This Week In Security: Macstealer, 3CX Carnage, And Github’s Lost Key

March 31, 2023 by Jonathan Bennett 6 Comments

There’s a naming overload here, as two bits of security news this week are using the “MacStealer” moniker. We’re first going to talk about the WiFi vulnerability, also known as Framing Frames (pdf). The WPA encryption schemes introduced pairwise encryption, ensuring that not even other authenticated users can sniff each others’ traffic. At least that’s the idea, but this attack finds a couple techniques to bypass that protection.

A bit more background, there are a couple ways that packets can be delayed at the sender side. One of those is the power-save message, that signals the access point that the given client is going into a low power state. “Hold my calls, I’m going to sleep.” That message is a single bit in a frame header. And notably, that bit isn’t covered by WPA encryption or verification. An attacker can send a message, spoof a victim’s MAC address, and the access point marks that client as being in power-save mode.

This observation leads to a question: What happens when the encryption details change between the packet joining the queue, and actually transmitting? Turns out, the specifications on WiFi encryption don’t spell it out, and some implementations do the last thing you’d want, like sending the packets in the clear. Whoops. This behavior was the case in the Linux kernel through version 5.5.0, but starting with 5.6.0, the buffered packets were simply dropped when the encryption key was unavailable. Continue reading “This Week In Security: Macstealer, 3CX Carnage, And Github’s Lost Key” →

Archiving The Entirety Of DPReview Before It’s Gone

March 31, 2023 by Maya Posch 28 Comments

Despite the popular adage about everything on the internet being there forever, every day pages of information and sometimes entire websites are lost to the sands of time. With the imminent shutdown of the DPReview website, nearly 25 years of reviews and specifications of cameras and related content are at risk of vanishing. Also lost will be the content of forum posts, which can still be requested from DPReview staff until April 6th. All because the owner of the site, Amazon, is looking to cut costs.

As announced on r/photography, the Archive.org team is busy trying to download as much of the site as possible, but due to bottlenecks may not finish in time. One way around these bottlenecks is what is called the Archive Team Warrior, which involves either a virtual machine or Docker image that runs on distributed systems. In early April an archiving run using these distributed systems is planned, in a last-ditch attempt to retain as much of the decades of content.

The thus archived content will be made available in the WARC (Web ARChive) format, in order to retain as much information as possible, including meta data and different versions of content.

The 2023 Hackaday Prize Is Ten, First Challenge Is Educational

March 28, 2023 by Elliot Williams 6 Comments

If you were anywhere near Hackaday over the weekend, you certainly noticed that we launched the tenth annual Hackaday Prize! In celebration of the milestone, we picked from our favorite challenges of years past and came up with four of our favorite, and even one new one just to keep you on your toes. But the first challenge round is running right now, so get your hacking motors turning.

Re-engineering Education

The first challenge this year showcases educational projects, but broadly construed. Hackers tend to learn best by doing. In the Re-engineering Education challenge, we want you to help give others a chance to learn new skills. Whether you’re building a DIY radio kit, a breadboard-it-yourself computer, or even a demonstrator robot arm, if it helps pass on your hard-earned skills, we want you to enter it here.

It’s fresh on my mind because we were just playing with one this weekend, but [deshipu]’s Fluffbug robot project is a great inspiration for non-traditional education. What better way to discover the intricacies of four-legged walking machine gaits than to have one to play with on your desktop? It’s not going to take over the world, but if you can make it walk, you’ve learned something.

More obviously educational is [Joan Horvath]’s Hacker Calculus, an entry in last year’s Prize. The connections between a function’s height, and the area or volume that it integrates up to can be awfully abstract. Printing out 3D models of the resulting shapes can really help to bring the point home. Or maybe you could really drive home the speed of a comet in its orbit with a physical model? They’ve got you covered, but also ideas for generating your own plastic math toys.

When we think educational computer builds, the amazing reproduction of the WDC-1 “Working Digital Computer” by [Michael Gardi] springs instantly to mind, but perhaps it goes too far down the rabbit hole. Just another rung up on the complexity ladder gets you the Blinking Computer by [Tony Robinson]. Or if you want to figure out how an almost-commercial Z80 computer works from the ground up, consider the Baffa 2.

So what skills do you have that you want to teach other hackers? Can you embody that in a project?

All the Challenges

If you don’t have education in your sights, have a look at the rest of the 2023 Hackaday Prize Challenge rounds. We’re sure you’ll find something you like.

To enter, simply set up a project on Hackaday.io. When the challenge is running, you’ll be able to enter. Full rules over at the 2023 Hackaday Prize landing page.

Challenge	Date	The Details
Re-engineering Education	March 25 – April 25	Educational projects of all stripes welcome. If the goal is to teach, enter it here.
Assistive Tech	April 25 – May 30	The Assistive Tech challenge calls for projects that help people with disabilities to learn, work, move around, and simply live their lives to the fullest.
Green Hacks	May 30 – July 4	Help reduce our impact on the planet. Do more with less, or help clean up the mess.
Gearing Up	July 4 – August 8	Hackers build their own tools. What have you made that makes your making easier? Share it with us.
Wildcard	August 8 – September 12	This is where anything goes. The wildcard challenge lets your projects speak for themselves.

Continue reading “The 2023 Hackaday Prize Is Ten, First Challenge Is Educational” →

Hackaday Berlin Was Bonkers

March 27, 2023 by Elliot Williams 11 Comments

In celebration of the tenth running of the Hackaday Prize, we had a fantastic weekend event in Berlin. This was a great opportunity for all of the European Hackaday community to get together for a few days of great talks, fun show-and-tells, and above all good old fashioned sitting together and brainstorming. Of course there was the badge, and the location – a gigantic hackerspace in Berlin called MotionLab – even had a monstrous laser-eye octopus suspended from a gantry overhead. Everyone who came brought something to share or to show. You couldn’t ask for more.

Unfortunately, we weren’t able to record the talks, so we’ll run down the highlights for you here. [Jenny List] is writing up a bunch of the badge hacks as we speak, so we’ll skip that for now. For the full experience, you just had to be there, but we’ll share with you what pictures we got. Enjoy!

Continue reading “Hackaday Berlin Was Bonkers” →

Europe’s Proposed Right-To-Repair Law: A Game Changer, Or Business As Usual?

March 27, 2023 by Maya Posch 145 Comments

Recently, the European Commission (EC) adopted a new proposal intended to enable and promote the repair of a range of consumer goods, including household devices like vacuum cleaners and washing machines, as well as electronic devices such as smartphones and televisions. Depending on how the European Parliament and Council vote in the next steps, this proposal may shape many details of how devices we regularly interact with work, and how they can be repaired when they no longer do.

As we have seen recently with the Digital Fair Repair Act in New York, which was signed into law last year, the devil is as always in the details. In the case of the New York bill, the original intent of enabling low-level repairs on defective devices got hamstrung by added exceptions and loopholes that essentially meant that entire industries and types of repairs were excluded. Another example of ‘right to repair’ being essentially gamed involves Apple’s much-maligned ‘self repair’ program, that is both limited and expensive.

So what are the chances that the EU will succeed where the US has not?

Continue reading “Europe’s Proposed Right-To-Repair Law: A Game Changer, Or Business As Usual?” →

Gordon Moore, 1929 — 2023

March 25, 2023 by Jenny List 16 Comments

The news emerged yesterday that Gordon Moore, semiconductor pioneer, one of the founders of both Fairchild Semiconductor and Intel, and the originator of the famous Moore’s Law, has died. His continuing influence over all aspects of the technology which makes our hardware world cannot be overstated, and his legacy will remain with us for many decades to come.

A member of the so-called “Traitorous Eight” who left Shockley Semiconductor in 1957 to form Fairchild Semiconductor, he and his cohort laid the seeds for what became Silicon Valley and the numerous companies, technologies, and products which have flowed from that. His name is probably most familiar to us through “Moore’s Law,” the rate of semiconductor development he first postulated in 1965 and revisited a decade later, that establishes a doubling of integrated circuit component density every two years. It’s a law that has seemed near its end multiple times over the decades since, but successive advancements in semiconductor fabrication technology have arrived in time to maintain it. Whether it will continue to hold from the early 2020s onwards remains a hotly contested topic, but we’re guessing its days aren’t quite over yet.

Perhaps Silicon Valley doesn’t hold the place in might once have in the world of semiconductors, as Uber-for-cats app startups vie for attention and other semiconductor design hubs worldwide steal its thunder. But it’s difficult to find a piece of electronic technology, whether it was designed in Mountain View, Cambridge, Shenzhen, or wherever, that doesn’t have Gordon Moore and the rest of those Fairchild founders in its DNA somewhere. Our world is richer for their work, and that’s what we’ll remember Gordon Moore for.

You can read our thoughts on Moore’s famous law. If you ever wondered how Silicon Valley became the place for electronics, the story is probably much older than you think.

This Week In Security: USB Boom! Acropalypse, And A Bitcoin Heist

March 24, 2023 by Jonathan Bennett 4 Comments

We’ve covered a lot of sketchy USB devices over the years. And surely you know by now, if you find a USB drive, don’t plug it in to your computer. There’s more that could go wrong than just a malicious executable. We’ve covered creative and destructive ideas here on Hackaday, from creative firmware to capacitors that fry a machine when plugged in. But what happened to a handful of Ecuadorian journalists was quite the surprise. These drives went out with a bang.

That is, they literally exploded. The drives each reportedly contained a pellet of RDX, a popular explosive in use by militaries since the second World War. There have been five of these hyperactive USB devices located so far, and only one actually detonated. It seems that one only managed to trigger half of its RDX payload. Because of this, and the small overall size of a USB drive, the explosion was more comparable to a firecracker than a bomb. Continue reading “This Week In Security: USB Boom! Acropalypse, And A Bitcoin Heist” →