News

3462 Articles

This Week In Security: Recall, BadRAM, And OpenWRT

December 13, 2024 by 6 Comments

Microsoft’s Recall feature is back. You may remember our coverage of the new AI feature back in June, but for the uninitiated, it was a creepy security trainwreck. The idea is that Windows will take screenshots of whatever is on the screen every few seconds, and use AI to index the screenshots for easier searching. The only real security win at the time was that Microsoft managed to do all the processing on the local machine, instead of uploading them to the cloud. All the images and index data was available unencrypted on the hard drive, and there weren’t any protections for sensitive data.

Things are admittedly better now, but not perfect. The recall screenshots and database is no longer trivially opened by any user on the machine, and Windows prompts the user to set up and authenticate with Windows Hello before using Recall. [Avram] from Tom’s Hardware did some interesting testing on the sensitive information filter, and found that it worked… sometimes.

So, with the public preview of Recall, is it still creepy? Yes. Is it still a security trainwreck? It appears that the security issues are much improved. Time will tell if a researcher discovers a way to decrypt the Recall data outside of the Recall app.

Patch Tuesday

Since we’re talking about Microsoft, this week was Patch Tuesday, and we had seventy-one separate vulnerabilities fixed, with one of those being a zero-day that was used in real-world attacks. CVE-2024-49138 doesn’t seem to have a lot of information published yet. We know it’s a Heap-based Buffer Overflow in the Common Log File driver, and allows an escalation of privilege to SYSTEM on Windows machines. Continue reading “This Week In Security: Recall, BadRAM, And OpenWRT”

The 6GHz Band Opens In The US

December 12, 2024 by 27 Comments

On December 11th, the FCC announced that the band around 6GHz would be open to “very low-power devices.” The new allocation shares space with other devices already using these frequencies. The release mentions a few limitations over the 350 MHz band (broken into two segments). First, the devices must use a contention-based protocol and implement transmit power control. The low-power devices may not be part of a fixed outdoor infrastructure.

The frequencies are 6.425-6.525 GHz, 6.875-7.125 GHz and the requirements are similar to those imposed on 802.11ax in the nearby U-NII-5 and U-NII-7 bands.

Continue reading “The 6GHz Band Opens In The US”

2025 Hackaday Europe CFP: We Want You!

December 10, 2024 by 9 Comments

Hackaday’s Supercon is still warm in our hearts, and the snow is just now starting to fall, but we’re already looking forward to Spring. Or at least to Hackaday Europe, which will be taking place March 15th and 16th in Berlin, Germany.

Tickets aren’t on sale yet, but we know a way that you can get in for free.

Call for Participation

What makes Hackaday Europe special? Well, it’s you! We’re excited to announce that we’re opening up our call for talks right now, and we can’t wait to hear what you have to say. Speakers of course get in free, but the real reason that you want to present is whom you’re presenting to.

The Hackaday audience is interested, inquisitive, and friendly. If you have a tale of hardware, firmware, or software derring-do that would only really go over with a Hackaday crowd, this is your chance. We have slots open for shorter 20-minute talks as well as longer 40-minute ones, so whether you’ve got a quick hack or you want to take a deep dive, we’ve got you covered. We especially love to hear from new voices, so if you’ve never given a talk about your projects before, we’d really encourage you to apply!

Here is last year’s lineup, if you’re wondering what goes on, and if your talk would fit in.

Continue reading “2025 Hackaday Europe CFP: We Want You!”

Finally Putting The RK1 Through Its Paces

December 9, 2024 by 14 Comments

The good folks at Turing Pi sent me a trio of RK1 modules to put through their paces, to go along with the single unit I bought myself. And the TLDR, if you need some real ARM processing power, and don’t want to spend an enterprise budget, a Turing Pi 2 filled with RK1s is a pretty compelling solution. And the catch? It’s sporting the Rockchip RK3588 processor, which means there are challenges with kernel support.

For those in the audience that haven’t been following the Turing Pi project, let’s recap. The Turing Pi 1 was a mini ITX carrier board for the original Raspberry Pi compute module, boasting 7 nodes connected with onboard Gigabit.

That obviously wasn’t enough power, and once Raspberry Pi released the CM4, the Turing Pi 2 was conceived, boasting 4 slots compatible with the Nvidia Jetson compute units, as well as the Raspberry Pi CM4 with a minimal adapter. We even covered it shortly after the Kickstarter. And now we have the RK1, which is an 8-core RK3588 slapped on a minimal board, pin compatible with the Nvidia Jetson boards. Continue reading “Finally Putting The RK1 Through Its Paces”

This Week In Security: National Backdoors, Web3 Backdoors, And Nearest Neighbor WiFi

December 6, 2024 by 16 Comments

Maybe those backdoors weren’t such a great idea. Several US Telecom networks have been compromised by a foreign actor, likely China’s Salt Typhoon, and it looks like one of the vectors of compromise is the Communications Assistance for Law Enforcement Act (CALEA) systems that allow for automatic wiretapping at government request.

[Jeff Greene], a government official with the Cybersecurity and Infrastructure Security Agency (CISA), has advised that end-user encryption is the way to maintain safe communications. This moment should forever be the touchstone we call upon when discussing ideas like mandated encryption backdoors and even the entire idea of automated wiretapping systems like CALEA. He went on to make a rather startling statement:

I think it would be impossible for us to predict a time frame on when we’ll have full eviction

There are obviously lots of unanswered questions, but with statements like this from CISA, this seems to be an extremely serious compromise. CALEA has been extended to Internet data, and earlier reports suggest that attackers have access to Internet traffic as a result. This leaves the US telecom infrastructure in a precarious position where any given telephone call, text message, or data packet may be intercepted by an overseas attacker. And the FCC isn’t exactly inspiring us with confidence as to its “decisive steps” to fix things. Continue reading “This Week In Security: National Backdoors, Web3 Backdoors, And Nearest Neighbor WiFi”

Runway-to-Space No More, Reaction Engines Cease Trading

December 4, 2024 by 49 Comments

It’s not often that the passing of a medium sized company on an industrial estate on a damp and soggy former airfield in southern England is worthy of a Hackaday mention, but the news of hypersonic propulsion company Reaction Engines ceasing trading a few weeks ago is one of those moments that causes a second look. Their advanced engine technology may have taken decades to reach the point of sustainable testing, but it held the promise of one day delivering true spaceplanes able to take off from a runway and fly to the edge of the atmosphere before continuing to orbit. It seems their demise is due to a failure to secure more funding.

We’ve written about their work more than once in the past, of their hybrid engines and the development of the advanced cooling system required to deliver air to a jet engine working at extreme speeds.  The rights to this tech will no doubt survive the company, and given that its origins lie in a previously canceled British Aerospace project it’s not impossible that it might return. The dream of a short flight from London to Sydney may be on hold for now then.

Writing this from the UK there’s a slight air of sadness about this news, but given that it’s not the first time a British space effort has failed, we should be used to it by now.

Header: Science Museum London / Science and Society Picture Library, CC BY-SA 2.0

Scratch And Sniff Stickers And The Gas Panic Of ’87

December 3, 2024 by 41 Comments

Ever wonder how those scratch and sniff stickers manage to pack a punch of aroma into what looks like ordinary paper? The technology behind it is deceptively clever, and has been used everywhere from children’s books to compact discs.

Most Scratch and Sniff stickers are simple nose-based novelties, though they’ve seen other uses as diagnostic tools, too. As Baltimore Gas and Electric discovered in 1987, though, these stickers can also cause a whole lot of hullabaloo. Let’s explore how this nifty technology works, and how it can go—somewhat amusingly—wrong.

The Science

3M developed the scratch and sniff technology in the 1960s. It quickly gained iconic status in the decades that followed. via eBay

At its heart, scratch and sniff technology involves the microencapsulation of tiny smellable particles, which are then impregnated into stickers or other paper products. Microscopic amounts of aromatic materiale are trapped inside gelatin or plastic capsules, and then stuck to paper. When you scratch the surface, these capsules rupture, releasing their aromatic cargo into the air. It’s an elegant feat of materials engineering, originally developed by Gale W. Matson. Working at 3M in the 1960s, he’d been intending to create a new kind of carbonless copy paper.

Scratch and Sniff stickers soon became a popular novelty in the 1970s. The catchy name was perfect—it told you everything you need to know. A children’s book named Little Bunny Follows His Nose was one of the first widespread applications. Released in 1971, it  was entirely based around the whole scratch and sniff concept. Children could read along and scratch various illustrations of peaches, roses and pine needles to see what they smelled like. The book was reprinted multiple times, remaining in publication for over three decades.

Other popular media soon followed. Pop rock band The Raspberries put a scratch and sniff sticker on their album cover in 1972. Director John Waters would go on to release his 1981 film Polyester with an accompanying “Odorama” card, which featured multiple smells for viewers to sniff during the movie. The concept still resurfaces occasionally, though the gimmick is now well-worn. In 2010, Katy Perry’s Teenage Dream album smelled like cotton candy thanks to a scratch-and-sniff treatment on the Deluxe Edition, and King Gizzard & The Lizard Wizard put a similar touch on 2017’s Flying Microtonal Banana. Continue reading “Scratch And Sniff Stickers And The Gas Panic Of ’87”