Hacking The Wooly Mammoth

September 14, 2021 by Al Williams 19 Comments

In case you can’t get enough Jurassic Park movies, you can look forward to plans a biotech company has to hybridize endangered Asian elephants with long-extinct wooly mammoths using gene splicing and other exotic techniques.

Expect a long movie, the team hopes to have calves after six years and we don’t think a theme park is in the making. The claim is that mammoth traits will help the elephants reclaim the tundra, but we can’t help but think it is just an excuse to reanimate an extinct animal. If you read popular press reports, there is some question if the ecological mission claimed by the company is realistic. However, we can’t deny it would be cool to bring an animal back from extinction — sort of.

We aren’t DNA wizards, so we only partially understand what’s being proposed. Apparently, skin cells from a modern elephant will serve as a base to accept extracted mammoth DNA. This might seem far-fetched but turns out the mammoth lived much more recently than we usually think. When they die in their natural deep-freeze environment, they are often well preserved.

Once the gene splicing is set up, a surrogate elephant will carry the embryo to term. The hope is that the improved breed would be able to further interbreed with natural species, although with the gestation and maturity times of elephants, this will be a very long time to bear fruit.

So how do you feel about it? Will we face a movie-level disaster? Will we get some lab curiosity creatures? Will it save the tundra? Let us know what you think in the comments.

DNA manipulation has gone from moon-shot-level tech to readily accessible in a very short amount of time. In particular, CRISPR, changes everything and is both exciting and scary on what it puts in the hands of nearly anyone.

Harp Uses Frikin’ Lasers

September 14, 2021 by Al Williams 12 Comments

We aren’t sure if you really need lasers to build [HoPE’s] laser harp. It is little more than some photocells and has an Arduino generate tones based on the signals. Still, you need to excite the photocells somehow, and lasers are cheap enough these days.

Mechanically, the device is a pretty large wooden structure. There are six lasers aligned to six light sensors. Each sensor is read by an analog input pin on an Arduino armed with a music-generation shield. We’ve seen plenty of these in the past, but the simplicity of this one is engaging.

Continue reading “Harp Uses Frikin’ Lasers” →

Vektor Kollektor Inspector

September 13, 2021 by Michael Shaub 3 Comments

With the world opening up again, [Niklas Roy] and [Kati Hyyppä] have been busy making a public and collaborative project. Meet the Vektor Kollektor, a portable drawing machine experience, complete with a chip-tune soundtrack. It’s great to see public art meet the maker community with zero pretension and a whole lot of fun!

The build started with an HP7475A pen plotter from the 80s, one that was DOA (or was fried during initial testing). [Niklas] and [Kati] kept the mechanism but rebuilt the controls allowing for easy integration with an Arduino Nano and to be powered with a motorcycle battery.

The magic seems to be less in the junk-bin build (which is great) and more in the way this team extended the project. Using a joystick with arcade buttons as an input, they carted Vektor Kollektor to public parks and streets where they invited others to make art. The Kollekted drawings are available on a gallery website in a very cool animated form, freely available for download, on t-shirts, 3D prints, and on coffee mugs because, why not?

Some select drawings are even spray-painted on walls using a large plotter, and we really hope [Niklas Roy] and [Kati Hyyppä] share details on that build soon. Of course this comes hot on the heels of the workshop window cyborg we saw from these two hardware artists.

Continue reading “Vektor Kollektor Inspector” →

Overengineering A Smart Doorbell

September 12, 2021 by Jenny List 19 Comments

Fresh from the mediaeval splendour of the Belgian city of Gent, we bring you more from the Newline hacker conference organised by Hackerspace Gent. [Victor Sonck] works at the top of his house, and thus needed a doorbell notifier. His solution was unexpected, and as he admits over engineered, using machine learning on an audio stream from a microphone to detect the doorbell’s sound.

Having established that selling his soul to Amazon with a Ring doorbell wasn’t an appropriate solution, he next looked at his existing doorbell. Some of us might connect directly to its power to sense when the button was pressed, but we’re kinda glad he went for the overengineered route because it means we are treated to a run-down how machine learning works and how it can be applied to audio. The end result can sometimes be triggered by a spoon hitting a cereal plate, but since he was able to demonstrate it working we think it can be called a success. Should you wish to dive in further you can find more in his GitHub repository.

How would you overengineer a doorbell? Use GNU radio and filters? Or maybe a Rube Goldberg machine involving string and pulleys? As always, the comments are open.

Continue reading “Overengineering A Smart Doorbell” →

This Week In Security: Ghoscript In Imagemagick, Solarwinds, And DHCP Shenanigans

September 10, 2021 by Jonathan Bennett 3 Comments

A PoC was just published for a potentially serious flaw in the Ghostscript interpreter. Ghostscript can load Postscript, PDF, and SVG, and it has a feature from Postscript that has been a continual security issue: the %pipe% command. This command requests the interpreter to spawn a new process — It’s RCE as part of the spec. This is obviously a problem for untrusted images and documents, and Ghostscript has fixed security vulnerabilities around this mis-feature several times over the years.

This particular vulnerability was discovered by [Emil Lerner], and described at ZeroNights X. That talk is available, but in Russian. The issue seems to be a bypass of sorts, where the pipe command appears to be working in the /tmp/ directory, but a simple semicolon allows for an arbitrary command to be executed. Now why is this a big deal? Because ImageMagick uses Ghostscript to open SVG images by default on some distributions, and ImageMagick is often used for automatically resizing and converting images for web sites. In [Emil]’s presentation, he uses this flaw as part of an attack chain against three different companies.

I was unable to reproduce the flaw on my Fedora install, but I haven’t found any notice of it being fixed in the Ghostscript or Imagemagick changelogs either. It’s unclear if this problem has already been fixed, or if this is a true 0-day for some platforms. Either way, expect attackers to start trying to make use of it.

Continue reading “This Week In Security: Ghoscript In Imagemagick, Solarwinds, And DHCP Shenanigans” →

An assortment of whole-mouth toothbrushes that brush all of your teeth at once, in the span of 30 seconds.

Don’t Bristle; Teethbrush Won’t Hurt You

September 7, 2021 by Kristina Panos 33 Comments

Good dental hygiene is the first line of defense when it comes to your health, and– you’re already bored, aren’t you? It’s totally true, though. Take care of your teeth, and the rest of you has a better chance of staying fairly healthy.

This is like, the one thing we have control over after diet and exercise, and most people just plain fail on this front. They brush for 30 seconds, tops. Or they rarely floss. Maybe they’ve never even considered brushing or scraping their tongue.

Okay, fine. You don’t want to spend the recommended two minutes twice a day working the brush around your mouth. The good news is, technology has finally caught up with you and your habits, if you can call them that. How about using something that can truly be called a teethbrush? As in, it brushes all of your teeth at once? Well, half of your teeth anyway. Allegedly, you can spend as little as 10 seconds on each arch and effectively scour your smile — that’s because the thing vibrates at an astonishing 40,000 per minute or so.

Sounds kind of scary, doesn’t it? Wait ’til you hear how much they cost. One brand is $150 off the bat, and replacement heads are close to $40 each, although they’re supposed to last for six months each (eww!). Most of them have some fancy extras that make the cost more palatable, such as a tooth-whitening mode.

What do you think? Would you use a teethbrush? We’re still on the fence. It could be interesting to develop our own, but you have to crawl before you can run. Guess we’ll start with a manual.

This Week In Security: Ransomware Decryption, OpenSSL, And USBGadget Spoofing

September 3, 2021 by Jonathan Bennett 8 Comments

We’ve covered a lot of ransomware here, but we haven’t spent a lot of time looking at the decryptor tools available to victims. When ransomware gangs give up, or change names, some of them release a decryption tool for victims who haven’t paid. It’s not really a good idea to run one of those decryptors, though. The publishers don’t have a great track record for taking care of your data, after all. When a decryptor does get released, and is verified to work, security researchers will reverse engineer the tool, and release a known-good decryption program.

The good folks at No More Ransom are leading the charge, building such tools, and hosting a collection of them. They also offer Crypto Sheriff, a tool to identify which ransomware strain got your files. Upload a couple encrypted files, and it will inform you exactly what you’re dealing with, and whether there is a decryptor available. The site is a cooperation between the Dutch police, Interpol, Kaspersky, and McAfee. It may surprise you to know that they recommend reporting every ransomware case to the authorities. I can confirm that at the very least, the FBI in the US are very interested in keeping track of the various ransomware attacks — I’ve fielded a surprise call from an agent following up on an infection.