Posts Tagged ‘hacks’

Build a 9-digit Pulse Counter for under $20

Sunday, May 2nd, 2010

pulsecounter.jpg

Roughly, at $20 to build? This 9 digit pulse counter is an excellent example of home built tools. Josh, the builder found himself repairing a device and in need of a pulse counter. With the components cheaply available, he just built his own. He says that it has a few limitations, like display brightness, but overall it seems to do the job well. All the stuffs, steps and even PCB can be downloaded from his site at your own will.

Courtesy of Imsolidstate

Public bus transportation notifier

Friday, April 16th, 2010

bus-notifier.jpg

Knuckles904 at Random Hacks of Boredom was tired of waiting for the bus. His town had installed GPS units on the buses so that riders could track their locations via the Internet so he knew there should be a way to avoid the wait while also never missing the bus. He developed a sketch for an Arduino to check the bus location and notify him when it was on its way.

This method saves him from leaving his computer running. It parses the text data from the public transportation website and updates both an LED display, as well as a Twitter feed. Now he can monitor several different bus lines via the hardware at home, or though a cell phone if he’s on the go.

This guy have done a useful tricks and provides some sources to make this project works. Well done!

Developing for iPhone serial communications

Thursday, February 18th, 2010

Apple has not made it easy to let the iphone communicate with external devices. Basically, you need a jailbroken phone to do anything. This post covers the current state of serial communication on the iphone.

A succesful example of making an application that uses the serialport on the iphone is xGPS, which let you connect to an external GPS.

source: Conversation with spaces

Lazy man’s USB RFID reader

Sunday, August 2nd, 2009

usbrfid5-custom.jpg

[Don] had some Serial RFID readers that he needed to work and be powered by USB. He went out and purchased a simple serial to USB converter, but was left with the problem of the operating voltage. He supplies the schematics on his site for his solution. Basically he gutted the converter and integrated it all with the appropriate voltage broken out. The final project is nice, using the serial to USB convert as the project box and even including a nice LED to show when an RFID tag has been read.

source: Hack a Day

USB GPS At Hack A Day

Thursday, May 28th, 2009

http://hackadaycom.files.wordpress.com/2009/05/gps.jpg?w=450&h=325

[florin] was given the task of repairing a gps unit that wouldn’t boot up. what he found was unfortunately a bad processor. fortunately, he was able to make a project out of it. after scavenging the good bits, the gps module and the lcd, he set about making it a usb device. he now has an eeepc with gps.

Source: Hack A Day

Secure Computing’s Cyber Security Study Reveals Sobering Results

Saturday, November 15th, 2008

Industry insiders say critical infrastructure is not prepared for cyber attacks and recommend that asset owners and operators begin by taking five steps to enhance their security.

SAN JOSE, CA –  Secure Computing Corp., a leading enterprise gateway security company, announced the results of a study conducted during August and September 2008 in the U.S., Canada, and Europe. The study surveyed 199 international security experts and other “industry insiders” from utilities, oil and gas, financial services, government, telecommunications, transportation, and other critical infrastructure industries. Despite a growing body of legislation and regulation, more than half of these experts believed that most critical infrastructure continues to be vulnerable to cyber attack. Further, a majority of respondents said that major attacks have already begun or are likely to occur in the next 12 months.

“An attack on any one of these industries could cause widespread economic disruptions, major environmental disasters, loss of property, and even loss of life,” said Elan Winkler, Director of Critical Infrastructure Solutions for Secure Computing. “This study revealed that many critical infrastructure organizations are simply not ready for the cyber attacks which are coming soon.”

Rick Nicholson, Vice President of Research for Energy Insights, an IDC company, who authored a white paper based on the survey, added, “Most utility CIOs believe that their companies will be compliant with relevant standards, but still have a long way to go before being adequately prepared for all cyber attacks.”

In the study, respondents were asked to indicate the state of readiness for eight different industries. More than 50% of respondents believed that utilities, oil and gas, transportation, telecommunications, chemical, emergency services, and postal/shipping industries were not prepared. For some sectors, such as postal/shipping and transportation, as many as three out of four experts indicated that the infrastructure was not ready for attack. Only the financial services industry was considered prepared, although nearly 40% believed that even this sector was not ready to defend itself.

Survey participants were also asked which industry was the biggest target, which was the most vulnerable to attack, and which was the most detrimental if breached. The insiders picked the energy sector in all three cases, with 33% saying it was the biggest target, 30% saying it was the most vulnerable, and 42% saying it would be the most detrimental if attacked.

When asked to name the biggest bottleneck to improving cyber security, the largest number of experts (29%) pointed to the cost of security measures. Apathy was the second most likely to be selected as the primary bottleneck, with government bureaucracy and internal issues tying for third. (more…)

24C3 Mifare crypto1 RFID completely broken

Sunday, August 17th, 2008

It’s an old issue but still got a kind of relations to our days of life.

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.

Source: Hackaday

Things You Probably Wish You Don’t Know

Monday, May 19th, 2008

power lines

Historically, “sensitive” networks have traditionally enjoyed a sense of security due to their total, and complete separation from publicly accessible networks.

In fact, most of us old-school “security wonks” have always joked about the fact that the “…only real security is a pair of wire cutters…” to humorously illustrate the fact that nothing is really secure that is exposed to uncertainty, or untrusted access.

This has always been true in my personal background, having worked in U.S. Military COMSEC disciplines over many years. And given the fact that I have also worked in the Internet security arena for almost 20 years, I figure this gives me some unique insight into some of these issues.

The same security postures which can be applied to COMSEC can, and should, be true of SCADA (Supervisory Control And Data Acquisition) systems.

When you think “SCADA”, think power, water, etc. The systems that allow civilization to function.

First and foremost, these systems should never — never — be connected in any way, shape, or form to the public Internet. Not even as VPNs, or overlay networks. This is simply wrong-headed.

Unfortunately, some business decisions over the course of the past 15 years have allowed the “public” and “private” networks to become dangerously close in proximity, due to “cost savings” and “operational efficiency” business decisions — by companies that control the very systems which deliver these life-sustaining services to the world’s population.

It’s one thing to steal passwords, perpetrate fraud, and other financial theft-based cyber crimes — but it is ominously more dangerous to shut down the electricity to a complete region of a power grid.

If there is anyone out there who thinks that this is only the storyline of blockbuster movies, think again.

There are certainly forces “out there” who wish to wreak havoc, cause damage, and claim victory.

And they are using the exact same methods to infiltrate SCADA infrastructure that they are using to steal unwitting victim’s checking account information.

Source