News comes overnight that the Windows XP source code has been leaked. The Verge says they have “verified the material as legitimate” and that the leak also includes Windows Server 2003 and some DOS and CE code as well. The thing is, it has now been more than six years since Microsoft dropped support for XP, does it really matter if the source code is made public?
The Poison Pill
As Erin Pinheiro pointed out in her excellent article on the Nintendo IP leak earlier this year (perhaps the best Joe Kim artwork of the year on that one, by the way), legitimate developers can’t really make use of leaked code since it opens them up to potential litigation. Microsoft has a formidable legal machine that would surely go after misuse of the code from a leak like this. Erin mentions in her article that just looking at the code is the danger zone for competitors.
Even if other software companies did look at the source code and implement their own improvements without crossing the legal line, how much is there still to gain? Surely companies with this kind of motivation would have reverse engineered the secret sauce of the long dead OS by now, right?
Spy vs. Spy
The next thing that comes to mind are the security implications. At the time of writing, statcount pegs Windows XP at a 0.82% market share which is still going to be a very large number of machines. Perhaps a better question to consider is what types of machines are still running it? I didn’t find any hard data to answer this question, however there are dedicated machines like MRIs that don’t have easy upgrade paths and still use the OS and there is an embedded version of XP that runs on point-of-sale, automated teller machines, set-top boxes, and other long-life hardware that are notorious for not being upgraded by their owners.
Continue reading “Ask Hackaday: Is Windows XP Source Code Leak A Bad Thing?”
If you haven’t heard from other websites yet, earlier this year a leak of various Nintendo intellectual properties surfaced on the Internet. This included prototype software dating back to the Game Boy, as well as Verilog files for systems up to the Nintendo 64, GameCube and Wii. This leak seems to have originated from a breach in the BroadOn servers, a small hardware company Nintendo had contracted to make, among other things, the China-only iQue Player.
So, that’s the gist of it out of the way, but what does it all mean? What is the iQue Player? Surely now that a company’s goodies are out in the open, enthusiasts can make use of it and improve their projects, right? Well, no. A lot of things prevent that, and there’s more than enough precedent for it that, to the emulation scene, this was just another Tuesday.
Continue reading “No, The Nintendo Leak Won’t Help Emulator Developers, And Here’s Why”
A couple of weeks back a report came out where [Tavis Ormandy], a widely known security researcher for Google Project-Zero, showed how it was possible to abuse Lastpass RPC commands and steal user passwords. Irony is… Lastpass is a software designed to keep all your passwords safe and it’s designed in a way that even they can’t access your passwords, the passwords are stored locally using strong cryptography, only you can access them via a master-key. Storing all your passwords in only place has its downfalls. By the way, there is no proof or suggestion that this bug was abused by anyone, so if you use Lastpass don’t worry just yet.
But it got me thinking, how worried and how paranoid should a regular Internet user should be about his password? How many of us have their account details exposed somewhere online? If you’ve been around long enough, odds are you have at least a couple of accounts on some major Internet-based companies. Don’t go rushing into the Dark Web and try to find if your account details are being sold. The easiest way to get your paranoia started is to visit Have I Been Pwned. For those who never heard about it, it’s a website created by [Troy Hunt], a well-known security professional. It keeps track of all known public security breaches he can get his hands on and provides an answer to a simple question: “Was my account in any major data leak?” Let’s take a look.
Continue reading “Is My Password Safe? Practices For People Who Know Better”
The latest from WikiLeaks is the largest collection of documents ever released from the CIA. The release, called ‘Vault 7: CIA Hacking Tools Revealed’, is the CIA’s hacking arsenal.
While Vault 7 is only the first part in a series of leaks of documents from the CIA, this leak is itself massive. The documents, available on the WikiLeaks site and available as a torrent, detail the extent of the CIA’s hacking program.
Of note, the CIA has developed numerous 0-day exploits for iOS and Android devices. The ‘Weeping Angel’ exploit for Samsung smart TVs, “places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.” This Fake-Off mode enables a microphone in the TV, records communications in the room, and sends these recordings to a CIA server. Additionally, the CIA has also developed tools to take over vehicle control systems. The purpose of such tools is speculative but could be used to send a moving car off the road.
It is not an exaggeration to say this is the most significant leak from a government agency since Snowden, and possibly since the Pentagon Papers. This is the documentation for the CIA’s cyberwarfare program, and there are more leaks to come. It will be a while until interested parties — Hackaday included — can make sense of this leak, but until then WikiLeaks has published a directory of this release.
Header image source (CC BY 2.0)
[Thomas Clauser] had his basement flood last year when a hurricane swept over New England. The problem with flooding or leaking water is that chances are you won’t notice until it’s too late. He decided to protect against this in the future by building his own leaking water detector. It’s a simple device that sits on the floor of his basement and triggers an audio alarm if water begins to cover the floor.
He used an old smoke detector for the build; a nice choice since it’s loud, and designed for long-term battery operation. It also has a button for testing if the detector is working. [Thomas] removed the PCB from the smoke detector case and soldered wires onto the test button contacts. He cut a sponge to squeeze it inside of a PVC pipe connector housing. That sits against the floor, with the wires for the test button contacts placed through the sponge. If water is soaked up by the sponge it completes the circuit and triggers the alarm.
A few other design features really make this a nice setup. He notched out the bottom of the PVC connector so that water can flow freely, and added a switch to one of the probe wires lets him kill the alarm when inspecting the damage.
The silicon hacker behind the Chumby, [bunnie huang], was browsing through the Mobile Phone Megamarket in Shenzhen, China and stumbled upon an unusual repair book. It turns out the book had the schematics to hundreds of Nokia phones. It’s hard to tell if they are legitimate, but the amount of information makes them seem so. [bunnie] claims that the book is a learning experience because it shows how some sub-circuits are implemented. Also, it can be a good reference for sourcing parts. Since Nokia buys millions of each component, the supply of parts they use are stable. There are also editions for other brands, such as Motorola and Samsung.
Pre Insiders has reported that the Pre’s Mojo SDK has been leaked to the internet. Palm was planning an early access program, eventually releasing the SDK by the end of the summer, but this leak has accelerated the process. They are posting several download links, including torrents, but they warn developers to use the tools wisely.
Related: Palm Pre teardown