This Week In Security: Kali Purple, Malicious Notifications, And Cybersecurity Strategy

After a one-week hiatus, we’re back. It’s been a busy couple weeks, and up first is the release of Kali Purple. This new tool from Kali Linux is billed as an SOC-in-a-box, that follows the NIST CSF structure. That is a veritable alphabet soup of abbreviated jargon, so let’s break this down a bit. First up, SOC IAB or SOC-in-a-box is integrated software for a Security Operation Center. It’s intrusion detection, intrusion prevention, data analysis, automated system accounting and vulnerability scanning, and more. Think a control room with multiple monitors showing graphs based on current traffic, a list of protected machines, and log analysis on demand.

NIST CSF is guidance published by the National Institute of Standards and Technology, a US government agency that does quite a bit of the formal ratification of cryptography and other security standards. CSF is the CyberSecurity Framework, which among other things, breaks cybersecurity into five tasks: identify, protect, detect, respond, and recover. The framework doesn’t map perfectly to the complexities of security, but it’s what we have to work with, and Kali Purple is tailor-made for that framework.

Putting that aside, what Purple really gives you is a set of defensive and analytical tools that rival the offensive tools in the main Kali distro. Suricata, Arkime, Elastic, and more are easily deployed. The one trick that really seems to be missing is the ability to deploy Kali Purple as the edge router/firewall. The Purple deployment docs suggest an OPNSense deployment for the purpose. Regardless, it’s sure to be worthwhile to watch the ongoing development of Kali Purple.

Continue reading “This Week In Security: Kali Purple, Malicious Notifications, And Cybersecurity Strategy”

Virgin Orbit Pauses Operations, Seeks Funding

It looks as though things may have gone from bad to worse at Virgin Orbit, the satellite carrying spin-off of Richard Branson’s space tourism company Virgin Galactic. After a disappointing launch failure earlier in the year, CNBC is now reporting the company will halt operations and furlough most employees for at least a week as it seeks new funding.

It’s no secret that company has struggled to find its footing since it was formed in 2017. On paper, it was an obvious venture — Virgin Galactic already had the White Knight Two carrier aircraft and put plenty of R&D into air-launched rockets, it would simply be a matter of swapping the crewed SpaceShipTwo vehicle for the LauncherOne orbital booster. But upgrades to the rocket eventually made it too large for the existing carrier aircraft, so the company instead purchased a Boeing 747 and modified it to lift their two-stage rocket out of the thick lower atmosphere. Continue reading “Virgin Orbit Pauses Operations, Seeks Funding”

Hackaday Berlin: Final Schedule, Last Call For Tickets, And More

Hackaday Berlin is just about a week away, and we’ve just put the finishing touches on our preparations. And that includes a snazzy landing page, the full schedule, details on the Friday night meetup, and more.

We’ll be meeting up Friday the 24th at 19:00 at DogTap / Brew Dog, Im Marienpark 23 for an ice breaker. This is a great time to unwind from your travels, catch up with old friends, and start getting into gear for the days ahead.

Saturday the 25th starts off at 9:30, you’ll get your badge and schwag bag, and have some breakfast. Then it’s talks, workshops, lightning talks, badge hacking, food and music until the wee hours.

Sunday morning starts up again at 11:00, but it’ll feel like 10:00 due to Daylight Savings time. We’ll have brunch, show off whatever cool hacks you’ve brought along, and just generally chill out into the afternoon. Some people are planning to go sightseeing around Berlin afterwards, so if that’s your thing, you’re in good company.

For any chat related to Hackaday Berlin, we have a not-so-cryptically named #Berlin channel over on the Hackaday Discord server.

There are still a few tickets left, so you procrastinators, now’s your time to snap them up. All the rest of you, put those finishing touches on whatever you’re bringing with you, and we’ll see you next week!

(Oh, and press the play button on the landing page.)

Enzymes Make Electricity From Thin Air

There’s an old magic trick known as the miser’s dream, where the magician appears to pull coins from thin air. Australian scientists say they can now generate electricity out of thin air with the help of some enzymes. The enzyme reacts to hydrogen in the atmosphere to generate a current.

They learned the trick from bacteria which are known to use hydrogen for fuel in inhospitable environments like Antarctica or in volcanic craters. Scientists knew hydrogen was involved but didn’t know how it worked until now.

The enzyme is very efficient and can even work on trace amounts of hydrogen. The enzyme can survive freezing and temperature up to 80 °C (176 °F). The paper seems more intent on the physical mechanisms involved, but you can tell the current generated is minuscule. We don’t expect to see air-powered cell phones anytime soon. Then again, you have to start somewhere, and who knows where this could lead?

Microbial fuel cells aren’t new, of course. If you just want lights, you can skip the electricity altogether.

Stranded Motorist Effects Own Rescue Using A Drone And A Cell Phone

If you’re looking for a good excuse to finally buy a drone, you probably can’t do better than claiming it can save your life.

Granted, you may never find yourself in the position of being stuck in a raging snowstorm in the middle of the Oregon wilderness, but if you do, this is a good one to keep in mind. According to news stories and the Lane County Sheriff Search and Rescue Facebook page, an unnamed motorist who was trying to negotiate an unmaintained road through the remote Willamette National Forest got stuck in the snow. This put him in a bad situation, because not only was he out of cell range, but nobody knew where he was or even that he was traveling, so he wouldn’t be missed for days.

Thankfully, the unlucky motorist played all his cards right. Rather than wandering off on foot in search of help, he stayed with his vehicle, which provided shelter from the elements. Conveniently, he also happened to have a drone along with him, which provided him with an opportunity to get some help. After typing a detailed text message to a friend describing his situation and exact location, he attached the phone to his drone and sent it straight up a couple of hundred feet — enough to get a line-of-sight connection to a cell tower. Note that the image above is a reenactment by the Search and Rescue team; it’s not clear how the resourceful motorist rigged up the drone, but we’re going to guess duct tape was involved.

When he brought the drone back down a few minutes later, he found that the queued text had been sent, and the cavalry was on the way. The Search and Rescue unit was able to locate him, and as a bonus, also found someone else nearby who had been stranded for days. So it was a win all around thanks to some clever thinking and a little technology.

Hackaday Berlin: First Round Of Talks

We’re super excited to announce the first round of speakers for Hackaday Berlin!  We’re set to convene on Friday night, March 24th for an evening warm up before the main show on Saturday, March 25. Featuring the triumphant return of Voja’s 4-bit badge, a crew of awesome speakers, lightning talks, workshops, music, food, badge hacking, and all the best of the Hackaday community, this will be a day to remember. And then we’ll chill out Sunday morning with a Bring-a-Hack brunch.

So without further ado: the first round of speakers!

Jiska Classen
Hacking Closed-Source: Reverse Engineering Real-World Products

Closed-source software is prevalent in our everyday lives, limiting our ability to understand how it works, which privacy implication it poses to the processed data, and addressing potential issues in time. Despite the growth of open-source movements, users often have no choice but to rely on closed-source solutions, e.g., for medical devices and IoT products. We’ll discuss key techniques to help you get started with reverse engineering. Hacking your own devices can be challenging, bricking a device is not uncommon, but so is celebrating the moments of a revived and modified device.

James Bruton
Being a Full-Time YouTuber

 

YouTube is my full-time job and has been for four years. I create STEM education content using everything from 3D printing, CNC, Welding, to Microcontrollers and Coding. Find out how I got started, how I make money, what goes on in the background, and what my future plans are. I’ll tell you how you can do it too!

Trammell Hudson
Hacking your dishwasher for cloudless appliances

Why does your dishwasher, laundry or coffee-pot need to talk to the cloud? In this presentation, Trammell Hudson shows how he reverse engineered the encrypted connections between Home Connect appliances and the Bosch-Siemens Cloud servers, and how you can control your own appliances with your self-hosted MQTT home automation system by extracting the devices’ authentication keys and connecting to their local websocket ports. No cloud required!

Bleeptrack
Oops, my project ended up in a museum

Parameterized design allows for the adaption of projects to different needs but can also change the aesthetic to a persons liking. Bleeptrack will walk you through the creation process and tools of her generative projects, talk about her experience manufacturing unique pieces and explains how to cope when your freshly finished project gets locked up in an art exhibition for a few months.

Ali Shtarbanov
Creating Hardware Development Platforms for Real-World Impact: FlowIO Platform

What does it really take do create and deploy a development platform for real-world impact? Why do we need development platforms and how can they democratize emerging fields and accelerate innovation? Why do most platform attempts fail and only very few succeed in terms of impact? I will discuss the key characteristics that any platform technology must have in order for it to be able to useful for diverse users. FlowIO was the winner of the 2021 Hackaday Grand Prize as well as over a dozen other engineering, research, and design awards.

Come join us!

You!

Whatever you’re up to.

We want you to bring your current project, world-changing ideas, or simply fun hacks for a 7-minute lightning talk!

 

What’s Going To Happen To Legacy Broadcast Bands When The Lights Go Out?

Our smartphones have become our constant companions over the last decade, and it’s often said that they have been such a success because they’ve absorbed the features of so many of the other devices we used to carry. PDA? Check. Pager? Check. Flashlight? Check. Camera? Check. MP3 player? Of course, and the list goes on. But alongside all that portable tech there’s a wider effect on less portable technology, and it’s one that even has a social aspect to it as well. In simple terms, there’s a generational divide that the smartphone has brought into focus, between older people who consume media in ways born in the analogue age, and younger people for whom their media experience is customized and definitely non-linear.

The Kids Just Don’t Listen To The Radio Any More

A 1957 American family watching TV
We’re guessing this is no longer a scene played out in many homes. Evert F. Baumgardner, Public domain.

The effect of this has been to see a slow erosion of the once-mighty reach of radio and TV broadcasters, and with that loss of listenership has come less of a need for the older technologies they relied on. Which leaves a fascinating question here at Hackaday, what is going to happen to all that spectrum? Indeed, there’s a deeper question behind all that, is lower frequency spectrum even that valuable any more?

In the old days, we had analogue TV in several-MHz-wide channels spread across a large part of the UHF bands and some smaller chunks of VHF. Among that we had 20 MHz of FM broadcasting around the 100 MHz mark, and disregarding shortwave, then a MHz of AM down around 1 MHz. Europeans got a bonus band down there too: we’ve got Long Wave, over 100 kHz of AM goodness roughly centered around 200 kHz.

Continue reading “What’s Going To Happen To Legacy Broadcast Bands When The Lights Go Out?”