Broadcast Engineer at BellMedia, Computer history buff, compulsive deprecated, disparate hardware hoarder, R/C, robots, arduino, RF, and everything in between.
5385 stories
·
5 followers

Capitol Police officer had to beg Trump rioters not to kill him with his own gun

1 Comment

Capitol Police officer Michael Fanone recounts how a mob of Trump rioters surrounded him and started pulling his badge, ammunition, and other equipment from his uniform. — Read the rest

Read the whole story
tekvax
4 days ago
reply
He should get a medal.
Burlington, Ontario
Share this story
Delete

Somebody matched scenes from Peanuts TV specials to "Roundabout" and the results are excellent

1 Share

A lot of work went into finding snippets from various Peanuts TV specials to make it look like the Peanuts gang is performing "Roundabout" by Yes. The hard work paid off!

Read the whole story
tekvax
7 days ago
reply
Burlington, Ontario
Share this story
Delete

Adafruit interviews Tai Lopez, new owner of RadioShack

1 Share

RadioShack is back?! In this video, our friends at Adafruit interviewed Tai Lopez, who is revamping the storied brand.

Read the whole story
tekvax
8 days ago
reply
Burlington, Ontario
Share this story
Delete

Battlebot for sale, gently used

1 Share

William Osman saw a BattleBot from the TV show for sale, so he did what anyone would do: he bought it, fixed it up, and started monkeying around with it.

The weird part was that he got a lot of haters weighing in about it! — Read the rest

Read the whole story
tekvax
8 days ago
reply
Burlington, Ontario
Share this story
Delete

This Week in Security: Android Bluetooth RCE, Windows VMs, and HTTPS Everywhere

1 Share

Android has released it’s monthly round of security updates, and there is one patched bug in particular that’s very serious: CVE-2021-0316. Few further details are available, but a bit of sleuthing finds the code change that fixes this bug.

Fix potential OOB write in libbluetooth
Check event id if of register notification command from remote to avoid OOB write.

It’s another Bluetooth issue, quite reminiscent of BleedingTooth on Linux. In fact, in researching this bug, I realized that Google never released their promised deep-dive into Bleedingtooth. Why? This would usually mean that not all the fixes have been rolled out, or that a significant number of installations are unpatched. Either way, the details are withheld until the ramifications of releasing them are minimal. This similar Bluetooth bug in Android *might* be why the BleedingTooth details haven’t yet been released. Regardless, there are some serious vulnerabilities patched this in this Android update, so make sure to watch for the eventual rollout for your device.

HTTPS Everywhere

Google and Firefox are continuing their push toward a web based on HTTPS. Some of the changes, particularly by Google, have been viewed with some skepticism. However, this upcoming Chromium change looks like a welcome one. Put simply, when a user types in a URL without specifying HTTP or HTTPS, Chrome will try to load the website over HTTPS first. This change has been spotted in the Chromium source, and isn’t deployed by default anywhere — yet. The eventual implementation will probably feature a parallel lookup of web sites over HTTP and HTTPS, in order to avoid a large slowdown for HTTP only sites. If you live on the Firefox side of the fence, you’re still covered, as Firefox has an optional HTTPS everywhere mode as well.

Zyxel and the Hard-coded Credentials

[Niels Teusink] from EYE was doing some research on his Zyxel router, and came across an undocumented user account, zyfwp. Just looking at the username, I would guess it enables Zxel firmware updates of some sort — And yes, the account is to enable automatic firmware updates. It wasn’t supposed to be enabled for SSH login, though. Yes, a handful of Zyxel models had an unintentional backdoor. [Niels] believes he discovered the problem just weeks after the vulnerable firmware was released, so the impact of this one is minimal. Go check the list of products and firmware to see if your device was affected. One last note, while this sort of vulnerability is always facepalm-worthy, Zyxel absolutely owned up to the goof, responded quickly, and has absolutely done the right thing in fixing this.

Legal and Easy Windows VMs

There’s often a need for disposable Windows installs. Whether you’re looking at a file that is probably a virus, or want to check something out on a clean install, there’s a certain safety in knowing that if something goes wrong, you can just trash the VM and start over. Yes, it’s possible to manage all this manually, but when I came across [Rolando Anton]’s guide to automating the process, I had to make a mental bookmark and share it with you guys.

He first gives us the details on how to manually turn a fresh Windows install into a VM image, which is a useful howto in it’s own right. What comes next is impressive. If I understand what I’m seeing, he’s using Packer to run the whole process as a one-liner. He’s careful to point out that these images are legal for testing, research, and evaluation — not for production environments, as per Microsoft’s licensing.

Using Google to Defeat Google reCAPTCHA

And in a fun turn, it was pointed out to me this week, that you can use Google’s speech to text service to defeat Google’s reCAPTCHA service. ReCAPTCHA is widely considered one of the best CAPTCHA services, or “Completely Automated Public Turing test to tell Computers and Humans Apart”. One of the laudable things Google has done is include alternative ways to solve a CAPTCHA. A blind person, for instance, would be unable to complete a visual CAPTCHA test. One of the alternatives is to listen to a brief audio file, and transcribe what is being said. It just so happens that Google also has a really robust speech-to-text API. With a success rate of something like 91%, you can automatically pass reCAPTCHA using Google’s own service. Man bites dog.

Read the whole story
tekvax
12 days ago
reply
Burlington, Ontario
Share this story
Delete

Recreation of the "PIN cracking" program from Terminator 2

1 Share

Once of my favorite scenes in 1992's Terminator 2 is when John Connor hacks an ATM with an Atari Portfolio and some kind of programmable magnetic strip. Bertrand Fan recreated the prop program in Python; unsatisfied, he then figured out how to program it on an actual Portfolio: "I haven't written Turbo Pascal in about 25 years, but do you ever really forget?Read the rest

Read the whole story
tekvax
12 days ago
reply
Burlington, Ontario
Share this story
Delete
Next Page of Stories