This Week In Security: Twitter, Windows DNS, SAP RECON

July 17, 2020 by Jonathan Bennett 8 Comments

Twitter just had their biggest security breach in years. Mike warned us about it on Wednesday, but it’s worth revisiting a few of the details. The story is still developing, but it appears that malicious actors used social engineering to access an internal Twitter dashboard. This dashboard, among other interesting things, allows directly changing the email address associated with an account. Once the address is changed to the attacker’s, it’s simple to do a password reset and gain access.

The bitcoin address used in the crypto scam ended up receiving nearly $120,000 USD worth of bitcoin, all of which has been shuffled off into different accounts. It’s an old and simple scam, but was apparently rather believable because the messages were posted by verified Twitter accounts.

A series of screenshots have been posted, claiming to be the internal Twitter dashboard used in the attack. More than a few eyebrows have been raised, as a result of that dashboard. First off, the fact that Twitter employees can directly change an account’s email address is asking for trouble. Even more interesting are the tags that can be added to an account. “Trends Blacklist” and “Search Blacklist” do call to mind the rumors of shadow-banning, but at this point it’s impossible to know the details. Motherboard is reporting that Twitter is removing that screenshot across the board when it’s posted, and even suspending accounts that post it. Of course, they’d do that if it were faked as well, so who knows? Continue reading “This Week In Security: Twitter, Windows DNS, SAP RECON” →

X-Ray Sleuthing Unveils The Fake In Your Adaptors

July 15, 2020 by Adil Malik 36 Comments

Lets face it, the knock-off variety of our favourite adaptors, cables and accessories are becoming increasingly challenging to spot. We would be the first to admit, to have at some point, been stooped by a carefully crafted counterfeit by failing to spot the tell-tale yet elusive indicators such as the misplaced font face, the strategically misspelled logo or perhaps the less polished than expected plastic moulding and packaging. When you finally come around to using it, if you are lucky the item is still more or less functionally adequate, otherwise by now the inferior performance (if not the initial cost!) would have made it pretty obvious that what you have is infact a counterfeit.

[Oliver] recently found himself in a similar situation, after acquiring a seemingly original Lightning to Headphone Adaptor. Rather than dismay, [Oliver] decided to channel this energy into an excellent forensic investigation to uncover just what exactly made this imitation so deceptive. He began by comparing the packaging, printed typeface and the plastic moulding, all of which gave very little away. [Oliver] concluded that atleast superficially, the clone was rather good and the only way to settle this was to bring out the X-ray, of course!

The resulting images of the innards make it blatantly obvious as to why the adaptor is indeed very fake. For a start, compared to the original adaptor, the clone hosts a far more thin BOM count! If you are really serious in getting some training to better spot counterfeits, check out a post we featured earlier on the subject!

Changing System Architectures And The Complexities Of Apple’s Butterfly Approach To ISAs

July 13, 2020 by Maya Posch 64 Comments

Apple computers will be moving away from Intel chips to its own ARM-based design. An interesting thing about Apple as a company is that it has never felt the need to tie itself to a particular system architecture or ISA. Whereas a company like Microsoft mostly tied its fortunes to Intel’s x86 architecture, and IBM, Sun, HP and other giants preferred vertical integration, Apple is currently moving towards its fifth system architecture for its computers since the company was formed.

What makes this latest change possibly unique, however, is that instead of Apple relying on an external supplier for CPUs and peripheral ICs, they are now targeting a vertical integration approach. Although the ARM ISA is licensed to Apple by Arm Holdings, the ‘Apple Silicon’ design that is used in Apple’s ARM processors is their own, produced by Apple’s own engineers and produced by foundries at the behest of Apple.

In this article I would like to take a look back at Apple’s architectural decisions over the decades and how they made Apple’s move towards vertical integration practically a certainty.

Continue reading “Changing System Architectures And The Complexities Of Apple’s Butterfly Approach To ISAs” →

Faux Vintage Radio Gets AirPlay Upgrade

June 28, 2020 by Lewin Day 1 Comment

There’s plenty of vintage-styled hardware out these days, with quality and functionality being mixed at best. [Huan] found such a device in the form of an attractively-styled Bluetooth speaker. Deciding he could improve on the capabilities while retaining a stock look, he got down to hacking.

The aim of the project was to keep the original volume knob, buttons and screen, while replacing the internals with something a bit more capable. A Raspberry Pi Zero was sourced as the brains of the operation, with the Google Voice AIY hardware used as the sound output after early attempts with a discrete amplifier faced hum issues. An Arduino Pro Micro was pressed into service to read the volume encoder along with the buttons and drive the charlieplexed LED screen. Shairport Sync was then installed on the Pi Zero to enable Airplay functionality.

It’s a basic hack that nonetheless gives [Huan] an attractive AirPlay speaker, along with plenty of useful experience working with Arduinos and Raspberry Pis. We’ve seen similar hacks before, too. If you’re working on your own stereo resurrection at home, be sure to drop us a line!

Is Anything Really Private Anymore?

June 26, 2020 by Orlando Hoilett 53 Comments

In the connected age, every day it appears privacy is becoming more and more of an idealistic fantasy as opposed to a basic human right. In our latest privacy debate per [TechCrunch], apparently the FBI is taking some shots at Apple.

You may recall the unfortunate events, leading the FBI to ask Apple to unlock an iPhone belonging to a person of interest. Apple did not capitulate to the FBI’s request on the basis of their fundamental commitment to privacy. The FBI wasn’t really thrilled with Apple’s stance given the circumstances leading to the request. Nevertheless, eventually, the FBI was able to unlock the phone without Apple’s help.

You may find it somewhat interesting that the author of the news piece appears to be more upset with the FBI for cracking the phone than at Apple (and by extension other tech companies) for making phones that are crackable to begin with.

Maybe we should take solace in knowing that Apple stood their ground for the sake of honoring their privacy commitment. But as we saw, it didn’t really matter in the end as the FBI was able to hire a third party to help them unlock the phones and were later able to repeat the process in-house. The article also noted that there are other private companies capable of doing exactly what the FBI did. We understand that no encryption is 100% safe. So it begs the question, “Is anything really private anymore?” Share your thoughts in the comments below.

Ditching X86, Apple Starts An ARM Race

June 25, 2020 by Lewin Day 160 Comments

At its annual World Wide Developer Conference, Apple dropped many jaws when announcing that their Mac line will be switching away from Intel processors before the year is out. Intel’s x86 architecture is the third to grace Apple’s desktop computer products, succeeding PowerPC and the Motorola 68000 family before it.

In its place will be Apple’s own custom silicon, based on 64-bit ARM architecture. Apple are by no means the first to try and bring ARM chips to bear for general purpose computing, but can they succeed where others have failed?

Continue reading “Ditching X86, Apple Starts An ARM Race” →

IMac G4 Reborn With Intel NUC Transplant

May 19, 2020 by Tom Nardi 25 Comments

Released in 2002, Apple’s iMac G4 was certainly a unique machine. Even today, its hemispherical case and integrated “gooseneck” display is unlike anything else on the market. Whether or not that’s a good thing is rather subjective of course, but there’s no denying it’s still an attention grabber nearly 20 years after its release. Unfortunately, it’s got less processing power than a modern burner phone.

Which is why [Tom Hightower] figured it was the perfect candidate for a retrofit. Rather than being little more than a display piece, this Intel NUC powered iMac is now able to run the latest version of Mac OS. He even went as far as replacing the display with a higher resolution panel, though it sounds like it was dead to begin with so he didn’t have much choice in the matter.

Somewhere, an early 2000s Apple engineer is screaming.

The retrofit starts off with a brief teardown, which is quite interesting in itself. [Tom] notes a number of unique design elements, chief among them the circular motherboard. The two banks of memory also use different form factors, and only one of them is easily accessible to the end user. Something to think about the next time somebody tells you that Apple’s “brave” hardware choices are only a modern phenomena.

There was plenty of room inside the iMac’s dome to fit the NUC motherboard, and some extension cables and hot glue got the computer’s rear panel suitably updated with the latest-and-greatest ports and connectors. But the conversion wasn’t a total cakewalk. That iconic “gooseneck” put up quite a fight when it was time to run the new wires up to the display. Between the proprietary screws that had to be coerced out with a Dremel to the massive spring that was determined to escape captivity, [Tom] recommends anyone else looking to perform a similar modification just leave the wires on the outside of the thing. That’s what he ended up doing with the power wires for the display inverter.

If you like the idea of reviving old Apple hardware but don’t want to anger the goose, you could start on something a little easier. Like putting an iPad inside of a Macintosh Classic shell.