This Week In Security: Cisco, Mitel, And AI False Flags

April 26, 2024 by 3 Comments

There’s a trend recently, of big-name security appliances getting used in state-sponsored attacks. It looks like Cisco is the latest victim, based on a report by their own Talos Intelligence.

This particular attack has a couple of components, and abuses a couple of vulnerabilities, though the odd thing about this one is that the initial access is still unknown. The first part of the infection is Line Dancer, a memory-only element that disables the system log, leaks the system config, captures packets and more. A couple of the more devious steps are taken, like replacing the crash dump process with a reboot, to keep the in-memory malware secret. And finally, the resident installs a backdoor in the VPN service.

There is a second element, Line Runner, that uses a vulnerability to arbitrary code from disk on startup, and then installs itself onto the device. That one is a long term command and control element, and seems to only get installed on targeted devices. The Talos blog makes a rather vague mention of a 32-byte token that gets pattern-matched, to determine an extra infection step. It may be that Line Runner only gets permanently installed on certain units, or some other particularly fun action is taken.

Fixes for the vulnerabilities that allowed for persistence are available, but again, the initial vector is still unknown. There’s a vulnerability that just got fixed, that could have been such a vulnerability. CVE-2024-20295 allows an authenticated user with read-only privileges perform a command injection as root. Proof of Concept code is out in the wild for this one, but so far there’s no evidence it was used in any attacks, including the one above. Continue reading “This Week In Security: Cisco, Mitel, And AI False Flags”

Microsoft Updates MS-DOS GitHub Repo To 4.0

April 26, 2024 by 24 Comments

We’re not 100% sure which phase of Microsoft’s “Embrace, Extend, and Extinguish” gameplan this represents, but just yesterday the Redmond software giant decided to grace us with the source code for MS-DOS v4.0.

To be clear, the GitHub repository itself has been around for several years, and previously contained the source and binaries for MS-DOS v1.25 and v2.0 under the MIT license. This latest update adds the source code for v4.0 (no binaries this time), which originally hit the market back in 1988. We can’t help but notice that DOS v3.0 didn’t get invited to the party — perhaps it was decided that it wasn’t historically significant enough to include.

That said, readers with sufficiently gray beards may recall that DOS 4.0 wasn’t particularly well received back in the day. It was the sort of thing where you either stuck with something in the 3.x line if you had older hardware, or waited it out and jumped to the greatly improved v5 when it was released. Modern equivalents would probably be the response to Windows Vista, Windows 8, and maybe even Windows 11. Hey, at least Microsoft keeps some things consistent.

It’s interesting that they would preserve what’s arguably the least popular version of MS-DOS in this way, but then again there’s something to be said for having a historical record on what not to do for future generations. If you’re waiting to take a look at what was under the hood in the final MS-DOS 6.22 release, sit tight. At this rate we should be seeing it sometime in the 2030s.

How To Cast Silicone Bike Bits

April 26, 2024 by 19 Comments

It’s a sad fact of owning older machinery, that no matter how much care is lavished upon your pride and joy, the inexorable march of time takes its toll upon some of the parts. [Jason Scatena] knows this only too well, he’s got a 1976 Honda CJ360 twin, and the rubber bushes that secure its side panels are perished. New ones are hard to come by at a sensible price, so he set about casting his own in silicone.

Naturally this story is of particular interest to owners of old motorcycles, but the techniques should be worth a read to anyone, as we see how he refined his 3D printed mold design and then how he used mica powder to give the clear silicone its black colour. The final buses certainly look the part especially when fitted to the bike frame, and we hope they’ll keep those Honda side panels in place for decades to come. Where this is being written there’s a CB400F in storage, for which we’ll have to remember this project when it’s time to reactivate it.

If fettling old bikes is your thing then we hope you’re in good company here, however we’re unsure that many of you will have restored the parts bin for an entire marque.

AI System Drops A Dime On Noisy Neighbors

April 25, 2024 by 3 Comments

“There goes the neighborhood” isn’t a phrase to be thrown about lightly, but when they build a police station next door to your house, you know things are about to get noisy. Just how bad it’ll be is perhaps a bit subjective, with pleas for relief likely to fall on deaf ears unless you’ve got firm documentation like that provided by this automated noise detection system.

OK, let’s face it — even with objective proof there’s likely nothing that [Christopher Cooper] is going to do about the new crop of sirens going off in his neighborhood. Emergencies require a speedy response, after all, and sirens are perhaps just the price that we pay to live close to each other. That doesn’t mean there’s no reason to monitor the neighborhood noise, though, so [Christopher] got to work. The system uses an Arduino BLE Sense module to detect neighborhood noises and Edge Impulse to classify the sounds. An ESP32 does most of the heavy lifting, including running the UI on a nice little TFT touchscreen.

When a siren-like sound is detected, the sensor records the event and tries to classify the type of siren — fire, police, or ambulance. You can also manually classify sounds the system fails to understand, and export a summary of events to an SD card. If your neighborhood noise problems tend more to barking dogs or early-morning leaf blowers, no problem — you can easily train different models.

While we can’t say that this will help keep the peace in his neighborhood, we really like the way this one came out. We’ve seen the BLE Sense and Edge Impulse team up before, too, for everything from tuning a bike suspension to calming a nervous dog. Continue reading “AI System Drops A Dime On Noisy Neighbors”

Synthesis Of Goldene: Single-Atom Layer Gold With Interesting Properties

April 25, 2024 by 16 Comments

The synthesis of single-atom layer versions of a range of atoms is currently all the hype, with graphene probably the most well-known example of this. These monolayers are found to have a range of mechanical (e.g. hardness), electrical (conduction) and thermal properties that are very different from the other forms of these materials. The major difficulty in creating monolayers is finding a way that works reliably and which can scale. Now researchers have found a way to make monolayers of gold – called goldene – which allows for the synthesis of relatively large sheets of this two-dimensional structure.

In the research paper by [Shun Kashiwaya] and colleagues (with accompanying press release) as published in Nature Synthesis, the synthesis method is described. Unlike graphene synthesis, this does not involve Scotch tape and a stack of graphite, but rather the wet-etching of Ti3Cu2 away from Ti3AuC2, after initially substituting the Si in Ti3SiC2 with Au. At the end of this exfoliation procedure the monolayer Au is left, which electron microscope studies showed to be stable and intact. With goldene now relatively easy to produce in any well-equipped laboratory, its uses can be explored. As a rare metal monolayer, the same wet exfoliation method used for goldene synthesis might work for other metals as well.

Combadge Project Wants To Bring Trek Tech To Life

April 25, 2024 by 12 Comments

While there’s still something undeniably cool about the flip-open communicators used in the original Star Trek, the fact is, they don’t really look all that futuristic compared to modern mobile phones. But the upgraded “combadges” used in Star Trek: The Next Generation and its various large and small screen spin-offs — now that’s a tech we’re still trying to catch up to.

As it turns out, it might not be as far away as we thought. A company called Vocera actually put out a few models of WiFi “Communication Badges” in the early 2000s that were intended for hospital use, which these days can be had on eBay for as little as $25 USD. Unfortunately, they’re basically worthless without a proprietary back-end system. Or at least, that was the case before the Combadge project got involved.

Designed for folks who really want to start each conversation with a brisk tap on the chest, the primary project of Combadge is the Spin Doctor server, which is a drop-in replacement for the original software that controlled the Vocera badges. Or at least, that’s the goal. Right now not everything is working, but it’s at the point where you can connect multiple badges to a server, assign them users, and make calls between them.

It also features some early speech recognition capabilities, with transcriptions being generated for the voices picked up on each badge. Long-term, one of the goals is to be able to plug the output of this server into your home automation system. So you could tap your chest and ask the computer to turn on the front porch light, or as the documentation hopefully prophesies, start the coffee maker.

There hasn’t been much activity on the project in the last year or so, but perhaps that’s just because the right group of rabid nerds dedicated developers has yet to come onboard. Maybe the Hackaday community could lend a hand? After all, we know how much you like talking to your electronics. The hardware is cheap and the source is open, what more could you ask for?

A Smart Power Distribution Unit For Home Automation

April 25, 2024 by 26 Comments

Power distribution units, as the name implies, are indispensable tools to have available in a server rack. They can handle a huge amount of power for demands of intensive computing and do it in a way that the wiring is managed fairly well. Plenty of off-the-shelf solutions have remote control or automation capabilities as well, but finding none that fit [fmarzocca]’s needs or price range, he ended up building his own essentially from scratch that powers his home automation system.

Because it is the power supply for a home automation system, each of the twelve outlets in this unit needed to be individually controllable. For that, three four-channel relay boards were used, each driven by an output on an ESP32. The ESP32 is running the Tasmota firmware to keep from having to reinvent the wheel, while MQTT was chosen as a protocol for controlling these outlets to allow for easy integration with the existing Node-RED-based home automation system. Not only is control built in to each channel, but the system can monitor the power consumption of each outlet individually as well. The entire system is housed in a custom-built sheet metal enclosure and painted to blend in well with any server rack.

Adding a system like this to a home automation system can simplify a lot of the design, and the scalable nature means that a system like this could easily be made much smaller or much larger without much additional effort. If you’d prefer to keep your hands away from mains voltage, though, we’ve seen similar builds based on USB power instead, with this one able to push around 2 kW.