News

3631 Articles

This Week In Security: Ransomware Decryption, OpenSSL, And USBGadget Spoofing

September 3, 2021 by 8 Comments

We’ve covered a lot of ransomware here, but we haven’t spent a lot of time looking at the decryptor tools available to victims. When ransomware gangs give up, or change names, some of them release a decryption tool for victims who haven’t paid. It’s not really a good idea to run one of those decryptors, though. The publishers don’t have a great track record for taking care of your data, after all. When a decryptor does get released, and is verified to work, security researchers will reverse engineer the tool, and release a known-good decryption program.

The good folks at No More Ransom are leading the charge, building such tools, and hosting a collection of them. They also offer Crypto Sheriff, a tool to identify which ransomware strain got your files. Upload a couple encrypted files, and it will inform you exactly what you’re dealing with, and whether there is a decryptor available. The site is a cooperation between the Dutch police, Interpol, Kaspersky, and McAfee. It may surprise you to know that they recommend reporting every ransomware case to the authorities. I can confirm that at the very least, the FBI in the US are very interested in keeping track of the various ransomware attacks — I’ve fielded a surprise call from an agent following up on an infection.

OpenSSL

The OpenSSL project has fixed a pair of vulnerabilities, CVE-2021-3711 and CVE-2021-3712 with release 1.1.11l. The first is a possible buffer overflow caused by a naive length calculation function. A “fixed” length header is actually dynamic, so a carefully crafted plaintext can overflow the allocated buffer. Continue reading “This Week In Security: Ransomware Decryption, OpenSSL, And USBGadget Spoofing”

Coaxcopter To Carry Man

September 3, 2021 by 14 Comments

One of the major perks of all the affordable flight controllers and motors available from the hobby market is that you can really experiment with some crazy aircraft designs. [amazingdiyprojects] is experimenting with a coaxial helicopter design, with the goal off possibly using for a manned version in the future. (Video link, embedded below.)

The aircraft uses a pair of coaxial counter-rotating motors with large propellers, with several redundant control surfaces below the propellers. One of the theoretical advantages of this arrangement, compared to the more conventional quadcopter type designs, is redundancy. While a quadcopter will start tumbling when a single motor fails, this design will still be able to descend safely with just one motor.

It is also not dependent on the main motors for yaw, pitch and roll control. In multirotors, the motors need to keep a significant amount of the motor’s available power in reserve to increase torque at a moment’s notice for attitude control. This craft can use all the available thrust from the motors for lift, since control is provided by the control surfaces. There are five sets of redundant control surfaces below the propellers, each set connected to a separate flight controller.

Another advantage of this design is efficient for a given footprint, since one large propeller will always be more efficient than multiple smaller propellers. One of the goals for [amazingdiyprojects] is to fit the full size craft in a shipping container or on a trailer for transport without dissasembly.

[amazingdiyprojects] has built manned drones before, using both electric motors and internal combustion engines. And don’t miss the most gonzo wind tunnel ever at 7:00 in the video below. Continue reading “Coaxcopter To Carry Man”

Fusion Ignition: What Does The NIF’s 1.3 MJ Yield Mean For Fusion Research?

August 30, 2021 by 37 Comments

Earlier this month, Lawrence Livermore National Laboratory (LLNL) announced to the world that they had achieved a record 1.3 MJ yield from a fusion experiment at their National Ignition Facility (NIF). Yet what does this mean, exactly? As their press release notes, the main advancement of these results will go towards the US’s nuclear weapons arsenal.

This pertains specifically to the US’s nuclear fusion weapons, which LLNL along with Los Alamos National Laboratory (LANL) and other facilities are involved in the research and maintenance of. This traces back to the NIF’s roots in the 1990s, when the stockpile stewardship program was set up as an alternative to nuclear weapons testing. Much of this research involves examining how today’s nuclear weapons degrade over time, and ways to modernize the existing arsenal.

In light of this, one may wonder what the impact of these experimental findings from the NIF are beyond merely ensuring that the principle of MAD remains intact. To answer that question, we have to take a look at inertial confinement fusion (ICF), which is the technology at the core of the NIF’s experiments.

Continue reading “Fusion Ignition: What Does The NIF’s 1.3 MJ Yield Mean For Fusion Research?”

This Week In Security: Through The Mouse Hole, Zoom RCE, And Defeating Defender

August 27, 2021 by 9 Comments

Windows security problems due to insecure drivers is nothing new, but this one is kinda special. Plug in a Razer mouse, tell the install dialog you want to install to a non-standard location, and then shift+right click the Explorer window. Choose a powershell, and boom, you now have a SYSTEM shell. It’s not as impressive as an RCE, and it requires hands-on the machine, but it’s beautiful due to the simplicity of it.

The problem is a compound one. First, Windows 10 and 11 automatically downloads and starts the install of Razer Synapse when a Razer device is plugged in. Note it’s not just Razer, any branded app that auto installs like this is possibly vulnerable in the same way. The installation process runs as system, and because it was started automatically, there is no admin account required. The second half of the issue is that the installer itself doesn’t take any precautions to prevent a user from spawning additional processes. There isn’t an obvious way to prevent the launch of Powershell from within the FolderPicker class, so an installer running as SYSTEM would have to go out of its way to drop privileges, to make this a safe process. The real solution is for Microsoft to say no to GUI installers bundled with WHQL signed drivers.
Continue reading “This Week In Security: Through The Mouse Hole, Zoom RCE, And Defeating Defender”

Razer Mouse Grants Windows Admin Privileges

August 26, 2021 by 50 Comments

As the common saying goes, “all networked computers are vulnerable to exploits, but some networked computers are more vulnerable than others”. While not the exact wording from Animal Farm, the saying does have plenty of merit nonetheless. Sure, there are some viruses and issues with Linux distributions but by far most of the exploits target Windows, if only because more people use it daily than any other operating system. The latest Windows 10 exploit, discovered by [jonhat], is almost comically easy too, and involves little more than plugging in a mouse.

While slightly comforting in that an attacker would need physical access to the device rather than simple network access, it is very concerning how simple this attack is otherwise. Apparently plugging in a Razer mouse automatically launches Windows Update, which installs a driver for the mouse. The installation is run with admin privileges, and a Power Shell can be opened by the user simply by pressing Shift and right-clicking the mouse. While [jonhat] originally tried to let the company know, they weren’t responsive until he made the exploit public on Twitter, and are now apparently working on solving the issue.

Others have confirmed the exploit does in fact work, so hopefully there is a patch released soon that solves the issue. In the meantime, we recommend not allowing strangers to plug any devices into your personal computers as a general rule, or plugging in anything where its origins are unknown. Also remember that some attacks don’t required physical or network access at all, like this one which remotely sniffs keystrokes from a wireless keyboard with less than stellar security, also coincidentally built by Microsoft.

Eavesdropping By LED

August 25, 2021 by 23 Comments

If you ever get the feeling someone is watching you, maybe they are listening, too. At least they might be listening to what’s coming over your computer speakers thanks to a new attack called “glow worm.” In this novel attack, careful observations of a power LED on a speaker allowed an attacker to reproduce the sound playing thanks to virtually imperceptible fluctuations in the LED brightness, most likely due to the speaker’s power line sagging and recovering.

You might think that if you could see the LED, you could just hear the output of the speaker, but a telescope through a window 100 feet away appears to be sufficient. You can imagine that from a distance across a noisy office you might be able to pull the same trick. We don’t know — but we suspect — even if headphones were plugged into the speakers, the LED would still modulate the audio. Any device supplying power to the speakers is a potential source of a leak.

Continue reading “Eavesdropping By LED”

magicBlueSmoke-piStick-featured

How Do You Make A Raspberry Pi On A Stick?

August 24, 2021 by 38 Comments

We agree with [magic-blue-smoke] that one of the only things more fun than a standard Raspberry Pi 4 is the Compute Module form factor. If they are not destined to be embedded in a system, these need a breakout board to be useful. Each can be customized with a myriad board shapes and ports, and that’s where the real fun starts. We’ve already seen projects that include custom carrier boards in everything from a 3D Printer to a NAS and one that shows we can build a single-sided board at home complete with high-speed ports.

[magic blue smoke] used this ability to customize the breakout board as an opportunity to create a hackable media player “stick” with the Raspberry Pi built-in. We love that this Raspberry Pi CM4 TV Stick eliminates all the adapters and cables usually required to connect a Pi’s fiddly micro HDMI ports to a display and has heat sinks and an IR receiver to boot. Like a consumer media player HDMI stick, all you need to add is power. Continue reading “How Do You Make A Raspberry Pi On A Stick?”