Russian Hackers Domain Fronting

March 28, 2017 by Elliot Williams 51 Comments

FireEye just put out a report on catching the Russian hacker group “Advanced Persistent Threat 29” (APT29, for lack of a better code name) using the meek plugin for TOR to hide their traffic. If you’re using meek with meek-reflect.appspot.com, you’ll find it’s been shut down. If all of this is gibberish to you, read on for a breakdown.

meek is a clever piece of software. Imagine that you wanted to communicate with the Tor anonymizing network, but that you didn’t want anyone to know that you were. Maybe you live in a country where a firewall prevents you from accessing the full Web, and blocks Tor entry nodes as part of their Great Firewall. You’d want to send traffic somewhere innocuous first, and then bounce it over to Tor, in order to communicate freely.

That’s what meek does, but it goes one step further. The reflector server is hosted using the same content-delivery network (CDN) as a popular service, say Google’s search engine. The CDN has an IP address, like every other computer on the Internet, but it delivers content for any of the various services it hosts. Traffic to the CDN, encrypted with TLS, looks the same whether it’s going to the meek reflector or to Google, so nobody on the outside can tell whether it is a search query or packets destined for Tor. Inside the CDN, it’s unencrypted and passed along to the reflector.

Anyway, meek was invented to help bring the uncensored Internet to people who live in oppressive regimes, and now cybersecurity researchers have observed it being used by Russian state hackers to hide their tracks. Sigh. Technology doesn’t know which side it’s on — the same backdoor that the FBI wants to plant in all our communications can be used by the mafia just as easily. Plugins that are meant to bring people freedom of speech can just as easily be used to hide the actions of nation-state hackers.

What a strange world we live in.

Arch Your Eyebrow At Impression Products V. Lexmark International

March 28, 2017 by Jenny List 63 Comments

When it comes to recycled printer consumables, the world seems to divide sharply into those who think they’re great, and those who have had their printer or their work ruined by a badly filled cartridge containing cheaper photocopy toner, or God knows what black stuff masquerading as inkjet ink. It doesn’t matter though whether you’re a fan or a hater, a used printer cartridge is just a plastic shell with its printer-specific ancilliaries that you can do with what you want. It has performed its task the manufacturer sold it to you for and passed its point of usefulness, if you want to fill it up with aftermarket ink, well, it’s yours, so go ahead.

There is a case approaching the US Supreme Court though which promises to change all that, as well as to have ramifications well beyond the narrow world of printer cartridges. Impression Products, Inc. v. Lexmark International, Inc. pits the printer manufacturer against a small cartridge recycling company that refused to follow the rest of its industry and reach a settlement.

At issue is a clause in the shrink-wrap legal agreement small print that comes with a new Lexmark cartridge that ties a discounted price to an agreement to never offer the cartridge for resale or reuse. They have been using it for decades, and the licence is deemed to have been agreed to simply by opening the cartridge packaging. By pursuing the matter, Lexmark are trying to set a legal precedent allowing such licencing terms to accompany a physical products even when they pass out of the hands of the original purchaser who accepted the licence.

There is a whole slew of concerns to be addressed about shrink-wrap licence agreements, after all, how many Lexmark owners even realise that they’re agreeing to some legal small print when they open the box? But the concern for us lies in the consequences this case could have for the rest of the hardware world. If a precedent is set such that a piece of printer consumable hardware can have conditions still attached to it when it has passed through more than one owner, then the same could be applied to any piece of hardware. The prospect of everything you own routinely having restrictions on the right to repair or modify it raises its ugly head, further redefining “ownership” as “They really own it”. Most of the projects we feature here at Hackaday for example would probably be prohibited were their creators to be subject to these restrictions.

We’ve covered a similar story recently, the latest twist in a long running saga over John Deere tractors. In that case though there is a written contract that the farmer buying the machine has to sign. What makes the Lexmark case so much more serious is that the contract is being applied without the purchaser being aware of its existence.

We can’t hold out much hope that the Supreme Court understand the ramifications of the case for our community, but there are other arguments within industry that might sway them against it. Let’s hope Impression Products v. Lexmark doesn’t become a case steeped in infamy.

Thanks to [Greg Kennedy] for the tip.

Lexmark sign by CCC2012 [CC0].

MRRF 17: Laser Resin Printers

March 26, 2017 by Brian Benchoff 19 Comments

The Midwest RepRap Festival is the best 3D printer con on the planet. In the middle of Indiana, you’ll find the latest advances for CNC hot glue guns and the processes that make squirting filament machines better, more accurate, and more efficient. There’s more to 3D printing than just filament-based machines, though, and for the last few MRRFs we’ve been taking a look at resin-based machines.

While most of the current crop of resin printers use either DLP projectors or LCDs and a big, bright backlight [Mark Peng]’s Moai printer uses a 150 mW laser diode and galvos. This is somewhat rare in the world of desktop 3D printers, thanks in no small part to the ugliness between Formlabs and 3D Systems. Still, it’s a printer that looks fantastic and produces prints that are far beyond what’s possible with a filament-based machine.

Continue reading “MRRF 17: Laser Resin Printers” →

From XP To 10, DoubleAgent Pwns All Your Windows?

March 22, 2017 by Pedro Umbelino 39 Comments

The Cybellum team published a new 0-day technique for injecting code and maintaining persistency on a target computer, baptized DoubleAgent. This technique uses a feature that all Windows versions since XP provide, that allows for an Application Verifier Provider DLL to be installed for any executable. The verifier-provider DLL is just a DLL that is loaded into the process and is supposedly responsible for performing run-time verifications for the application. However, its internal behaviour can be whatever an attacker wants, since he can provide the DLL himself.

Microsoft describes it as:

Application Verifier is a runtime verification tool for unmanaged code. Application Verifier assists developers in quickly finding subtle programming errors that can be extremely difficult to identify with normal application testing. Using Application Verifier in Visual Studio makes it easier to create reliable applications by identifying errors caused by heap corruption, incorrect handle and critical section usage. (…)

The code injection occurs extremely early during the victim’s process initialization, giving the attacker full control over the process and no way for the process to actually detect what’s going on. Once a DLL has been registered as a verifier provider DLL for a process, it would permanently be injected by the Windows Loader into the process every time the process starts, even after reboots, updates, reinstalls, or patches.

So it’s all over for Windows right? Well… no. The thing is, to register this DLL, the registered process has to have administrator rights so it can write the proper key to the Windows Registry. Without these permissions, there is no way for this attack to work. You know, the kind of permissions that allow you to install software for all users or format your own hard-drive. So, although this technique has its merit and can present challenges to processes that absolutely must maintain their integrity (such as the Cybellum team points out in the Anti-Virus software case), some other security flaw had to occur first so you can register this sort of ‘debugging DLL’.

If you already have administrator permissions you can do pretty much what you want, including DLL injection to fool anti-virus software. (Though it might be easy just to disable or remove it.) This new tool has the advantage of being stealthy, but is a 0-day that requires root a 0-day?

[via The Hacker News]

NASA’s 2017-2018 Software Catalog Is Out

March 16, 2017 by Elliot Williams 16 Comments

Need some help sizing your beyond-low-Earth-orbit vehicle? Request NASA’s BLAST software. Need to forecast the weather on Venus? That would be Venus-GRAM (global reference atmospheric model). Or maybe you just want to play around with the NASA Tensegrity Robotics Toolkit. (We do!) Then it’s a good thing that part of NASA’s public mandate is making their software available. And the 2017-2018 Software Catalog (PDF) has just been released.

Unfortunately, not everything that NASA does is open source, and a substantial fraction of the software suites are only available for code “to be used on behalf of the U.S. Government”. But still, it’s very cool that NASA is opening up as much of their libraries as they are. Where else are you going to get access to orbital debris engineering models or cutting-edge fluid dynamics modelers and solvers, for free?

We already mentioned this in the Links column, but we think it’s worth repeating because we could use your help. The catalog is 154 pages long, and we haven’t quite finished leaf through every page. If you see anything awesome inside, let us know in the comments. Do any of you already use NASA’s open-source software?

Storing Data On A Single Atom

March 14, 2017 by Will Sweatman 11 Comments

In the electronics industry, the march of time brings with it a reduction in size. Our electronic devices, while getting faster, better and cheaper, also tend to get smaller. One of the main reasons for this is the storage medium for binary data gets smaller and more efficient. Many can recall the EPROM, which is about the size of your thumb. Today we walk around with SD cards that can hold an order of magnitude more data, which can fit on your thumb’s nail.

Naturally, we must ask ourselves where the limit lies. Just how small can memory storage get? How about a single atom! IBM along with a handful international scientists have managed to store two bits of information on two pairs of holmium atoms. Using a scanning tunneling microscope, they were able to write data to the atoms, which held the data for an extended period of time.

Holmium is a large atom, weighing in at a whopping 67 AMU. It’s a rare earth metal from the lanthanide series on the periodic table. Its electron configuration is such that many of the orbiting electrons are not paired. Recall from our article on the periodic table that paired electrons must have opposite spin, which has the unfortunate consequence of causing the individual magnetic fields to cancel. The fact that holmium has so many unpaired electrons makes it ideal for manipulation.

While you won’t be seeing atom-level memory on the next Raspberry Pi, it’s still neat to see what the future holds.

Thanks to [Itay] for the tip!

Via Gizmodo.

So Long, And Thanks For All The Crystals

March 11, 2017 by Al Williams 53 Comments

There was a time when anyone involved with radio transmitting — ham operators, CB’ers, scanner enthusiasts, or remote control model fans — had a collection of crystals. Before frequency synthesis, became popular, this was the best way to set an accurate frequency. At one time, these were commonly available, and there were many places to order custom cut crystals.

One of the best-known US manufacturers of quartz crystals still around is International Crystal Manufacturing (ICM). Well, that is, until now. ICM recently announced they were ceasing operations after 66 years. They expect to completely shut down by May.

In a letter on their website, Royden Freeland Jr. (the founder’s son), committed to fulfilling existing orders and possibly taking some new orders, raw materials permitting. The company started making products out of Freeland’s father’s garage in 1950.

Another big name that might still be around is Jan Crystals. We say might, because although their website is live, there’s not much there and the phone number is not quite disconnected but it is “parked.” There are also some posts on the Internet (where everything is true) indicating they are out of business.

Even if you didn’t do radio work, crystals are a staple in digital systems where an accurate clock is necessary and some types of filters, too. Of course, you can still get them, you just may not be able to get them made in the United States soon.

If you want to know more about the technology behind crystals [Jenny] has you covered. Crystals are one of those things that have not changed much in a long time, so you might enjoy the very 1960’s vintage U. S. Air Force training film below.

Continue reading “So Long, And Thanks For All The Crystals” →