News

3617 Articles

This Week In Security: BleedingTooth, Bad Neighbors, And Unpickable Locks

October 16, 2020 by 17 Comments

This week, the first details of BleedingTooth leaked onto Twitter, setting off a bit of a frenzy. The full details have yet to be released, but what we know is concerning enough. First off, BleedingTooth isn’t a single vulnerability, but is a set of at least 3 different CVEs (Shouldn’t that make it BleedingTeeth?). The worst vulnerability so far is CVE-2020-12351, which appears to be shown off in the video embedded after the break.

Continue reading “This Week In Security: BleedingTooth, Bad Neighbors, And Unpickable Locks”

Room Temperature Superconductor? Yes, But Not So Fast…

October 15, 2020 by 24 Comments

There’s good news and there’s bad news in what we’re about to tell you. The good news is that a team of physicists has found a blend of hydrogen, carbon, and sulfur that exhibit superconductivity at 59F. Exciting, right? The bad news is that it only works when being crushed between two diamonds at pressures approaching that of the Earth’s core. For perspective, the bottom of the Marianas trench is about 1,000 atmospheres, while the superconductor needs 2.6 million atmospheres of pressure.

Granted, 59F is a bit chilly, but it is easy to imagine cooling something down that much if you could harness superconductivity. We cool off CPUs all the time. However, unless there’s a breakthrough that allows the material to operate under at least reasonable pressures, this isn’t going to change much outside of a laboratory.

Continue reading “Room Temperature Superconductor? Yes, But Not So Fast…”

Firmware Hints That Tesla’s Driver Camera Is Watching

October 13, 2020 by 163 Comments

Currently, if you want to use the Autopilot or Self-Driving modes on a Tesla vehicle you need to keep your hands on the wheel at all times. That’s because, ultimately, the human driver is still the responsible party. Tesla is adamant about the fact that functions which allow the car to steer itself within a lane, avoid obstacles, and intelligently adjust its speed to match traffic all constitute a driver assistance system. If somebody figures out how to fool the wheel sensor and take a nap while their shiny new electric car is hurtling down the freeway, they want no part of it.

So it makes sense that the company’s official line regarding the driver-facing camera in the Model 3 and Model Y is that it’s there to record what the driver was doing in the seconds leading up to an impact. As explained in the release notes of the June 2020 firmware update, Tesla owners can opt-in to providing this data:

Help Tesla continue to develop safer vehicles by sharing camera data from your vehicle. This update will allow you to enable the built-in cabin camera above the rearview mirror. If enabled, Tesla will automatically capture images and a short video clip just prior to a collision or safety event to help engineers develop safety features and enhancements in the future.

But [green], who’s spent the last several years poking and prodding at the Tesla’s firmware and self-driving capabilities, recently found some compelling hints that there’s more to the story. As part of the vehicle’s image recognition system, which usually is tasked with picking up other vehicles or pedestrians, they found several interesting classes that don’t seem necessary given the official explanation of what the cabin camera is doing.

If all Tesla wanted was a few seconds of video uploaded to their offices each time one of their vehicles got into an accident, they wouldn’t need to be running image recognition configured to detect distracted drivers against it in real-time. While you could make the argument that this data would be useful to them, there would still be no reason to do it in the vehicle when it could be analyzed as part of the crash investigation. It seems far more likely that Tesla is laying the groundwork for a system that could give the vehicle another way of determining if the driver is paying attention.

Continue reading “Firmware Hints That Tesla’s Driver Camera Is Watching”

Electronic Treatment For Diabetes?

October 9, 2020 by 24 Comments

If you ask power companies and cell phone carriers how much electromagnetic radiation affects the human body, they’ll tell you it doesn’t at any normal levels. If you ask [Calvin Carter] and some other researchers at the University of Iowa, they will tell you that it might treat diabetes. In a recent paper in Cell Metabolism, they’ve reported that exposing patients to static magnetic and electric fields led to improved insulin sensitivity in diabetic mice.

Some of the medical jargon in a paper like this one can be hard to follow, but it seems they feed mice on a bad diet — like that which many of us may eat — and exposed them to magnetic and electrical fields much higher than that of the Earth’s normal fields. After 30 days there was a 33% improvement in fasting blood glucose levels and even more for some mice with a specific cause of diabetes.

Continue reading “Electronic Treatment For Diabetes?”

This Week In Security: Code Scanning, Information Gathering, And Seams In The Cloud

October 9, 2020 by 6 Comments

GitHub has enabled free code analysis on public repositories. This is the fruit of the purchase of Semmle, almost exactly one year ago. Anyone with write permissions to a repository can go into the settings, and enable scanning. Beyond the obvious use case of finding vulnerabilities, an exciting option is to automatically analyse pull requests and flag potential security problems automatically. I definitely look forward to seeing this tool in action.

The Code Scanning option is under the Security tab, and the process to enable it only takes a few seconds. I flipped the switch on one of my repos, and it found a handful of issues that are worth looking in to. An important note, anyone can run the tool on a forked repo and see the results. If CodeQL finds an issue, it’s essentially publicly available for anyone who cares to look for it.

Simpler Code Scanning

On the extreme other hand, [Will Butler] wrote a guide to searching for exploits using grep. A simple example, if raw shows up in code, it often signals an unsafe operation. The terms fixme or todo, often in comments, can signal a known security problem that has yet to be fixed. Another example is unsafe, which is an actual keyword in some languages, like Rust. If a Rust project is going to have vulnerabilities, they will likely be in an unsafe block. There are some other language-dependent pointers, and other good tips, so check it out.

Continue reading “This Week In Security: Code Scanning, Information Gathering, And Seams In The Cloud”

A Double Shot Of Vintage Computing This Weekend

October 8, 2020 by 1 Comment

Going anywhere interesting this weekend? No, of course you aren’t. None of us are. So why not tune your computer or smartphone to the online stream of one of the virtual Vintage Computer Festivals that will be taking place between October 10th and 11th. Granted only one of them is in English, but we’ve often thought of blinky lights as something of a universal language anyway.

Vintage Computer Festival East, which normally would have happened in the Spring, has finally decided that 2020 is a wash for any in-person meetings and has decided to switch over to virtual. Interestingly, it sounds like they’ll be live streaming at least some of the exhibitor tables from the InfoAge museum in New Jersey where the physical event would have been held. So from an attendee perspective, the virtual event should be a bit closer to the real thing than if everyone had to figure out their own streaming setups from home. Presentations will run from 9:00 AM to 6:00 PM Eastern on both days.

On the other side of the globe, Vintage Computing Festival Berlin will be broadcasting their own exhibitions, workshops, and lectures. In an interesting use of the virtual format, they’ll be giving viewers an intimate look at vintage computers and technology that’s held in private collections, museums, or otherwise inaccessible storage and research facilities. Content will be streaming from 10:00 AM to 8:00 PM CEST on both days, with a musical performance overnight.

While there’s an understandable tendency to bemoan the trend of moving events online in the face of COVID-19, there are certainly situations where the format can actually bring you more content than you’d have access to otherwise. Especially when they end up being free, as is the case with both of these Festivals. We’re still eagerly awaiting the point where we can get back to attending these events in person, but we certainly aren’t complaining when so many incredible people are willing to put on these presentations without seeing a dime.

Hackaday Passes 1,000,000 Comments

October 8, 2020 by 114 Comments

For just over sixteen years we’ve been publishing fresh hacks every day. We’ve just passed another milestone: the one millionth Hackaday comment was made just a few minutes ago.

A million of anything is impressive, but it’s not the sheer volume that’s on my mind today, but how time and again I’m gobsmacked by the insightful comments I find on these pages, and the people who put them there. We find leads for futures stories, answers to unknowns voiced in the articles, and have conversations with thousands of people whose paths we never would have crossed otherwise.

Not a week goes by that I don’t lose myself in a comment thread, usually taking me down the rabbit hole of exploring a bit of technology previously hidden to me but revealed by a few words. How many Hackaday articles were spawned by someone posting just the right link in the comment section?

Too often the people who moved the world with interesting technologies move through their careers and beyond without anyone to really tell their stories to, and those are some of the best stories from the people working with the tech on a daily basis for decades. But then we publish an article that puts a spotlight on their corner of knowledge and we get to hear how it was from their perspective. It’s so gratifying to get these moments of insight on who and what have kept humanity’s relay-race of science forward.

So thank you! Keep those comments and those stories coming!

Continue reading “Hackaday Passes 1,000,000 Comments”