Slam the Online Scam

Twitter Goodies



First Ever Heart Transplant Using “Dead Heart”

heart transplant with dead heart

Image Credit: St. Vincent’s Hospital

In an amazing medical breakthrough, doctors and scientists recently transplanted two hearts that were (circulatory) dead. Both hearts had stopped beating. Yet, scientists were still able to successfully transplant them into patients. The operation was preformed at St Vincent’s Hospital in Sydney, Australia. Notably, both patients have a bright outlook and are recovering well.

The reason that these operations are so important is, currently, “alive” donor hearts are the only organs that can be used for heart transplants. This means that they must be taken from brain dead patients whose hearts are still beating. Obviously, there are very few people at any given time who are in this brain dead state, so it greatly limits the number of hearts available for transplant.

Amazingly, the hearts that were used in these breakthrough transplants had been dead for at least 20 minutes. They were successfully revived using a ground-breaking preservation fluid, before being transplanted into patients with heart failure.

Bob Graham, the executive director of the Victor Chang Cardiac Research Institute, who led the research team, told reporters that this will mean around 30 percent more people will be able to have heart transplants.

Michelle Gribilar, who is currently 57 years-old, had the first transplant of this kind a few months ago. She is well on her way to recovery. The second recipient is Jan Damen; she had the surgery a few weeks ago, and she is also recovering as doctors had hoped. Both had suffered congenital heart failure.

The scientists developed a special preservation solution that works on a “heart in a box” to keep the dead heart healthy even without blood flow.

Doctor’s who preformed this procedure explained how the breakthrough works:

We can take the heart out and we can put it on a console where we connect it up with blood going through the heart and providing oxygen. Gradually the heart … starts beating again, and we can keep it warm and we can transport it on this console and we also give it a preservation solution that allows it to be more resistant to the damage of lack of oxygen. So those two things coming together almost like a perfect storm have allowed this sort of donation, this sort of transplantation of a heart that has stopped beating to occur. Before that it wasn’t possible.

Of course, this procedure won’t save the life of everyone who has heart problems, but it will save many many lives.

The post First Ever Heart Transplant Using “Dead Heart” appeared first on From Quarks to Quasars.

Hacklet 20 – Halloween Hacks


Hey, did you know that is continuously being updated and improved? One of the coolest features this week is the new LaTeX based equation editor. That’s right, you can now put symbols, equations, and all sorts of other LaTeX goodies into your posts. Check out [Brian Benchoff's] LaTeX demo project for more information.

Every holiday is a season for hacks, but Halloween has to be one of the best. From costumes to decorations, there are just tons of opportunities for great projects. We know that with an entire week left before the big day, most of you are still working on your projects. However a few early bird hackers already have Halloween themed projects up on We’re featuring them here – on the Hacklet!

pumpkin1[philmajestic] is in the Halloween spirit with his AVR Halloween Pumpkin. [Phil] created a motion activated Jack-o’-lantern with an ATmega328 as its brain. The AVR monitors a PIR motion sensor. When motion is detected, it flashes Jack’s LED eyes and plays spooky sound files from a WTV-020-16sd audio player. This is a great example of how a bit of work can create something cooler and infinitely more flexible than a store-bought decoration. Nice work [Phil]!

littlebitsPortraitThe littleBits crew have been working overtime on Halloween hacks this year. We definitely like their Halloween Creepy Portrait. A motion trigger, a servo, and a few glue bits are all it take to turn a regular portrait into a creepy one. When the motion detector is triggered, the servo moves a paper behind the portrait’s eyes. The replacement eyes look like some sort of demon or cat. Definitely enough to give us nightmares!

ironman[jeromekelty] helped his friend [Greg] build an incredible Animatronic Iron Man MKIII suit. The suit features RFID tags which trigger suit features. Since we’re talking about an Iron Man suit, “features” are things like shoulder rockets, boot thrusters, and a helmet that lifts up to reveal “Tony Stark”. No less than four Arduinos handle the various I/O’s. The suit even features an Adafruit WaveShield for authentic sounds! The electronics are just one piece of the puzzle here. [Greg] is a card-carrying member of the Replica Prop Forum. His MKIII suit is incredibly detailed. We especially like the weathering and battle damage!

tenticlesFinally, [Griff's] son is going to be wearing a Crochet Cthulhu Mask, with Arduino controlled tentacles for Halloween this year. [Griff] is an experienced crochet hobbiest. He’s mixing his love of needlework with his love of electronics to build the animated Cthulhu mask for his 4-year-old son. The mask is based on a free crochet pattern from ravelry, though [Griff] is making quite a few changes to support his application. The mask will be smaller to fit a 4-year-old, and will contain servos to move the tentacles. We haven’t heard from [Griff] in a while, so if you see him, tell him to post an update on the mask!

If you haven’t started working on your Halloween hacks, get busy! But don’t forget to upload them to! If we get enough, we’ll run a second Hacklet with even more great projects. Until then, you can check out our Halloween Projects List!

That’s about it for this frightful episode The Hacklet. As always, see you next week. Same hack time, same hack channel, bringing you the best of!

Filed under: Hackaday Columns

The Science of Magnetism

Photo Credit: Katie Waldeck

(Photo Credit: Katie Waldeck)

Ancient humans have been aware of the magnetic force ever since at least 600 BC, back before Newton developed this laws of motion, and before we had any grasp of the four fundamental forces  of nature. Despite the fact that we didn’t completely understand what magnetism was, we still used compasses back then. Imagine what it must have felt like to use such a device, without knowing the science behind it (though, of course, many of us still use technologies far more sophisticated than a compass, without having a basic idea of how things work).

Some light was shed on this mystery accidentally in 1820 by Hans Christian Ørsted — a Danish physicist born in 1777. While preparing a lecture, he discovered that a compass needle would deflect when brought close to a live electrical wire. People alive at that time already knew the electric force existed, but the connection between electricity and magnetism was revolutionary. Indeed, it took another 45 years until we developed a full explanation of this phenomenon; when James Clerk Maxwell produced the electromagnetic theory of light.

How Magnetism Works:

Maxwell showed that a magnetic field is produced by moving electrical charges. This perfectly explains Ørsted’s observation with the needle and live electrical wires. Simply put, this happens because an electric current is simply the movement of electrical charges. Now, we have used this phenomena to create electromagnets,or  long wires wounded to a coil. This way, the magnetic field produced by a single wire is multiplied by the number of turns. Electromagnets have the advantage of being able to be turned on or off anytime we like.

Photo Credit:

Photo Credit:

But what about permanent magnets (like bar magnets, refrigerator magnets, etc.)? They obviously don’t have electric currents flowing through them. They are a bit more difficult to explain, but, to summarize, the magnetic field from one of these objects is created by three things:

  • The first is the orbit of the electron around the nucleus. Although this model that the electron orbits the nucleus has long been proven wrong, it is still a good approximation, and can still be used to explain certain properties of the atom, which is important in the other factors below..
  • The second thing that creates a magnetic field is the spin magnetic moment. This is just a technical term that means an  electron, in and of itself, also acts as a magnet. The spin magnetic moment is also a fundamental property of matter, like charge and mass.
  • The third factor, which doesn’t really affect the magnetic property of the material, is nuclear spin.

With all this in mind, why don’t all objects posses magnetic properties? After all, all objects have orbiting electrons, and these electrons all have a spin magnetic moment, right? Well, we have to consider the fact that there are a lot of electrons even in a small amount of material, and the magnetic fields created by these electrons most of the time cancels out.

How Magnets Are Made:

In order to manufacture a magnet, companies melt iron and place it within a strong magnetic field until it cools. This way, the magnetic fields created inside the iron — which would normally get cancelled out — can freely align themselves with the outside magnetic field. This is called magnetic induction. Magnetic induction is a process where a magnetic field is induced in a non-magnetic material by an outside magnetic field. Surprisingly, you can do this at home. If you stroke an iron nail with a bar magnet many times, you can induce a magnetic field in the iron nail, turning it into a magnet.

How magnets are made (Image Credit: Kacie Mills - Edited For Readability)

How magnets are made (Image Credit: Kacie Mills – Edited For Readability)

You can also “destroy” a magnet. By that, I mean, you can take away its magnetic properties. If you heat the magnet up and then strike it with a hammer, the magnetically aligned atoms easily dislodge from their arrangement because of the heat, cancelling out the magnetic fields once again.

The most amazing thing for me, about magnetism is how closely linked it is to the electricity. Maxwell, using his equations, unified these two seemingly unrelated forces to one force: electromagnetism. Maxwell showed mathematically how a changing magnetic field creates a changing electric field (and vice versa). Therefore, magnetism is very important because we use it to create electrical energy. In fact, most of the energy that we use today comes from rotating magnets (see below).

WATCH: Magnetism: Motors and Generators

The post The Science of Magnetism appeared first on From Quarks to Quasars.

What Your Zip Code Says About You

Esri's "Tapestry Segmentation" database mines socioeconomic and demographic data to create a picture of who lives in each zip code.

Astronomy Photo of the Day (APotD): 10/24/14 — Siding Spring Travels Past Mars



This composite NASA Hubble Space Telescope Image captures the positions of comet Siding Spring and Mars in a never-before-seen close passage of a comet by the Red Planet, which happened at 2:28 p.m. EDT October 19, 2014. The comet passed by Mars at approximately 87,000 miles (about one-third of the distance between Earth and the Moon). At that time, the comet and Mars were approximately 149 million miles from Earth. —

The comet image shown here is a composite of Hubble exposures taken between Oct. 18, 8:06 a.m. EDT to Oct. 19, 11:17 p.m. EDT. Hubble took a separate photograph of Mars at 10:37 p.m. EDT on Oct. 18.

The Mars and comet images have been added together to create a single picture to illustrate the angular separation, or distance, between the comet and Mars at closest approach. The separation is approximately 1.5 arc minutes, or one-twentieth of the angular diameter of the full Moon. The background starfield in this composite image is synthesized from ground-based telescope data provided by the Palomar Digital Sky Survey, which has been reprocessed to approximate Hubble’s resolution. The solid icy comet nucleus is too small to be resolved in the Hubble picture. The comet’s bright coma, a diffuse cloud of dust enshrouding the nucleus, and a dusty tail, are clearly visible.

This is a composite image because a single exposure of the stellar background, comet Siding Spring, and Mars would be problematic. Mars is actually 10,000 times brighter than the comet, and so could not be properly exposed to show detail in the Red Planet. The comet and Mars were also moving with respect to each other and so could not be imaged simultaneously in one exposure without one of the objects being motion blurred. Hubble had to be programmed to track on the comet and Mars separately in two different observations.

 The images were taken with Hubble’s Wide Field Camera 3.

(via NASA)

The post Astronomy Photo of the Day (APotD): 10/24/14 — Siding Spring Travels Past Mars appeared first on From Quarks to Quasars.

FTDI Screws Up, Backs Down


A few days ago we learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. The new driver worked perfectly for real FTDI chips, but for counterfeit chips – and there are a lot of them – the USB PID was set to 0, rendering them inoperable with any computer. Now, a few days later, we know exactly what happened, and FTDI is backing down; the driver has been removed from Windows Update, and an updated driver will be released next week. A PC won’t be able to communicate with a counterfeit chip with the new driver, but at least it won’t soft-brick the chip.

Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked. The affected versions of the FTDI driver are 2.11.0 and 2.12.0, released on August 26, 2014. The latest version of the driver that does not have this chip bricking functionality is, released on January 27th. If you’re affected by the latest driver, rolling back the driver through the Device Manager to will prevent counterfeit chips from being bricked. You might want to find a copy of the 2.10.0 driver; this will likely be the last version of the FTDI driver to work with counterfeit chips.

Thanks to the efforts of [marcan] over on the EEVblog forums, we know exactly how the earlier FTDI driver worked to brick counterfeit devices:


[marcan] disassembled the FTDI driver and found the source of the brick and some clever coding. The coding exploits  differences found in the silicon of counterfeit chips compared to the legit ones. In the small snippet of code decompiled by [marcan], the FTDI driver does nothing for legit chips, but writes 0 and value to make the EEPROM checksum match to counterfeit chips. It’s an extremely clever bit of code, but also clear evidence FTDI is intentionally bricking counterfeit devices.

A new FTDI driver, presumably one that will tell you a chip is fake without bricking it, will be released next week. While not an ideal outcome for everyone, at least the problem of drivers intentionally bricking devices is behind us.

Filed under: hardware, news

US ICS-CERT testing medical devices for alleged flaws

The US Government is working with manufacturers and vendors of medical devices and equipment to identify and fix vulnerabilities.

Every day we read about more or less sophisticated attacks against any kind of computing systems that allows threat actors to compromise targeted devices. What do you think if your life depends on the proper functioning of these devices? Security of medical devices is a critical topic approached many times by US authorities, last in order of time is related to an investigation run by the U.S. Department of Homeland Security on two dozen cases of suspected cybersecurity flaws in medical components and hospital equipment.

The devices and equipments under investigation cover a wide range of systems, including medical imaging equipment and hospital networking systems.

The authorities suspect that hackers have exploited flaws in these systems to run cyber attacks, according to the revelation of a senior official at the agency Reuters. The US  ICS-CERT is assessing several products, including an infusion pump from Hospira Inc and implantable heart devices commercialized by Medtronic Inc and St Jude Medical Inc.

Rumors refers that in one case is involved an alleged vulnerability in a type of infusion pump discovered by Billy Rios who declined to provide the name of the manufacturer.

“Two people familiar with his research said the manufacturer was Hospira.” states the Reuters in a blog post.

Billy Rios hacking medical devices

Despite there is no official news related to cyber attacks against these devices, the US Government fears that ill intentioned, could run a remote attack causing malfunction with dramatic consequences.

The US ICS-CERT is working with manufacturers of medical devices to identify to expose confidential data or attack hospital equipment.

“These are the things that shows like ‘Homeland’ are built from,” said the official, referring to the U.S. finction spy drama in which the fictional vice president of the United States is killed by a cyber attack on his pacemaker. “It isn’t out of the realm of the possible to cause severe injury or death,” added the official.

In time I’m writing the US ICS-CERT hasn’t disclosed the name of the company under investigation, and Hospira, Medtronic and St Jude Medical declined to comment the events.

Late 2012 the US Government Accountability Office (GAO) produced a report highlighting the necessity to secure medical devices such as implantable cardioverter defibrillators or insulin pumps. The recommendation was directed to the Food and Drug Administration (FDA) that was invited to approach the problem urgently considering incidents intentionally caused to some devices.

The U.S. Food and Drug Administration, recently released guidelines for manufacturers and healthcare providers to improve the security of medical devices, also in this case the fear is that relate to intentional threats.

“The conventional wisdom in the past was that products only had to be protected from unintentional threats. Now they also have to be protected from intentional threats too,” said William Maisel, chief scientist at the FDA’s Center for Devices and Radiological Health. He declined to comment on the DHS reviews.

The researcher Billy Rios explained that he wrote a program that could remotely control the supply of the amount of drug for insulin pump, forcing them to inject a lethal dose.

“This is a issue that is going to be extremely difficult to patch,” said Rios, that shared the results of his analysis with the DHS.

The DHS is also investigating on alleged vulnerabilities affecting implantable heart devices from Medtronic and St Jude Medical, according to two people familiar with the matter. Both companies have declined comments and confirmed that they are considering security as a serious issue.

Pierluigi Paganini

(Security Affairs –Medical devices, US ICS-CERT)

The post US ICS-CERT testing medical devices for alleged flaws appeared first on Security Affairs.

Disaster as CryptoWall encrypts US firm’s entire server installation

"Here is a tale of ransomware that will make your blood run cold," announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn't exaggerating.

One of his firm's customers contacted him on Oct. 14 for advice on how to buy Bitcoins after all seven of its servers containing 75GB of data had been encrypted by a recent variant of the hated CryptoWall ransom Trojan.

An admin had clicked on a phishing link which was bad enough. Unfortunately, the infected workstation had mapped drives and permissions to all seven servers and so CryptoWall had quickly jumped on to them to hand the anonymous professional a work day to forget.

To read this article in full or to leave a comment, please click here

Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users

A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.

The group behind the attack campaign has been operating since at least 2007 according to researchers from Trend Micro, who published a research paper on Wednesday about the attacks they dubbed Operation Pawn Storm.

The Pawn Storm attackers have used a variety of techniques over the years to compromise their targets, including spear-phishing emails with malicious Microsoft Office attachments that installed a backdoor-type malware program called SEDNIT or Sofacy, or selective exploits injected into compromised legitimate websites.

To read this article in full or to leave a comment, please click here

The ‘Backoff’ malware linked to data breaches is spreading

The number of computers in North America infected by the Backoff malware, which is blamed for a string of payment card breaches, has risen sharply, according to research from network security company Damballa.

The company detected a 57 percent increase between August and September in devices infected with Backoff, which scrapes a computer's RAM for leftover credit card data after a payment card has been swiped, said Brian Foster, Damballa's CTO.

Damballa based its finding on data it collects from its ISP and enterprise customers, who use its traffic analysis products to detect malicious activity.

Damballa sees about 55 percent of internet traffic from North America, including DNS requests, though for privacy reasons it doesn't know the IP addresses of most of those computers, Foster said.

To read this article in full or to leave a comment, please click here

Building A Magnetic Levitating Quadcopter

hover Three days ago on October 21, 2014 it was announced to the world the Back to the Future hoverboard was real. It’s a Kickstarter, of course, and it’s trending towards a $5 Million dollar payday for the creator.  Surprisingly for a project with this much marketing genius, it’s a real, existing device and there’s even a patent. From the patent, we’re able to glean a few details of how this hoverboard/magnetic levitation device works, and in our post on the initial coverage, we said we’d be giving away some goodies to the first person who can clone this magnetic levitation device and put it up on

[jellmeister] just won the prize. It’s somewhat cheating, as he’s had his prototype hoverboard working in July, and demoed a more advanced ‘upside-down quadcopter’ device at the Brighton Mini Maker Faire in September. Good on ‘ya [jelly]. You’re getting a gift card for the hackaday store.

hoverLike the Kickstarter hoverboard, [jelly] is using an array of magnets rotating in a frame above a non-ferrous metal. For the initial test, eight neodymium magnets were arranged in a frame, suspended over 3/4″ aluminum plate, and spun up with a drill. With just this simple test, [jelly] was able to achieve 2kg of lift at 1cm and 1kg of lift at 1 inch of separation. This test also provided some valuable insight on what the magnets do to the aluminum or copper; the 3kg aluminum plate was nearly spinning, meaning if this device were to be used on small plates, counter-rotating pairs of magnetic lifters would need to be used.

The test rig then advanced to two pairs of rotors with standard hobby brushless motors, but stability was a problem; the magnetic rotors provided enough lift, but it would quickly fall over. To solve this problem, [jellmeister] took a standard quadcopter configuration, replaced the props with magnetic rotors, and successfully hovered it above a sheet of aluminum at the Brighton Maker Faire.

Since [jellmeister] has actually built one of these magnetically levitating hoverboards, he has a lot more data about how they work than an embargoed press release. The magnetic rotor hoverboard will work on aluminum as well as copper, but [jell] suspects the Kickstarter hoverboard may be operating right at the edge of its performance, necessitating the more efficient copper half pipe. The thickness of the non-ferrous plate also makes a difference, with better performance found using thicker plates. No, you bojo, hoverboards don’t work on salt water, even if you have pow-ah.

So there ‘ya go. That’s how you build a freakin’ hoverboard. [jellmeister]‘s design is a little crude and using a Halbach array for the magnetic rotors should improve efficiency. Using a 3D printed rotor design is a stroke of genius, and we’ll expect a few more quad-magnetic-levitating-things to hit the tip line in short order.

Demos of [jellmeister]‘s work below.

Oh. These things need a name. I humbly submit the term ‘Bojo’ to refer to any device that levitates though rotating magnets and eddy currents.

Filed under: misc hacks

Savannah, Georgia

We wrap up King Cotton Week with this picture of Cotton Bales being loaded onto a steamer. the picture was taken in 1904 in Savannah Georgia. Not sure where the cotton was going, but looks like a big job to get it loaded.

NGA Update: New Director’s Mission; Ebola; and Gamification Software to GitHub

During the last two weeks, there has been a flurry of news from the National Geospaial-Intelligence Agency (NGA) starting with new director Robert Cardill's intentions for the agency. Cardillo stated: Our business has never been more complex. Our profession has never been more... Continue reading

HuddleLamp turns Multiple Tablets into Single Desktop


Imagine you’ve got a bunch of people sitting around a table with their various mobile display devices, and you want these devices to act together. Maybe you’d like them to be peepholes into a single larger display, revealing different sections of the display as you move them around the table. Or maybe you want to be able to drag and drop across these devices with finger gestures. HuddleLamp lets you do all this.

How does it work? Basically, a 3D camera sits above the tabletop, and watches for your mobile displays and your hands. Through the magic of machine vision, a server sends the right images to each screen in the group. (The “lamp” in HuddleLamp is a table lamp arranged above the space with a 3D camera built into it.)

A really nice touch is that the authors also provide JavaScript objects that you can embed into web apps to enable devices to join the group without downloading special software. A new device will flash an identifying pattern that the computer vision routine will recognize. Once that’s done, the server starts sending the correct parts of the overall display to the new device.

The video, below the break, demonstrates the possible interactions.

If you want to dig deeper into how it all works together, download their paper (in PDF) and give it a read. It goes into detail about some of the design choices needed for screen detection and how the depth data from the 3D camera can be integrated with the normal image stream.

Filed under: tablet pcs hacks

NAT-PMP Protocol Vulnerability affects more than 1.2 Million SOHO devices

Security researchers at Rapid7 have discovered a serious NAT-PMP Protocol vulnerability that puts 1.2 Million SOHO routers at risk.

Another serious security flaw is threatening more than 1.2 million SOHO Routers worldwide, the vulnerability is related to the “improper NAT-PMP protocol implementations and configuration flaws“, as explained by Jon Hart, a researcher at Rapid7.

Hart explained the that the security issued  was discovered by the researchers after a scan of the public Internet as part of Project Sonar, which is an ongoing  study on public Internet-facing websites and devices.

The exploitation of the vulnerability allows an attacker to conduct many malicious activities, most serious and dangerous among them being the ability to redirect traffic to a website controlled by the attackers.

In reality, as reported by Rapid7 CSO HD Moore, the Metasploit framework already includes modules to run attacks exploiting NAT-PMP vulnerabilities, the principal problem according to the expert is that the scan did not help Rapid7 to identify the specific products affected by the flaw.

nat-pmp metasploit

As anticipated the options are different, threat actors could cause a denial-of-service condition of the targeted device, could provide the access to the device settings and to the internal NAT client services.

What is the NAT-PMP?

NAT-PMP is technologies that allows, among other things, Internet applications to configure SOHO routers and gateways, bypassing manual port forwarding configuration. NAT-PMP runs over UDP port 5351 and automates the process of port forwarding. It is used by many networking devices to allow external users access to resources behind a NAT.

nat-pmp protocol

The NAT-PMP protocol is widespread due to its simplicity, but as highlighted by Hart it requires careful configuration to avoid serious problems. During the scanning activity, the experts noticed nearly 1.2 million devices on the public Internet that responded to their external NAT-PMP solicitations. The responses provided represent two categories of security vulnerabilities:

  • malicious port mapping manipulation.
  • information disclosure about the NAT-PMP device.

The analysis published by Hart detailed the following specific security:

  • Interception of Internal NAT Traffic: ~30,000 (2.5% of responding devices)
  • Interception of External Traffic: ~1.03m (86% of responding devices)
  • Access to Internal NAT Client Services: ~1.06m (88% of responding devices)
  • DoS Against Host Services: ~1.06m (88% of responding devices)
  • Information Disclosure about the NAT-PMP device: ~1.2m (100% of responding devices)

Moore explained that the interception of external traffic is a very serious issue:

“That will allow someone running a malware command and control kit or something like that to turn your system into a reverse proxy serving malicious traffic, start hosting malicious site on your router’s IP,” said Moore,  “The way they do that is from the malicious system to flip the mapping back to you from all these vulnerable routers. And because of the way the protocol works, you don’t have to actually know where these devices are. You can literally spray them out across the ether.”

Hart explained vulnerable devices are not compliant with the RFC 6886 specification, which states that a NAT gateway must not be configured to accept mapping requests for the external IP address it has on the Internet.

“The NAT gateway MUST NOT accept mapping requests destined to the NAT gateway’s external IP address or received on its external network interface.  Only packets received on the internal interface(s) with a destination address matching the internal address(es) of the NAT gateway should be allowed.” the specification says. 

Hart also added that traffic meant for the device running NAT-PMP internal interface is less likely at risk yet it can be redirected off the network to a service controlled by the attackers.

“This attack can also be used to cause the NAT-PMP device to respond to and forward traffic for services it isn’t even listening on,” Hart wrote. “For example, if the NAT-PMP device does not have a listening HTTP service on the external interface, this same flaw could be used to redirect inbound HTTP requests to another external host, making it appear that HTTP content hosted on the external host is hosted by the NAT-PMP device.”

Security researchers close the post with a series of recommendations for vendors, ISPs and final users.

” Vendors producing products with NAT-PMP capabilities should take care to ensure that flaws like the ones disclosed in this document are not possible in normal and perhaps even abnormal configurations. ISPs and entities that act like ISPs should take care to ensure that the access devices provided to customers are similarly free from these flaws.  Lastly, for consumers with NAT-PMP capable devices on your network, your should ensure that all NAT-PMP traffic is prohibited on un-trusted network interfaces.”

Pierluigi Paganini

(Security Affairs – NAT-PMP, hacking)

The post NAT-PMP Protocol Vulnerability affects more than 1.2 Million SOHO devices appeared first on Security Affairs.

It is time to protect your privacy and files with Privacy Optimizer!

This powerful tool suite will allow you to change your System default privacy settings, and allows you to easily and quickly hide your IP via the integrated proxy manager. Privacy Optimizer also includes a free privacy optimized web browser that more readily fulfils the need to be anonymous in both situations.

With Privacy Optimizer, you can successfully protect your passwords and credit card data from keyloggers, spies, and hackers. Furthermore, there is a secure file deleter and folder protector included in the tool suite. Further, Privacy Optimizer allows you to share your experience about bad behaving or spying websites with known privacy issues, web browsers, and software applications.

A Complete C64 System, Emulated on an STM32


The Commodore 64 is the worlds bestselling computer, and we’re pretty sure most programmers and engineers above a certain age owe at least some of their career to this brown/beige keyboard that’s also a computer. These engineers are all grown up now, and it’s about time for a few remakes. [Jeri Ellisworth] owes her success to her version, there are innumerable pieces of the C64 circuit floating around for various microcontrollers, and now [Mathias] has emulated everything (except the SID, that’s still black magic) in a single ARM microcontroller.

On the project page, [Mathais] goes over the capabilities of his board. It uses the STM32F4, overclocked to 235 MHz. There’s a display controller for a 7″ 800×480 TFT, and 4GB of memory for a library of C64 games. Without the display, the entire project is just a bit bigger than a business card. With the display, it’s effectively a C64 tablet, keyboard not included.

This is a direct emulation of the C64, down to individual opcodes in the 6510 CPU of the original. Everything in the original system is emulated, from the VIC, CIAs and VIAs, serial ports, and even the CPU of the 1541 disk drive. The only thing not emulated is the SID chip. That cherished chip sits on a ZIF socket for the amazement of onlookers.

You can check out some images of the build here, or the video demo below.

Filed under: ARM, classic hacks

Build a Better Something During the Deconstruction 2014


Couldn’t make it to Detroit for the Red Bull Creation Contest? Its founder, [Jason Naumoff], has a separate event called The Deconstruction and 2014 marks the second year of this lively, worldwide competition.

The Deconstruction is taking place November 14-16th and will be broadcast live online. That’s right, you can participate from anywhere in the world, and your team’s progress will be live streamed from The Omni Commons in Oakland, CA. Registration began October 16th and the friendly competition is absolutely free to enter.

Creativity is the name of this game. The idea is to build something awesome using what you already have access to, including teamwork skills. Ideally, what you build will be a deconstruction of something you’d like to see rethought, though there is no stated topic. There are no age limits, no boundaries, and very few rules. A number of great things came out of last year’s event, more of which you can check out at their site. What are you waiting for? Go show the world how you’d make it better.

Filed under: contests

Did We Detect Dark Matter? Astrophysicists Weigh In

X-ray imaging of the Perseus galaxy cluster with Chandra data closer to the center and XMM-Newton data on the outskirts.  Image Credit: Chandra/XMM-Newton/ESA

X-ray imaging of the Perseus galaxy cluster with Chandra data closer to the center and XMM-Newton data on the outskirts. Image Credit: Chandra/XMM-Newton/ESA

There’s been a few articles in the popular press recently announcing the discovery of dark matter particles coming from the Sun. This is not the case. No science team is claiming they’ve discovered dark matter. The story traces it origin to a paper being published in MNRAS, which could be an indirect detection of dark matter, but could also be a few other things. It is an interesting paper, nonetheless.

What the paper actually looks at is possible evidence of axions coming from the Sun. Axions are hypothetical particles that were first proposed in 1977 to address certain issues in quantum chromodynamics (QCD), which describes the behavior of quarks and such that make up protons and electrons (among other things). There has been no evidence for axions, but if they exist, then the Sun should produce axions through nuclear interactions similar to the way it produces neutrinos.

According to the model, axions would be be low mass, chargeless particles that don’t interact strongly with light. This would make them a suitable candidate for cold dark matter. Of course this would also make them particularly difficult to observe directly. But unlike other dark matter candidates, axions do interact slightly with light and electromagnetic fields. So we might be able to see them by their interaction with Earth’s magnetic field.

In the paper the authors demonstrate that high energy axions striking the Earth’s magnetic field could produce x-rays. When they modeled this idea they found that axion-induced x-rays would have a seasonal variation due to the varying tilt of Earth’s axis (and thus its magnetic field). They then looked at x-ray data from the XMM-Newton spacecraft, and found that it had in fact detected a seasonal variation of x-rays. This variation is consistent with the axion model.

Of course before we can say that it’s definitely axions, we need to look for other possible explanations. Not surprisingly there are several. For example, the seasonal variations could be due to subtle and complex interactions between the solar wind and Earth’s magnetic field. So axions are a good candidate for this cyclic variation, but not the only candidate.

Where things could get interesting is through a more detailed study of the seasonal x-ray variations. If they are produced by axions, then the x-rays should have distinct signatures in their spectrum that would distinguish them from other models. So like many cutting edge discoveries it has potential without clear confirmation.

Paper: G. W. Fraser, et al. Potential solar axion signatures in X-ray observations with the XMM-Newton observatory. Monthly Notices of the Royal Astronomical Society, 20 October, 2014

*Christian Beck, who has worked on axions at Queen Mary, University of London, also weighed in: “Dark matter axions, or axion-like particles, could be responsible for this as they can convert to photons in the magnetic field of the Earth. The discovery could potentially be very important. What’s less clear, however, is whether any other explanation of the measured effect can be excluded. A true discovery of dark matter that is convincing for most scientists would require consistent results from several different experiments using different detection methods, in addition to what has been observed by the Leicester group.” (emphasis added)

This article was written by Brian Koberlein and originally published at One Universe at a Time. Read our original coverage of this story here.


The post Did We Detect Dark Matter? Astrophysicists Weigh In appeared first on From Quarks to Quasars.

Another Internet of Things Board (But This One Has Lisp))


Using routers as dev boards has been a long and cherished tradition in the circles we frequent, and finally design houses in China are taking notice. There have been a few ‘Internet of Things’ boards in recent months that have taken the SoC found in low-end routers, packaged the on a board with USB, some GPIOs, and a fair bit of memory and called it a dev board. The ZERO Plus is not an exception to this trend, but it does include a very interesting feature when it comes to the development environment: this one uses Lisp as its native language.

The Zero Plus is pretty much what you would expect from a router SoC being transplanted to an Internet of Things board: it uses the Ralink RT5350 SoC, giving it 802.11b/g/n, has 32MB of RAM, 8 or 16 M of Flash, I2C, I2S, SPI, USB, two UARTs, and 14 GPIOs. There is support for a webcam, temperature and humidity sensor, displays, and Arduino via a breakout board that appears to contain a standard, DIP-sized ATMega328,

All of that could be found in dozens of other boards, though. What really sets this one apart is the Lisp development environment. Programming the Zero is exactly as elegant as you would expect, with a ‘toggle a LED according to what time it is’ program looking something like this:

(define LED_On (lambda ()(dev.gpio 11 “out” 1)))
(define LED_Off (lambda ()(dev.gpio 11 “out” 0)))
(define CurrentTime? (lambda ()
      (int (time.strftime “%H” (time.localtime (time.time))))))
(define Night?
      (lambda ()
                  (> ( CurrentTime? ) 16) (< ( CurrentTime? ) 23)
(if (Night?) (LED_On) (LED_Off)

Dev boards built around somewhat more esoteric programming language isn’t anything new; The Espruino brings Javascript to ARM microcontrollers, and the MicroPython project is an astonishing undertaking and successful Kickstarter that brings the BASIC for the 21st century to the embedded world. Lisp, though… I don’t think anyone expected that. It’s a great way to differentiate your product, though.

Filed under: Crowd Funding, Microcontrollers