Author Archives: Jonathan Bennett

Rope Core Drum Machine

Posted on November 7, 2022 by Jonathan Bennett

One of our favorite musical hackers, [Look Mum No Computer] is getting dangerously close to building a computer. His quest was to create a unique drum machine, inspired by a …read more Continue reading Rope Core Drum Machine→

Garage Door Opener Ejection Seat

Posted on November 5, 2022 by Jonathan Bennett

[Scott Prints] had a familiar problem. His garage door opener was boring, and rattled around annoyingly in his car’s center console. This was obviously a major issue that needed to …read more Continue reading Garage Door Opener Ejection Seat→

This Week in Security: OpenSSL Fizzle, Java XML, and Nothing As It Seems

Posted on November 4, 2022 by Jonathan Bennett

The security world held our collective breaths early this week for the big OpenSSL vulnerability announcement. Turns out it’s two separate issues, both related to punycode handling, and they’ve been …read more Continue reading This Week in Security: OpenSSL Fizzle, Java XML, and Nothing As It Seems→

This Week in Security: iOS, OpenSSL, And SQLite

Posted on October 28, 2022 by Jonathan Bennett

Earlier this week, a new release of iOS rolled out, fixing a handful of security issues. One in particular noted it “may have been actively exploited”, and was reported anonymously. …read more Continue reading This Week in Security: iOS, OpenSSL, And SQLite→

This Week in Security: Linux WiFi, Fortinet, Text4Shell, and Predictable GUIDs

Posted on October 21, 2022 by Jonathan Bennett

Up first this week is a quintet of vulnerabilities in the Linux kernel’s wireless code. It started with [Soenke Huster] from TU Darmstadt, who found a buffer overwrite in mac80211 …read more Continue reading This Week in Security: Linux WiFi, Fortinet, Text4Shell, and Predictable GUIDs→

This Week in Security: npm Timing Leak, Siemens Universal Key, and PHP in PNG

Posted on October 14, 2022 by Jonathan Bennett

First up is some clever wizardry from the [Aqua Nautilus] research team, who discovered a timing attack that leaks information about private npm packages. The setup is this, npm hosts …read more Continue reading This Week in Security: npm Timing Leak, Siemens Universal Key, and PHP in PNG→

This Week in Security: PHP Attack Defused, Scoreboard Manipulation, and Tillitis

Posted on October 7, 2022 by Jonathan Bennett

If you use PHP, you likely use the Composer tool for managing dependencies, at least indirectly. And the good folks at SonarSource found a nasty, potential supply chain attack in …read more Continue reading This Week in Security: PHP Attack Defused, Scoreboard Manipulation, and Tillitis→

2022 Cyberdeck Contest: The Oscilloscope Deck

Posted on September 30, 2022 by Jonathan Bennett

When [Jak_o_Shadows] Siglent Oscilloscope died, he didn’t just mourn the loss, he saw an opportunity. See, he had a Raspberry Pi 400 already set aside for a cyberdeck build, and …read more Continue reading 2022 Cyberdeck Contest: The Oscilloscope Deck→

Microsoft Wants You (To Help With Assistive Tech)

Posted on September 30, 2022 by Jonathan Bennett

In college I had an exceptional piano teacher that was entirely blind. One day he noticed I had brought in my new-ish laptop, and his unexpected request — “can I …read more Continue reading Microsoft Wants You (To Help With Assistive Tech)→

This Week in Security: Exchange 0-day, Doppelgangers, And Python Gets Bit in the TAR

Posted on September 30, 2022 by Jonathan Bennett

According to researchers at GTSC, there’s an unpatched 0-day being used in-the-wild to exploit fully patched Microsoft Exchange servers. When they found one compromised server, they made the report to …read more Continue reading This Week in Security: Exchange 0-day, Doppelgangers, And Python Gets Bit in the TAR→