News

3396 Articles

This Week In Security: Robinhood, Apple Mail, ASLR, And More Windows 7

February 14, 2020 by 10 Comments

First off this week, a ransomware named Robinhood has a novel trick up its sleeve. The trick? Loading an old known-vulnerable signed driver, and then using a vulnerability in that driver to get a malicious kernel driver loaded.

A Gigabyte driver unintentionally exposed an interface that allows unfettered kernel level read and write access. Because it’s properly signed, Windows will happily load the driver. The ransomware code uses that interface to turn off the bit that enforces the loading of signed drivers only. From there, loading a malicious driver is trivial. Robinhood uses it’s kernel-level access to disable anti-virus applications before launching the data encryption.

This is a striking example of the weakness of binary signing without a mechanism to revoke those signatures. In an ideal world, once the vulnerability was found and an update released, the older, vulnerable driver would have its signature revoked.

The last Windows 7 Update For Real This Time, Maybe

More news in the ongoing saga of Windows 7/Server 2008 reaching end-of-life. KB4539602 was released this patch Tuesday, fixing the black background problem introduced in the last “final” round of updates. Surely that’s the last we’ll hear of this saga, right?

Not so fast. Apparently that patch has led to multiple Windows Server 2008 machines failing to boot after install. According to Microsoft, the problem is a missing previous patch that updates SHA-2 support. Continue reading “This Week In Security: Robinhood, Apple Mail, ASLR, And More Windows 7”

Training A Dog To “Speak” With A Sound Board

February 13, 2020 by 44 Comments

The field of Augmentative and Alternative Communciation (AAC) covers communication methods used by those who are unable to otherwise produce or comprehend spoken or written language. Many will be familiar with the speech synthesizer used by Stephen Hawking as just one such example of AAC technology. [Christina Hunger] is a speech language pathologist, and is intimately familiar with such tools. She decided to use these techniques to teach her dog, Stella, to talk.

[Christina] began her project by implementing a button board which triggers various speech samples when triggered. There are plenty of typical words that a dog may wish to use, like beach, park, and ball – as well as words describing concepts, such as where, later, and come. Over time, she has observed Stella using the button board in various ways, that she claims indicate a deeper understanding and use of language than would normally be ascribed to a dog.

From the outset, [Christina] has been intentional in her methods, being sure to only demonstrate the use of the board to Stella, rather than simply pressing the buttons for her. The experiment has many similarities to the case of Koko the gorilla, known for learning symbols from American Sign Language. The project is also documented on Instagram, where she films Stella using the device and gives interpretations of the meaning of Stella’s button pressing.

Attemping to communicate on a higher level with animals has long been a mysterious and complex pursuit; one which we’re sure to see more of as various technologies continue to improve. We’d love to see a broader scientific study on the use of AAC tools to “talk” to animals. In such matters, context and interpretation play a large role, and thus it’s difficult to truly gauge the quality of understanding an animal may actually have. More research would be great to shed light on these techniques. Video after the break.

Continue reading “Training A Dog To “Speak” With A Sound Board”

Ultra-Rare Nintendo Play Station Prototype Hits Auction Block

February 13, 2020 by 26 Comments

If you are interested in such things, you can buy a 1990s Sony Play Station via Heritage Auctions. We’re sure this will have caught your interest, after all it’s not every day you get the chance to catch such a machine. But before you call us out for seemingly reporting the news of an unremarkable sale featuring the runaway success story of 1990s gaming, take a look at the first sentence again. This is not a PlayStation, the ubiquitous grey console of the 1990s, but a Play Station, said as two words rather than one. This ill-fated collaboration between Sony and Nintendo was intended to be an SNES with a CD-ROM drive, but the project faltered and all that remained was the almost mythical tale of a few prototype consoles.

So far there has only been one of these devices that has surfaced, and this is the machine in the auction. So what seemed as though it might be a mundane console turns out to be one of the rarest machines ever created, a true Holy Grail of console collecting.

This machine has a known provenance, and has appeared on these pages before. In 2016 Ben Heck did a teardown to reveal the combination of Sony CD drive and SNES motherboard, and by 2017 he had it working with some homebrew games. There was no official software produced for this console, so it seems the lucky purchaser may have only homebrew games with which to try their console.

At the time of writing the auction is standing at $57,600, and we’d expect this to increase significantly. So you may not have the chance to own the Play Station, but with such a rare machine it’s always worth noting its appearances. It’s also worth remembering that there was more than one of them produced, in fact when your scribe was working in the same industry in the 1990s a senior colleague talked about having been shown one during dealings with Nintendo UK a few years earlier. The machine on sale today may be the only one we know to have survived, but it’s a fair possibility that there are others still gathering dust in long-forgotten archive boxes or collections of gaming hardware junk. Keep an eye out, you might just find your own rarest console ever produced!

Sky Is New Limit For Dot Com Domain Prices

February 13, 2020 by 68 Comments

Earlier this week, domain name registrar Namecheap sent out an email to all customers advising them of a secret deal that went down between ICANN and Verisign sometime late last year. It has the potential to change the prices of domain names drastically over time, and thus change the makeup of the Internet as we know it.

Domain names aren’t really owned, they’re rented with an option to renew, and the annual rate that you pay depends both on your provider’s markup, but also on a wholesale rate that’s the same for all names in that particular domain. This base price is set by ICANN, a non-profit.

Officially, this deal is a proposed Amendment 3 to the contract in place between Verisign and ICANN that governs the “.com” domain. The proposed amendment would let Verisign increase the wholesale rental price of “.com” domain names by 7% per year for the next four years. Then there will be a two-year breather, followed by another four years of 7% annual hikes. And there is no foreseeable end to this cycle. We think it seems reasonable to assume that the domain name registrars might pass the price gouging on to the consumer, but that really remains to be seen.

The annual wholesale domain name price has been sitting at $7.85 since 2012, and as of this writing, Namecheap is charging $8.88 for a standard “.com” address. If our math is correct, ten years from now, a “.com” domain will cost around $13.50 wholesale and $17.50 retail. This almost-doubling in price will affect both small sites and companies that hold many domain names. And the increase will only get more dramatic with time.

So let’s take a quick look at the business of domain names.
Continue reading “Sky Is New Limit For Dot Com Domain Prices”

Hacked Protective Gear Keeps Doctor Safe In The Hot Zone

February 12, 2020 by 33 Comments

It’s rarely a wise idea to put a plastic bag over one’s head, but when the choice is between that and possibly being exposed to a dangerous virus, you do what you have to. So you might as well do it right and build a field-expedient positive pressure hood.

We’ve all been keeping tabs on the continuing coronavirus outbreak in China, but nobody is following as closely as our many friends in China. Hackaday contributor [Naomi Wu] is in from Shenzhen, posting regularly from the quarantined zone, and she found this little gem of ingenuity from a [Doctor Cui] in one of the hospitals in Wuhan. Quarantines and travel restrictions have put personal protective equipment like masks and gowns in limited supply, with the more advanced gear needed by those deal most closely with coronavirus patients difficult to come by.

There’s no build information, but from the pictures we can guess at what [Dr. Cui] came up with. The boxy bit is an AirPro Car, a HEPA filter meant to clean the cabin air in a motor vehicle. He glued on a USB battery pack to power it, used a scrap of plastic and some silicone adhesive to adapt a heat-moisture exchange filter from a mechanical ventilator to the AirPro’s outlet, and stuck the tube into a plastic bag sealed around his neck. The filter provides dry, positive pressure air to keep the bag from fogging up, and to keep [Dr. Cui] from asphyxiating. Plus he’s protected from droplet contact, which is a big plus over simple paper masks.

With the news always so dark, it’s heartening to see stories of ingenuity like this. We wish [Dr. Cui] and all our friends in China the best during this outbreak.

First Space Cookies: Cosmic Cooking Is Half-Baked

February 11, 2020 by 52 Comments

For decades, astronauts have been forced to endure space-friendly MREs and dehydrated foodstuffs, though we understand both the quality and the options have increased with time. But if we’re serious about long-term space travel, colonizing Mars, or actually having a restaurant at the end of the universe, the ability to bake and cook from raw ingredients will become necessary. This zero-gravity culinary adventure might as well start with a delicious experiment, and what better than chocolate chip cookies for the maiden voyage?

That little filtered vent lets steam out and keeps crumbs in. Image via Zero-G Kitchen

The vessel in question is the Zero-G Oven, built in a collaboration between Zero-G Kitchen and Nanoracks, a Texas-based company that provides commercial access to space. In November 2019, Nanoracks sent the Zero-G oven aloft, where it waited a few weeks for the bake-off to kick off. Five pre-formed cookie dough patties had arrived a few weeks earlier, each one sealed inside its own silicone baking pouch.

The Zero-G Oven is essentially a rack-mounted cylindrical toaster oven. It maxes out at 325 °F (163 °C), which is enough heat for Earth cookies if you can wait fifteen minutes or so. But due to factors we haven’t figured out yet, the ISS cookies took far longer to bake.

Continue reading “First Space Cookies: Cosmic Cooking Is Half-Baked”

Ask Hackaday: What’s Your Coronavirus Supply Chain Exposure?

February 10, 2020 by 128 Comments

In whichever hemisphere you dwell, winter is the time of year when viruses come into their own. Cold weather forces people indoors, crowding them together in buildings and creating a perfect breeding ground for all sorts of viruses. Everything from the common cold to influenza spread quickly during the cold months, spreading misery and debilitation far and wide.

In addition to the usual cocktail of bugs making their annual appearance, this year a new virus appeared. Novel coronavirus 2019, or 2019-nCoV, cropped up first in the city of Wuhan in east-central China. From a family of viruses known to cause everything from the common cold to severe acute respiratory syndrome (SARS) in humans, 2019-nCoV tends toward the more virulent side of the spectrum, causing 600 deaths out of 28,000 infections reported so far, according to official numbers at the time of this writing.

(For scale: the influenzas hit tens of millions of people, resulting in around four million severe illnesses and 500,000 deaths per season, worldwide.)

With China’s unique position in the global economy, 2019-nCoV has the potential to seriously disrupt manufacturing. It may seem crass to worry about something as trivial as this when people are suffering, and of course our hearts go out to the people who are directly affected by this virus and its aftermath. But just like businesses have plans for contingencies such as this, so too should the hacking community know what impact something like 2019-nCoV will have on supply chains that we’ve come to depend on.

Continue reading “Ask Hackaday: What’s Your Coronavirus Supply Chain Exposure?”