’s CVE and CWE work was due to expire on the 16th. This was not an official release, and it’s not clear exactly how this document was leaked.

Many people made political hay out of the apparent imminent carnage. And while there’s always an element of political maneuvering when it comes to contract renewal, it’s worth noting that it’s not unheard of for MITRE’s CVE funding to go down to the wire like this. We don’t know how many times we’ve been in this position in years past. Regardless, MITRE has spun out another non-profit, The CVE Foundation, specifically to see to the continuation of the CVE database. And at the last possible moment, CISA has announced that it has invoked an option in the existing contract, funding MITRE’s CVE work for another 11 months.

Continue reading “This Week In Security: No More CVEs, 4chan, And Recall Returns”

A photograph with labels showing the parts of a DIY scanning spectrometer.

DIY Scanning Spectrometer Is A Bright Idea

April 14, 2025 by 7 Comments

Spectroscopy seems simple: split a beam of light into its constituent wavelengths with a prism or diffraction grating, and measure the intensity of each wavelength. The devil is in the details, though, and what looks simple is often much harder to pull of in practice. You’ll find lots of details in [Gary Boyd]’s write-up of his optical scanning spectrometer project, but no devils.

Schematic diagram of [Gary Boyd]'s spectrometer, showing optical elements and rays of light as well as major physical elements like the motor and linear stage.
Schematic diagram of [Gary Boyd]’s Czerny-Turner type scanning spectrometer.
A scanning spectrometer is opposed to the more usual camera-type spectrometer we see on these pages in that it uses a single-pixel sensor that sweeps across the spectrum, rather than spreading the spectrum across an imaging sensor.

Specifically, [Gary] has implemented a Czerny-Turner type spectrometer, which is a two-mirror design. The first concave mirror collimates the light coming into the spectrometer from its entrance slit, focusing it on a reflective diffraction grating. The second concave mirror focuses the various rays of light split by the diffraction grating onto the detector.

In this case [Gary] uses a cheap VEML 7700 ambient light sensor mounted to a small linear stage from amazon to achieve a very respectable 1 nm resolution in the range from 360 nm to 980 nm. That’s better than the human eye, so nothing to sneeze at — but [Gary] includes some ideas in his blog post to extend that even further. The whole device is controlled via an Arduino Uno that streams data to [Gary]’s PC.

[Gary] documents everything very well, from his optical mounts to the Arduino code used to drive the stepper motor and take measurements from the VEML 7700 sensor. The LED and laser “turrets” used in calibration are great designs as well. He also shares the spectra this device is capable of capturing– everything from the blackbody of a tungsten lamp used in calibration, to a cuvette of tea, to the sun itself as you can see here. If you have a couple minutes, [Gary]’s full writeup is absolutely worth a read.

This isn’t the first spectrometer we’ve highlighted– you might say we’ve shown a whole spectrum of them.

GPS Broken? Try TV!

April 11, 2025 by 37 Comments

GPS and similar satellite navigation systems revolutionized how you keep track of where you are and what time it is. However, it isn’t without its problems. For one, it generally doesn’t work very well indoors or in certain geographic or weather scenarios. It can be spoofed. Presumably, a real or virtual attack could take the whole system down.

Addressing these problems is a new system called Broadcast Positioning System (BPS). It uses upgraded ATSC 3.0 digital TV transmitters to send exact time information from commercial broadcast stations. With one signal, you can tell what time it is within 100 ns 95% of the time. If you can hear four towers, you can not only tell the time, but also estimate your position within about 100 m.

The whole thing is new — we’ve read that there are only six transmitters currently sending such data. However, you can get a good overview from these slides from the National Association of Broadcasters. They point out that the system works well indoors and can work with GPS, help detect if GPS is wrong, and stand in for GPS if it were to go down suddenly.

Continue reading “GPS Broken? Try TV!”

This Week In Security: AI Spam, SAP, And Ivanti

April 11, 2025 by 13 Comments

AI continues to be used in new and exciting ways… like generating spam messages. Yes, it was inevitable, but we now have spammers using LLM to generate unique messages that don’t register as spam. AkiraBot is a Python-powered tool, designed to evade CAPTCHAs, and post sketchy SEO advertisements to web forms and chat boxes around the Internet.

AkiraBot uses a bunch of techniques to look like a legitimate browser, trying to avoid triggering CAPTCHAs. It also runs traffic through a SmartProxy service to spread the apparent source IP around. Some captured logs indicate that of over 400,000 attempted victim sites, 80,000 have successfully been spammed.

Continue reading “This Week In Security: AI Spam, SAP, And Ivanti”

FreeDOS 1.4 Released

April 8, 2025 by 22 Comments

Even in 2025 there are still many applications for a simple Disk Operating System (DOS), whether this includes running legacy software (including MS-DOS games & Windows 3.x), or (embedded) systems running new software where the overhead of a full-fat Linux or BSD installation would be patently ridiculous.

This is where the FreeDOS project provides a modern, fully supported DOS, with the recent 1.4 release adding a whole range of features and updates to existing components like the FreeCOM command shell. This is the first stable release since 1.3 was released in 2022.

FreeDOS saw its first release in 1994 and has become the de facto replacement for MS-DOS — featuring many improvements to make it work well on modern hardware and a package manager to manage installed software much like on Linux & BSD. The new kernel didn’t quite make it into this release, but it and some other items will be available in the monthly test builds.

You can download the new 1.4 release here, with live & installer CD images, a USB installer and even a Floppy Edition available. System requirements include an (Intel) x86 CPU, a BIOS (or legacy UEFI mode), 640 kB of RAM and 20 MB of storage.

A Tale Of Nuclear Shenanigans From Down Under

April 6, 2025 by 47 Comments

It’s likely that among the readers of this article there will be many who collect something. Whether it’s rare early LEDs or first-year-of-manufacture microprocessors, you’ll scour the internet to find them, and eagerly await mystery packages from the other side of the world.

There’s a tale emerging from Australia featuring just such a collector, whose collection now has him facing a jail sentence for importing plutonium. The story however is not so clear-cut, featuring a media frenzy and over-reaction from the authorities worthy of Gatwick Airport. [Explosions&Fire] has a rather long video unpacking the events, which we’ve placed below the break.

Emmanuel Lidden is an element collector, someone who tries to assemble an entire Periodic Table in their collection. He ordered a range of elements from an American element collectors’ supply website, including samples of plutonium and thorium. He seems to have been unaware he was committing any crime, with the microscopic samples available from legitimate websites with no warnings attached. The case becomes murkier as the Australian authorities flagged the thorium sample and instructed the courier not to deliver it, which they did anyway. Then a raid of the type you’d expect for the terrorists who stole the plutonium in Back To The Future was launched, along with that Gatwick-esque media frenzy.

We’re inclined to agree that the penalty likely to be meted out to him for buying a sliver of a Soviet smoke detector embedded in a Lucite cube seems overly steep, but at the same time his obvious naivety over dealing in radioactive materials marks him as perhaps more than a little foolhardy. It’s something over which to ponder though, have we managed to amass anything illegal disguised as outdated devices? Have you? Perhaps it’s something to discuss in the comments.

Continue reading “A Tale Of Nuclear Shenanigans From Down Under”

Multifunctional USB controlled PCB on blue background

How A Tiny Relay Became A USB Swiss Army Knife

April 5, 2025 by 17 Comments

Meet the little board that could: [alcor6502]’s tiny USB relay controller, now evolved into a multifunction marvel. Originally built as a simple USB relay to probe the boundaries of JLCPCB’s production chops, it has become a compact utility belt for any hacker’s desk drawer. Not only has [alcor6502] actually built the thing, he even provided instructions. If you happened to be at Hackaday in Berlin, you now might even own one, as he handed out twenty of them during his visit. If not, read on and build it yourself.

This thing is not just a relay, and that is what makes it special. Depending on a few solder bridges and minimal components, it shape-shifts into six different tools: a fan controller (both 3- and 4-pin!), servo driver, UART interface, and of course, the classic relay. It even swaps out a crystal oscillator for USB self-sync using STM32F042‘s internal RC – no quartz, less cost, same precision. A dual-purpose BOOT0 button lets you flash firmware and toggle outputs, depending on timing. Clever reuse, just like our mothers taught us.

It’s the kind of design that makes you want to tinker again. Fewer parts. More function. And that little smile when it just works. If this kind of clever compactness excites you too, read [alcor6502]’s build log and instructions here.