proof of concept

5 Articles

This Week In Security: Bogus CVEs, Bogus PoCs, And Maybe A Bogus Breach

July 7, 2023 by 3 Comments

It appears we have something of a problem. It’s not really a new problem, and shouldn’t be too surprising, but it did pop up again this week: bogus CVEs. Starting out in the security field? What’s the best way to jump-start a career? Getting a CVE find to your name certainly can’t hurt. And as a result, you get very junior security researchers looking for and reporting novel security vulnerabilities of sometimes dubious quality. Sometimes that process looks a lot like slinging reports against the wall to see what sticks. Things brings us to an odd bug report in the OBS Studio project.

A researcher put together a script to look for possible password exposure on Github projects, and it caught a configuration value named “password” in a .ini file, being distributed in the project source. Obvious credential leak in Git source, right? Except for the little detail that it was in the “locale” folder, and the files were named ca-es.ini, ja-jp.ini, and similar. You may be in on the joke by now, but if not, those are translation strings. It wasn’t leaked credentials, it was various translations of the word “password”. This sort of thing happens quite often, and from the viewpoint of a researcher looking at results from an automated tool, it can be challenging to spend enough time with each result to fully understand the code in question. It looks like this case includes a language barrier, making it even harder to clear up the confusion.

Things took a turn for the worse when a CVE was requested. The CVE Numbering Authority (CNA) that processed the request was MITRE, which issued CVE-2023-34585. It was a completely bogus CVE, and thankfully a more complete explanation from OBS was enough to convince the researcher of his error. That, however, brings us back to CVE-2023-36262, which was published this week. It’s yet another CVE, for the same non-issue, and even pointing at the same GitHub issue where the alleged bug is debunked. There’s multiple fails here, but the biggest disappointment is MITRE, for handing out CVEs twice for the same issue. Shout-out to [Netspooky] on Twitter for spotting this one. Continue reading “This Week In Security: Bogus CVEs, Bogus PoCs, And Maybe A Bogus Breach”

Simple Cubes Show Off AI-Driven Runtime Changes In VR

May 30, 2023 by 6 Comments

AR and VR developer [Skarredghost] got pretty excited about a virtual blue cube, and for a very good reason. It marked a successful prototype of an augmented reality experience in which the logic underlying the cube as a virtual object was changed by AI in response to verbal direction by the user. Saying “make it blue” did indeed turn the cube blue! (After a little thinking time, of course.)

It didn’t stop there, of course, and the blue cube proof-of-concept led to a number of simple demos. The first shows off a row of cubes changing color from red to green in response to musical volume, then a bundle of cubes change size in response to microphone volume, and cubes even start moving around in space.

The program accepts spoken input from the user, converts it to text, sends it to a natural language AI model, which then creates the necessary modifications and loads it into the environment to make runtime changes in Unity. The workflow is a bit cumbersome and highlights many of the challenges involved, but it works and that’s pretty nifty.

The GitHub repository is here and a good demonstration video is embedded just under the page break. There’s also a video with a much more in-depth discussion of what’s going on and a frank exploration of the technical challenges.

If you’re interested in this direction, it seems [Skarredghost] has rounded up the relevant details. And should you have a prototype idea that isn’t necessarily AR or VR but would benefit from AI-assisted speech recognition that can run locally? This project has what you need.

Continue reading “Simple Cubes Show Off AI-Driven Runtime Changes In VR”

Inspiring Hacks, Unfinished Hacks

March 26, 2022 by 5 Comments

We got a tip this week, and the tipster’s comments were along the lines of “this doesn’t look like it’s a finished work yet, but I think it’s pretty cool anyway”. And that was exactly right. The work in question is basically attaching a simple webcam to a CNC router and then having at it with OpenCV, and [vector76]’s application was cutting out freeform hand-drawn curves from wood. To amuse his daughter.

But there’s no apology necessary for presenting a work in progress. Unfinished hacks are awesome! They leave room for further improvement and interpretation. They are like an unfinished story, inviting the hacker to dream up their own end. At least that’s how this one worked on me.

My mind went racing — adding smart and extensible computer vision to a CNC router enables not only line tracing, but maybe smarter edge finding, broken tool detection, and who knows what else. With the software end so flexible these days, and the additional hardware demands so minimal, it’s an invitation. It’s like Pavlov ringing that bell, and I’m the dog-hacker. Or something.

So remember this when you get half done with a project, get to a workable first-stage demo, but you haven’t chased down each and every possibility. Leaving something up to other hackers’ imagination can be just as powerful. Your proof of concept doesn’t have to be the mother of all demos — sometimes just a working mouse will suffice.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Flexible Build Platforms Work For FDM, How About SLA?

April 6, 2020 by 6 Comments

Flexible steel sheets as the foundation for build platforms are used to great advantage in FDM 3D printers. These coated sheets are held flat by magnets during printing, and after printing is done the sheet (with print attached) can be removed and flexed to pop the prints free. This got [Jan Mrázek] thinking. He was pretty sure the concept could extend to the build platform on his Elegoo Mars resin printer. With a flexible build platform, troublesome prints could be more easily removed, so he non-destructively modified his printer to have a similar system. [Jan] is clear that this is only a proof of concept, but the test results were good! He printed several jobs that were known to be trouble, and they were all a piece of cake to remove.

[Jan]’s mod consists of a 3D printed, two-piece unit that encapsulates the normal build platform and contains a few strong magnets. A thin sheet of steel sticks flat to this new piece, held in place by the magnets within, and becomes the new build platform. After a print is done, the sheet is removed and [Jan] reports that its flexibility is a big help in removing otherwise troublesome prints, such as the 3D printed solder stencil we covered recently.

[Jan] provides his CAD model but doesn’t really recommend using it for anything other than development work. Results were promising, but there are a number of drawbacks to the prototype. For one thing, it makes the build platform thicker and the Z-axis limit switch needs to be physically lowered in order to zero the unit. Also, the thicker build platform means the volume of resin the build tank can hold is reduced. Still, the idea clearly has merit and shows there absolutely is value in hardware having a hackable design.

3D Printing Flexible Surfaces Out Of Non-Flexible Material

August 5, 2017 by 15 Comments

Here’s some interesting work shared by [Ben Kromhout] and [Lukas Lambrichts] on making flexible 3D prints, but not by using flexible filament. After seeing a project where a sheet of plywood was rendered pliable by cutting a pattern out of it – essentially turning the material into a giant kerf bend – they got interested in whether one could 3D print such a thing directly.

Inspiration for the project was this laser-cut plywood.

The original project used plywood and a laser cutter and went through many iterations before settling on a rectangular spiral pattern. The results were striking, but the details regarding why the chosen pattern was best were unclear. [Ben] and [Lukas] were interested not just in whether a 3D printer could be used to get a similar result, but also wanted to find out what factors separated success from failure when doing so.

After converting the original project’s rectangular spiral pattern into a 3D model, a quick proof-of-concept showed that three things influenced the flexibility of the end result: the scale of the pattern, the size of the open spaces, and the thickness of the print itself. Early results indicated that the size of the open spaces between the solid elements of the pattern was one of the most important factors; the larger the spacing the better the flexibility. A smaller and denser pattern also helps flexibility, but when 3D printing there is a limit to how small features can be made. If the scale of the pattern is reduced too much, open spaces tend to bridge which is counter-productive.

Kerf bending with laser-cut materials gets some clever results, and it’s interesting to see evidence that the method could cross over to 3D printing, at least in concept.