Posts

Showing posts from March, 2021

Haptic Feedback For FPS Games Relies on OpenCV

Image
PC gamers consider their platform superior for the sheer processing power that can be brought to bear, as well as the inherent customisability of their rigs. Where they’re let down perhaps is in the typical keyboard and mouse interface, which tends to eschew fancy features such as haptic feedback which have long been standard on consoles. Aiming to rectify this, [Neutrino-1] put together a fancy haptic feedback system for FPS games. The hack is quite elegant, using a Python app to scrape the GUI of FPS games for a health readout. The health numbers are gleaned using OpenCV to do optical character recognition, and the resulting data is sent to an ESP12E microcontroller over a USB serial connection. The ESP12E then controls a series of Neopixel LEDs and vibration motors, providing color and haptic feedback in response to the user’s health bar changing in game. Using image recognition allows the system to be quickly reconfigured to work with different games, without the mess of having ...

One Bit CPU Runs at a Blistering 60Hz

Image
If you really think hard about it, a CPU is just a very general-purpose state machine. Well, most CPUs are, anyway. The MC14500 is a one-bit computer that has only 16 instructions and was meant to serve in simple tasks where a big CPU wouldn’t work for space, power, or budget reasons. However, [Laughton] took the idea one step further and created a single-bit computer with no real instructions to control a printing press. The finished machine uses a clever format in an EEPROM to drive an endless program. Honestly, we’d say this is more of a state machine, but we like the idea of it being a minimal CPU which is also true. The design uses the EEPROM in an odd way. Each CPU address really addresses a block of four bytes. The byte that gets processed depends on the current phase and the status of the one-bit flag register. Each four-byte block has two sections. There are two instructions that read inputs and sets outputs. The first instruction executes if the flag register is false an...

Scratch-Built CO2 Laser Tube Kicks Off a Laser Cutter Build

Image
When we see a CO 2 laser cutter build around these parts, chances are pretty good that the focus will be on the mechatronics end, and that the actual laser will be purchased. So when we see a laser cutter project that starts with scratch-building the laser tube , we take notice. [Cranktown City]’s build style is refreshingly informal, but there’s a lot going on with this build that’s worth looking at — although it’s perhaps best to ignore the sourcing of glass tubing by cutting the ends off of an old fluorescent tube; there’s no mention of what became of the mercury vapor or liquid therein, but we’ll just assume it was disposed of safely. We’ll further assume that stealing nitrogen for the lasing gas mix from car tires was just prank, but we did like the rough-and-ready volumetric method for estimating the gas mix. The video below shows the whole process of building and testing the tube. Initial tests were disappointing, but with a lot of tweaking and the addition of a much bigger ...

Ziggy Ransomware Gang Offers Refunds To Victims

from Packet Storm https://ift.tt/39vsSL2

Iranian Credential Thieves Target Medical Researchers

from Packet Storm https://ift.tt/3cBH4UM

Hacker Exploits Bug In Doom To Run Snake

from Packet Storm https://ift.tt/2O7DmJ6

Faraday 3.14.3

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way. from Packet Storm https://ift.tt/3wiv9D5

Scapy Packet Manipulation Tool 2.4.5rc1

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc. from Packet Storm https://ift.tt/31xoDKL

Backdoor.Win32.Burbul.b Authentication Bypass / Man-In-The-Middle

Backdoor.Win32.Burbul.b malware suffers from bypass and man-in-the-middle vulnerabilities. from Packet Storm https://ift.tt/3dqmtCb

IRC-Worm.Win32.Silentium.a Insecure Permissions

IRC-Worm.Win32.Silentium.a malware suffers from an insecure permissions vulnerability. from Packet Storm https://ift.tt/3cDykgR

Red Hat Security Advisory 2021-1050-01

Red Hat Security Advisory 2021-1050-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities. from Packet Storm https://ift.tt/3wiucL1

Red Hat Security Advisory 2021-1051-01

Red Hat Security Advisory 2021-1051-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service and memory leak vulnerabilities. from Packet Storm https://ift.tt/2QY3ast

Gentoo Linux Security Advisory 202103-04

Gentoo Linux Security Advisory 202103-4 - A vulnerability in SQLite could lead to remote code execution. Versions less than 3.34.1 are affected. from Packet Storm https://ift.tt/2QVhPEE

Gentoo Linux Security Advisory 202103-03

Gentoo Linux Security Advisory 202103-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1k are affected. from Packet Storm https://ift.tt/3rEt7d8

DD-WRT 45723 Buffer Overflow

DD-WRT 45723 UPNP buffer overflow proof of concept exploit. from Packet Storm https://ift.tt/3u20FU6

Gentoo Linux Security Advisory 202103-02

Gentoo Linux Security Advisory 202103-2 - A vulnerability in Redis could lead to remote code execution. Versions less than 6.0.12 are affected. from Packet Storm https://ift.tt/3u6iAsP

Gentoo Linux Security Advisory 202103-01

Gentoo Linux Security Advisory 202103-1 - Multiple vulnerabilities have been found in Salt, the worst of which could allow remote attacker to execute arbitrary commands. Versions less than 3000.8 are affected. from Packet Storm https://ift.tt/39wSyHf

CourseMS 2.1 Cross Site Scripting

CourseMS version 2.1 suffers from a persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/3sAfE7k

Ubuntu Security Notice USN-4898-1

Ubuntu Security Notice 4898-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed. from Packet Storm https://ift.tt/3fAvVpn

Red Hat Security Advisory 2021-0943-01

Red Hat Security Advisory 2021-0943-01 - This release of Red Hat build of Eclipse Vert.x 4.0.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an information leakage vulnerability. from Packet Storm https://ift.tt/3udjdR8

Ubuntu Security Notice USN-4897-1

Ubuntu Security Notice 4897-1 - Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service. from Packet Storm https://ift.tt/3dlHKwO

Ubuntu Security Notice USN-4896-1

Ubuntu Security Notice 4896-1 - It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting attacks. from Packet Storm https://ift.tt/3dmNAxR

Web Tool Cranks Up The Power on DJI’s FPV Drone

Image
Apparently, if the GPS on your shiny new DJI FPV Drone detects that it’s not in the United States, it will turn down its transmitter power so as not to run afoul of the more restrictive radio limits elsewhere around the globe. So while all the countries that have put boots on the Moon get to enjoy the full 1,412 mW of power the hardware is capable of, the drone’s software limits everyone else to a paltry 25 mW. As you can imagine, that leads to a considerable performance penalty in terms of range. But not anymore. A web-based tool called B3YOND promises to reinstate the full power of your DJI FPV Drone no matter where you live by tricking it into believing it’s in the USA. Developed by the team at [D3VL], the unlocking tool uses the new Web Serial API to send the appropriate “FCC Mode” command to the drone’s FPV goggles over USB. Everything is automated, so this hack is available to anyone who’s running a recent version of Chrome or Edge and can click a button a few times. There’s...

Boston Dynamics Stretch Robot Trades Lab Coat For Work Uniform

Image
Boston Dynamics has always built robots with agility few others could match. While great for attention-getting demos, from outside the company it hasn’t been clear how they’ll translate acrobatic skills into revenue. Now we’re getting a peek at a plan in an interview with IEEE Spectrum about their new robot Stretch. Most Boston Dynamics robots have been research projects, too expensive and not designed for mass production. The closest we got to date was Spot, which was offered for sale and picked up a few high profile jobs like inspecting SpaceX test sites . But Spot was still pretty experimental without an explicit application. In contrast, Stretch has a laser-sharp focus made clear by its official product page : this robot will be looking for warehouse jobs. Specifically, Stretch is designed to handle boxes up to 50 lbs (23 kg). Loading and unloading them, to and from pallets, conveyer belts, trucks, or shipping containers. These jobs are repetitive and tedious back-breaking work...

Sawblade Turned Beyblade Looks Painful To Tangle With

Image
Beyblades were a huge craze quite some years back. Children battled with spinning tops in small plastic arenas, or, if their local toy stores were poorly merchandised, in salad bowls and old pie dishes. The toys were safe enough, despite their destructive ethos, by virtue of being relatively small and lightweight. This “Beyblade” from [i did a thing] is anything but, however.  The build begins with a circular saw blade over 1 foot in diameter, replete with many angry cutting teeth that alone portend danger for any individual unlucky enough to cross its path. Saw blades tend to cut slowly and surely however, so to allow the illicit Bey to deal more traumatic blows, a pair of steel scraps are welded on to deliver striking blows as well. This has the added benefit of adding more mass to the outside of the ‘blade, increasing the energy stored as it spins. With the terrifying contraption spun up to great RPM by a chainsaw reeling in string, it’s able to demolish cheap wood and bone w...

Wires vs Words — PCB Routing in Python

Image
Preferring to spend hours typing code instead of graphically pushing traces around in a PCB layout tool, [James Bowman] over at ExCamera Labs has developed CuFlow , a method for routing PCBs in Python. Whether or not you’re on-board with the concept, you have to admit the results look pretty good. GD3X Dazzler PCB routed using CuFlow Key to this project is a concept [James] calls rivers — the Dazzler board shown above contains only eight of them. Connections get to their destination by taking one or more of these rivers which can be split, joined, and merged along the way as needed in a very Pythonic manner. River navigation is performed using Turtle graphics-like commands such as left(90)  and the appropriately named shimmy(d) that aligns two displaced rivers. He also makes extensive use of pin / gate swapping to make the routing smoother, and there’s a nifty shuffler feature which arbitrarily reorders signals in a crossbar manner. Routing to complex packages, like the BGA s...

Hershey Fonts: Not Chocolate, the Origin of Vector Lettering

Image
Over the past few years, I kept bumping into something called Hershey fonts. After digging around, I found a 1967 government report by a fellow named Dr. Allen Vincent Hershey. Back in the 1960s, he worked as a physicist for the Naval Weapons Laboratory in Dahlgren, Virginia, studying the interaction between ship hulls and water. His research was aided by the Naval Ordnance Research Calculator (NORC) , which was built by IBM and was one of the fastest computers in the world when it was first installed in 1954. The NORC’s I/O facilities, such as punched cards, magnetic tape, and line printers, were typical of the era. But the NORC also had an ultra-high-speed optical printer. This device had originally been developed by the telecommunications firm Stromberg-Carlson for the Social Security Administration in order to quickly print massive amounts of data directly upon microfilm. Perhaps you’ve heard stories of programmers waiting impatiently for printouts from mainframe operators? W...

The Word Clock You Can Feel

Image
By this point, pretty much everyone has come across a word clock project, if not built one themselves. There’s just an appeal to looking at a clock and seeing the time in a more human form than mere digits on a face. But there are senses beyond sight. Have you ever heard a word clock? Have you ever felt a word clock? These are questions to which Hackaday’s own [Moritz Sivers] can now answer yes, because he’s gone through the extreme learning process involved in designing and building a haptic word clock driven with the power of magnets . Individual letters of the display are actuated by a matrix of magnetic coils on custom PCBs. These work in a vaguely similar fashion to LED matrices, except they generate magnetic fields that can push or pull on a magnet instead of generating light. As such, there are a variety of different challenges to be tackled: from coil design, to driving the increased power consumption, to even considering how coils interact with their neighbors. Inspired by ...

Red Hat Security Advisory 2021-1031-01

Red Hat Security Advisory 2021-1031-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/3mc8a8b

Red Hat Security Advisory 2021-1027-01

Red Hat Security Advisory 2021-1027-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability. from Packet Storm https://ift.tt/3m3CLVk

Red Hat Security Advisory 2021-1026-01

Red Hat Security Advisory 2021-1026-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include out of bounds read and use-after-free vulnerabilities. from Packet Storm https://ift.tt/2PEN4Dd

Red Hat Security Advisory 2021-1030-01

Red Hat Security Advisory 2021-1030-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a HTTP request smuggling vulnerability. from Packet Storm https://ift.tt/3sD8lM7

Ubuntu Security Notice USN-4895-1

Ubuntu Security Notice 4895-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. Various other issues were also addressed. from Packet Storm https://ift.tt/3cxAy1s

Ubuntu Security Notice USN-4894-1

Ubuntu Security Notice 4894-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. from Packet Storm https://ift.tt/3rzRb0J

Red Hat Security Advisory 2021-1032-01

Red Hat Security Advisory 2021-1032-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities. from Packet Storm https://ift.tt/3u7SYLY

Red Hat Security Advisory 2021-1028-01

Red Hat Security Advisory 2021-1028-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/3m6HjKU

GraphQL Attack

This is a whitepaper that discusses attacking GraphQL. from Packet Storm https://ift.tt/3u5yvaL

Openlitespeed 1.7.9 Cross Site Scripting

Openlitespeed version 1.7.9 suffers from a persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/3fqWwVN

IRC-Worm.Win32.Jane.a Authentication Bypass / Man-In-The-Middle

IRC-Worm.Win32.Jane.a malware suffers from bypass and man-in-the-middle vulnerabilities. from Packet Storm https://ift.tt/3cBk4Wc

Red Hat Security Advisory 2021-0957-01

Red Hat Security Advisory 2021-0957-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.4. from Packet Storm https://ift.tt/3rBG7zW

GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload

GetSimple CMS version 3.3.16 cross site scripting to remote shell upload exploit. from Packet Storm https://ift.tt/3dnowXs

Red Hat Security Advisory 2021-0958-01

Red Hat Security Advisory 2021-0958-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.4. from Packet Storm https://ift.tt/3dhCRoy

IRC-Worm.Win32.Jane.a Authentication Bypass / Code Execution

IRC-Worm.Win32.Jane.a malware suffers from bypass and code execution vulnerabilities. from Packet Storm https://ift.tt/3fsxqWC

Red Hat Security Advisory 2021-1024-01

Red Hat Security Advisory 2021-1024-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include bypass and null pointer vulnerabilities. from Packet Storm https://ift.tt/3ddVPfG

Google Calls It Quits With VR, But Cardboard Lives On

Image
Google giving up on one of their projects and leaving its established userbase twisting in the wind hardly counts as news anymore. In fact, it’s become something of a meme. The search giant is notorious for tossing out ideas just to see what sticks, and while that’s occasionally earned them some huge successes, it’s also lead to plenty of heartache for anyone unlucky enough to still be using one of the stragglers when the axe falls. So when the search giant acknowledged in early March that they would no longer be selling their Cardboard virtual reality viewer , it wasn’t exactly a shock. The exceptionally low-cost VR googles, literally made from folded cardboard, were a massive hit when they were unveiled back in 2014. But despite Google’s best efforts to introduce premium Cardboard-compatible hardware with their Daydream View headset two years later, it failed to evolve into a profitable business. Google Cardboard Of course if you knew where to look, the writing had been on the ...