Cracking the Hacking Team

6 July 2015

The somewhat notorious Hacking Team seem to have been subject to an attack of using their own tools. This points to the use of poor passwords, and reusing password on multiple systems.

The other lesson here is to have tools looking for ex-filtration of data, at least to detect when something has gone wrong.

We should be able to learn something here…

http://www.net-security.org/secworld.php?id=18592

“Hacking Team appears to have committed two of the classic mistakes in security: Never use simple passwords and never reuse passwords. For a security company that’s this high profile, there’s no excuse for these sins. We don’t know yet how the attackers got into HT’s systems, but given the poor passwords that have been revealed in the documents, it could have been as simple as brute-forcing the passwords on a few system,” Martin McKeay, Akamai senior security advocate, commented for Help Net Security.

“The other major mistake made by HT was not noticing that 400Gb of data was leaving their systems. Extrusion detection for an organization that specializes in malware and monitoring should be one of the defenses they concentrate on, because it’s what other people would use to detect their tools. Expect your tools to be used against you is a basic warfare tenet.”

And I have now fallen into the trap of the miss use of the word “Hacking” in a negative context.


The upside-down quad-copter build

3 June 2015

Back in January we had the first rLab quad-copter build party. And here is my effort.

Original Quad-copter build

Original Quad-copter build

This has flown well, and I have slowly learnt how to fly these things. This learning process has involved quite a few crashes, with varying degrees of damage. I think I have replaced the arms about 8 times now, and recently the body frame was so broken that I needed a total rebuild the machine. I decided to try and rebuild it with the body hanging down and all the control stuff inside the body of the copter. Here is the result of my efforts.

Upside-down quad-copter

Upside-down quad-copter

This seems to be a an improvement. The flight is more stable and easier to control. Take-off and landing are easier as there is a bit more space under the props. The control unit is harder to get at but this has not proved much of a problem. Overall a great improvement.


An expression of Elegance; Base 3 math

27 May 2015

I have been playing around with the Balanced Ternary number system. I gave a talk at DC4420 on Monday night on this, and I am posting the presentation slides up here for anyone interested.

Presentation (pdf)

The further reading links on the last slide are:

Wikipedia Page

Paper by Brian Hayes

Hackaday Project

Paper on a Balanced Ternary adder circuit design (pdf)


More evidence that bulk snooping dosent work

27 April 2015

http://www.nytimes.com/2015/04/25/us/politics/value-of-nsa-warrantless-spying-is-doubted-in-declassified-reports.html

But little came of the Stellarwind tips. In 2004, the F.B.I. looked at a sampling of all the tips to see how many had made a “significant contribution” to identifying a terrorist, deporting a terrorism suspect, or developing a confidential informant about terrorists.

Just 1.2 percent of the tips from 2001 to 2004 had made such a contribution. Two years later, the F.B.I. reviewed all the leads from the warrantless wiretapping part of Stellarwind between August 2004 and January 2006. None had proved useful.


Article on IMSI Catchers and Stingrays

24 April 2015

I have been helping a proper journalist, Brady Dale, write a article on the use and abuse of Stingrays and other IMSI catchers. It turned out quite well. It is up on Motherboard.


Open Streetmap v Google smackdown

24 April 2015

While everybody seems to be using Google maps, the quality of the maps in Open Streetmaps has quietly surged ahead. Now the detail and useful information on OSM easily beets Google into the covers. Here is a simple example of a location in Reading that I know well.

osm screenshot

Open Streetmap of and area in Reading UK

google map screenshot

Google maps of the same location

 

The street names are there in the Google version, and one or two building outlines. Bus stops are in both, but in OSM these all have labels. Many more amenities are in OSM that Google, and they probably score equally on businesses. I would have thought that Google would have many more businesses, but perhaps these are not all displayed in trying to keep the map clean.

Try it yourself and see if you can find an area where Google is better!


Fridge lighting hack

14 April 2015
With the new LED lighting

After: The fridge with the new LED lighting strip installed.

It took way longer that it should, but I have managed to complete my LED fridge lighting project. This was to replace the single bulb at the top of the fridge with a strip of LED lights around the top and sides of the fridge. I found an old power supply I think it was a laptop brick, that would do 12 volts reasonably. Replaced the IEC connector with a screw connector, and presented the 12v output on PCB mount screw connectors.

Before the change

Before: The fridge with the original incandescent light at the top.

Next was a replacement cover, this I designed in OpenSCAD to cover over the power supply and replace the moulded lamp cover that was there before. Then an 10 hour 3D print run to create the cover. Although there were a few minor mistakes the cover worked pretty well first time so I didn’t have to do a reprint.

The LED lighting is a big improvement, the whole fridge is illuminated and because the light is coming from different angles no shadows, and even illumination. The only down side is that the power supply can take a second to come up after opening the door. The fridge does have a temperature management system and a LCD display, so presumably there is some low voltage floating around there, that I could have used. But that would have meant much more disassembly and potential breakage of the fridge.


Follow

Get every new post delivered to your Inbox.

Join 466 other followers