Secure your server FAST

AtomicSecured Linux

Slam the Online Scam

Superawesome site monitoring

Categories

Free goodies – every day!

Giveaway of the Day

Free stuff

Archives

Speedtest yourself

Speedtest.net Mini requires at least version 8 of Flash. Please update your client.

Stop Wildlife Crime

Monitor and protect your site

Sucuri Security

Visitor Stats

Hacking Your Coworkers Label Makers

Finally, a real hack! [PodeCoet] wrote in to tell us about a little fun he had recently in the workplace… He discovered the label makers everyone uses are all IP-enabled… and well, he took advantage of that.

His long but utterly delightfully written blog post is actually a tutorial on how to hack into Zebra-brand printers. From the realization of this possibility, to the first test print, to spoofing his MAC address, [PodeCoet] had a blast doing this — evident in his lovely descriptions of the events — like after he made first access to a printer over IP.

I’m now tripping absolute balls with excitement, and time seems to dilate as I rush to get to the car to drive home.

Unable to contain my excitement during the 20 minute drive, I pull over into a laneway, browse Zebra’s website on my smartphone, and download a copy of the “Zebra ZPL Programming Guide”.

Talk about excitement! Oh and did we mention he originally planned on getting fired by doing this?

He may have reconsidered though and decided on a more neutral-friendly label to mass print at work (which is an assembly line by the way). This is what he came up with:

FC03_trialRun

In the end his “printer attack” lasted about 15 seconds, in which all the printers managed to spit out the same label at about the same time. He wishes he could have gotten a video clip of his coworkers reactions, but obviously this may have given him away.

Here’s a screen cap of his lovely hacking application.

FC03_labelInterface

In conclusion, [PodeCoet] advises you to secure your network:

Always assume someone is trying to break into your s#%t, even if you think your staff are knuckle-dragging neanderthals struggling to make ends-meet.


Filed under: computer hacks

Hackaday Links: January 25, 2015

Misumi is doing something pretty interesting with their huge catalog of aluminum extrusions, rods, bolts, and nuts. They’re putting up BOMs for 3D printers. If you’ve ever built a printer with instructions you’ve somehow found on the RepRap wiki, you know how much of a pain it is to go through McMaster or Misumi to find the right parts. Right now they have three builds, one with linear guides, one with a linear shaft, and one with V-wheels.

So you’re finally looking at those fancy SLA or powder printers. If you’re printing an objet d’arte like the Stanford bunny or the Utah teapot and don’t want to waste material, you’re obviously going to print a thin shell of material. That thin shell isn’t very strong, so how do you infill it? Spheres, of course. By importing an object into Meshmixer, you can build a 3D honeycomb inside a printed object. Just be sure to put a hole in the bottom to let the extra resin or powder out.

Remember that episode of The Simpsons where Homer invented an automatic hammer? It’s been reinvented using a custom aluminum linkage, a freaking huge battery, and a solenoid. Next up is the makeup shotgun, and a reclining toilet.

[Jan] built a digitally controlled analog synth. We’ve seen a few of his FM synths built from an LPC-810 ARM chip before, but this is the first one that could reasonably be called an analog synth. He’s using a digital filter based on the Cypress PSoC-4.

The hip thing to do with 3D printers is low-poly Pokemon. I don’t know how it started, it’s just what the kids are doing these days. Those of us who were around for Gen 1 the first time it was released should notice a huge oversight by the entire 3D printing and Pokemon communities when it comes to low-poly Pokemon. I have corrected this oversight. I’ll work on a pure OpenSCAD model (thus ‘made completely out of programming code’) when I’m sufficiently bored.

*cough**bullshit* A camera that can see through walls *cough**bullshit* Seriously, what do you make of this?


Filed under: Hackaday Columns, Hackaday links

CNCs and Acrylic and LEDs oh my!

Looking for something unique to spice up his music room [Est] decided he wanted to try making a light that responds to the music — kind of like a VU meter, but a little different. He calls it the Light Effect Tower.

The main structure of the tower was cut out of 6mm acrylic using [Est’s] homemade CNC router. He used a V router bit to do the engraving, which when combined with light, produces a high contrast dynamic with the plastic.

He designed the circuit to fit into the triangular base, which uses a PIC micro controller to sample a microphone to produce the lighting effect. The cool thing is, he’s designed it to calculate the max level of noise, to scale the sample accordingly — that way if you’re playing loud music or quiet music, it’ll still work without any adjustments to the microphone gain.

Oh yeah, did we mention this thing is big? It’s actually 1.5 meters tall! Check out the different modes he programmed in — it’s pretty bumping.

For more musical lighting goodness, you’ve gotta see this giant water and light VU meter we covered a few years ago.


Filed under: led hacks

Popular this week on GISuser…

TweetA few highlights on trending articles from the past week… Post by GISuser.com.

CoreXY For a Dry Erase Plotter

After years of playing DnD, it’s finally [Mike]’s turn to be a DM. Of course he can’t draw maps with his hands, so that means building a tabletop plotter.

[Mike] is basing his tabletop game plotter on the Makelangelo, a polar plotter that draws images on a vertical platform with the help of two motors in the corner. This is a tabletop plotter, so the usual vertical arrangement wouldn’t work, but there are some projects out there that use the CoreXY system for a similar horizontal build.

The tabletop CoreXY system is built from rigid aluminum yard sticks, 3D printed parts, two very cheap stepper motors, an Arduino, and a whole lot of string. It’s a very inexpensive build and because [Mike] is using metal rulers for the frame, it’s also very low profile – a nice advantage for table top sessions.

So far, [Mike] has the axes of the plotter moving, with a servo and pen mechanism next on the build plan. He has a few neat ideas for how to plot these dungeon maps by vectoring bitmap images and sending them to the Arduino, something we’ll probably see in a an upcoming build log.

You can check out a video of [Mike]’s build below.


Filed under: cnc hacks

Cat Physics: Making Real Science Real Fun (infograph)

If you haven’t read the news recently, there is a bit of a problem with the education system in the United States—especially when it comes to fields that fall outside of the humanities. The US is significantly lagging when it comes to classes on Science, Technology, Engineering, and Math (STEM).

For example, according to the Organization for Economic Cooperation and Development (OECD), over one-quarter of 15-year-olds in the United States aren’t at the PISA baseline for mathematics proficiency. This is deeply troubling, as this line marks the level at which “students begin to demonstrate the skills that will enable them to participate effectively and productively in life.”

So that’s 25%, over a quarter of American youths, that are in this boat. Fortunately, there are a number of individuals who are working to encourage young people in the sciences, math etc. And what better way to pass along science concepts than by using something that (mostly) everyone loves: Cats.

Cakeburger comics has this awesome infograph that helps explain some science concepts that, otherwise, some might find a little dry and boring. It’s a great way to pass along information to any student who sees science a being a tad lackluster. It may help to familiarize yourself with some of the concepts mentioned, so that you can explain how the scientific law really operates. It would also be good to play a kind of “guessing game,” where you ask what they think the law really applies to and is saying. Get those brains working! For larger, head here.

cat-physics

The post Cat Physics: Making Real Science Real Fun (infograph) appeared first on From Quarks to Quasars.

Physicists Find New Way To Slow The Speed Of Light

Image credit: NASA

Image credit: NASA

In a new paper published in Science Express today (Friday 23 January), researchers from the University of Glasgow and Heriot-Watt University describe how they have managed to slow photons in free space for the first time. They have demonstrated that applying a mask to an optical beam to give photons a spatial structure can reduce their speed.

Their experiment was configured like a race, with two photons released simultaneously across identical distances towards a defined finish line.

The team compare a beam of light, containing many photons, to a team of cyclists who share the work by taking it in turns to cycle at the front. Although the group travels along the road as a unit, the speed of individual cyclists can vary as they swap position.

The group formation can make it difficult to define a single velocity for all cyclists, and the same applies to light. A single pulse of light contains many photons, and scientists know that light pulses are characterised by a number of different velocities.

The researchers found that one photon reached the finish line as predicted, but the structured photon which had been reshaped by the mask arrived later, meaning it was travelling more slowly in free space. Over a distance of one metre, the team measured a slowing of up to 20 wavelengths, many times greater than the measurement precision.

The work demonstrates that, after passing the light beam through a mask, photons move more slowly through space. Crucially, this is very different to the slowing effect of passing light through a medium such as glass or water, where the light is only slowed during the time it is passing through the material – it returns to the speed of light after it comes out the other side. The effect of passing the light through the mask is to limit the top speed at which the photons can travel.

The work was carried out by a team from the University of Glasgow’s Optics Group, led by Professor Miles Padgett, working with theoretical physicists led by Stephen Barnett, and in partnership with Daniele Faccio from Heriot-Watt University.

Daniel Giovannini, one of the lead authors of the paper, said: “The delay we’ve introduced to the structured beam is small, measured at several micrometres over a propagation distance of one metre, but it is significant. We’ve measured similar effects in two different types of beams known as Bessel beams and Gaussian beams.”

Co-lead author Jacquiline Romero said: “We’ve achieved this slowing effect with some subtle but widely-known optical principles. This finding shows unambiguously that the propagation of light can be slowed below the commonly accepted figure of 299,792,458 metres per second, even when travelling in air or vacuum.

“Although we measure the effect for a single photon, it applies to bright light beams too. The effect is biggest when the lenses used to create the beam are large and when the distance over which the light is focused is small, meaning the effect only applies at short range.”

Professor Padgett added: “It might seem surprising that light can be made to travel more slowly like this, but the effect has a solid theoretical foundation and we’re confident that our observations are correct.

“The results give us a new way to think about the properties of light and we’re keen to continue exploring the potential of this discovery in future applications. We expect that the effect will be applicable to any wave theory, so a similar slowing could well be created in sound waves, for example.”

The team’s paper, titled ‘Spatially Structured Photons that Travel in Free Space Slower than the Speed of Light’, is published in Science Express, which provides electronic publication of selected papers in advance of print in the journal Science.


Provided by University of Glasgow

 

The post Physicists Find New Way To Slow The Speed Of Light appeared first on From Quarks to Quasars.

Making Membrane Keypads From Scratch

A few years ago, [Paul]’s son got a simple electronic toy that plays funny noises and sings to him. The son loves the toy, but after months and months of use, the toy was inevitably broken beyond repair. Figuring an ‘electronic box that plays sounds’ wouldn’t be a hard project to replicate, [Paul] set out on making his own. The electronics weren’t hard, but custom membrane keypads are hard to come by. No matter, because it’s actually pretty easy to build your own.

Membrane switches are usually made with silkscreen conductive inks on fancy plastic, but that’s not a requirement to build your own. All you really need are four layers – a ‘front decal’, a ‘top foil’ layer for the rows, a ‘bottom foil’ layer for the columns, and a ‘cutout’ layer that provides enough separation between the rows and columns.

[Peter] laid out the four layers in Illustrator, printed the layers, and covered the rows and columns with copper tape. The cutout layer is the crucial part that keeps the layers separated until the button is pressed, and that was just a piece of card stock with strategically placed holes.

Once the rows, columns, and other layers were glued up, [Peter] could connect this keypad up to a microcontroller. The code is very easy with the Arduino keypad library, and should stand up to the rigors of being handled by a child.


Filed under: toy hacks

Adobe issued the update to fix CVE-2015-0311 zero day

Adobe released a security update that fixes also the zero-day vulnerability CVE-2015-0311 discovered by Kafeine in the last release of Angler exploit kit.

The French security expert Kafeine has recently discovered an unpatched vulnerability (0day) in Flash Player is being exploited by Angler Exploit Kit.

The new variant of the Angler exploit kit that exploit three different vulnerabilities in Flash Player, including the zero-day flaw (coded CVE-2015-0311) for the latest version of Flash (version 16.0.0.257) in several versions of Internet Explorer running on Windows 7 and Windows 8.

Adobe recognized this flaw as a critical vulnerability and it immediately started the investigation on the new Angler exploit kit to develop a security update to secure its customers.

The new Angler exploit kit includes also the code to exploit two known vulnerabilities, but security industry way scared by the presence of a zero-day in Flash that was being used in the wild to install a the Bedep malware.

Angler exploit kit CVE-2015-0311 zero day

 

“A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.” warned Adobe in an Adobe Security Bulletin.

Security experts noticed that attackers that are exploiting the vulnerability in the wild via drive-by-download attacks are targeting systems running Internet Explorer and Firefox on Windows 8.1 and below.

On January 24, Adobe has issued a security update that fixex the vulnerability, as explained by the company users who have enabled auto-update for the Flash Player desktop runtime will be receiving the update that fix also the CVE-2015-0311.

Adobe also announced that the manual download for the update will be available during the week of January 26.Adobe is working with distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.

“This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post. ” states the security advisory.

If you have doubts about the Adobe Flash Player version installed on your machine, verify it by browsing the About Flash Player page.

Pierluigi Paganini

(Security Affairs – Adobe Flash Player, zero day CVE-2015-0311)

The post Adobe issued the update to fix CVE-2015-0311 zero day appeared first on Security Affairs.

Asteroid to Fly By Earth Tomorrow

This graphic depicts the passage of asteroid 2004 BL86, which will come no closer than about three times the distance from Earth to the moon on Jan. 26, 2015. Due to its orbit around the sun, the asteroid is currently only visible by astronomers with large telescopes who are located in the southern hemisphere. But by Jan. 26, the space rock's changing position will make it visible to those in the northern hemisphere. Image (Credit: NASA/JPL-Caltech)

This graphic depicts the passage of asteroid 2004 BL86, which will come no closer than about three times the distance from Earth to the moon on Jan. 26, 2015. Due to its orbit around the sun (Credit: NASA/JPL-Caltech)

An asteroid, designated 2004 BL86, will safely pass about three times the distance of Earth to the moon on January 26. From its reflected brightness, astronomers estimate that the asteroid is about a third of a mile (0.5 kilometers) in size. The flyby of 2004 BL86 will be the closest by any known space rock this large until asteroid 1999 AN10 flies past Earth in 2027.

At the time of its closest approach on January 26, the asteroid will be approximately 745,000 miles (1.2 million kilometers) from Earth.

“Monday, January 26 will be the closest asteroid 2004 BL86 will get to Earth for at least the next 200 years,” said Don Yeomans, who is retiring as manager of NASA’s Near Earth Object Program Office at the Jet Propulsion Laboratory in Pasadena, California, after 16 years in the position. “And while it poses no threat to Earth for the foreseeable future, it’s a relatively close approach by a relatively large asteroid, so it provides us a unique opportunity to observe and learn more.”

One way NASA scientists plan to learn more about 2004 BL86 is to observe it with microwaves. NASA’s Deep Space Network antenna at Goldstone, California, and the Arecibo Observatory in Puerto Rico will attempt to acquire science data and radar-generated images of the asteroid during the days surrounding its closest approach to Earth.

“When we get our radar data back the day after the flyby, we will have the first detailed images,” said radar astronomer Lance Benner of JPL, the principal investigator for the Goldstone radar observations of the asteroid. “At present, we know almost nothing about the asteroid, so there are bound to be surprises.”

Asteroid 2004 BL86 was initially discovered on Jan. 30, 2004 by a telescope of the Lincoln Near-Earth Asteroid Research (LINEAR) survey in White Sands, New Mexico.

The asteroid is expected to be observable to amateur astronomers with small telescopes and strong binoculars.

(From NASA’s Jet Propulsion Lab)

The post Asteroid to Fly By Earth Tomorrow appeared first on From Quarks to Quasars.

Fireplace



The centerpiece of homes a hundred years ago was a functional fireplace. You can see this photo of a home from 1935 has a prominent and functional fireplace. The fireplaces were designed to actually heat the home. Today, most fireplace inserts to not provide any meaningful heat, and in fact, since most pull air for the fire from the home interior, they actually create a draft that draws more cold air into the house than the heat they produce. In other words, most modern fireplaces have a net negative heating effect on the house. The fireplace above is large, built with real fire bricks, and could be used for heating or cooking.

Astronomy Photo of the Day: 1/25/15 — Barnard’s Loop, LDN 1622 & M78

Image Credit: Alistair Symon

Image Credit: Alistair Symon

In what’s sure to be one of the most incredible images I’ve come across, we meet a region found about 1,500 light-years from Earth in the constellation of Orion.

This busy star-field contains numerous large and small-scale wonders. First and foremost, we have Barnard’s Loop: the river of pinkish-red running from bottom left to top right. It is a large and complex emission nebula that contains many of the most famous nebulae our galaxy has to offer, which include: the Great Orion Nebula and the Horsehead Nebula.

After Barnard’s Loop, we have Messier 78 — easily one of the most breathtaking reflection nebulae ever cataloged — pictured in the bottom right.

Messier 78

Messier 78 (Image Credit: ESO/Igor Chekalin)

Like all reflection nebulae, this region is powered by stars surrounded by lots of gas and dust. The dust is so dense in some parts that light simply can’t break through,  but in regions where dust is more scarce, when light from embedded stars leaves the surface, it is greeted by a wall of dust, which sends light scattering at the blue end of the electromagnetic spectrum.

Finally, in the top left, we have the Boogeyman Nebula (otherwise known as LDN 1622); a nebula with a harrowing appearance. It’s predominantly dust, with a bit of gas mixed in. This gas, in turn, generates emission and reflection nebulae. It’s believed to be much closer to Earth than the other regions, hence its larger size.

LDN 1622  (Credit: David Churchhill)

LDN 1622 (Credit: David Churchhill)

Ultimately, the Orion Molecular Cloud Complex takes up more than 10º of our sky, making it approximately 20 times more expansive than the full moon in angular diameter (it takes up half a degree of sky by comparison), and this image only scratches the surface. It merely shows a sliver about 2.5 x 4 degrees in all.

See a larger image here.

The post Astronomy Photo of the Day: 1/25/15 — Barnard’s Loop, LDN 1622 & M78 appeared first on From Quarks to Quasars.

“Scotty” Is More Hungry 3D-printing Fax Machine than Teleporter

Researchers at the Hasso Plattner Institute have created “Scotty,” a so-called teleportation system. While the name is a clear homage to the famous Star Trek character, this is not the Sci-Fi teleporting you may be expecting. The system is composed of two 3D printers (they used a pair of MakerBot Replicators). The “sender” printer has a camera and built-in milling machine. It uses deconstructive scanning – taking the picture of an object’s layer, then grinding that layer down to expose the next layer – and then sends the encrypted data to a “receiver” printer with a RasPi to decrypt the data so that it can immediately print the object. The ultimate idea behind this is that there is only one object at the end of the process.

It’s a disservice describing Scotty as a teleporter. By the researchers’ definition of a teleporter, the lowly fax machine is on par with Scotty – and it doesn’t destroy the original. The researchers claim that this destructive-reconstuctive method preserves the uniqueness of a given object, as long as any sentimentality. We can agree with the unique aspect: the less copies of something means it retains it intrinsic value in the marketplace. The sentimentality – not so much. We’ve all had a moment in our lives where a treasured item of ours, worthless to everyone else, was destroyed. Either we’d get a replacement or someone else would give us one to silence our wailing, but it wasn’t quite the same. If you could clone your dead pet, subconsciously you’d know it’s not going to be the same Fluffy. It’s that exact thing, atoms and all, that has the emotional attachment. Trying to push that psychological perspective onto Scotty’s purpose is irksome.

csm_scotty-relocating-objects-concept_8395293f55Focusing on sales for Scotty is more appropriate, though not without it’s problems. Ideally, for online sales, it’s a way to preserve licensing. You buy a cube, you get one cube; you don’t keep the file to make a hundred cubes without giving the vendor their due. However, from a vendor’s perspective, it is far more profitable for them to keep a prototype file and send a one-time use file rather than go through the process and cost of manufacturing dozens of objects that will be destroyed anyway. Plus, as any owner of a 3D printer is well aware of, prints don’t always come out perfect the first time out. What happens when there’s a screw-up on the receiving printer; you don’t have the opportunity to start over, because the original object is destroyed. There is a fabrication log that prevents completed objects from being reprinted, but nothing is said about it allowing reprints of failed runs or of error detection. Neither the vendor nor customer benefits from that scenario. And as for a sentimental object – now it’s ruined. If this system was to be explored further for a marketplace, these are issues that need to be considered, especially since there are plenty non-destructive ways to scan the innards of an object.

Scotty is an interesting project, and does use a novel approach to 3D printing. It requires a robust system to ensure successful prints on the first try, but it’s going to be a long time before something like this is practical. We see it more an artistic piece and proof-of-concept, but it falls short of the “teleporter” hype.

[via TechCrunch]


Filed under: 3d Printer hacks

Law enforcement using Range-R devices to see through walls

At least 50 US law enforcement agencies quietly deployed Range-R radars that let them effectively see inside homes seeing through walls.

Edward Snowden has confirmed our suspicions about the massive surveillance programs of the US government, but the news that we are going to comment together is very disturbing.

At least 50 U.S. law enforcement agencies are using a technology that allows the agents to see through walls of buildings to spy on people inside the apartments, once against raising privacy questions.

According to a report from USA Today, several dozen law enforcement agencies, including Federal Bureau of Investigation (FBI) and U.S. Marshals, have secretly been using the new radars during the last years. The uncomfortable truth was revealed last month during a court hearing in Denver.

The equipment used by law enforcement is the Range-R, a device that uses radio waves to detect the slightest movements, including breathing, from as much as 50 feet away.

“RANGE-R is a highly sensitive handheld radar system designed to detect and measure the distance to moving and near-stationary personnel through walls constructed of common building materials.” reports the official website of the company that commercialize it.

The news was confirmed by a police officer during the court hearing, the officials described the Range-R as a “hand-held Doppler radar device. It picks up breathing, human breathing and movement within a house.

Range-R device

“Agents’ use of the radars was largely unknown until December, when a federal appeals court in Denver said officers had used one before they entered a house to arrest a man wanted for violating his parole. The judges expressed alarm that agents had used the new technology without a search warrant, warning that “the government’s warrantless use of such a powerful tool to search inside homes poses grave Fourth Amendment questions.” states the post published by the USA Today.

The US Marshals Service began using the Range-R radars in 2012, and official documents confirm that it has so far spent at least $180,000 to buy this equipment.

“The Range-R’s maker, L-3 Communications, estimates it has sold about 200 devices to 50 law enforcement agencies at a cost of about $6,000 each.” reports the USA Today.

The Range-R is easy to sue, agents just have to hold the device against the outside a building to scan every object inside it. The Range-R can detect bouncing off a moving object and classify it as either a “mover” (more active) or a “breather” (less active).

police radar-x Range-R

The official website of L-3 CyTerra reports the following description for the Range-R:

  • The device covers a conical view of 160 degrees and works in a range of around 50 feet.
  • The sensitivity of the Range-R is sufficient to detect people breathing, making it difficult for individuals to hide from Range-R.
  • It will “penetrate most common building wall, ceiling or floor types including poured concrete, concrete block, brick, wood, stucco glass, adobe, dirt, etc. However, It will not penetrate metal.”
  • If a wall is saturated with water, this also may reduce the device’s effect.

I’m not surprised that law enforcement needs to use advanced technology in order to fight the crime and the terrorism. This kind of technology is crucial operations run by authorities, let’s think anti-terrorism and many other.

I understand the fear of many citizens to be unfairly spied on, which is why it is right that the authorization with a search warrant by a Court, but we have also to understand that in certain situations the time is a crucial factor … nobody will use Range-X to look in your home.

Pierluigi Paganini

(Security Affairs – Range-X, law enforcement)

The post Law enforcement using Range-R devices to see through walls appeared first on Security Affairs.

Click-fraud malware drives millions of views to YouTube videos

Scammers are earning advertising revenue by spreading click-fraud malware Tubrosa, which sends compromised computers to their YouTube videos.

A new Click-fraud malware campaign aimed at earning money by using the victim’s machine to view YouTube videos and benefits from ads embedded in them.
The malicious campaign, discovered by experts at Symantec, has targeted users around the world for months by serving a malware dubbed Tubrosa. The click-fraud threat Trojan Tubrosa is composed by two modules, one that is delivered via spear-phishing emails and a second one that is downloaded and run by the first component.
“A few weeks ago, we noticed a two-component click-fraud malware (detected as Trojan.Tubrosa) taking advantage of the YouTube Partner Program. The attackers compromise victims’ computers with the malware and use them to artificially inflate their YouTube video views. This allows the scammers to take advantage of the YouTube Partner Program validation process and monetize their fraudulent activity.” states a blog post published by Symantec.
The Tubrosa Click-fraud malware receives a list of nearly a thousand YouTube links from the C&C server and opens them in the background of the infected machine. The malicious code uses some tricks to avoid arousing suspicion, in fact, it turns down the volume of the speakers while it opens the video in the background, even if there isn’t installed the Adobe Flash player the infected machine, the malware downloads it and installs it to allow viewing of the videos.
Click-fraud malware campaign tubrosa

Symantec experts estimated that the scammers have so far earned several thousand dollars via this particular campaign. It’s impossible to know, but it’s likely they are running other similar ones at the same time.

A possible indicator of infection is a significant performance degradation of the victim’s machine.
“The YouTube Partner Program uses a validation process in order to verify that the user’s account is in good standing. In order to bypass Google security checks, the malware dynamically changes the referrer (REFS.txt) and the useragent (UA.txt) using two PHP scripts. This allows the malware to pretend to be a new connection to Google servers, appearing like a different user is connecting to the same videos,” reports Symantec.
According to Symantec, the scammers started distributing the malware in August 2014, and the campaign is still ongoing. The Tubrosa Click-fraud malware mainly infected systems in South Korea, India and Mexico and US.
Tubrosa Click-fraud malware
Symantec researchers estimated that the scammers have so far earned several thousand dollars via this Click-fraud malware campaign and they haven’t excluded that bad actors are running other similar ones campaigns.

To prevent computers from being compromised with click-fraud malware such as Trojan.Tubrosa, Symantec suggested the respect of the following best practices:

  • Exercise caution when receiving unsolicited, unexpected, or suspicious emails
  • Avoid clicking on links in unsolicited, unexpected, or suspicious emails
  • Avoid opening attachments in unsolicited, unexpected, or suspicious emails
  • Use comprehensive security software

Pierluigi Paganini

(Security Affairs – Click-fraud malware, YouTube)

The post Click-fraud malware drives millions of views to YouTube videos appeared first on Security Affairs.

When Adding Noise Helps

It’s a counterintuitive result that you might need to add noise to an input signal to get the full benefits from oversampling in analog to digital conversion. [Paul Allen] steps us through a simple demonstration of why this works on his blog. If you’re curious about oversampling, it’s a good read.

Oversampling helps to reduce quantization noise, which is the sampling equivalent of rounding error. In [Paul’s] one-bit ADC example, the two available output values are zero volts and one volt. Any analog signal between these two values is rounded off to either zero or one, and the resulting difference is the quantization error.

In oversampling, instead of taking the bare minimum number of samples you need you take extra samples and average them together. But as [Paul] demonstrates, this only works if you’ve got enough noise in the system already. If you don’t, you can actually make your output more accurate by adding noise on the input. That’s the counterintuitive bit.

We like the way he’s reduced the example to the absolute minimum. Instead of demonstrating how 16x oversampling can add two bits of resolution to your 10-bit ADC, it’s a lot clearer with the one-bit example.

[Paul’s] demo is great because it makes a strange idea obvious. But it got us just far enough to ask ourselves how much noise is required in the system for oversampling to help in reducing quantization noise. And just how much oversampling is necessary to improve the result by a given number of bits? (The answers are: at least one bit’s worth of noise and 22B, respectively, but we’d love to see this covered intuitively.) We’re waiting for the next installment, or maybe you can try your luck in the comment section.


Filed under: misc hacks

Start Menu X is a replacement of the system menu for professionals.

Start Menu X is a replacement of the system menu for professionals. Power users know how inconvenient and time-consuming it is to launch programs from the system menu, so Start Menu X is the right solution!

Benefits of PRO version:

  • Single-click launch!
  • Assign a primary program to any folder and start it simply by clicking this folder.
  • Change the structure and add tabs.
  • Manage the Virtual Groups.
  • Sort files by name.

Atari 2600 Controller Now Controls CNC Plasma Cutter

When using any CNC machine the system has to understand where the part to be machined is physically located. This is most commonly done by jogging the tool to a position relative to the part and then indicating to the controller that the tool is indeed at that position. Hobby CNC enthusiasts [Jeremy] and [Yakob] wanted an easy, convenient (and even fun) way to zero their plasma cutter. They decided to make a wireless jog pendant capable of moving and zeroing their machine….. and it’s built into a retro game controller!

The housing is a wireless Atari 2600 controller. Most of the innards were taken out and replaced with a BlueFruit EZ-Key module that takes input signals from the stock joystick and button switches and, in turn, emulates a Bluetooth keyboard signal that is understood by a PC. Most PC-based CNC Control Software’s have keyboard shortcuts for certain functions. This project takes advantage by using those available keyboard shortcuts by mapping individual pin inputs to specific keyboard key presses.

The X and Y axes are controlled by pushing the joystick in the appropriate direction. Pressing the ‘fire’ button zeros the axis. Even though the remote is working now, these two guys want to add a rotary encoder so that they can make minor Z axis height adjustments on the fly since sometimes the metal they are plasma cutting isn’t completely flat.

If you’re interested in making CNC Pendants out of old tech, check out this once-was TV remote.


Filed under: cnc hacks

New Part Day: Silent Stepper Motors

Some of the first popular printers that made it into homes and schools were Apple Imagewriters and other deafeningly slow dot matrix printers. Now there’s a laser printer in every office that’s whisper quiet, fast, and produces high-quality output that can’t be matched with dot matrix technology.

In case you haven’t noticed, 3D printers are very slow, very loud, and everyone is looking forward to the day when high-quality 3D objects can be printed in just a few minutes. We’re not at the point where truly silent stepper motors are possible just yet, but with the Trinamic TMC2100, we’re getting there.

Most of the stepper motors you’ll find in RepRaps and other 3D printers are based on the Allegro A498X series of stepper motor drivers, whether they’re on breakout boards like ‘The Pololu‘ or integrated on the control board like the RAMBO. The Trinamic TMC2100 is logic compatible with the A498X, but not pin compatible. For 99% of people, this isn’t an issue: the drivers usually come soldered to a breakout board.

There are a few features that make the Trinamic an interesting chip. The feature that’s getting the most publicity is a mode called stealthChop. When running a motor at medium or low speeds, the motor will be absolutely silent. Yes, this means stepper motor music will soon be a thing of the past.

However, this stealthChop mode drastically reduces the torque a motor can provide. 3D printers throw around relatively heavy axes fairly fast when printing, and this motor driver is only supposed to be used at low or medium velocities.

The spreadCycle feature of the TMC2100 is what you’ll want to use for 3D printers. This mode uses two ‘decay phases’ on each step of a motor to make a more efficient driver. Motors in 3D printers get hot sometimes, especially if they’re running fast. A more efficient driver reduces heat and hopefully leads to more reliable motor control.

In addition to a few new modes of operation, the TMC2100 has an extremely interesting feature: diagnostics. There are pins specifically dedicated as notification of shorted outputs, high temperatures, and undervolt conditions. This is something that can’t be found with the usual stepper drivers, and it would be great if a feature like this were to ever make its way into a 3D printer controller board. I’m sure I’m not alone in having a collection of fried Pololu drivers, and properly implementing these diagnostic pins in a controller board would have saved those drivers.

These drivers are a little hard to find right now, but Watterott has a few of them already assembled into a Pololu-compatible package. [Thomas Sanladerer] did a great teardown of these drivers, too. You can check out that video below.


Filed under: Hackaday Columns

Earth, The Shore of the Cosmic Ocean: The Unbelievable Ice Caves of Siberia

Siberia might be one of the coldest, harshest places on Earth, but its beauty is undeniable. Indeed, it is home to some of the most spectacular natural landmarks our planet has to offer (though given the fact that winter temperatures average −6° F, or −21° C, not many people are willing to make the trek).

In a series of breathtaking images, photographer Andrey Grachev braved the cold (and put himself in potentially life-threatening situations) to document no man’s land, and everything it has to offer.

Perhaps most beautifully is the ice cave, found on Olkhon Island, he captured in natural light. You can almost feel the icy chill in the air, and the faint glint of sunlight in the corner of your eye; however, it would be disingenuous to say his images are almost as good as seeing it for yourself.

Other noteworthy things include the strange triangular blue features, which are called ice hummocks. Many found in the Lake Baikal region, where the image on the bottom row was taken, can grow to exceptional heights — sometimes spanning 50 feet (15 meters). They are created by a combination of fresh ice and extreme weather: things that are abundant in Siberia.

  • Siberian Ice Cave (3)
  • Siberian Ice Cave (2)
  • Siberian Ice Cave (6)
  • Siberian Ice Cave (7)
  • Siberian Ice Cave (4)
  • Siberian Ice Cave (8)
  • Siberian Ice Cave (5)

All images courtesy of Andrey Grachev.

The post Earth, The Shore of the Cosmic Ocean: The Unbelievable Ice Caves of Siberia appeared first on From Quarks to Quasars.