Categories
security sysadmin

Let’s Encrypt – Entering Public Beta

Let’s Encrypt goes public beta. No more paying of ridiculous amounts for a simple SSL certificate. Yearly.

The process is still somewhat rough on the edges now. I expect it to get better when it goes 1.0. There’s another important thing to note when you’re using using certificates from Let’s Encrypt. In the interest of transparency, they publish the list of certificates issued by them. So if you’re uncomfortable about your domain appearing in a public website, you may want to reconsider.

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). ISRG is a California public benefit corporation, and is recognized by the IRS as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code.

Source: Entering Public Beta

Categories
security

w00tsec: ARRIS Cable Modem has a Backdoor in the Backdoor

Yet another reason why device firmware must be made open source. This could create a botnet of potentially 600,000 nodes.

Source: w00tsec: ARRIS Cable Modem has a Backdoor in the Backdoor

Categories
Uncategorized

Germany is about to start up a monster machine that could revolutionize the way we use energy – Business Insider

The world is waiting with bated breath for this monster. Not quite Mr. Fusion yet, but hopefully it works as expected.

For more than 60 years, scientists have dreamed of a clean, inexhaustible energy source in the form of nuclear fusion.

It took 19 years to build this monster and this video shows just how complex the whole thing is.

Source: Germany is about to start up a monster machine that could revolutionize the way we use energy – Business Insider

Categories
3D

Turning 8-Bit Sprites into Printable 3D Models | 0 FPS

This is a really cool idea – a good mashup of old retro game artwork and 3D printing. The author of this website has written an editor that takes in 8-bit sprites from various directions, and produce a working file that can be used for 3D printing.

There’s just something tangible about physical objects that makes them so appealing.

Source: Turning 8-Bit Sprites into Printable 3D Models | 0 FPS

PS: the online editor appears to be down at the moment

Categories
sysadmin

Setting up DD-WRT on D-Link DIR-868L

Just got the great looking D-Link DIR-868L free recently from a broadband package that I signed up.
DIR-868L-A1-Image-L-Side-Left-

It’s an amazing router that has great features and performance. It also has great hardware specs, which makes it a perfect candidate for trying custom firmware like dd-wrt or OpenWrt. My preference would be to go for OpenWrt, unfortunately at this point of writing it is not supported. So it’s on to dd-wrt.

Installation of dd-wrt firmware can be done by following this wiki. Try it at your own risk, and always have the stock firmware on hand in case it doesn’t work.

Assuming you got this far, what’s next? Packages, naturally! To do that you have to first enable JFFS at the dd-wrt Administration tab. Next, let’s install something.

root@xxxxxxxx:/jffs/tmp# ipkg update
mkdir: can't create directory '//usr/local/lib/': Read-only file system

root@xxxxxxxx:~# ipkg install nano
root@xxxxxxxx:~# nano
-sh: nano: not found

Uh oh. Turns out ipkg is broken on this firmware and a search turns up other users facing the same issue. Someone on the forums suggested opkg instead and that’s where I went. There are many forum posts, blog posts and wikis on this topic. The one that I’m using is this. However, it doesn’t work out of the box else there won’t be this blog post :-).

Following the instructions, you should reach a step that tells you to download a script and execute it. Going for the “not so brave people” approach,

root@xxxxxxxx:/jffs/tmp# wget -q -O- http://debian.keithdunnett.net/ddwrt/optware_setup > optware_setup
root@xxxxxxxx:/jffs/tmp# chmod 700 optware_setup
root@xxxxxxxx:/jffs/tmp# ./optware_setup
Checking we can reach the repository...
./optware_setup: line 15: can't create /opt/usr/bin/optware_boottime: nonexistent directory
chmod: /opt/usr/bin/optware_boottime: No such file or directory
Making sure we have an initial opkg
Connecting to downloads.openwrt.org (78.24.191.177:443)
wget: server returned error: HTTP/1.1 404 Not Found
Connecting to dev.openwrt.org (217.115.15.26:443)
wget: can't open '/opt/lib/functions.sh': Read-only file system
tar: can't open 'opkg.ipk': No such file or directory
tar: can't open 'data.tar.gz': No such file or directory

Delving into the script, there are 2 problems. First, bind /opt to /jffs/opt. Then change line 32 of the script to the updated link (look up the latest link here).

root@xxxxxxxx:/jffs/tmp# mount -o bind /jffs/opt /opt
root@xxxxxxxx:/jffs/tmp# vi optware_setup
change to line 32:
`/usr/bin/wget https://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/base/opkg_9c97d5ecd795709c8584e972bfdf3aee3a5b846d-10_bcm53xx.ipk -O opkg.ipk` \

Let’s try again.

root@xxxxxxxx:/jffs/tmp# ./optware_setup
Checking we can reach the repository...
Making sure we have an initial opkg
Connecting to downloads.openwrt.org (78.24.191.177:443)
opkg.ipk 100% |***********************************************************************************************************************| 59159 0:00:00 ETA
Connecting to dev.openwrt.org (217.115.15.26:443)
functions.sh 100% |***********************************************************************************************************************| 7274 0:00:00 ETA
Creating the opkg config file in /opt/etc/opkg
You are now ready to install packages using opkg (this session only).
I've installed a script, optware_boottime, to run on boot and make the opkg settings persistent.
I'll add this to the end of rc_startup in nvram for you.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/base/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_base.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/packages/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_packages.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/routing/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_routing.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/telephony/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_telephony.
Minimal setup is complete. You should now have a working opkg.
We have created some aliases in your ~/.profile to make everything work.
Please either 'source .profile' or LOG OUT and LOG IN AGAIN before proceeding.

Success!

PS: Note that you’ll need to add /jffs/opt to your fstab or something in order to mount /opt on startup.
Disclaimer: I’m a vim user. nano is just an example 🙂

Categories
Uncategorized

Apple’s iOS App Store suffers first major attack | Reuters

It has taken a long time but it finally happened. Malware in iOS apps. Instead of compromising the App Store, it’s the app developers that are getting compromised via an unauthorized Xcode.

Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

Source: Apple’s iOS App Store suffers first major attack | Reuters

Categories
security

Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones

Another reason to be wary of cheap mobile phones, especially those from dubious physical or online shops. See full report in the PDF.

These permissions enable extensive misuse: location detection, listening to and recording telephone calls or conversations, making purchases, bank fraud or sending premium SMS. The possibilities are almost endless.

Source: G DATA Whitepaper Vorlage – G_DATA_MobileMWR_Q2_2015_EN.pdf

Categories
privacy security

Who Hacked Ashley Madison? — Krebs on Security

Well, can we say schadenfreude? The hunter becomes the hunted.

Source: Who Hacked Ashley Madison? — Krebs on Security

Categories
3D programming

What DirectX 12 means for gamers and developers – PC Gamer

Abstraction is good for developers, right? Why else would you be programming in high-level languages like C++, Go, Python instead of assembly language? Well, it turns out the situation is not so straightforward for game programming.

In terms of graphics programming, after years of high-level graphics API, the trend has been to go as close to metal as possible (Apple’s Metal, OpenGL reborned as Vulkan, and now DX12). This article does a very good explanation of why this is happening.

In a way, this is a manifestation of the break-down of Moore’s law – at least in terms of clock-speed improvements. Games are among the most demanding type of applications in terms of performance, and for years we have been riding along the wave of “free” performance thanks to Moore’s law. In case you haven’t noticed, the party has ended. That, combined with increasing performance of the GPU, means we can no longer get free performance from CPU alone. Someone has to do the work to manage the GPU+CPU dichotomy and ensure that the “pipeline is full” so as to speak. Thankfully game engines are now taking on that role, but the graphics API needs to allow them to have full access to the low level capabilities.

Hint: it’s exciting. Expert Peter “Durante” Thoman takes a technical deep dive into the promising potential of DX12.

Source: What DirectX 12 means for gamers and developers – PC Gamer

Categories
security

DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds

A safe with an exposed USB port? That’s really asking for trouble. The safe in question is a “secure” digital safe. Unfortunately it appears to be running Windows XP, an OS that’s no longer supported. Even if it’s supported I doubt anyone will connect the safe to the Internet to receive Windows Update. 😉 The problem however, appears not with Windows XP, but with the USB port. That’s as good as giving someone keyboard/mouse access to the console.


Gone in 60 seconds. Security researchers will demonstrate at an Aug. 8 DefCon presentation how they can crack a modern Brink’s safe in just a minute.

Source: DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds