Hackaday editors Mike Szczys and Elliot Williams review a great week in the hacking world. There’s an incredible 4k projector build that started from a broken cellphone, a hand-cranked player (MIDI) piano, and a woeful story of clipboard vulnerabilities found in numerous browsers and browser-based apps. Plus you’ll love the field-ready solder splice that works like a strike-on box match (reminiscent of using thermite to weld railroad rail) and we spend some time marveling at the problem of finding power cuts on massive grid systems.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Direct download (~65 MB)
Places to follow Hackaday podcasts:
Continue reading “Hackaday Podcast 073: Betrayal By Clipboard, Scratching 4K, Flaming Solder Joints, And Electric Paper”
Back when Windows NT was king, Microsoft was able to claim that it met the strict “Orange Book” C2 security certification. The catch? Don’t install networking and remove the floppy drives. Turns out most of the things you want to do with your computer are the very things that are a security risk. Even copy and paste.
[Michal Benkowki] has a good summary of his research which boils down to the following attack scenario:
- Visit a malicious site.
- Copy something to the clipboard which allows the site to put in a dangerous payload.
- Visit another site with a browser-based visual editor (e.g., Gmail or WordPress)
- Paste the clipboard into the editor.
Continue reading “Copy And Paste Deemed Insecure”
It doesn’t happen often, but every now and again we find ourselves wanting for a more extensible cut and paste experience. Most notably we’ve searched for something that makes is very easy to keep multiple things in the clipboard and paste them as needed. Although we’ve tried several software offerings nothing really made it up to grade, but this hardware clipboard looks very promising. [Luca Dentella] calls it Type4me as it functions as a USB keyboard.
The PIC 18F14K50 enumerates as a USB keyboard, allowing it to send characters anywhere the cursor is located. It sends whatever string is stored inside, with an optional return character at the end. In addition to its keyboard properties it also establishes a serial connection, which allows you to push new strings to the device. This setup does require you to do copy or type your strings into a serial terminal, along with one of four special commands which are parsed by the microcontroller. One of these commands allows you to save the string to EEPROM so that it will be persistent through a power cycle.
The pasting back to the computer takes a mere push of the button. We’ve embedded the video demo after the break. It’s in Italian but there are English subtitles. Near the end [Luca] shows off the device as a macro button for gaming.
Continue reading “Type4me Is A Hardware Clipboard For Your Digital Copy And Paste Needs”