Daily Archives: August 12, 2016

Researchers demonstrate acoustic levitation of a large sphere

Posted on by
Reply


When placed in an acoustic field, small objects experience a net force that can be used to levitate the objects in air. In a new study, researchers have experimentally demonstrated the acoustic levitation of a 50-mm (2-inch) solid polystyrene sphere using ultrasound—acoustic waves that are above the frequency of human hearing.

The demonstration is one of the first times that an object larger than the wavelength of the acoustic wave has been acoustically levitated. Previously, this has been achieved only for a few specific cases, such as wire-like and planar objects. In the new study, the levitated sphere is 3.6 times larger than the 14-mm acoustic wavelength used here.

Source: Researchers demonstrate acoustic levitation of a large sphere

DiskFiltration: sending data using Covert Hard Drive Noise

Posted on by
Reply

‘DiskFiltration,’ a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD). Our method is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer. A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD’s actuator arm. Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g., smartphone, smartwatch, laptop, etc.)

Source: [1608.03431] DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise

Doesn’t work for SSDs 🙂

How the father of the World Wide Web is trying to decentralise it.

Posted on by
Reply

Facebook, Google, eBay, and others own vast swaths of Web activity and have unprecedented power over us, inspiring an effort to re-decentralize the Web.[…]
Berners-Lee’s new project, underway at his MIT lab, is called Solid (“social linked data”), a way for you to own your own data while making it available to the applications that you want to be able to use it.

With Solid, you store your data in “pods” (personal online data stores) that are hosted wherever you would like. But Solid isn’t just a storage system: It lets other applications ask for data. If Solid authenticates the apps and — importantly — if you’ve given permission for them to access that data, Solid delivers it.
[…]

[…]
The InterPlanetary File System (IPFS) takes a different approach. It starts from the conviction that even having web pages identified by a pointer to the server that stores them is too centralized. Why not instead go the way of BitTorrent and let multiple computers supply parts of a page all at the same time? That way, if a web server goes down, it won’t take all of the pages on it with it. IPFS should make the web more resilient, and less subject to censorship.

Source: How the father of the World Wide Web plans to reclaim it from Facebook and Google

MS Secureboot has a golden key – which has been hacked.

Posted on by
Reply

secureboot is a part of the uefi firmware, when enabled, it only lets stuff run that’s signed by a cert in db, and whose hash is not in dbx (revoked). As you probably also know, there are devices where secure boot can NOT be disabled by the user (Windows RT, HoloLens, Windows Phone, maybe Surface Hub, and maybe some IoTCore devices if such things actually exist — not talking about the boards themselves which are not locked down at all by default, but end devices sold that may have secureboot locked on). But in some cases, the “shape” of secure boot needs to change a bit. For example in development, engineering, refurbishment, running flightsigned stuff (as of win10) etc. How to do that, with devices where secure boot is locked on?

Source: Secure Golden Key Boot: (MS16-094 / CVE-2016-3287, and MS16-100 / CVE-2016-3320)

This kind of golden key is what the FBI is pushing for. Now the cat is out of the bag, we can’t put it back in, though.

Failed HUD Helmet Maker Skully Spent Funding On Strippers And Exotic Cars: Lawsuit

Posted on by
Reply

In 2014, San Francisco tech startup Skully raised hype and money to build a Tony Stark-style digitally augmented motorcycle helmet. Almost $2.5 million later, the company’s shutting down. Now a lawsuit from within the company gives us some hints as to why: founders allegedly blew the R&D money on lap dances and fast cars.

Source: Failed HUD Helmet Maker Skully Spent Funding On Strippers And Exotic Cars: Lawsuit

Thieves can wirelessly unlock up to 100 million Volkswagens (and other brands by VW), each at the press of a button

Posted on by
Reply

The hack can be used by thieves to wirelessly unlock as many as 100 million VW cars, each at the press of a button. Almost every vehicle the Volkswagen group has sold for the past 20 years – including cars badged under the Audi and Skoda brands – is potentially vulnerable, say the researchers. The problem stems from VW’s reliance on a “few, global master keys.”

Source: Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button