NASA Team Sets New Space-to-Ground Laser Communication Record

June 9, 2023 by Joseph Long 13 Comments

[NASA] and a team of partners has demonstrated a space-to-ground laser communication system operating at a record breaking 200 gigabit per second (Gbps) data rate. The TeraByte InfraRed Delivery (TBIRD) satellite payload was designed and built by [MIT Lincoln Laboratory]. The record of the highest data rate ever achieved by a space-to-Earth optical communication link surpasses the 100 Gbps record set by the same team in June 2022.

TBIRD makes passes over an ground station having a duration of about six-minutes. During that period, multiple terabytes of data can be downlinked. Each terabyte contains the equivalent of about 500 hours of high-definition video. The TBIRD communication system transmits information using modulated laser light waves. Traditionally, radio waves have been the medium of choice for space communications. Radio waves transmit data through space using similar circuits and systems to those employed by terrestrial radio systems such as WiFi, broadcast radio, and cellular telephony. Optical communication systems can generally achieve higher data rates, lower loses, and operate with higher efficiency than radio frequency systems. Continue reading “NASA Team Sets New Space-to-Ground Laser Communication Record” →

This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation

June 9, 2023 by Jonathan Bennett 2 Comments

Modded Minecraft is having a security moment, to match what we’ve seen in the Python and JavaScript repositories over the last few months. It looks like things started when a handful of burner accounts uploaded malicious mods to Curseforge and Bukkit. Those mods looked interesting enough, that a developer for Luna Pixel Studios (LPS) downloaded one of them to test-run. After the test didn’t pan out, he removed the mod, but the malicious code had already run.

Where this gets ugly is in how much damage that one infection caused. The virus, now named fractureiser, installs itself into every other Minecraft-related .jar on the compromised system. It also grabs credentials, cookies, cryptocurrency addresses, and the clipboard contents. Once that information was exfiltrated from the LPS developer, the attacker seems to have taken manual actions, using the purloined permissions to upload similarly infected mod files, and then marking them archived. This managed to hide the trapped files from view on the web interface, while still leaving them exposed when grabbed by the API. Once the malware hit a popular developer, it began to really take off.

It looks like the first of the malicious .jar files actually goes all the way back to mid-April, so it may take a while to discover all the places this malware has spread. It was first noticed on June 1, and investigation was started, but the story didn’t become public until the 7th. Things have developed rapidly, and the malware fingerprints has been added to Windows Defender among other scanners. This helps tremendously, but the safe move is to avoid downloading anything Minecraft related for a couple days, while the whole toolchain is inspected. If it’s too late and you’ve recently scratched that voxel itch, it might be worth it to take a quick look for Indicators of Compromise (IoCs).

Continue reading “This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation” →

They Used To Be A Big Shot, Now Eagle Is No More

June 9, 2023 by Jenny List 246 Comments

There once was a time when to make a PCB in our community was to use CadSoft EAGLE, a PCB design package which neatly filled the entry level of that category with a free version for non-commercial designs. Upgrading it to the commercial version was fairly inexpensive, and indeed that was a path which quite a few designers making the step from hobby project to small production would take.

Then back in 2017, CadSoft were bought by Autodesk, and their new version 8 of the software changed its licensing model from purchase to rental. It became a product with a monthly subscription and an online side, and there began an exodus of users for whom pay-to-play meant too much risk of losing access to their designs. Now six years later the end has come, as the software behemoth has announced EAGLE’s final demise after a long and slow decline. Continue reading “They Used To Be A Big Shot, Now Eagle Is No More” →

Overall design of retina-inspired NB perovskite PD for panchromatic imaging. (Credit: Yuchen Hou et al., 2023)

Perovskite Sensor Array Emulates Human Retina For Panchromatic Imaging

June 2, 2023 by Maya Posch 13 Comments

The mammalian retina is a complex system consisting out of cones (for color) and rods (for peripheral monochrome) that provide the raw image data which is then processed into successive layers of neurons before this preprocessed data is sent via the optical nerve to the brain’s visual cortex. In order to emulate this system as closely as possible, researchers at Penn State University have created a system that uses perovskite (methylammonium lead bromide, MAPbX₃) RGB photodetectors and a neuromorphic processing algorithm that performs similar processing as the biological retina.

Panchromatic imaging is defined as being ‘sensitive to light of all colors in the visible spectrum’, which in imaging means enhancing the monochromatic (e.g. RGB) channels using panchromatic (intensity, not frequency) data. For the retina this means that the incoming light is not merely used to determine the separate colors, but also the intensity, which is what underlies the wide dynamic range of the Mark I eyeball. In this experiment, layers of these MAPbX₃ (X being Cl, Br, I or combination thereof) perovskites formed stacked RGB sensors.

The output of these sensor layers was then processed in a pretrained convolutional neural network, to generate the final, panchromatic image which could then be used for a wide range of purposes. Some applications noted by the researchers include new types of digital cameras, as well as artificial retinas, limited mostly by how well the perovskite layers scale in resolution, and their longevity, which is a long-standing issue with perovskites. Another possibility raised is that of powering at least part of the system using the energy collected by the perovskite layers, akin to proposed perovskite-based solar panels.

(Heading: Overall design of retina-inspired NB perovskite PD for panchromatic imaging. (Credit: Yuchen Hou et al., 2023) )

This Week In Security: Barracuda, Zyxel, And The Backdoor

June 2, 2023 by Jonathan Bennett 12 Comments

Barracuda’s Email Security Gateway (ESG) has had a vulnerability in it for years. Tracked as CVE-2023-2868, this one was introduced back in version 5.1.3.001, and only got patched during the 9.2 development cycle. Specific build information on patched firmware has not been made available, but a firmware build containing the patch was deployed on May 20.

The flaw was a command injection bug triggered by .tar files attached to incoming emails. The appliance scans attachments automatically, and the file names could trigger the qx operator in a Perl script. It’s a nasty one, ranking a 9.4 on the CVSS scale. But the really bad news is that Barracuda found the vulnerability in the wild, and they have found evidence of exploitation as far back as October 2022.

There have been three malware modules identified on the compromised appliances. SALTWATER is a backdoor trojan, with the ability to transfer files, execute commands, and host network tunnels. SEASPY is a stealthier module, that looks like a legitimate service, and uses PCAP to monitor traffic and receive commands. And SEASIDE is a Lua module for the Barracuda SMTP monitor, and it exists to host a reverse shell on command. Indicators of Compromise (IOCs) have been published, and Barracuda recommends the unplug-and-remove approach to cleaning up an infection. The saving grace is that this campaign seems to have been targeted, and wasn’t launched against every ESG on the Internet, so maybe you’re OK.

Moxa, Too

And speaking of security software that has problems, the Moxa MXsecurity appliance has a pair of problems that could be leveraged together to lead to a complete device takeover. The most serious problem is a hard coded credential, that allows authentication bypass for the web-API. Then the second issue is a command-line escape, where an attacker with access to the device’s Command Line Interface (CLI) can break out and run arbitrary commands. Continue reading “This Week In Security: Barracuda, Zyxel, And The Backdoor” →

Can Hobbyists Bring SGI’s IRIX OS Back To Life?

May 31, 2023 by Lewin Day 33 Comments

Irix was the operating system developed by Silicon Graphics from 1988 to 1998. The OS supported the company’s high-end workstations and served in many serious roles. The company cut off support for the UNIX-based OS in 2006, but now a diehard community is looking to bring the ancient codebase back to life.

SGI workstations used to cost big money before the company collapsed. It failed to make the leap to a new era when x86 architecture began to dominate the wider computing industry. Credit: Bruno Cordioli, CC-BY-2.0

While SGI’s workstations once sold for five or six figures, surviving examples can now often be had for just a few hundred dollars on eBay. The MIPS-based hardware was potent for its time, often used for 3D rendering work for video games, films, or for scientific purposes. IRIX was SGI’s own OS built specifically to support these use cases.

The IRIX Network is a hobbyist community that loves these old machines and their software. The group hopes to raise $6,500 through crowdfunding to reverse-engineer IRIX. The hope is to use those learnings to create an open-source derivative version named IRIX-32, based on IRIX 5.3, the last 32-bit version of the OS.

It’s a monumental task, but admirable nonetheless. Whether we one day see IRIX reborn, akin to what happened to AmigaOS, remains to be seen.

South Korea Successfully Sends Satellites To Orbit

May 30, 2023 by Chris Lott 8 Comments

South Korea’s KARI ( Korea Aerospace Research Institute ) successfully put a commercial satellite into orbit Thursday, achieving another milestone in their domestic space program. The Nuri rocket (aka KLSV-2) left the Naro Space Center launch pad on the southern coast of the peninsula at 18:24 KST, after a communications glitch in the pad’s helium tank facility caused a one-day slip. The primary payload was the 180 kg refrigerator-sized Earth observation satellite NEXTSat-2. It uses synthetic aperture radar (SAR) and also has instruments to observe neutrons in near-Earth orbit due to the impact of solar activity on cosmic radiation. In addition, seven CubeSats were successfully deployed:

Justek JLC-101-V1.2, to verify satellite orbital control system
Lumir, measuring cosmic radiation and testing rad-hardened microprocessor design
Cairo Space, weather observation and space debris technology demonstration
KASI-SAT (Korea Astronomy and Space Science Institute) SNIPE, actually four nano-sats which will achieve a 500 km – 600 km polar orbit and fly in formation to measure plasma variations.

It seems that SNIPE-C, Justek, and Lumir are having communication troubles and may be lost. Ground controllers are still searching. This launch comes almost one year after the previous launch of a dummy satellite in June, which we wrote about last year.

Continue reading “South Korea Successfully Sends Satellites To Orbit” →