Slider

4358 Articles

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

March 29, 2024 by 1 Comment

The Linux command wall is a hold-over from the way Unix machines used to be used. It’s an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of all logged-in users. So far nothing too exciting from a security perspective. Where things get a bit more interesting is the consideration of ANSI escape codes. Those are the control codes that moves the cursor around on the screen, also inherited from the olden days of terminals.

The modern wall binary is actually part of util-linux, rather than being a continuation of the old Unix codebase. On many systems, wall runs as a setgid, so the behavior of the system binary really matters. It’s accepted that wall shouldn’t be able to send control codes, and when processing a message specified via standard input, those control codes get rejected by the fputs_careful() function. But when a message is passed in on the command line, as an argument, that function call is skipped.

This allows any user that can send wall messages to also send ANSI control codes. Is that really a security problem? There are two scenarios where it could be. The first is that some terminals support writing to the system clipboard via command codes. The other, more creative issue, is that the output from running a binary could be overwritten with arbitrary text. Text like:
Sorry, try again.
[sudo] password for jbennett:

You may have questions. Like, how would an attacker know when such a command would be appropriate? And how would this attacker capture a password that has been entered this way? The simple answer is by watching the list of running processes and system log. Many systems have a command-not-found function, which will print the failing command to the system log. If that failing command is actually a password, then it’s right there for the taking. Now, you may think this is a very narrow attack surface that’s not going to be terribly useful in real-world usage. And that’s probably pretty accurate. It is a really fascinating idea to think through, and definitively worth getting fixed. Continue reading “This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256”

Tech Support… Can AI Be Worse?

March 28, 2024 by 56 Comments

You can’t read the news today without another pundit excitedly reporting how AI is going to take every job you can imagine. Of course, AI will change the employment landscape. It will take some jobs and reduce the need for others. What about tech support? Is it possible that an AI might be able to help people with technical issues better than humans? My first answer was no way, but then I was painfully reminded of something. The question isn’t if AI can help you better than any human can. The question is if AI can help you better than the low-paid person on the other end of the phone you are likely to talk to. Sadly, I think the answer to that question is almost certainly yes.

In all fairness, if you read Hackaday, you probably don’t encounter many technical support people who can solve a problem you can’t. By the time you call them, it is a lost cause. But this is more than just “Hackday folks are smarter than the tech support agents.” The overall quality of tech support at many companies is rock bottom no matter who you are. Continue reading “Tech Support… Can AI Be Worse?”

Fictional Computers: Colossus And Guardian

March 28, 2024 by 27 Comments

We can learn a lot by looking at how writers and filmmakers imagine technology. While some are closer than others, there are some definite lessons like never make a killer computer without an off switch you can reach. We are especially interested in how computers appear in books, movies, and TV shows, and so in Computers of Fiction, we want to remember with you some of our favorites. This time, we are thinking about the 1970 movie Colossus: The Forbin Project. There were actually two computers: the titular Colossus, which was an American computer, and the Guardian, a similar Soviet computer.

The Story

In the United States, Dr. Forbin has created a supercomputer deep under a mountain. Colossus, the computer, is put in charge of the nuclear arsenal to eliminate human error in the defense of the country. Colossus gathered intelligence, analyzed it, and was able to launch its own missiles.

Colossus realizes there is another system.

Shortly after activation, however, the computer reaches a startling conclusion: “WARN: THERE IS ANOTHER SYSTEM.” It provides coordinates in the Soviet Union. That system is a similar system called Guardian. The computers decide they want to talk to each other. The President decides to allow it, hoping to learn more about the Soviet’s secret computer. The Soviets agree, too, presumably for the same reason. You can watch the original trailer below.

Continue reading “Fictional Computers: Colossus And Guardian”

Retrotechtacular: TOPS Runs The 1970s British Railroad

March 27, 2024 by 29 Comments

How do you make the trains run on time? British Rail adopted TOPS, a computer system born of IBM’s SAGE defense project, along with work from Standford and Southern Pacific Railroad. Before TOPS, running the railroad took paper. Lots of paper, ranging from a train’s history, assignments, and all the other bits of data required to keep the trains moving. TOPS kept this data in real-time on computer screens all across the system. While British Rail wasn’t the only company to deploy TOPS, they were certainly proud of it and produced the video you can see below about how the system worked.

There are a lot of pictures of old big iron and the narrator says it has an “immense storage capacity.”  The actual computers in question were a pair of IBM System/370 mainframes that each had 4 MB of RAM. There were also banks of 3330 disk drives that used removable disk packs of — gasp — between 100 and 200 MB per pack.

As primitive and large as those disk drives were, they pioneered many familiar-sounding technologies. For example, they used voice coils, servo tracking, MFM encoding, and error-correcting encoding.

Continue reading “Retrotechtacular: TOPS Runs The 1970s British Railroad”

The Roller Ship Was Not An Effective Way To Cross The High Seas

March 27, 2024 by 25 Comments

Boats come in all shapes and sizes. We have container ships, oil tankers, old-timey wooden sailing ships, catamarans, trimarans, and all sorts besides. Most are designed with features that give them a certain advantage or utility that justifies their construction for a given application.

The roller ship, on the other hand, has not justified its own repeat construction. Just one example was ever built, which proved unseaworthy and impractical. Let’s explore this nautical oddity and learn about why it didn’t make waves as its inventor may have hoped.

Continue reading “The Roller Ship Was Not An Effective Way To Cross The High Seas”

Japan’s First Commercial Rocket Debuts With A Bang

March 27, 2024 by 11 Comments

Though it suffered through decades of naysayers, these days you’d be hard pressed to find anyone who would still argue that the commercialization of space has been anything but a resounding success for the United States. SpaceX has completely disrupted what was a stagnant industry — of the 108 US rocket launches in 2023, 98 of them were performed by the Falcon 9. Even the smaller players, such as Rocket Lab and Blue Origin, are innovating and bringing new technologies to market at a rate which the legacy aerospace companies haven’t been able to achieve since the Space Race.

So it’s no surprise that other countries are looking to replicate that success. Japan in particular has been following NASA’s playbook by offering lucrative space contracts to major domestic tech companies such as Mitsubishi, Honda, NEC, Toyota, Canon, Kyocera, and Sumitomo. Over the last several years this has resulted in the development of a number spacecraft and missions, such as the Hakuto-R Moon lander. It’s also laid the groundwork for exciting future projects, like the crewed lunar rover Toyota and Honda are jointly developing for the Artemis program.

But so far there’s been a crucial element missing from Japan’s commercial space aspirations, an orbital booster rocket. While the country has state-funded launch vehicles such as the H-IIA and H3 rockets, they come with the usual bureaucracy one would expect from a government program. In comparison, a privately developed and operated booster holds the promise of reduced costs and a higher launch cadence, especially if there are multiple competing vehicles on the market.

With the recent test flight of Space One’s KAIROS rocket, that final piece of the puzzle may finally be falling into place. While the launch unfortunately failed shortly after liftoff, the fact that the private rocket was able to get off the ground — literally and figuratively — is a promising sign of what’s to come.

Continue reading “Japan’s First Commercial Rocket Debuts With A Bang”

Retrotechtacular: Build Your Own Dune Buggy, 1970s Style

March 26, 2024 by 21 Comments

The custom car phenomenon is as old as the second-hand car, yet somehow the decades which stick in the mind as their heyday are the 1960s and 1970s. If you didn’t have a dune buggy or a van with outrageously flared arches and an eye-hurting paint job you were nothing in those days — or at least that’s what those of us who were too young to possess such vehicles except as posters on our bedroom walls were led to believe. Periscope Films have put up a period guide from the early 1970s on how to build your own dune buggy, and can we just say it’s got us yearning to drive something just as outrageous?

Of course, auto salvage yards aren’t bursting with Beetles as donor cars in 2024, indeed the accident-damaged model used in the film would almost certainly now be lovingly restored instead of being torn apart to make a dune buggy. We’re taken through the process of stripping and shortening the Beetle floorpan, for which we’re thankful that in 2024 we have decent quality cutting disks, and watching the welder joining thin sheet metal with a stick welder gives us some serious respect for his skills.

Perhaps the part of this video most likely to raise a smile is how it portrays building a car as easy. Anyone who has ever hacked a car to pieces will tell you that’s the easy part, and it’s the building something from the pile of rusty parts which causes so many projects to fail. But given an accident damaged Beetle and a buggy kit in 1972 would we have dug in and given it a try? Of course!

We’ve touched on the Beetle’s hackability in the past, but some of us believe that the crown of most hackable car rests elsewhere.

Continue reading “Retrotechtacular: Build Your Own Dune Buggy, 1970s Style”