News

3651 Articles

Extra-Large Denial Of Service Attack Uses DVRs, Webcams

September 26, 2016 by 46 Comments

Brace yourselves. The rest of the media is going to be calling this an “IoT DDOS” and the hype will spin out of control. Hype aside, the facts on the ground make it look like an extremely large distributed denial-of-service attack (DDOS) was just carried out using mostly household appliances (145,607 of them!) rather than grandma’s old Win XP system running on Pentiums.

Slide from <a href="http://slideplayer.org/slide/906693/">this talk</a> by Lisa Plesiutschnig
Replace computers with DVRs. Slide from this talk by Lisa Plesiutschnig

We can argue all day about whether a digital video recorder (DVR) or an IP webcam is an “IoT” device and whether this DDOS attack is the biggest to date or merely among them, but the class of devices exploited certainly are not traditional computers, and this is a big hit. Most of these devices run firmware out of flash, and it’s up to the end user (who is not a sysadmin) to keep it up to date or face the wrath of hackers. And it’s certainly the case that as more Internet-facing devices get deployed, the hacker’s attack surface will grow.

Why did the DDOS network use these particular devices? We’re speculating, but we’d guess it’s a combination of difficult-to-update firmware and user “convenience” features like uPnP. To quote the FBI “The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication.” You can see how this would be good for both the non-tech-savvy and hostile attackers, right? (Turn off UPnP on your router now.)

We alternate between Jekyll and Hyde on the IoT. On one hand, we love having everything in our own home hooked up to our local WiFi network and running on Python scripts. On the other hand, connecting each and every device up to the broader Internet and keeping it secure would be a system administration headache. Average users want the convenience of the latter without having to pay the setup and know-how costs of the former. Right now, they’re left out in the cold. And their toasters are taking down ISPs.

Ig Nobel Prizes: GoatMan, Volkswagen, And The Personalities Of Rocks

September 26, 2016 by 29 Comments

Every year, the Journal of Improbable Research issues its prizes for the craziest (published) scientific research: the Ig Nobel Prize. The ceremony took place a couple nights ago, and if you want to see what you missed, we’ve embedded the (long) video below. (Trigger warning: Actual Nobel laureates being goofy.)

stinker-250
The Stinker

It’s hard to pick the best of freaky research, and the committee did a stellar job this year. The trick is that they don’t give the prize away to quacks — you won’t ever get one with your perpetual motion machine, for instance. Nope, the Ig Nobels go to the kookiest science that could actually end up being useful. So we get projects like the effect of wearing polyester on the sexual activity of rodents in “reproduction” and a study on the perceived personalities of different rocks for marketing purposes in “economics”.

Continue reading “Ig Nobel Prizes: GoatMan, Volkswagen, And The Personalities Of Rocks”

Web Bluetooth: The New Hotness And Its Dangers

September 23, 2016 by 29 Comments

Google’s most recent Chrome browser, version 53, includes trial support for Web Bluetooth, and it’s like the Wild West! JavaScript code, served to your browser, can now connect directly to your Bluetooth LE (BTLE) devices, with a whole bunch of caveats that we’ll make clear below.

On the one hand, this is awesome functionality. The browser is the most ubiquitous cross-platform operating system that the world has ever seen. You can serve a website to users running Windows, Linux, Android, iOS, or MacOS and run code on their machines without having to know if it’s a cellphone, a desktop, or a virtual machine in the Matrix. Combining this ubiquity with the ability to control Bluetooth devices is going to be fun. It’s a missing piece of the IoT puzzle.

On the other hand, it’s a security nightmare. It’s bad enough when malicious websites can extract information from files that reside on your computer, but when they connect directly to your lightbulbs, your FitBits, or your BTLE-enhanced pacemaker, it opens up new possibilities for mischief. The good news is that the developers of Web Bluetooth seem to be aware of the risks and are intent on minimizing them, but there are still real concerns. How does security come out in the balance? Read on.

Continue reading “Web Bluetooth: The New Hotness And Its Dangers”

MakerBot Releases Their 6th Generation Of 3D Printers

September 20, 2016 by 50 Comments

Just in time for the back to school and holiday season, Makerbot has released their latest line of printers. The latest additions to the lineup include the new Makerbot Replicator+ and the Makerbot Replicator Mini+.

The release of these new printers marks MakerBot’s first major product release since the disastrous introduction of the 5th generation of MakerBots in early 2014. The 5th generation of MakerBots included the Replicator Mini, priced at $1300, the Replicator, priced at $2500, and the Replicator Z18, priced at $6500. Comparing the build volume of these printers with the rest of the 3D printer market, these printers were overpriced. The capabilities of these printers didn’t move many units, either (for instance, the printers could only print in PLA). Makerbot was at least wise enough to continue building the 4th generation Replicator 2X, a printer that was capable of dual extrusion and printing more demanding filaments.

The release of the Makerbot Replicator+ and the Makerbot Replicator Mini+ is the sixth generation of MakerBot printers and the first generation of MakerBot’s manufactured overseas. This new generation is a hardware improvement on several fronts and included a complete redesign of the Makerbot Replicator and the Replicator Mini. The Replicator Mini+ features a 28% larger build volume than the original MakerBot Replicator Mini and an easily removable Grip Build Surface that can be flexed to remove a printed part. The Replicator+ features a 22% larger build volume than the MakerBot Replicator and a new Grip Build Surface. The Replicator Mini+ is $1000 ($300 cheaper than its predecessor), and the Replicator+ is $2000 ($500 less expensive). Both new printers, and the old Replicator Z18, now ship with the improved Smart Extruder+.

While the release of two new MakerBots does mean new hardware will make it into the wild, this is not the largest part of MakerBot’s latest press release. The big news is improved software. Makerbot Print is a slicer that allows Windows users to directly import 3D design files from SolidWorks, IGES, and STEP file formats. Only .STL files may be imported into the OS X version of the Makerbot Print software. MakerBot Mobile, an app available through the Apple Store and Google Play, allows users to monitor their printer from a smartphone.

Earlier this year, we wrote the Makerbot Obituary. From the heady days of The Colbert Report and an era where 3D printing would solve everything, MakerBot has fallen a long way. In the first four months of 2016, MakerBot only sold an average of about fifteen per day, well below the production estimated from the serial numbers of the first and second generation Makerbots, the Cupcake and Thing-O-Matic.

While this latest hardware release is improving the MakerBot brand by making the machines more affordable and giving the software some features which aren’t in the usual Open Source slicers, it remains to be seen if these efforts are enough. Time, or more specifically, the Stratasys financial reports, will tell.

Amateur Radio Parity Act Passes US House

September 19, 2016 by 76 Comments

Most new houses are part of homeowners associations, covenants, or have other restrictions on the deed that dictate what color you can paint your house, the front door, or what type of mailbox is acceptable. For amateur radio operators, that means neighbors have the legal means to remove radio antennas, whether they’re unobtrusive 2 meter whips or gigantic moon bounce arrays. Antennas are ugly, HOAs claim, and drive down property values. Thousands of amateur radio operators have been silenced on the airwaves, simply because neighbors don’t like ugly antennas.

Now, this is about to change. The US House recently passed the Amateur Radio Parity Act (H.R. 1301) to amend the FCC’s Part 97 rules of amateur stations and private land-use restrictions.

The proposed amendment provides, ““Community associations should fairly administer private land-use regulations in the interest of their communities, while nevertheless permitting the installation and maintenance of effective outdoor Amateur Radio antennas.” This does not guarantee all antennas are allowed in communities governed by an HOA; the bill simply provides that antennas, ‘consistent with the aesthetic and physical characteristics of land and structures in community associations’ may be accommodated. While very few communities would allow a gigantic towers, C-band dishes, or 160 meters of coax strung up between trees, this bill will provide for small dipoles and inconspicuous antennae.

The full text of H.R. 1301 can be viewed on the ARRL site. The next step towards making this bill law is passage through the senate, and as always, visiting, calling, mailing, faxing, and emailing your senators (in that order) is the most effective way to make views heard.

Possible Fire Hazard: Wanhao Duplicator I3 3D Printer

September 17, 2016 by 37 Comments

A while ago Wanhao was reaching out to its customers and resellers, warning them of a design flaw in their Duplicator i3 that may cause fires. The printers suffered from an issue that caused crimp connections of the nozzle heater cartridge’s supply line to fail due to the mechanical stress in the cable drag chain. In their “Recall” titled note, Wanhao provides instructions on how to fix the issue.

Now, [Chuck Hellebuyck] released an unboxing video on the Duplicator i3 Plus, during which the heated bed emitted magic smoke that could be rationally explained as another design flaw.

Continue reading “Possible Fire Hazard: Wanhao Duplicator I3 3D Printer”

[Geohot] Selling His “Self-Driving” Car Tech For $1k By New Year

September 17, 2016 by 58 Comments

This week [Geohot] announced the launch of his self-driving car hardware. This is the natural extension of his proof-of-concept shown off in December which he parlayed into a Silicon Valley startup called comma.ai. [Geohot], whose real name is [George Hotz], is well known for jailbreaking the iPhone and making Sony look like idiots when they retroactively crippled Linux support on PS3. He has hardware chops.

Initial self-driving add-on hardware only works with Honda and Acura models that already have lane-keeping assist features because those vehicles already have built-in front radar. The package, which replaces the rear view mirror, adds a front facing camera. Those lucky (or brave, foolish, daring?) beta users can trade $999 and $24/month for what is currently a green 3D printed enclosure with some smartphone-like hardware inserted.

The company has taken an interesting approach to acquiring data needed for this particular flavor of self-driving. [Hotz] is teasing a chance at beta test invites to those who contribute driving data to the company. This is as simple as downloading an app to your phone and letting it roll from your windshield as you go bumper to bumper from Mountain View to San Francisco. That’s right, the plan is to support just that stretch of the nation’s highway system — although [Hotz] did make a brazen estimate of 90% of commutes for 90% of users within a year. Hey, it’s a startup so it’s either that, selling to a bigger fish, or closing their doors.

That narrow route support is actually an interesting constraint. In fact, the company is most interesting because of its chosen constraints: a small subset of cars, a chosen stretch of highway, and dare we say sanity when it comes to self-driving expectations. Grandiose claims have the general public thinking a vehicle with no human driver will slide up to your stoop and take you anywhere you want to go. That is a dauntingly difficult engineering challenge (dare we say impossible). What [Hotz] is selling is a more stress-free commute, not a nap in the back seat. You still need to be paying attention at all times.

Will this system work? Undoubtedly the engineering is possible (Tesla is already doing it). The biggest question mark that remains is human nature. This system demands your attention even though you’re doing nothing. That seems unrealistic — users are bound to lapse in attention much more frequently than if they were the primary driver. The question then becomes, will people pay attention at the very rare yet very crucial moments, and can a system like this prevent more fatal accidents than it causes?

[via Engadget]