News

3659 Articles

This Week In Security: Putty Keys, Libarchive, And Palo Alto

April 19, 2024 by 3 Comments

It may be time to rotate some keys. The venerable PuTTY was updated to 0.81 this week, and the major fix was a change to how ecdsa-sha2-nistp521 signatures are generated. The problem was reported on the oss-security mailing list, and it’s quite serious, though thankfully with a somewhat narrow coverage.

The PuTTY page on the vulnerability has the full details. To understand what’s going on, we need to briefly cover ECDSA, nonces, and elliptic curve crypto. All cryptography depends on one-way functions. In the case of RSA, it’s multiplying large primes together. The multiplication is easy, but given just the final result, it’s extremely difficult to find the two factors. DSA uses a similar problem, the discrete logarithm problem: raising a number to a given exponent, then doing modulo division.

Yet another cryptography primitive is the elliptic curve, which uses point multiplication as the one-way function. I’ve described it as a mathematical pinball, bouncing around inside the curve. It’s reasonably easy to compute the final point, but essentially impossible to trace the path back to the origin. Formally this is the Elliptic Curve Discrete Logarithm Problem, and it’s not considered to be quantum-resistant, either.

One of the complete schemes is ECDSA, which combines the DSA scheme with Elliptic Curves. Part of this calculation uses a nonce, denoted “k”, a number that is only used once. In ECDSA, k must be kept secret, and any repetition of different messages with the same nonce can lead to rapid exposure of the secret key.

And now we get to PuTTY, which was written for Windows back before that OS had any good cryptographic randomness routines. As we’ve already mentioned, re-use of k, the nonce, is disastrous for DSA. So, PuTTY did something clever, and took the private key and the contents of the message to be signed, hashed those values together using SHA-512, then used modulo division to reduce the bit-length to what was needed for the given k value. The problem is the 521-bit ECDSA, which takes a 521-bit k. That’s even shorter than the output of a SHA-512, so the resulting k value always started with nine 0 bits. Continue reading “This Week In Security: Putty Keys, Libarchive, And Palo Alto”

Source Code To The 1999 FPS Game Descent 3 Released

April 17, 2024 by 48 Comments

On April 16th of this year, [Kevin Bentley] released the source code to the Sci-Fi FPS game Descent 3. Originally released in 1999 for Windows, the game has you control a flying ship which you have to guide through both in- and outdoor environments, while shooting at robots that have been infected with an alien virus as you try to save the solar system. It was later also ported to Mac OS and Linux, but was considered a commercial flop due to low sales.

As one of the original developers, [Kevin] explains that one of the goals of this code release is to give the game a second life, by cleaning up the C++ code and using new APIs. Original proprietary audio and video libraries from Interplay were removed, which means that some work is required before one can build a fresh copy of the game from this code base. That said, the released code is the latest 1.5 patch level, with the Mac OS and Linux support. Even if the original Descent games weren’t your cup of tea, it’s still great to see games being preserved and updated like this.

Thanks to [Phil Ashby] for the tip.

This Go-Kart Rides On A Pallet

April 17, 2024 by 16 Comments

Many beginner woodworkers, looking to offset the introductory costs of starting a hobby, will source their wood from pallets. Generally they’re easily found and can be low or no cost, but typically require a bit of work before they’re usable in a project. [Garage Avenger] is looking to do something a little outside of the box with his pallet project, though. He’s using raw pallets as a chassis for a four-speed go-kart, partially for the challenge and excitement and also to one-up a Pinterest post.

Almost immediately, though, the other major downside of working with pallets arose which is that they’re generally built out of low-grade pine which is soft and flexible. Flexibility is generally not a good thing to have in a vehicle frame so plenty of the important parts of this build were strengthened with steel tubing including the rear axle, steering mounts, and a few longitudinal supports to strengthen the overall frame. After working out some kinks with ordering a few of the wrong parts, and mounting the steering box backwards, it was time to test out the four-speed engine (and brakes) on the the go-kart, making it nearly ready for the road.

To complete the build, some tidying of wiring and fuel lines was done, along with improving some of the non-critical parts of the build like the bucket seat. Of course, adding pallet spoilers and body kit puts the finishing touches on the build and the go-kart is finally ready to tear up the local go-kart track and the less-inspiring Pinterest projects. [Garage Avenger] is no stranger to strange vehicle builds, either. Although it’s a bit out of season for most of our northern hemisphere readers now, his jet-powered street sled is still worth a view.

Continue reading “This Go-Kart Rides On A Pallet”

This Week In Security: BatBadBut, DLink, And Your TV Too

April 12, 2024 by 23 Comments

So first up, we have BatBadBut, a pun based on the vulnerability being “about batch files and bad, but not the worst.” It’s a weird interaction between how Windows uses cmd.exe to execute batch files and how argument splitting and character escaping normally works. And what is apparently a documentation flaw in the Windows API.

When starting a process, even on Windows, the new executable is handed a set of arguments to parse. In Linux and friends, that is a pre-split list of arguments, the argv array. On Windows, it’s a single string, left up to the program to handle. The convention is to follow the same behavior as Linux, but the cmd.exe binary is a bit different. It uses the carrot ^ symbol instead of the backslash \ to escape special symbols, among other differences. The Rust devs took a look and decided that there are some cases where a given string just can’t be made safe for cmd.exe, and opted to just throw an error when a string met this criteria.

And that brings us to the big questions. Who’s fault is it, and how bad is it? I think there’s some shared blame here. The Microsoft documentation on CreateProcess() strongly suggests that it won’t execute a batch file without cmd.exe being explicitly called. On the other hand, This is established behavior, and scripting languages on Windows have to play the game by Microsoft’s rules. And the possible problem space is fairly narrow: Calling a batch file with untrusted arguments.

Almost all of the languages with this quirk have either released patches or documentation updates about the issue. There is a notable outlier, as the Java language will not receive a fix, not deeming it a vulnerability. It’s rather ironic, given that Java is probably the most likely language to actually find this problem in the wild. Continue reading “This Week In Security: BatBadBut, DLink, And Your TV Too”

The Future Looks Bleak For Alexa Skill Development

April 12, 2024 by 30 Comments

While the average Hackaday reader is arguably less likely than most to install a megacorp’s listening device in their home, we know there’s at least some of you out there that have an Amazon hockey puck or two sitting on a shelf. The fact is, they offer some compelling possibilities for DIY automation, even if you do have to jump through a few uncomfortable hoops to bend them to your will.

That being said, we’re willing to bet very few readers have bothered installing more than a few Alexa Skills. But that’s not a judgment based on any kind of nerd stereotype — it’s just that nobody seems to care about them. A fact that’s evidenced by the recent revelation that even Amazon looks to be losing interest in the program. In a post on LinkedIn, Skill developer [Mark Tucker] shared an email he received from the mothership explaining they were ending the AWS Promotional Credits for Alexa (APCA) program on June 30th.

Continue reading “The Future Looks Bleak For Alexa Skill Development”

Hackaday Europe Is Almost Here, Last Call For Tickets

April 9, 2024 by 12 Comments

By the time this post hits the front page, we’ll be just a few days away from the kickoff of Hackaday Europe 2024!

For those of you joining us in Berlin this weekend, we’ve got an incredible amount of content planned for you. Things get rolling on Friday with a pre-event meetup. But Saturday is when things really kick into high gear. Before the day’s out, we’ll have played host to nearly a dozen speakers and — literally — more workshops than we could fit into the schedule. Two workshops will be “floating” events that will happen once enough interested parties have congregated in one place. We’ll keep things going until well past midnight, which leads directly into Sunday. We want to get a few sessions of lightning talks packed in, so start coming up with your talk ideas now.

The Vectorscope will be making its European debut.

In addition, there will be food, music, camaraderie, badge hacking, and the general technolust surrounding a Hackaday event. In our humble and totally unbiased opinion, we put on some of the best and most unique hardware hacking meetups in the world — if you like reading Hackaday, you’ll love living it for a couple of days.

As of this writing, we still have a very few tickets for Hackaday Europe 2024 available. Want one? Head over to the Eventbrite page. But you better hurry. We’re talking a literal handful here, so don’t be surprised if they’ve dried up by the time you read this.

The workshops have all sold out, but as usual, we’ll be running a waiting list right up until the last minute: should anyone have to drop out of a workshop (which happens more than you might think), their spot will go to the person next in line. If you’d like to get on the list, email prize@hackaday.com with your name, ticket number, and the workshop you’re hoping to sneak into, and we’ll see what we can do.

But don’t let the workshops stop you. There’s still plenty to see, do, and experience. See you there!