News

3616 Articles

The Weirdest Hack

February 5, 2022 by 31 Comments

I was on the FLOSS podcast (for the Episode of the Beast no less!) and we were talking all about Hackaday. One of the hosts, secretly Hackaday’s own Jonathan Bennett in disguise, asked me what the weirdest hack I’d ever seen on Hackaday was. Weird?!?!

I was caught like a deer in headlights. None of our hacks are weird! Or maybe all of them are? I dunno, it certainly depends on your perspective. Is it weird to build a box that makes periodic meowing noises to hid in a friend’s closet? Is it weird to design new and interesting wheels for acrobats to roll themselves around in? Is it weird to want a rainbow-colored USB DIP switch? Is it weird that these are all posts from the last week?

OK, maybe we are a little bit weird. But that’s the way we like it. Keep it weird and wonderful, Hackaday. You’ve got enough normal stuff to do eight hours a day!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE

February 4, 2022 by 6 Comments

Samba has a very serious vulnerability, CVE-2021-44142, that was just patched in new releases 4.13.17, 4.14.12, and 4.15.5. Discovered by researchers at TrendMicro, this unauthenticated RCE bug weighs in at a CVSS 9.9. The saving grace is that it requires the fruit VFS module to be enabled, which is used to support MacOS client and server interop. If enabled, the default settings are vulnerable. Attacks haven’t been seen in the wild yet, but go ahead and get updated, as PoC code will likely drop soon.

Crypto Down the Wormhole

One notable selling point to cryptocurrencies and Web3 are smart contracts, little computer programs running directly on the blockchain that can move funds around very quickly, without intervention. It’s quickly becoming apparent that the glaring disadvantage is these are computer programs that can move money around very quickly, without intervention. This week there was another example of smart contracts at work, when an attacker stole $326 million worth of Ethereum via the Wormhole bridge. A cryptocurrency bridge is a service that exists as linked smart contracts on two different blockchains. These contracts let you put a currency in on one side, and take it out on the other, effectively transferring currency to a different blockchain. Helping us make sense of what went wrong is [Kelvin Fichter], also known appropriately as [smartcontracts].

When the bridge makes a transfer, tokens are deposited in the smart contract on one blockchain, and a transfer message is produced. This message is like a digital checking account check, which you take to the other side of the bridge to cash. The other end of the bridge verifies the signature on the “check”, and if everything matches, your funds show up. The problem is that one one side of the bridge, the verification routine could be replaced by a dummy routine, by the end user, and the code didn’t catch it.

It’s a hot check scam. The attacker created a spoofed transfer message, provided a bogus verification routine, and the bridge accepted it as genuine. The majority of the money was transferred back across the bridge, where other user’s valid tokens were being held, and the attacker walked away with 90,000 of those ETH tokens. Continue reading “This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE”

Hackaday Invades The FLOSS Weekly Podcast

February 2, 2022 by No comments

Regular Hackaday readers will know that we’re big supporters of free/libre and open source software (FLOSS) around these parts. There’s an excellent chance you are too, as so many of the incredible projects you send our way make it a habit to share their innermost details, from firmware source code to the OpenSCAD files that generate its 3D printed components. So when our recently minted Editor in Chief [Elliot Williams] was invited to join This Week in Tech’s FLOSS Weekly podcast, he jumped at the chance to represent our little corner of the Internet to the wider world of open source aficionados. (Ed: The final version is now live!  How did we get episode 666?!)

Hosted by [Doc Searls], FLOSS Weekly is known for its in-depth interviews with “the most interesting and important people in the Open Source and Free Software community”, so we hope the incursion by hacker rabble such as ourselves doesn’t taint their brand too much.

It’s live streamed every Wednesday at 12:30 PM Eastern / 9:30 AM Pacific / 17:30 UTC, which means that by the time this post hits the main page of the site, you’ve still got time to tune in. For those of you with gainful employment who can’t slack off for an hour or so in the middle of the workweek, the recorded version will be available afterwards for your time-shifted viewing and or listening pleasure.

[Elliot] will be joined by Hackaday writer and regular co-host of FLOSS Weekly [Jonathan Bennett], making this something of a Jolly Wrencher double-feature. [Jonathan] has been providing readers with a regular peek into the other type of hacking with his fantastic This Week in Security column, and is himself a devout FOSS supporter with a particular passion for GNU/Linux. We’re excited to listen in as the trio riffs on open source at the crossroads of hardware and software, not just because it promises to be an entertaining bit of programming, but because it’s a great opportunity to introduce the world of Hackaday to the wider open source audience.

Radio Amateurs & Skywatchers Rejoice, Sat Operators Worry: Solar Storm Incoming

February 1, 2022 by 23 Comments

How do you look back over your life and divide it up? Maybe by decades, cultural moments, or geopolitical events. For radio amateurs with older callsigns there’s a temptation to do so by solar cycles, as the roughly 11-year period of the Sun’s activity had a huge effect on radio propagation through the charge it creates in the upper atmosphere. We’re now in solar cycle 25, numbered since the 18th century when the science of solar observation began, and as never before we’re surrounded by information from experts such as [Dr. Tamitha Skov], the so-called [Space Weather Woman]. When she says something is on the way we listen, so a recent Tweet predicting a direct hit from a solar storm with a good probability of auroras in lower latitudes is very much worth sharing.

We must extend our commiserations to readers in equatorial climes and ever through the lower half of the USA, southern Europe, the Middle East, India, Japan, and China. You won’t see the aurora we’ll catch in Europe along with our friends in New Zealand, Canada, Russia, and northern USA. But even then to those of us at moderate latitudes an aurora is a pretty rare event, so we’re hoping for clear skies on the 2nd of February and would advise you to look out too if you’re in the likely zone even if they won’t be quite as impressive as those in our header picture. Meanwhile radio amateurs everywhere don’t have to see pretty lights in the sky to reap the benefits in terms of propagation, so happy DX hunting! The Tweet is embedded below the break, so you can play the timeline for yourselves.

Continue reading “Radio Amateurs & Skywatchers Rejoice, Sat Operators Worry: Solar Storm Incoming”

Acoustic Switching Transistors: A New Kind Of Electronics?

January 28, 2022 by 7 Comments

Have you ever heard of topological insulators? These are exotic materials where electricity flows only on the surface with very little loss. Now, according to IEEE Spectrum, scientists at Harvard have used the same concept to create a transistor for sound waves and it may be a new branch of electronics. The actual paper is available if you want some light reading.

Apparently, topological insulators protect electrons moving along their surfaces and edges, something that won the 2016 Nobel Prize in Physics. Photons can also be protected topologically so they move with very little loss across the materials. Making electrons flow in this manner is an attractive proposition, but there are challenges, especially when creating a device that can switch the flow of electrons on and off as you might with a transistor in and out of saturation. Sound waves, however, are much easier to work with.

Continue reading “Acoustic Switching Transistors: A New Kind Of Electronics?”

This Week In Security: Geopolitical Hacktivism, Antivirus Mining, And Linux Malware

January 28, 2022 by 15 Comments

The CIA Hacktivists have launched a sort of ransomware campaign against the Belarusian rail system, but instead of cryptocurrency, they want the release of political prisoners and removal of Russian soldiers. This could be called an example of cyber-terrorism, though there is a reasonable theory that this is a state-sponsored hack, masquerading as hacktivism. What does seem certain is that something has interrupted rail transit, and a group on Twitter has produced convincing proof of a breach.

Your Antivirus Now Includes a CryptoMiner

Don’t look now, but your latest update of Norton 360 or Avira may have installed a cryptocurrency mining module. The silver lining is that some sanity has been retained, and you have to opt-in to the crypto scheme before your machine starts spending its spare cycles on mining. For users who do, they’re put into a mining pool, making for small payouts for most hardware. Norton, naturally, takes a 15% fee off the top for their trouble.

The State of Linux Malware

There used to be an adage that Linux machines don’t get malware. That’s never really been quite true, but the continued conquest of the server landscape has had the side effect of making Linux malware an even greater danger. Crowdstrike has seen a 35% increase in Linux malware in 2021, with three distinct categories leading the charge: XorDDoS, Mozi, and Mirai. Continue reading “This Week In Security: Geopolitical Hacktivism, Antivirus Mining, And Linux Malware”

SHERLOC And The Search For Life On Mars

January 27, 2022 by 24 Comments

Humanity has been wondering about whether life exists beyond our little backwater planet for so long that we’ve developed a kind of cultural bias as to how the answer to this central question will be revealed. Most of us probably imagine that NASA or some other space agency will schedule a press conference, an assembled panel of scientific luminaries will announce the findings, and newspapers around the world will blare “WE ARE NOT ALONE!” headlines. We’ve all seen that movie before, so that’s the way it has to be, right?

Probably not. Short of an improbable event like an alien spacecraft landing while a Google Street View car was driving by or receiving an unambiguously intelligent radio message from the stars, the conclusion that life exists now or once did outside our particular gravity well is likely to be reached in a piecewise process, an accretion of evidence built up over a long time until on balance, the only reasonable conclusion is that we are not alone. And that’s exactly what the announcement at the end of last year that the Mars rover Perseverance had discovered evidence of organic molecules in the rocks of Jezero crater was — another piece of the puzzle, and another step toward answering the fundamental question of the uniqueness of life.

Discovering organic molecules on Mars is far from proof that life once existed there. But it’s a step on the way, as well as a great excuse to look into the scientific principles and engineering of the instruments that made this discovery possible — the whimsically named SHERLOC and WATSON.

Continue reading “SHERLOC And The Search For Life On Mars”