News

3396 Articles

Farewell SETI@Home

March 6, 2020 by 59 Comments

It was about 21 years ago that Berkley started one of the first projects that would allow you to donate idle computing time to scientific research. In particular, your computer could help crunch data from radio telescopes looking for extraterrestrial life. Want to help? You may be too late. The project is going into hibernation while they focus on analyzing data already processed.

According to the home page:

We’re doing this for two reasons:

1) Scientifically, we’re at the point of diminishing returns; basically, we’ve analyzed all the data we need for now.

2) It’s a lot of work for us to manage the distributed processing of data. We need to focus on completing the back-end analysis of the results we already have, and writing this up in a scientific journal paper.

Continue reading “Farewell SETI@Home”

Using IR LEDs To Hide In Plain Sight

February 28, 2020 by 88 Comments

Getting by without falling under the gaze of surveillance cameras doesn’t seem possible nowadays – from malls to street corners, it’s getting more common for organizations to use surveillance cameras to keep patrons in check. While the freedom of assembly is considered a basic human right in documents such as the US Condition and the Universal Declaration of Human Rights, it is not a right that is respected everywhere in the world. Often times, governments enforcing order will identify individuals using image recognition programs, preventing them from assembling or demonstrating against their government.

Freedom Shield built by engineer [Nick Bild] is an attempt at breaking away from the status quo and giving people a choice on whether they want to be seen or not. The spectrum of radiation visible to humans maxes out around 740nm, allowing the IR waves to remain undetected by normal observers.

The project uses 940nm infrared (IR) LEDs embedded in clothes to overwhelm photo diodes in IR-sensitive cameras used for surveillance. Since the wavelength of the lights are not visible to humans, they don’t obstruct normal behavior, making it an ideal way to hide in plain sight. Of course, using SMD LEDs rather than the larger sizes would also help with making the lights even less visible to the naked eye.

The result doesn’t perfectly obscure your face from cameras, but for a proof-of-concept it’s certainly a example of how to avoid being tracked.

Continue reading “Using IR LEDs To Hide In Plain Sight”

This Week In Security: Chrome Bugs And Non-bugs, Kr00k, And Letsencrypt

February 28, 2020 by 20 Comments

Google Chrome minted a new release to fix a trio of bugs on Monday, with exploit code already in the wild for one of them. The first two bugs don’t have much information published yet. They are an integer-overflow problem in Unicode internationalization, and a memory access issue in streams. The third issue, type confusion in V8, was also fixed quietly, but a team at Exodus Intel took the time to look at the patches and figure out what the problem was.

The actual vulnerability dives into some exotic Javascript techniques, but to put it simply, it’s possible to change a data-type without V8 noticing. This allows malicious code to write into the header area of the attacked variable. The stack, now corrupted, can be manipulated to the point of arbitrary code execution. The researchers make the point that even with Google’s fast-paced release schedule, a determined attacker could have several days of virtual zero-day exploitation of a bug mined from code changes. Story via The Register.

The Chrome Problem that Wasn’t

A second Chrome story came across my desk this week: Chrome 80 introduces a new feature, ScrollToTextFragment. This useful new feature allows you to embed a string of text in a URL, and when loading that address, Chrome will scroll the page to make that text visible. For certain use cases, this is an invaluable feature. Need to highlight a specific bit of text in a big document online?

The following bookmarklet code by [Paul Kinlan] is the easy way to start using this feature. Paste this code into the URL of a bookmark, put it on the bookmark bar, highlight some text in a webpage, and then run the bookmarklet. It should open a new tab with the new URL, ready to use or send to someone.

javascript:(function()%7Bconst%20selectedText%20%3D%20getSelection().toString()%3Bconst%20newUrl%20%3D%20new%20URL(location)%3BnewUrl.hash%20%3D%20%60%3A~%3Atext%3D%24%7BencodeURIComponent(selectedText)%7D%60%3Bwindow.open(newUrl)%7D)()

Since we’re talking about it in the security column, there must be more to the story. A privacy guru at Brave, [Peter Snyder], raised concerns about privacy implications of the feature. His argument has been repeated and misrepresented in a few places. What argument was he making? Simply put, that it’s not normal user behavior to immediately scroll to an exact position on the page. Because modern web pages and browsers do things like deferred loading of images, it could be possible to infer where in the page the link was pointing. He gives the example of a corporate network where DNS is monitored. This isn’t suggesting that the entire URL is leaked over DNS, but rather that DNS can indicate when individual components of a page are loaded, particularly when they are embedded images from other sites.

While this concern isn’t nonsensical, it seems to me to be a very weak argument that is being over-hyped in the press.

Whatsapp Groups Searchable on Google

It’s not new for search engines to index things that weren’t intended to be public. There is a bit of mystery surrounding how Google finds URLs to index, and StackExchange is full of plenty of examples of webadmins scratching their heads at their non-public folders showing up in a Google search.

That said, a story made the rounds in the last few days, that WhatsApp and Telegram group invites are being indexed by Google. So far, the official word is that all the indexed links must have been shared publicly, and Google simply picked them up from where they were publicly posted.

It appears that WhatsApp has begun marking chat invitation links as “noindex”, which is a polite way to ask search engines to ignore the link.

If it’s shown that links are getting indexed without being posted publicly online, then we have a much bigger story. Otherwise, everything is working as expected.

Letsencrypt Makes Attacks Harder

Letsencrypt has rolled out an invisible change to their validation process that makes a traffic redirection attack much harder. The new feature, Multi-Perspective Validation, means that when you verify your domain ownership, Letsencrypt will test that verification from multiple geographic regions. It might be possible to spoof ownership of a domain through a BGP attack, but that attack would be much harder to pull off against traffic originating from another country, or multiple countries simultaneously. Letsencrypt is currently using different regions of a single cloud, but plans to further diversify and use multiple cloud providers for even stronger validation.

Kr00k

Brought to us by the researchers at Eset, Krook (PDF) is a simple flaw in certain wireless chips. So far, the flaw seems to be limited to WPA2 traffic sent by Broadcom and Cypress chips. They discovered Kr00k while doing some followup research on KRACK.

Let’s talk about WPA2 for a moment. WPA2 has a 4-way handshake process that securely confirms that both parties have the shared key, and then establishes a shared Temporal Key, also known as a session key. This key is private between the two devices that performed the handshake, meaning that other devices on the same wireless network can’t sniff traffic sent by other devices.

When a device disconnects, or disassociates, that session key is reset to all 0s, and no packets should be sent until another handshake is performed. Here’s the bug: The packets already in the output buffer are still sent, but are encrypted with the zeroed key, making them trivially decrypted. As it’s simple to trigger deauthentication events, an attacker can get a sampling of in-the-clear packets. The ubiquity of TLS is a saving grace here, but any unencrypted traffic is vulnerable. Eset informed vendors about the flaw in 2019, and at least some devices have been patched.

Exchange

Microsoft Exchange got a security patch this past Tuesday that addressed a pair of bugs that together resulted in a remote code execution vulnerability. The first bug was an encryption key that is generated on Exchange server installation. That generation seemed to lack a good source of entropy, as apparently every Exchange install uses the the exact same key.

The second half of this bug is a de-serialization problem, where an encrypted payload can contain a command to run. Because the encryption key is known, any user can access the vulnerable endpoint. The process of exploitation is so trivial, be sure to patch your server right away.

TODO: Remove Vulnerabilities

This one is just humorous. An Intel virtualization feature appears to have been pushed into the Linux kernel before it was finished. Know what unfinished code tends to contain? Bugs and vulnerabilities. CVE-2020-2732, in this case. It’s unclear how exactly an exploit would work, but the essence is that a virtual guest is allowed to manipulate system state in unintended ways.

Astra Readies Secretive Silicon Valley Rocket; Firm Exits Stealth Mode, Plans Test Launch

February 28, 2020 by 27 Comments

After the end of the Second World War the United States and the Soviet Union started working feverishly to perfect the rocket technology that the Germans developed for the V-2 program. This launched the Space Race, which thankfully for everyone involved, ended with boot prints on the Moon instead of craters in Moscow and DC. Since then, global tensions have eased considerably. Today people wait for rocket launches with excitement rather than fear.

That being said, it would be naive to think that the military isn’t still interested in pushing the state-of-the-art forward. Even in times of relative peace, there’s a need for defensive weapons and reconnaissance. Which is exactly why the Defense Advanced Research Projects Agency (DARPA) has been soliciting companies to develop a small and inexpensive launch vehicle that can put lightweight payloads into Earth orbit on very short notice. After all, you never know when a precisely placed spy satellite can make the difference between a simple misunderstanding and all-out nuclear war.

More than 50 companies originally took up DARPA’s “Launch Challenge”, but only a handful made it through to the final selection. Virgin Orbit entered their air-launched booster into the competition, but ended up dropping out of contention to focus on getting ready for commercial operations. Vector Launch entered their sleek 12 meter long rocket into the competition, but despite a successful sub-orbital test flight of the booster, the company ended up going bankrupt at the end of 2019. In the end, the field was whittled down to just a single competitor: a relatively unknown Silicon Valley company named Astra.

Should the company accomplish all of the goals outlined by DARPA, including launching two rockets in quick succession from different launch pads, Astra stands to win a total of $12 million; money which will no doubt help the company get their booster ready to enter commercial service. Rumored to be one of the cheapest orbital rockets ever built and small enough to fit inside of a shipping container, it should prove to be an interesting addition to the highly competitive “smallsat” launcher market.

Continue reading “Astra Readies Secretive Silicon Valley Rocket; Firm Exits Stealth Mode, Plans Test Launch”

Raspberry Pi 4 Offers Up 2 GB For The Price Of One

February 27, 2020 by 54 Comments

The Raspberry Pi 4 represents a significant performance increase over previous generations, unlocking potential applications that were simply beyond the abilities of these diminutive Single Board Computers (SBCs) in the past. Some would even argue that the Pi 4, with a quad-core Cortex-A72 running at 1.5 GHz, now holds its own as a lightweight ARM desktop computer for those interested in finally breaking free from x86.

In light of the considerable upgrade in processing power, the choice to outfit the base model Pi 4 with just 1 GB of RAM always seemed a bit odd. So it’s little surprise that the Raspberry Pi Foundation has decided to shift things around and lower the price of the 2 GB model to the traditional $35. In a blog post this morning, Eben Upton said that with RAM prices falling over the last year, the company thought it was time they passed the savings onto the customer.

This change comes just two days before the Pi’s 8th birthday. There has been speculation that the Pi 4 is capable of operating with 8 GB of RAM and unveiling that news to coincide with this anniversary would have been a clever marketing move. Alas, it looks like we’ll have to continue to wait.

For those who are invested in the 1 GB model, have no fear. Rather than delete the product from the lineup entirely, the company will be keeping it available for anyone who needs it. So if you’ve got a commercial or industrial application that might not take kindly to the hardware getting switched out, you’ll still have a source of spares. That said, the pricing for the 1 GB model won’t be changing, so there’s no cost advantage to using it in new designs.

Combined with news that compatibility issues the Pi 4 had with generic USB-C power supplies was fixed with an under the radar board revision, it seems there’s never been a better time to upgrade to the latest and greatest version of everyone’s favorite Linux board. Happy Birthday, Raspberry Pi.

Be Wary Of Radioactive Bracelets And Similar

February 26, 2020 by 57 Comments

Before you start cutting up that ‘negative ion’ health bracelet or personal massager, be aware that these are highly likely to contain thorium oxide or similar radioactive powder, as this research video by [Justin Atkin] (also embedded after the break) over at The Thought Emporium YouTube channel shows. Even ignoring the irony that thorium oxide is primarily an alpha (He+) emitter and thus not a ‘negative ion’ source (which would be beta decay, with e), thorium oxide isn’t something you want on your skin, or inside your lungs.

These bracelets and similar items appear to embed grains of thorium oxide into the usual silicon-polymer-based bracelet material, without any measures to prevent grains from falling out over time. More dangerous are the items such as the massage wand, which is essentially a metal tube that is filled with thorium oxide powder. This is not the kind of item you want to open on your kitchen table and have it spill everywhere.

Considering that these items are readily available for sale on Amazon, EBay and elsewhere, giving items like these a quick check with the ol’ Geiger counter before ripping them open or cutting them up for a project seems like a healthy idea. Nobody wants to cause a radiological incident in their workshop, after all.

Continue reading “Be Wary Of Radioactive Bracelets And Similar”

Just How Can You Lose Something The Size Of A Cargo Ship?

February 26, 2020 by 91 Comments

I’m writing from a cozy farmhouse just outside of Oxford, UK where we are slowly emerging from a particularly intense Atlantic storm. Some areas have widespread flooding, while fallen tree branches and damaged roofs are countrywide. Our neighbours in the Irish Republic are first in the path of these storms, and receive an especially strong pasting.

In the news following the storm is a merchant ship that was washed up by this storm on the coast of County Cork. The MV Alta  is a nearly 2300t and 77m (just over 253 ft) freighter that had been abandoned in 2018 south of Bermuda after a mechanical failure had rendered it incapable of navigation. Its crew had been rescued by the US Coast Guard, and since then — apart from a brief sighting in mid-Atlantic by a Royal Navy polar research vessel — it had passed unseen as a drifting ghost ship before appearing on the Irish coast.

In a very literal sense it had dropped off the radar, but the question for us is how? With the huge array of technological advances in both navigation aids and global sensing available at the end of the 21st century’s second decade, should that even be possible? It’s worth taking a while as land-lubbers to look at how ships are tracked, to try to make sense of the seeming invisibility of something that is after all pretty large and difficult to hide.

Continue reading “Just How Can You Lose Something The Size Of A Cargo Ship?”