Slider

5041 Articles

The Internet Of Football

January 31, 2020 by 37 Comments

While football in the United States means something totally different from what it means in the rest of the world, fans everywhere take it pretty seriously. This Sunday is the peak of U.S. football frenzy, the Super Bowl, and it is surprisingly high-tech. The NFL has invested in a lot of technology and today’s football stats are nothing like those of the last century thanks to some very modern devices.

It is kind of interesting since, at the core, the sport doesn’t really need a lot of high tech. A pigskin ball, some handkerchiefs, and a field marked off with some lime and a yardstick will suffice. However, we’ve seen a long arc of technology in scoreboards, cameras — like instant replay — and in the evolution of protective gear. But the last few years have seen the rise of data collection. It’s being driven by RFID tags in the player’s shoulder pads.

These aren’t the RFID chips in your credit card. These are long-range devices and in the right stadium, a computer can track not only the player’s position, but also his speed, acceleration, and a host of other statistics.

Continue reading “The Internet Of Football”

This Week In Security: OpenSMTPD, Kali Release, Scareware, Intel, And Unintended Consequences

January 31, 2020 by 15 Comments

If you run an OpenBSD server, or have OpenSMTPD running on a server, go update it right now. Version 6.6.2, released January 28th, fixes an exploit that can be launched locally or remotely, simply by connecting to the SMTP service. This was found by Qualys, who waited till the update was released to publish their findings.

It’s a simple logic flaw in the code that checks incoming messages. If an incoming message has either an invalid sender’s username, or invalid domain, the message is sent into error handling logic. That logic checks if the domain is an empty string, in which case, the mail is processed as a local message, sent to the localhost domain. Because the various parts of OpenSMTPD operate by executing commands, this logic flaw allows an attacker to inject unexpected symbols into those commands. The text of the email serves as the script to run, giving an attacker plenty of room to totally own a system as a result.

Browser Locker

“Your browser has been locked to prevent damage from a virus. Please call our Windows help desk immediately to prevent further damage.” Sound familiar? I can’t tell you how many calls I’ve gotten from freaked-out customers, who stumbled upon a scare-ware site that locked their browser. This sort of scam is called a browlock, and one particular campaign was pervasive enough to catch the attention of the researchers at Malwarebytes (Note, the picture at the top of their article says “404 error”, a reference to a technique used by the scam. Keep reading, the content should be below that.).

“WOOF”, Malwarebyte’s nickname for this campaign, was unusual both in its sophistication and the chutzpah of those running it. Browsers were hit via ads right on the MSN homepage and other popular sites. Several techniques were used to get the malicious ads onto legitimate sites. The most interesting part of the campaign is the techniques used to only deliver the scareware payload to target computers, and avoid detection by automated scanners.

It seems that around the time Malwarebytes published their report, the central command and control infrastructure behind WOOF was taken down. It’s unclear if this was a coincidence, or was a result of the scrutiny they were under from the security community. Hopefully WOOF is gone for good, and won’t simply show up at a different IP address in a few days.

Kali Linux

Kali Linux, the distribution focused on security and penetration testing, just shipped a shiny new release. A notable new addition to the Kali lineup is a rootless version of their Android app. Running an unrooted Android, and interested in having access to some security tools on the go? Kali now has your back.

Not all the tools will work without root, particularly those that require raw sockets, and sending malformed packets. It’s still a potentially useful tool to put into your toolbox.

Cacheout, VRD, and Intel iGPU Leaks

Intel can’t catch a break, with three separate problems to talk about. First up is cacheout, or more properly, CVE-2020-0549, also known as L1DES. It’s a familiar song and dance, just a slightly different way to get there. On a context switch, data in the Level 1 cache isn’t entirely cleared, and known side-channel attacks can be used to read that data from unprivileged execution.

VRD, Vector Register Sampling, is another Intel problem just announced. So far, it seems to be a less exploitable problem, and microcode updates are expected soon to fix the issue.

The third issue is a bit different. Instead of the CPU, this is a data leak via the integrated GPU. You may be familiar with the most basic form of this problem. Some video games will flash garbage on the screen for a few moments while loading. In some cases, rather than just garbage, images, video stills, and other graphics can appear. Why? GPUs don’t necessarily have the same strict separation of contexts that we expect from CPUs. A group of researchers realized that the old assumptions no longer apply, as nearly every application is video accelerated to some degree. They published a proof of concept, linked above, that demonstrates the flaw. Before any details were released, Phoronix covered the potential performance hit this would cause on Linux, and it’s not great.

Unintended Legal Consequences

Remember the ransomware attack that crippled Baltimore, MD? Apparently the Maryland legislature decided to step in and put an end to ransomware, by passing yet another law to make it illegal. I trust you’ll forgive my cynicism, but the law in question is a slow-moving disaster. Among other things, it could potentially make the public disclosure of vulnerabilities a crime, all while doing absolutely nothing to actually make a difference.

GE Medical Equipment Scores 10/10

While scoring a 10 out of 10 is impressive, it’s not something to be proud of, when we’re talking about a CVE score, where it’s the most critical rating. GE Healthcare, subsidiary of General Electric, managed five separate 10.0 CVEs in healthcare equipment that they manufacture, and an 8.5 for a sixth. Among the jewels are statements like:

In the case of the affected devices, the configuration also contains a private key. …. The same private key is universally shared across an entire line of devices in the CARESCAPE and GE Healthcare family of products.

The rest of the vulnerabilities are just as crazy. Hard-coded SMB passwords, a network KVM that has no credential checking, and ancient VNC versions. We’ve known for quite some time that some medical equipment is grossly insecure. It will apparently take a security themed repeat of the Therac-25 incident before changes take place.

Odds’n’ends

The Windows 7 saga continues, as Microsoft’s “last” update for the venerable OS broke many users’ desktop backgrounds. Microsoft plans to release a fix.

Firefox purged almost 200 extensions from their official portal over the last few weeks. It was found that over 100 extensions by 2Ring was secretly pulling and running code from a central server.

The Citrix problems we discussed last week has finally been addressed, and patches released, but not soon enough to prevent the installation of future-proof backdoors on devices in the wild. There are already plenty of reports of compromised devices. Apparently the exploitation has been so widespread, that Citrix has developed a scanning tool to check for the indicators of compromise (IoCs) on your devices. Apply patch, check for backdoors.

Retrotechtacular: Teasmade

January 30, 2020 by 70 Comments

We’re used to our domestic appliances being completely automated in 2020, but not so long ago they were much simpler affairs. Not everything required a human to run it though, an unexpected piece of electromechanical automation could be found in British bedrooms. This is the story of the Goblin Teasmade, an alarm clock with a little bit extra.

Continue reading “Retrotechtacular: Teasmade”

The Spitzer Space Telescope Ends Its Incredible Journey

January 30, 2020 by 34 Comments

Today, after 16 years of exemplary service, NASA will officially deactivate the Spitzer Space Telescope. Operating for over a decade beyond its designed service lifetime, the infrared observatory worked in tandem with the Hubble Space Telescope to reveal previously hidden details of known cosmic objects and helped expand our understanding of the universe. In later years, despite never being designed for the task, it became an invaluable tool in the study of planets outside our own solar system.

While there’s been no cataclysmic failure aboard the spacecraft, currently more than 260 million kilometers away from Earth, the years have certainly taken their toll on Spitzer. The craft’s various technical issues, combined with its ever-increasing distance, has made its continued operation cumbersome. Rather than running it to the point of outright failure, ground controllers have decided to quit while they still have the option to command the vehicle to go into hibernation mode. At its distance from the Earth there’s no danger of it becoming “space junk” in the traditional sense, but a rogue spacecraft transmitting randomly in deep space could become a nuisance for future observations.

From mapping weather patterns on a planet 190 light-years away in the constellation Ursa Major to providing the first images of Saturn’s largest ring, it’s difficult to overstate the breadth of Spitzer’s discoveries. But these accomplishments are all the more impressive when you consider the mission’s storied history, from its tumultuous conception to the unique technical challenges of long-duration spaceflight.

Continue reading “The Spitzer Space Telescope Ends Its Incredible Journey”

DDR-5? DDR-4, We Hardly Knew Ye

January 29, 2020 by 32 Comments

This month’s CES saw the introduction of max speed DDR5 memory from SK Hynix. Micron and other vendors are also reportedly sampling similar devices. You can’t get them through normal channels yet, but since you also can’t get motherboards that take them, that’s not a big problem. We hear Intel’s Xeon Sapphire Rapids will be among the first boards to take advantage of the new technology. But that begs the question: what is it?

SDRAM Basics

Broadly speaking, there are two primary contenders for a system that needs RAM memory: static and dynamic. There are newer technologies like FeRAM and MRAM, but the classic choice is between static and dynamic. Static RAM is really just a bunch of flip flops, one for each bit. That’s easy because you set it and forget it. Then later you read it. It can also be very fast. The problem is a flip flop usually takes at least four transistors, and often as many as six, so there’s only so many of them you can pack into a certain area. Power consumption is often high, too, although modern devices can do pretty well.

Continue reading “DDR-5? DDR-4, We Hardly Knew Ye”

Alternative Uses For Nuclear Waste

January 29, 2020 by 58 Comments

Nuclear power is great if you want to generate a lot of electricity without releasing lots of CO2 and other harmful pollutants. However, the major bugbear of the technology has always been the problem of waste. Many of the byproducts from the operation of nuclear plants are radioactive, and remain so for thousands of years. Storing this waste in a safe and economical fashion continues to be a problem.

Alternative methods to deal with this waste stream continue to be an active area of research. So what are some of the ways this waste can be diverted or reused?

Fast Breeders Want To Close The Fuel Cycle

The Superphénix reactor in France is one of a handful of operational fast-neutron reactor designs.

One of the primary forms of waste from a typical nuclear light water reactor (LWR) is the spent fuel from the fission reaction. These consist of roughly 3% waste isotopes, 1% plutonium isotopes, and 96% uranium isotopes. This waste is high in transuranic elements, which have half-lives measured in many thousands of years. These pose the biggest problems for storage, as they must be securely kept in a safe location for lengths of time far exceeding the life of any one human society.

The proposed solution to this problem is to instead use fast-neutron reactors, which “breed” non-fissile uranium-238 into plutonium-239 and plutonium-240, which can then be used as fresh fuel. Advanced designs also have the ability to process out other actinides, also using them as fuel in the fission process. These reactors have the benefit of being able to use almost all the energy content in uranium fuel, reducing fuel use by 60 to 100 times compared to conventional methods.

Continue reading “Alternative Uses For Nuclear Waste”

RF Modulation: Crash Course For Hackers

January 28, 2020 by 16 Comments

When you’re looking to add some wireless functionality to a project, there are no shortage of options. You really don’t need to know much of the technical details to make use of the more well-documented modules, especially if you just need to get something working quickly. On the other hand, maybe you’ve gotten to the point where you want to know how these things actually work, or maybe you’re curious about that cheap RF module on AliExpress. Especially in the frequency bands below 1 GHz, you might find yourself interfacing with a module at really low level, where you might be tuning modulation parameters. The following overview should give you enough of an understanding about the basics of RF modulation to select the appropriate hardware for your next project.

Three of the most common digital modulation schemes you’ll see in specifications are Frequency Shift Keying (FSK), Amplitude Shift Keying (ASK), and LoRa (Long Range). To wrap my mechanically inclined brain around some concepts, I found that thinking of RF modulation in terms of pitches produced by a musical instrument made it more intuitive.

And lots of pretty graphs don’t hurt either. Signals from two different RF dev boards were captured and turned into waterfall and FFT plots using a $20 RTL-SDR dongle. Although not needed for wireless experimentation, the RTL-SDR is an extremely handy debugging tool, even to just check if a module is actually transmitting. Continue reading “RF Modulation: Crash Course For Hackers”