Carbon Chemist

Tag: hacks

  • Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

    Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

    [ad_1]

    Researchers have long known that they can glean hidden information about the inner workings of a website by measuring the amount of time different requests take to be fulfilled and extrapolating information—and potential weaknesses—from slight variations. Such “web timing attacks” have been described for years, but they would often be too involved for real-world attackers to utilize in practice even if they work in theory. At the Black Hat security conference in Las Vegas this week, though, one researcher warned that web timing attacks are actually feasible and ripe for exploitation.

    James Kettle, director of research at the web application security company PortSwigger, developed a set of web timing attack techniques that can be used to expose three different categories of vulnerabilities in websites. He validated the methods using a test environment he made that compiled 30,000 real websites, all of which offer bug bounty programs. He says the goal of the work is to show that once someone has a conceptual grasp on the types of information web timing attacks can deliver, taking advantage of them becomes more feasible.

    “I’ve always kind of avoided researching timing attacks because it’s a topic with a reputation,” Kettle says. “Everyone does research into it and says their research is practical, but no one ever seems to actually use timing attacks in real life, so how practical is it? What I’m hoping this work will do is show people that this stuff does actually work these days and get them thinking about it.”

    Kettle was inspired in part by the 2020 research paper titled “Timeless Timing Attacks,” which worked toward a solution for a common issue. Known as “network jitter,” the paper’s moniker refers to time delays between when a signal is sent and received on a network. These fluctuations impact timing measurements, but they are independent of the web server processing measured for timing attacks, so they can distort readings. The 2020 research, though, pointed out that when sending requests over the ubiquitous HTTP/2 network protocol, it is possible to put two requests into a single TCP communication packet so you know that both requests arrived at the server at the same time. Then, because of how HTTP/2 is designed, the responses will come back ordered so that the one that took less time to process is first and the one that took longer is second. This gives reliable, objective information about timing on the system without requiring any extra knowledge of the target web server—hence, “timeless timing attacks.”

    Web timing attacks are part of a class of hack known as “side channels” in which the attacker gathers information about a target based on its real world, physical properties. In his new work, Kettle refined the “timeless timing attacks” technique for reducing network noise and also took steps to address similar types of issues with server-related noise so his measurements would be more accurate and reliable. He then started using timing attacks to look for otherwise invisible coding errors and flaws in websites that are usually difficult for developers or bad actors to find, but that are highlighted in the information that leaks with timing measurements.

    In addition to using timing attacks to find hidden footholds to attack, Kettle also developed effective techniques for detecting two other common types of exploitable web bugs. One, known as a server-side injection vulnerability, allows an attacker to introduce malicious code to send commands and access data that shouldn’t be available. And the other, called misconfigured reverse proxies, allows unintended access to a system.

    In his presentation at Black Hat on Wednesday, Kettle demonstrated how he could use a web timing attack to uncover a misconfiguration and ultimately bypass a target web application firewall.

    “Because you found this inverse proxy misconfiguration you just go around the firewall,” he told WIRED ahead of his talk. “It’s absolutely trivial to execute once you’ve found these remote proxies, and timing attacks are good for finding these issues.”

    Alongside his talk, Kettle released functionality for the open source vulnerability scanning tool known as Param Miner. The tool is an extension for the popular web application security assessment platform Burp Suite, which is developed by Kettle’s employer PortSwigger. Kettle hopes to raise awareness about the utility of web timing attacks, but he also wants to make sure the techniques are being utilized for defense even when people don’t grasp the underlying concepts.

    “I integrated all these new features into Param Miner so people out there who don’t know anything about this can run this tool and find some of these vulnerabilities,” Kettle says. “It’s showing people things that they would have otherwise missed.”

    [ad_2]

    Source link

  • USPS Text Scammers Duped His Wife, So He Hacked Their Operation

    USPS Text Scammers Duped His Wife, So He Hacked Their Operation

    [ad_1]

    Smith trawled Reddit and other online sources to find people reporting the scam and find URLs being used, which he subsequently published. Some of the websites running the Smishing Triad’s tools were collecting thousands of people’s personal information per day, Smith says. Among other details, the websites would request people’s names, addresses, payment card numbers and security codes, phone numbers, dates of birth, and bank websites. This level of information can allow a scammer to make purchases online with the credit cards. Smith says his wife quickly canceled her card, but noticed that the scammers still tried to use it, for instance with Uber. The researcher says he would collect data from a website and return to it a few hours later, only to find hundreds of new records.

    The researcher provided the details to a bank that had contacted him after seeing his initial blog posts. Smith declined to name the bank. He also reported the incidents to the FBI and later provided information to the United States Postal Inspection Service (USPIS).

    Michael Martel, a national public information officer at the USPIS, says the information provided by Smith is being used as part of an ongoing USPIS investigation and that the agency cannot comment on specific details. “USPIS is already actively pursuing this type of information to protect the American people, identify victims, and serve justice to the malicious actors behind it all,” Martel says, pointing to advice on spotting and reporting USPS package delivery scams.

    Initially, Smith says, he was wary about going public with his research as this kind of “hacking back” falls into a “gray area”: It may be breaking the Computer Fraud and Abuse Act, a sweeping US computer-crimes law, but he’s doing it against foreign-based criminals. Something he is definitely not the first, or last, to do.

    Multiple Prongs

    The Smishing Triad is prolific. As well as using postal services as lures their scams, the Chinese-speaking group has targeted online banking, e-commerce, and payment systems in the US, Europe, India, Pakistan, and the United Arab Emirates, according to Shawn Loveland, the chief operating officer of Resecurity, which has consistently tracked the group.

    The Smishing Triad sends between 50,000 and 100,000 messages daily, according to Resecurity’s research. Its scam messages are sent using SMS or Apple’s iMessage, the latter is encrypted. Loveland says the Triad is made up of two distinct groups—a small team led by one Chinese hacker that creates, sells, and maintains the smishing kit, and a second group of people who buy the scamming tool. (A backdoor in the kit allows the creator to access details of administrators using the kit, Smith says in a blog post.)

    “It’s very mature,” Loveland says of the operation. The group sells the scamming kit on Telegram for a $200-per month subscription, and this can be customized to show the organization the scammers are trying to impersonate. “The main actor is Chinese communicating in the Chinese language,” Loveland says. “They do not appear to be hacking Chinese language websites or users.” (In communications with the main contact on Telegram, the individual claimed to Smith that they were a computer science student.)

    The relatively low monthly subscription cost for the smishing kit means it’s highly likely, with the number of credit card details scammers are collecting, that those using it are making significant profits. Loveland says that using text messages, which immediately send people a notification, is a more direct and more successful way of phishing, compared to sending emails with malicious links included.

    As a result, smishing has been on the rise in recent years. But there are some tell-tale signs: If you receive a message from a number or email that you don’t recognize; if it contains a link to click on; and wants you to do something urgently, you should be suspicious.

    [ad_2]

    Source link

  • Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

    Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

    [ad_1]

    “I think I’ve created the first laser microphone that’s actually modulated in the radio frequency domain,” Kamkar says. “Once I have a radio signal, I can treat it like radio, and I can take advantage of all the tools that exist for radio communication.” In other words, Kamkar converted sound into light into radio—and then back again into sound.

    Image may contain Adult Person Electronics Speaker Accessories Glasses Chair Furniture and Computer Hardware

    Samy Kamkar at his home workstation.Photograph: Roger Kisby

    For his keystroke detection technique, Kamkar then fed the output of his laser microphone into an audio program called iZotopeRX to further remove noise and then an open source piece of software called Keytap3 that can convert the sound of keystrokes into legible text. In fact, security researchers have demonstrated for years that keystroke audio, recorded from a nearby microphone, can be analyzed and deciphered into the text that a surveillance target is typing by distinguishing tiny acoustic differences in various keys. One group of researchers has shown that relatively precise text can even be derived from the sounds of keystrokes recorded over a Zoom call.

    Kamkar, however, was more interested in the 2009 Defcon demonstration in which security researchers Andrea Barisani and Daniele Bianco showed that they could use a simple laser microphone to roughly detect words typed on a keyboard, a trick that would allow long-distance line-of-sight spying. In that demo, the two Italian hackers only got as far as testing out their laser spying technique across the room from a laptop and generating a list of possible word pairs that matched the vibration signature they recorded.

    Speaking to WIRED, Barisani says their experiment was only a “quick and dirty” proof of concept compared to Kamkar’s more polished prototype. “Samy is brilliant, and there was a lot of room for improvement,” Barisani says. “I’m 100 percent sure that he was able to improve our attack both in the hardware setup and the signal processing.”

    Image may contain Computer Hardware Electronics Hardware Monitor and Screen

    Kamkar’s laser spying kit: An infrared laser…Photograph: Roger Kisby

    Image may contain Electronics Electrical Device Microphone Computer Hardware and Hardware

    …attached to an oscilloscope’s signal generator, current controller, temperature controller, and amplifier power supply.Photograph: Roger Kisby

    Kamkar’s results do appear to be dramatically better: Some samples of text he recovered from typing with his laser mic setup and shared with WIRED were almost entirely legible, with only a missed letter every word or two; others showed somewhat spottier results. Kamkar’s laser microphone worked well enough for detecting keystrokes, in fact, that he also tested using it to record audio in a room more generally, by bouncing his infrared laser off a window. It produced remarkably clear sound, noticeably better than other samples of laser microphone audio released online—at least among those recorded stealthily from a window’s vibrations.

    Of course, given that laser microphones have existed for decades, Kamkar admits he doesn’t know what advancements the technology may have made in commercial implementations available to governments or law enforcement, not to mention even more secret, custom-built technologies potentially created or used by intelligence agencies. “I would assume they’re doing this or something like it,” Kamkar says.

    Unlike the creators of those professional spy tools, though, Kamkar is publishing the full schematics of his DIY laser microphone spy kit. “Ideally, I want the public to know everything that intelligence agencies are doing, and the next thing, too,” Kamkar says. “If you don’t know something is possible, you’re probably not going to protect against it.”

    [ad_2]

    Source link

  • A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks

    A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks

    [ad_1]

    “It’s not just that the water goes out, it’s that when the sole wastewater facility in your community is down really bad things start to happen. For example, no water means no hospital,” he says. “I really encountered a lot of this during my leadership of the Covid Task Force. There is such interdependence across the basic functions of society.”

    UnDisruptable27 will focus on interacting with communities who aren’t reached by Washington DC-based policy discussions or Information Sharing and Analysis Centers (ISACs), which are meant to represent each infrastructure sector of the US. The project aims to communicate directly with people who actually work on the ground in US critical infrastructure, and grapple together with the reality that cybersecurity-related disasters could impact their daily work.

    “There’s a data breach, you get whatever services like identity protection for some period of time, and life carries on, and people think that there’s no long-term impact,” says Megan Stifel, IST’s chief strategy officer. “There’s this expectation that it’s fine, things will just continue. So we’re very interested in getting after this issue and thinking about how do we tackle critical infrastructure security with perhaps a new approach.”

    Corman notes that even though cybersecurity incidents have become a well-known fact of life, business owners and infrastructure operators are often shaken and caught off guard when a cybersecurity incident actually affects them. Meanwhile, when government entities try to impose cybersecurity standards or become a partner on defense initiatives, communities often balk at the intrusion and perceived overreach. Last year, for example, the US Environmental Protection Agency was forced to rescind new cybersecurity guidelines for water systems after water companies and Republicans in Congress filed a lawsuit over the initiative.

    “Time and time again, trade associations or lobbyists or owners and operators have an allergic reaction to oversight and say, ‘We prefer voluntary, we’re doing fine on our own,’ ” Corman says. “And they really are trying to do the right thing. But then also time and time again, people are just shocked that disruption could happen and feel very blindsided. So you can only conclude that the people who feel the pain of our failures are not included in the conversation. They deserve to understand the risks inherent in this level of connectivity. We’ve tried a lot of things, but we have not tried just leveling with people.”

    UnDisruptable27 is launching this week for visibility among attendees at BSides as well as the other conferences, Black Hat and Defcon, that will run through Sunday in Las Vegas. Corman says that the goal is to combine the hacker mentality and, essentially, a call for volunteers with plans to work with creative collaborators on producing engaging content to fuel discourse and understanding. Information campaigns using memes and social media posts or moonshots like narrative podcasts and even reality TV are all on the table.

    “We must prioritize the security, safety, and resilience of critical infrastructure — including water, health care facilities, and utilities,” Craig Newmark, the Craigslist founder whose philanthropy is funding UnDisruptable27, told WIRED. “The urgency of this issue requires affecting human behavior through storytelling.”

    [ad_2]

    Source link

  • Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout

    Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout

    [ad_1]

    In fact, ransomware attacks on health care targets were on the rise even before the Change Healthcare attack, which crippled the United Healthcare subsidiary’s ability to process insurance payments on behalf of its health care provider clients starting in February of this year. Recorded Future’s Liska points out that every month of 2024 has seen more health care ransomware attacks than the same month in any previous year that he’s tracked. (While this May’s 32 health care attacks is lower than May 2023’s 33, Liska says he expects the more recent number to rise as other incidents continue to come to light.)

    Yet Liska still points to the April spike visible in Recorded Future’s data in particular as a likely follow-on effect of Change’s debacle—not only the outsize ransom that Change paid to AlphV, but also the highly visible disruption that the attack caused. “Because these attacks are so impactful, other ransomware groups see an opportunity,” Liska says. He also notes that health care ransomware attacks have continued to grow even compared to overall ransomware incidents, which stayed relatively flat or fell overall: April, for instance, saw 1,153 incidents compared to 1,179 in the same month of 2023.

    When WIRED reached out to United Healthcare for comment, a spokesperson for the company pointed to the overall rise in health care ransomware attacks beginning in 2022, suggesting that the overall trend predated Change’s incident. The spokesperson also quoted from testimony United Healthcare CEO Andrew Witty gave in a congressional hearing about the Change Healthcare ransomware attack last month. “As we have addressed the many challenges in responding to this attack, including dealing with the demand for ransom, I have been guided by the overriding priority to do everything possible to protect peoples’ personal health information,” Witty told the hearing. “As chief executive officer, the decision to pay a ransom was mine. This was one of the hardest decisions I’ve ever had to make. And I wouldn’t wish it on anyone.”

    Change Healthcare’s deeply messy ransomware situation was complicated further—and made even more attention-grabbing for the ransomware hacker underworld—by the fact that AlphV appears to have taken Change’s $22 million extortion fee and jilted its hacker partners, disappearing without giving those affiliates their cut of the profits. That led to a highly unusual situation where the affiliates then offered the data to a different group, RansomHub, which demanded a second ransom from Change while threatening to leak the data on its dark web site.

    That second extortion threat later inexplicably disappeared from RansomHub’s site. United Healthcare has declined to answer WIRED’s questions about that second incident or to answer whether it paid a second ransom.

    Many ransomware hackers nonetheless widely believe that Change Healthcare actually paid two ransoms, says Jon DiMaggio, a security researcher with cybersecurity firm Analyst1 who frequently talks to members of ransomware gangs to gather intelligence. “Everyone was talking about the double ransom,” DiMaggio says. “If the people I’m talking to are excited about this, it’s not a leap to think that other hackers are as well.”

    The noise that situation created, as well as the scale of disruption to health care providers from Change Healthcare’s downtime and its hefty ransom, served as the perfect advertisement for the lucrative potential of hacking fragile, high-stakes health care victims, DiMaggio says. “Health care has always had so much to lose, it’s just something the adversary has realized now because of Change,” he says. “They just had so much leverage.”

    As those attacks snowball—and some health care victims have likely forked over their own ransoms to control the damage to their life-saving systems—the attacks aren’t likely to stop. “It’s always looked like an easy target,” DiMaggio notes. “Now it looks like an easy target that’s willing to pay.”

    [ad_2]

    Source link

  • The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

    The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

    [ad_1]

    Since Snowflake acknowledged that accounts had been targeted, it has provided some more information about the incident. Brad Jones, Snowflake’s chief information security officer, said in a blog post that threat actors used login details to accounts that had been “purchased or obtained through infostealing malware,” which is designed to pull usernames and passwords from devices that have been compromised. The incident appears to be a “targeted campaign directed at users with single-factor authentication,” Jones added.

    Jones’ post said Snowflake, alongside cybersecurity companies CrowdStrike and Mandiant, which it employed to investigate the incident, did not find evidence showing the attack was “caused by compromised credentials of current or former Snowflake personnel.” However, it has found one former employee’s demo accounts were accessed, claiming they did not contain sensitive data.

    When asked about potential breaches of specific companies’ data, a Snowflake person pointed to Jones’ statement: “We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.” The company did not provide an on-record comment clarifying what was meant by a “breach.” (Security company Hudson Rock said it removed a research post including various unverified claims about the Snowflake incident after receiving a legal letter from Snowflake).

    The US Cybersecurity and Infrastructure Security Agency has issued an alert about the Snowflake incident, while Australia’s Cyber Security Center said it is “aware of successful compromises of several companies utilizing Snowflake environments.”

    Unclear Origins

    Little is known about the Sp1d3r account advertising data on BreachForums, and it is not clear whether ShinyHunters obtained the data it was selling from another source or directly from victims’ Snowflake accounts—information about a Ticketmaster and Santander breach was originally posted on another cybercrime forum by a new user called SpidermanData.

    The Sp1d3r account posted on BreachForums that the 2 terabytes of alleged LendingTree and QuoteWizard data was for sale for $2 million; while 3 TB of data allegedly from Advance Auto Parts would cost someone $1.5 million. “The price set by the threat actor appears extremely high for a typical listing posted to BreachForums,” says Chris Morgan, a senior cyber-threat intelligence analyst at security firm ReliaQuest.

    Morgan says the legitimacy of Sp1d3r is not clear; however, he points out there is a nod to teenage hacking group Scattered Spider. “Interestingly, the threat actor’s profile picture is taken from an article referencing the threat group Scattered Spider, although it is unclear whether this is to make an intentional association with the threat group.”

    While the exact source of the alleged data breaches is unclear, the incident highlights how interconnected companies can be when relying on products and services from third-party providers. “I think a lot of this is just a recognition of how interdependent these services now are and how hard it is to control the security posture of third parties,” security researcher Tory Hunt told WIRED when the incidents first emerged.

    As part of its response to the attacks, Snowflake has told all customers to make sure they enforce multifactor authentication on all accounts and allow traffic only from authorized users or locations. Companies that have been impacted should also reset their Snowflake login credentials. Enabling multifactor authentication vastly reduces the chances that online accounts will be compromised. As mentioned, TechCrunch reported this week that it has seen “hundreds of alleged Snowflake customer credentials” taken by infostealing malware from computers of people who have accessed Snowflake accounts.

    In recent years, coinciding with more people working from home since the Covid-19 pandemic, there has been a rise in the use of infostealer malware. “Infostealers have become more popular because they’re in high demand and pretty easy to create,” says Ian Gray, the vice president of intelligence at security company Flashpoint. Hackers have been seen to be copying or modifying existing infostealers and selling them on for as little as $10 for all the login details, cookies, files, and more from one infected device.

    “This malware can be delivered in different ways and targets sensitive info like browser data (cookies and credentials), credit cards, and crypto wallets,” Gray says. “Hackers might comb through the logs for enterprise credentials to break into accounts without permission.”

    [ad_2]

    Source link

  • TikTok Hack Targets ‘High-Profile’ Users via DMs

    TikTok Hack Targets ‘High-Profile’ Users via DMs

    [ad_1]

    TikTok says it’s currently taking steps to mitigate a cyberattack that’s targeting a number of high-profile users through direct messages, in an attempt to hijack their accounts.

    “We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed,” says Jason Grosse, a spokesperson for TikTok’s privacy and security team.

    Grosse says TikTok is still investigating the attack and could not comment at this time about its scale or sophistication, describing the threat as merely a “potential exploit.”

    TikTok’s acknowledgment followed a report on Tuesday claiming CNN’s account had been temporarily breached last week. Citing an anonymous source at the news organization, Semifor reports that the breach did “not appear to be the result of someone gaining access from CNN’s end.” CNN did not immediately respond to WIRED’s request to comment.

    Concerns over hacking attempts targeting news organizations in the US are particularly high given the impending presidential election this fall.

    Forbes reported earlier in the day that the account of hotel heiress Paris Hilton was similarly affected, citing sources within the company. A source at TikTok tells WIRED that Hilton’s account was targeted but had not been compromised.

    This is a developing story. Check back for updates.

    [ad_2]

    Source link

  • The Ticketmaster Data Breach May Be Just the Beginning

    The Ticketmaster Data Breach May Be Just the Beginning

    [ad_1]

    One of the biggest hacks of the year may have started to unfold. Late on Friday, embattled events business Live Nation, which owns Ticketmaster, confirmed it suffered a data breach after criminal hackers claimed to be selling half a billion customer records online. Banking firm Santander also confirmed it had suffered a data breach impacting millions of customers and staff after its data was advertised by the same group of hackers.

    While the specific circumstances of the breaches—including exactly what information was stolen and how it was accessed—remain unclear, the incidents may be linked to attacks against company accounts with cloud hosting provider Snowflake. The US-based cloud firm has thousands of customers, including Adobe, Canva, and Mastercard, which can store and analyze vast amounts of data in its systems.

    Security experts say that as more details become clear about hackers’ attempts to access and take data from Snowflake’s systems, it is possible that other companies will reveal they had data stolen. At present, though, the developing situation is messy and complicated.

    “Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts,” Brad Jones, Snowflake’s chief information security officer wrote in a blog post acknowledging the cybersecurity incident on Friday. Snowflake has found a “limited number” of customer accounts that have been targeted by hackers who obtained their login credentials to the company’s systems, Jones wrote. Snowflake also found one former staff member’s “demo” account that had been accessed.

    However, Snowflake doesn’t “believe” it was the source of any leaked customer credentials, the post says. “We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product,” Jones writes in the blog post.

    While the number of Snowflake accounts accessed and what data may have been taken have not been released, government officials are warning about the impact of the attack. Australia’s Cyber Security Center issued a “high” alert on Saturday saying it is “aware of successful compromises of several companies utilizing Snowflake environments” and companies using Snowflake should reset their account credentials, turn on multi-factor authentication, and review user activity.

    “It looks like Snowflake has had some rather egregiously bad security compromise,” security researcher Troy Hunt, who runs data breach notification website Have I Been Pwned, tells WIRED. “It being a provider to many other different parties, it has sort of bubbled up to different data breaches in different locations.”

    Details of the data breaches started to emerge on May 27. A newly registered account on cybercrime forum Exploit posted an advertisement where they claimed to be selling 1.3 TB of Ticketmaster data, including more than 560 million people’s information. The hacker claimed to have names, addresses, email addresses, phone numbers, some credit card details, ticket sales, order details, and more. They asked for $500,000 for the database.

    One day later, the established hacking group ShinyHunters—which first emerged in 2020 with a data-stealing rampage, before selling 70 million AT&T records in 2021—posted the exact same Ticketmaster ad on rival marketplace BreachForums. At the time, Ticketmaster and its parent company Live Nation had not confirmed any data theft and it was unclear if either post selling the data was legitimate.

    [ad_2]

    Source link

  • How to Keep an Old Computer Running

    How to Keep an Old Computer Running

    [ad_1]

    While Windows gives you the choice of keeping your personal files when you reset the OS, for the best results (on both macOS and Windows) you need a complete wipe. You’re going to need to take all your files and applications off the disk, then put them back on afterwards. With this in mind, make sure they’re somewhere safe while you’re doing the reset: The OneDrive and iCloud services built into Microsoft and macOS can be used for this, but you can choose whichever backup method you prefer.

    On Windows, head to Settings from the Start menu, then choose Windows Update, Advanced Options, Recovery, and Reset this PC.

    On macOS, open the Apple menu, then pick System Settings, General, Transfer or Reset, and Erase All Content and Settings.

    Install Linux

    Image may contain Computer Electronics Laptop Pc Person Computer Hardware and Hardware

    ChromeOS Flex can give an old computer a new lease of life.

    Courtesy of Google

    Maybe you can move away from Windows and macOS entirely: Linux, for the uninitiated, is a free and open source desktop operating system that comes in a wide variety of flavors known as distros. While Linux lacks some of the polish and power of the platforms developed by Microsoft and Apple, it’s lightweight and straightforward to use.

    In other words, certain Linux distros will run just fine on older computers that are making Windows and macOS slow to a crawl—and you’ve got a whole host of these distros to choose from. You’ll find plenty of lists and comparisons online, but the likes of Ubuntu, Linux Mint, and Zorin are all great for getting started.

    Alternatively, turn your Windows or macOS computer into a Chromebook with ChromeOS Flex from Google (which is actually based on Linux too). It’s simple to download and install, and while you’ll only be able to use a browser and web apps on your newly refreshed device, nowadays that’s all that a lot of people actually need.

    Repurpose Your Computer

    Image may contain Couch Furniture Computer Hardware Electronics Hardware Monitor Screen Cushion and Home Decor

    Plex can serve up media content to all of your devices.

    Courtesy of Plex

    Your computer can still be useful—and be saved from the recycling center—even if it isn’t actually a computer anymore. You can repurpose a desktop or laptop to take on a different role that isn’t quite so demanding, so it’s able to enjoy something like a well-earned retirement.

    One option is to use your computer as a server, which means it simply stores media files and serves them up to the other devices on your home network. The Plex software suite is just about the best option available for this—all of its core features are free to use, and it’s easy to configure. After setting up your computer as a Plex server, you can install the free Plex app on your phone, tablet, Roku, or Apple TV and stream your music and movies around your house.

    You can also use an old computer as a security camera, if it has a webcam attached. iSpy is the program you need for this, and it’ll let you record footage to the old computer’s hard drive as well as log in to the feed from wherever you are.

    Depending on where your computer is and what it’s connected to, it can also work as a basic media player. It doesn’t take much processing power to stream Netflix or Disney+, and perhaps you could use an HDMI cable to hook it up to an older television that doesn’t have smart apps already installed.

    [ad_2]

    Source link

  • It’s Possible to Hack ‘Tetris’ From Inside the Game Itself

    It’s Possible to Hack ‘Tetris’ From Inside the Game Itself

    [ad_1]

    Earlier this year, we shared the story of how a classic NES Tetris player hit the game’s “kill screen” for the first time, activating a crash after an incredible 40-minute, 1,511-line performance. Now, some players are using that kill screen—and some complicated memory manipulation it enables—to code new behaviors into versions of Tetris running on unmodified hardware and cartridges.

    We’ve covered similar “arbitrary code execution” glitches in games like Super Mario World, Paper Mario, and The Legend of Zelda: Ocarina of Time in the past. And the basic method for introducing outside code into NES Tetris has been publicly theorized since at least 2021 when players were investigating the game’s decompiled code. (HydrantDude, who has gone deep on Tetris crashes in the past, also says the community has long had a privately known method for how to take full control of Tetris‘ RAM.)

    But a recent video from Displaced Gamers takes the idea from private theory to public execution, going into painstaking detail on how to get NES Tetris to start reading the game’s high-score tables as machine code instructions.

    Fun With Controller Ports

    Taking over a copy of NES Tetris is possible mostly due to the specific way the game crashes. Without going into too much detail, a crash in NES Tetris happens when the game’s score handler takes too long to calculate a new score between frames, which can happen after level 155. When this delay occurs, a portion of the control code gets interrupted by the new frame-writing routine, causing it to jump to an unintended portion of the game’s RAM to look for the next instruction.

    Usually, this unexpected interrupt leads the code to jump to address the very beginning of RAM, where garbage data gets read as code and often leads to a quick crash. But players can manipulate this jump thanks to a little-known vagary in how Tetris handles potential inputs when running on the Japanese version of the console, the Famicom.

    Unlike the American Nintendo Entertainment System, the Japanese Famicom featured two controllers hardwired to the unit. Players who wanted to use third-party controllers could plug them in through an expansion port on the front of the system. The Tetris game code reads the inputs from this “extra” controller port, which can include two additional standard NES controllers through the use of an adapter (this is true even though the Famicom got a completely different version of Tetris from Bullet-Proof Software).

    As it happens, the area of RAM that Tetris uses to process this extra controller input is also used for the memory location of that jump routine we discussed earlier. Thus, when that jump routine gets interrupted by a crash, that RAM will be holding data representing the buttons being pushed on those controllers. This gives players a potential way to control precisely where the game code goes after the crash is triggered.

    Coding in the High-Score Table

    For Displaced Gamers’ jump-control method, the player has to hold down “up” on the third controller and right, left, and down on the fourth controller (that latter combination requires some controller fiddling to allow for simultaneous left and right directional input). Doing so sends the jump code to an area of RAM that holds the names and scores for the game’s high-score listing, giving an even larger surface of RAM that can be manipulated directly by the player.

    By putting “(G” in the targeted portion of the B-Type high-score table, we can force the game to jump to another area of the high-score table, where it will start reading the names and scores sequentially as what Displaced Gamers calls “bare metal” code, with the letters and numbers representing opcodes for the NES CPU.

    Unfortunately, there are only 43 possible symbols that can be used in the name entry area and 10 different digits that can be part of a high score. That means only a small portion of the NES’s available opcode instructions can be “coded” into the high-score table using the available attack surface.

    [ad_2]

    Source link