Up first is a clever attack against VPNs, using some clever DNS and routing tricks. The technique is known as TunnelCrack (PDF), and every VPN tested was vulnerable to one of the two attacks, on at least one supported platform.
Continue reading “This Week In Security: TunnelCrack, Mutant, And Not Discord”
Sometimes we have a new part or piece of tech that we want to use, and it feels like a solution looking for a problem. Upon first encountering NFC Tags, [nalanj] was looking for an application and thought they might make a great update to old-fashioned plant markers in a garden. Those are usually small and, being outside 24/7, the elements tend to wear away at what little information they hold.
[nalanj] used a freeform data structuring service called Cardinal to set up text information fields for each plant and even photos. Once a template has been created, every entry gets a unique URL that’s perfect for writing to an NFC tag. See the blog post on Cardinal’s site for the whole process, the thought behind the physical design of the NFC tag holder, and a great application of a pause in the 3D print to encapsulate the tags.
NFC tags are super hackable, though, so you don’t have to limit yourself to lookups in a plant database. Heck, you could throw away your door keys.
The 2023 Hackaday Superconference isn’t taking place until November, but the time to get your tickets is right now.
Hackaday’s Supercon is far and away the coolest hardware-focused hacker con of the year, and if you’re Hackaday, you absolutely want to be there. Honestly, just the crowd that Supercon brings together is reason enough to attend, but then you throw in the talks, the badge-hacking, the food, and the miscellaneous shenanigans … it’s an event you really don’t want to miss.
We’ll be announcing the speaker and workshop lineups in the upcoming weeks, but as always, we’re opening up a number of True Believer tickets for those of you who know you’ll be coming no matter what. Head on over to Eventbrite now and secure yours before they’re all gone. These usually sell out within the first few hours of being announced, so if you’re reading this right now, don’t hesitate.
Supercon is a small and friendly event, and it will be a long weekend that you’ll be looking back on fondly for the rest of the year. Whether you’ve been every time or whether you have always wanted to see what the hype is about, we can’t wait to see you all there. Come join us!
So the room-temperature superconductor was a super disappointment, but even though the claims didn’t stand up in the end, the even better news is that real science was done. A paper making extraordinary claims came out, the procedure to make LK-99 was followed in multiple labs around the world, and then it was tested. It didn’t turn out to conduct particularly well at all. After a couple weeks of global superconductor frenzy, everything is back to normal again.
What the heck happened? First of all, the paper itself made extravagant claims about a holy-grail kind of material. There was a very tantalizing image of a black pellet floating in mid air, which certainly seems like magic, even though it’s probably only run-of-the-mill ferromagnetism in the end. But it made for a great photo-op in a news-starved August, and the then-still-Twitterverse took to it by storm. And then the news outlets piled on the hype fest.
If you’re feeling duped by the whole turn of events, you’re not alone. But the warning signs were there from the beginning, if you took the time to look. For me, it was the closing line of the paper: “We believe that our new development will be a brand-new historical event that opens a new era for humankind.”
That’s not the kind of healthy skepticism and cautious conclusion that real science runs best on. Reading the paper, I had almost no understanding of the underlying materials science, but I knew enough about human nature to suspect that the authors had rushed the paper out the door without sufficient scrutiny.
How can we keep from being fooled again? Carl Sagan’s maxim that “extraordinary claims require extraordinary evidence” is a good start. To that, I would add that science moves slowly, and that extraordinary evidence can only accumulate over time. So when you see hype science, simply wait to draw any conclusions. If it is the dawn of a new era, you’ll have a lot of time to figure out what room-temperature superconductivity means to you in the rosy future. And if it’s just a flash in the pan, you won’t have gotten your hopes up.
It must be Blackhat/DEFCON season. Up first in the storm of named vulnerabilities, we have Downfall. The PDF has the juicy details here. It’s quite similar to the Zenbleed issue from last week, in that it abuses speculative execution to leak data via a hidden register. Unlike Zenbleed, this isn’t direct access, but using cache timing analysis to extract individual bytes using a FLUSH+RELOAD approach.
The key to the vulnerability is the gather instruction, which pulls data from multiple locations in memory, often used to run a followup instruction on multiple bytes of data at once. The gather instruction is complex, takes multiple clock cycles to execute, and uses several tricks to execute faster, including managing buffers to avoid multiple reads. In certain cases, that instruction can be interrupted before it completes, leaving the data in the cache. And this data can be speculatively accessed and the values leaked through timing analysis.
This flaw affects 6th generation Intel Core processors through 11th. Mitigations are already rolling out via a microcode update, but do carry a performance hit for gather instructions. Continue reading “This Week In Security: It’s Con Season”
[Tim] from the “Way Out West” Youtube channels has started a fun project — building a wooden pedal-car heavily inspired by “Bugsy Malone”. The kids-sized gangsters in that movie got around in kid-sized pedal cars. Apparently kid-sized [Tim] just loved the idea, but just didn’t have the skills or tools to try to build one. But the time has come, and he has spent years putting together a workshop, tools, and skills.
The goal is a 4-wheeled vehicle that can actually be enclosed, to keep the driver out of the rain. It would be petal powered, with an optional electric assist. It should be made of simple materials, like plywood and epoxy. The design would be freely shared, and the overall cost hopefully kept low. Come back after the link to find the rest of the story, including the monkey wrench thrown into the works.
Continue reading “Pedal Car Vs Ministry Of Transport”
You could practically hear the collective “PHEW!” as NASA announced that they had reestablished full two-way communications with Voyager 2 on Friday afternoon! Details are few at this point — hopefully we’ll get more information on how this was pulled off, since we suspect there was some interesting wizardry involved. If you haven’t been following along, here’s a quick recap of the situation.
As we previously reported, a wayward command that was sent to Voyager 2, currently almost 19 light-hours distant from Earth, reoriented the spacecraft by a mere two degrees. It doesn’t sound like much, but the very narrow beamwidth on Voyager‘s high-gain antenna and the vast distance put it out of touch with the Canberra Deep Space Network station, currently the only ground station with line-of-sight to the spacecraft. While this was certainly a problem, NASA controllers seemed to take it in stride thanks to a contingency program which would automatically force the spacecraft to realign itself to point at Earth using its Canopus star tracker. The only catch was, that system wasn’t set to engage until October.
With this latest development, it appears that mission controllers weren’t willing to wait that long. Instead, based on what was universally referred to in the non-tech media as a “heartbeat” from Voyager on August 1– it appears that what they were really talking about was the use of multiple antennas at the Canberra site to pick up a weak carrier signal from the probe — they decided to send an “interstellar shout” and attempt to reorient the antenna. The 70-m DSS-43 dish blasted out the message early in the morning of August 2, and 37 hours later, science and engineering data started streaming into the antenna again, indicating that Voyager 2 was pointing back at Earth and operating fine.
Hats off to everyone involved in making this fix and getting humanity’s most remote outpost back online. If you want to follow the heroics in nearly real-time, or just like watching what goes on at the intersection of Big Engineering and Big Science, make sure you check out the Canberra DSN Twitter feed.
