Pedro Umbelino – Page 6 – WindowsTechs.com

Cloudbleed — Your Credentials Cached in Search Engines

Posted on February 24, 2017 by Pedro Umbelino

In case you are still wondering about the SHA-1 being broken and if someone is going to be spending hundreds of thousands of dollars to create a fake Certificate Authority and sniff your ~~OkCupid~~ credentials, don’t worry. Why spend so much money when your credentials are being cached by search engines?… Wait, what?

A serious combination of bugs, dubbed Cloudbleed by [Tavis Ormandy], lead to uninitialized memory being present in the response generated by the reverse proxies and leaked to the requester. Since these reverse proxies are shared between Cloudfare clients, this makes the problem even worst, since random data …read more

Continue reading Cloudbleed — Your Credentials Cached in Search Engines→

SHAttered — SHA-1 is broken

Posted on February 23, 2017 by Pedro Umbelino

A team from Google and CWI Amsterdam just announced it: they produced the first SHA-1 hash collision. The attack required over 9,223,372,036,854,775,808 SHA-1 computations, the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations. While this may seem overwhelming, this is a practical attack if you are, lets say, a state-sponsored attacker. Or if you control a large enough botnet. Or if you are just able to spend some serious money on cloud computing. It’s doable. Make no mistake, this is not a brute-force attack, that would take around 12,000,000 single-GPU years to complete. …read more

Continue reading SHAttered — SHA-1 is broken→

From Zero to Nano

Posted on February 22, 2017 by Pedro Umbelino

Have you ever wanted to build your own Arduino from scratch? [Pratik Makwana] shares the entire process of designing, building and flashing an Arduino Nano clone. This is not an entry-level project and requires some knowledge of soldering to succeed with such small components, but it is highly rewarding to make. Although it’s a cheap build, it’s probably cheaper to just buy a Nano. That’s not the point.

The goal here and the interesting part of the project is that you can follow the entire process of making the board. You can use the knowledge to design your own board, …read more

Continue reading From Zero to Nano→

Nespresso Capsule Detector

Posted on February 19, 2017 by Pedro Umbelino

Nespresso fans rejoice! If you like coffee (of course you do) and are a Nespresso fan, chances are you are one of two types of persons: the ones that chosen one type of capsule and stick to it or the ones that have a jar full of mixed capsules and lost track which coffee is which. Of course, there is a third, rarer, OCDish, kind. The ones that have every capsule organized neatly by color in a proper holder, full of style. In any case, if you forgot which color is which coffee because you threw the case away and …read more

Continue reading Nespresso Capsule Detector→

Arduino Altair 8800 Simulator

Posted on February 19, 2017 by Pedro Umbelino

Browse around eBay for an original Altair 8800 and you quickly find that the price range is in the thousands of dollars. If you are a collector and have some money in your pocket maybe that’s okay. But if you want the Altair 8800 experience on a budget, you can build yourself a clone with an Arduino. [David] kindly shared the build details on his Arduino Project Hub post. Using an Arduino Due (or a Mega for 25% of original speed), the clone can accurately reproduce the behavior of the Altair’s front panel elements. We covered a similar project in …read more

Continue reading Arduino Altair 8800 Simulator→

PolaPi-Zero For Surprisingly Good Instant Photos

Posted on February 18, 2017 by Pedro Umbelino

The ‘Pola’ in the PolaPi is a giveaway for what this Hackaday.io project is. This polaroid-like camera, created by [Muth], is a sort of black and white, blast from the past mixed with modern 3D printing. It is based on a Raspberry-pi Zero with a camera module, a Sharp memory LCD for viewing the image, and a Nano thermal printer to print the actual photo. Throw in some buttons, a battery and a slick 3D printed case and you have your own PolaPi.

Right now it’s already on the second iteration as [Muth]s gave the first prototype to some lucky …read more

Continue reading PolaPi-Zero For Surprisingly Good Instant Photos→

Zooids — Swarm User Interface

Posted on February 17, 2017 by Pedro Umbelino

What the heck is a Zooid? A Zooid is a small cylindrical robot, measuring 26 mm in diameter and 21 mm in height, weighting about 12g. Each robot is powered by a 100 mAh LiPo battery and uses motor driven wheels — and these things are snappy at a top speed of about 0.5m/s. Each Zooid is able to know if you touched it via capacitive touch sensing. It has wireless capabilities through an NRF24L01+ chip. So, what’s it for, you wonder…

One robot might not do much but the idea behind the Zooids is the introduction of swarm user …read more

Continue reading Zooids — Swarm User Interface→

A Multicore ZX Spectrum

Posted on February 17, 2017 by Pedro Umbelino

From the blog of [telmomoya] we found his latest project: a hardware based multicore solution for a ZX Spectrum Emulator. It’s not the first time we feature one of his builds, last year we was working on a ARM Dual-Core Commodore C64. Luckily for Speccy fans, it seems a ZX Spectrum project was just unavoidable.

At its heart is the EduCIAA NXP Board, a Dual Core (M4 & M0) 32-bit microcontroller, based on the NXP LPC4337. It’s an Argentinan-designed microcontroller board, born from an Argentinian academic and industry joint venture. [telmomoya] took advantage of the multicore architecture by running the …read more

Continue reading A Multicore ZX Spectrum→

A Multicore ZX Spectrum

Posted on February 17, 2017 by Pedro Umbelino

Continue reading A Multicore ZX Spectrum→

ASLR^CACHE Attack Defeats Address Space Layout Randomization

Posted on February 15, 2017 by Pedro Umbelino

Researchers from VUSec found a way to break ASLR via an MMU sidechannel attack that even works in JavaScript. Does this matter? Yes, it matters. A lot. The discovery of this security flaw along with the practical implementation is really important mainly because of two factors: what it means for ASLR to be broken and how the MMU sidechannel attack works inside the processor.

Address Space Layout Randomization or ASLR is an important defense mechanism that can mitigate known and, most importantly, unknown security flaws. ASLR makes it harder for a malicious program to compromise a system by, as the …read more

Continue reading ASLR^CACHE Attack Defeats Address Space Layout Randomization→