Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by redxine

  1. If possible I'd lose the inverter - they are incredibly inefficient. Everything ends up having to be converted back to DC again, so going from DC -> AC -> DC generates quite a bit of heat. Instead opt for a DC-DC converter. A switching one will also do good for battery life if there's a wide gap (Converting 12V to 5V for example). You can find universal DC adapters at plenty of discount and retail stores, but chances are they're linear. If you're good with a soldering iron you can whip up a very nice supply on a bit of perfboard and some small switching power regulators fairly easily, but even linear regulators would be better than an inverter. Also, from what I've read about taking these to the airport, it should be no problem carrying a sealed lead-acid battery on board (they'd rather spare batteries of any type be in the cabin rather than in cargo, since fire extinguishers are at hand). Just follow the recommendations at http://safetravel.do..._batteries.html and tips at http://safetravel.dot.gov/tips.html — namely keeping them installed in your project or taping or otherwise protecting the terminals, putting the battery in a plastic bag for good measure. The TSA, believe it or not, does know how to spot the difference between an explosive device and an UL certified battery, and often have the appropriate equipment to check for actual explosives. Just don't opt for a DIY battery pack any time soon. I'd also stay away from any battery with lithium chemistry, however there are specific TSA restrictions to carrying them on board (no more than 25g equivilent lithium content). If you suspect you'll run into trouble, print the above links and carry them to show someone if asked. Bottom line is don't make it look remotely dangerous to anyone, and security shouldn't as much as blink an eye. I am also in possession of a very nice aluminium brief case that I was interested in building a ruggedized laptop into, but this might be a far more interesting application :P
  2. Great. I see many statistics and plenty of scientific method here... except the system in question has been promised to be "coming soon" (as a free research prototype) for nearly a year now. It's not science if it can't be reproduced.
  3. But USB mass storage isn't the problem (unless it's a windows box with autorun, a vulnerability in explorer, etc.) - it's emulated HID. However since USB keyboards and mice are so commonplace today this is a difficult vector to defend. Perhaps having a whitelist for certain manufacturers of keyboards/mice (although this could probably be annoying for end users, so would the banning of USB devices entirely). You could put this off to physical security, which is really what it comes down to, but it wouldn't hurt to hinder the exploit with even a little bit of work.
  4. IT crowd was Channel 4, not BBC. I enjoyed it - it's not often you see any mainstream purely IT comedy.
  5. That relies on the actual hardware - the controller in USB keyboards and mice can sense the PS/2 handshake and adjust the protocol. So it'd have to be a burned-in feature of the duck's hardware or of a Teensy.
  6. True, but there's many instances when controlled media is a necessity, keyboards and mice break, etc.
  7. Haven't seen too many threads about protecting against rogue USB devices, or anything about testing to see if an USB device is "safe", as mentioned in the letter in episode 1023. I got thinking of protecting against evil rubber duckies and realised that mass storage isn’t the problem. While it’s relatively simple to prevent FUSE from mounting mass storage automatically, the thing we want is to prevent the “mass storage device” from sending HID events. Perhaps setting up a cheap and old box (or perhaps even a little RaspberryPi) with the usbhid module blacklisted (sudo modprobe -r usbhid) to plug a device to check into. A wireshark/usb dump can be done over ssh, et al to inspect the true intentions of the device. It’s a simple way to check for vendor ID, etc. and since it only requires runlevel 3, mouse and keyboard events/attacks can be rendered useless with a repurposed getty input (perhaps just an inkey program that redirects to a file to figure out what said evil rubberducky is up to). I smell some utilities for testing for rubber ducks for *nix boxes in the future :P I might test some of these concepts later, but I'll need to get my paws on a duck first.
  8. Just recently, I noticed I had trouble connecting wirelessly to my Linksys E2000. After updating the firmware and resetting the thing a dozen times, I've finally figured out that the wireless would return to normal operation if I unplugged anything with wired gigabit. The old machine being used as a server has a 100T-base NIC and it works fine, but as soon as I connect a new machine or my laptop on wired, ping round trip time goes from ~1 ms to an average of 11256 ms. I'm less than a metre from the router. The same thing happen independent of device or operating system, or as far as I can tell from two linux boxes, and android phone, and an iMac. This didn't start happening until a few days ago and my network configuration hasn't changed the slightest. Any ideas?
  9. same problem here. I can't even get the original aliosa27 user land to boot. 2 gig flash using dd if=file.img of=/dev/sdb bs=1M Then I eject the disk and throw it in the zipit, turn it on, and the LED for flash activity gives the impression that it's booting... then nothing. EDIT: Update - this is what gparted tells me. Doesn't make much sense. Never had this problem before, and it's definately a 2 gig flash. Grr. I'll try the 1 gig image. I wrote the above disc with sudo dd if=debianZ2-diskimage-2G.img of=/dev/sdb bs=512K Update 2: I was curious to find this in the image file: redxine@redxine-laptop:~/Desktop$ tail debianZ2-diskimage-2G.img to: gspi8686.bin gspi8686_hlp.bin And you should be good to go. I guess it untarred incorrectly. I'll try again. Edit: fixed it with some magic voodoo. No idea what did it, it just boot fine suddenly. Here's a new question: I've noticed that whenever it's not connected to wireless, that startx is really slow. I have to press Ctrl+C after getting "Host name lookup failure" to get it to start. And the clock resets at every boot. Any suggestions?
  10. +1 for DC-DC converters. As for controlling the car, if you want it to do cool things like roll the windows down and turn on the head lights, it'll need some kind of relay interface. But if you want to read sensor values you could interface to the GM port with parallel.
  11. public PM's are disabled! AARGH! lol

  12. http://www.hak5.org/oursituationonthisearthseemsstrange/ I feel accomplished now.
  13. Thanks. I'm almost done generating a master URL list I'm about to run with the following rules: O------ATION/ON/THIS/EART---EMSSTRANG--- <eart.> only matches 'earth' O-/-----ATION/ON/THIS/EARTH/--EMS/STRANG--- O--/----ATION/ON/THIS/EARTH/--EMS/STRANG--- O---/---ATION/ON/THIS/EARTH/--EMS/STRANG--- O----/--ATION/ON/THIS/EARTH/--EMS/STRANG--- O-----/-ATION/ON/THIS/EARTH/--EMS/STRANG--- O-/--/---ATION/ON/THIS/EARTH/--EMS/STRANG--- O--/--/--ATION/ON/THIS/EARTH/--EMS/STRANG--- O--/---/-ATION/ON/THIS/EARTH/--EMS/STRANG--- O---/--/-ATION/ON/THIS/EARTH/--EMS/STRANG--- O-/----/-ATION/ON/THIS/EARTH/--EMS/STRANG--- I sorted through dictionaries of two, three, and four letter words and took out uncommon words, leaving things like able, bent, gate, etc. So far I have a wordlist that follows the rules for 6 spaces, and it has 10992 entries. I think for this one I'll set up parallel wget scripts. ^_^ I'll post the list when it's done. (moments later): $ cat masterlist | wc -l 258120 I think it's back to the drawing board. Unless someone wants to help me rack up 30 megs worth of 404s on the hak5 server logs. lol. Here's the list and sources: http://dl.free.fr/pMpdo4hPP Let me know if anyone wants to help make a joint effort and we'll figure out how to split the file. I'll go ahead and start running the list.
  14. Well I just burned through this word/url list with no luck. http://paste.ubuntu.com/447013/ Matched the missing words against /usr/share/dict/words, but the permutations are huge because the separation of the words is unknown. This list matched the following pattern: o@@@@@/@ation/on/this/eart@/@@ems/strang@@@ The only entry matching eart@ is 'earth'. I also tried a word list where o@@@@@@ation (O --- --- ati on) was assumed to be a whole word, to which the dictionary matches the following words: update: burned through these too: http://paste.ubuntu.com/447030/
  15. Ah - thus is entering the realm of buffer overflows. And that is quite a bit of an art. Looking at where a service has a memory leak and taking advantage of it to spill your code perfectly into the IP value of the next memory address, and having the processor run your code with it.... The only other thing I could think of is having it replace an already existing binary (such as one in cgi-bin [look for bad permissions]) and then calling it remotely with a request.
  16. Oh so you're talking about triangulating a wifi signal. Effectively, it's fairly simple trigonometry. The only data needed is either distances at three points, or three angle values in the same situation. The more points and distances, the more accurate the result. The hardest part is collecting the data. In traditional GPS, each satellite has an extremely accurate cesium atomic clocks which accuracy to plus or minus 2 nano seconds. Each satellite therefore has the exact same clocks, and they are accurate enough to be able to measure distances between them by measuring the time it takes for a signal to travel (found by using those clocks as a basis) and dividing it with the speed of light. The earth side GPS receivers also have clocks, but they are not the accurate ones in the satellites, but are rather synchronized by subtracting a known latency. Using all these distances, the receiver can calculate it's exact position. The same thing could probably be done with wifi using the same concept, except there is no real 'time format' or clock keeping that goes on in the 802.11 stack. SO, the only real way to measure distances would be by signal strength. Three stations should then be able to triangulate a single point this way. Perhaps a directional antenna would help too in providing angle values. This would be a great way to locate rouge wifi users, but the concept is on a little shaky ground. I think I read a paper on it once...
  17. There's a utility (for Linux, but I'll assume it compiles on Macs too) called clusterssh that sends commands to multiple ssh instances (say, in a cluster) all at once, making it easy to set them up all at once. http://sourceforge.net/projects/clusterssh/
  18. Enter: Putty. Works fine for tunnels. So does plink. In fact I recall that's what they used in the episode in which which tunnelling was introduced.
  19. I have a wireless ad-hoc network set up on my Karmic machine to connect some iPods (in the band room), and I'd like to get ssh tunnelling working with the ipods. Sure we could fork out the $7 for an ssh apps, but I should be able to share the socks proxy set up from the -D option in ssh, as by default it only allows sock connections on the loopback device unless specified, but ssh -D *:9999 me@host returns "bind: Address already in use" and ssh -D me@host shows up as open if I run nmap from another machine, but the proxy doesn't work (firefox). Any suggestions?
  20. Thanks. Yeah - it only really needs the power to start up. It's been running stable for 2+ days. Thanks for the help.
  21. It's Intel Xeon 3.00 GHz Quad core, 2gb DDR2 RAM, 4 500-gig Hot-Swap Hard drives attached to a hardware RAID 5 controller, DVD R/RW burner, Floppy drive, Ultrium LTO 2 Tape drive, (no clue about the motherboard), 5 or so mid sized cooling fans, and the above redundant hard drive. The behavior of the PSUs - how one beeps and flashes while the other just buzzes - makes me believe one might be faulty. I think I'll go ahead and try the dual PSU for the HDs.
  22. I'm setting up a streaming server for my church and have a nice quad core, raid 5 server to put fedora and flumotion on. The power supply is apparently redundant (http://www.rackmountnet.com/istar-ps2-400w-hotswap-redundant-eps12v-power-supply-p-316.html) but upon trying to power up the machine one will beep constantly and the other will just kind of buzz and sit there until power is removed. After the beeps get annoying and both are switched off the capacitors slowly discharge and let out a final 2 volts and a decrescendoing beep. I've traced the problem to the hard disks; they draw too much power when spinning up and the supply complains until the load is removed. The system can be started fine if all the hard drives are started up in sequence after the PSU output is stable. So it can handle the load - just not all at once. Like this one: http://www.burningissues.net/how_to/power/psu.htm As I am not a fan of spending money right now (and after telling my church it would cost next to nothing) I would like to find a good old hacker solution instead of doing the usual and buying a new one. So someone tell me why combining ground and pin 14 on the ATX connector and running the disks off the slave PSU. In short, disprove this comment: http://club.myce.com/f7/wire-dual-power-su...640/#post908491 I'm pretty sure a PSU doesn't care about voltage so long as it's within a certain window and with each supply adjusting accordingly it should result in a stable output. And really all I need is the 4 pin for disks. Any comments?
  23. If you still want the challenge (I know I would) and are Über bored, a few decade counters perhaps and some way to fire the combinations one at a time to the keypad. http://www.led-depot.co.uk/WebRoot/Store/S...ry/4017_01a.JPG Otherwise there's bound to be some type of serial connection for programming.
  24. My Gateway CX210X - intrepid for the (non-new) version of X that doesn't completely use HAL for everything, so my tablet will work on the occasion I need it. FC11 on my 7 year old desktop. Hopefully a new build soon. ^^
  • Create New...