New Password Hashing Method

Dammit, Bruce Schneier had a link this month to a password hashing competition, but I was too slow. the link is here: https://password-hashing.net/

In the meantime it occurs that one way to try and defeat GPU based cracking is to increase the complexity of the hashing process so that it's harder to pipeline the functions on the GPU.

One way to do that would be to have per user based iteration counts where the actual number of iterations is decided within the hashing process itself, by using different hashing algorithms and by re-introducing the salt at various points in the iteration process.

The hashing version would define the total iteration count and each of two hashing algorithms. V1 would use an iteration count i of 100000, SHA-512 and Whirlpool-512.

Take the Password ' p ', gener ate a random salt, ' r '
concatenate p and r .
iterate p r through Algorithm 1 for 1000 iterations to arrive at h incrementing i each time
take the last byte of h which is unpredicta ble but not random as x
concatenate the salt with h to get hs
iterate hs for x iteration s through Algorithm 2 increming i each time
take the last bye of h which is unpredictable but not random as x
concatenate the salt with h to get hs
go back to Algorithm 1 unless the i is exceeded in which case h is the output hash

As part of the password test, the user has required to transmit the password. This would be a great time to change the salt! Yes, I mean it, so at the same time as we test the password, we also make a new hash from a new random salt. if the password test succeeded, we store the new salt and hash.

WTF? Why are we doing that? If attackers have regular access to our user table the passwords all change a LOT more frequently, so it's harder to tell who has really changed their password. The disbenefit is that users that log in rarely will be plainly obvious. An additional benefit if that if there is a need to move from V1 to V2, this will be done magically at next login.

Each concatentaion is a string function converting the 512 bit hash to a string and then adding another string to it.

14th January 201412th August 2019

Certificate CA pinning

With many MITM attacks, you get fake certs. CA pinning would help to fix this: The browser would retain a copy of every cert that it gets in a local DB and if it gets a different cert next time you visit the same domain or if the signing CA is different, it gives you a warning. Carry on at your peril. This kind of attack is mainly the state sponsored threat actor: they have the resources and the clout to persuade a CA operator to sign a bogus cert and\or onsert themselves in DNS traffic.

Ok, so since writing this article, I have discovered Certificate Patrol Firefox plugin, which does exactly what I described above. Just like all most great ideas – someone has had it already! If you use firefox, go grab the plugin.

14th January 201312th August 2019

USB Firewall

I have not found one of these, but can't beleive it doesn't exist: A little USB dongle that plugs into your work desktop and will charge your mobile phone but without making the desktop see your phone as a device. Basically, connect the volts, but not the data. Obvious really. Someone tell me why it won't work?

19th May 201112th August 2019

Bloody Symantec are still Rubbish!

Fancy a laugh? Here is a hilarious transcript of a “support chat” with a symantec bod showing why their customer support is the worst on the planet. For Gods sake don’t buy anything important from these people!

Toby Seaman has entered room.

Gnanamurthy has entered room.

Email with reconnect link has been sent to:turbotas@yahoo.com

If you get disconnected, click the link to reconnect to the same chat session.

Gnanamurthy You are being transferred to Gnanamurthy.

Gnanamurthy Hi , my name is Gnanamoorthy from Norton Support, how are you doing today?

Toby Seaman good thanks

Gnanamurthy I understand that you are unable to restore the backup. Am I correct?

Toby Seaman That is correct. So I have purchased Ghost version 15. I have been supplied with a .gho files and it seems that ghost version 15 does not support .gho files any more. so I think I need to download an older version of ghost.

Gnanamurthy Just in case I need to call you back, can I please have your phone number with the country and area code?

Toby Seaman UK +44xxxxxxxxxxxx

Gnanamurthy The .Gho file is from a old version of Norton. Norton Ghost 15 does not support it as it uses .V2i files.

Gnanamurthy May I know which version of Ghost is used to backup .Gho file?

Toby Seaman that’s correct, well done. So I need to restore the .gho file so I would like to downgrade the ghost version to a version which does support .gho files. this was the only reason I purchased ghost.

GnanamurthyThe old version of Norton Ghost cannot be purchased now. But I can give you the link to download the Gho explorer which you can use it to restore the files and folders from the .Gho file.

Toby Seaman no. I don’t need to explore a ghost file I need to restore it. I don’t wish to purchase an old ghost version, I want to downgrade the existing one.

Gnanamurthy I am sorry Toby. There is no option to get the old version of Norton Ghost as they are not supported now.

Toby Seaman so, I need to restore a ghost file .gho. Please escalate this issue.

Gnanamurthy You’re using an older version of Norton Ghost backup. I’m afraid that chat, email and phone support for this product has been discontinued. For assistance with this product we’d recommend that you search our online knowledge base that you’ll find here: www.symantec.com/search.

Toby Seaman I’ve tried that already. No joy. I don’t need product support for an older version. I know exactly what I need to do. I just want to restore a .gho file. Please tell me how to downgrade the license to a version that works.

Gnanamurthy If you have the old version of Norton Ghost that is used to create that .gho file, you can use it to restore the backup. The Ghost 15 license cannot be downgraded to the old version as they are unsupported now.

Toby Seaman I already explained that I don’t have an old version of ghost. My business uses a lot of symantec products. at this point we need to restore a .gho file image of an important device. I do not need to hear that ghost no longer supports .gho files. I need solutions. I’ve purchaed the current up to date version of ghost and I want to restore a .gho file. I’m happy to download an unsupported version of ghost to do that. Please tell me urgently how to make this happen.

Toby Seaman Hello?

Gnanamurthy I understand that Toby. I do not have any other options. There are no support documents regarding the old version of Norton Ghost available. I can only help you to restore the files and folders not the entire backup.

Toby Seaman Can you escalate this issue. Presently all you are doing is demonstrating why I should never buy another Symantec product ever.

Gnanamurthy Okay Toby. I will escalate the issue to my supervisor. You will be getting the call back from him within 24 hours.

Gnanamurthy May I have your time zone along with your telephone number and country name?

Toby Seaman Are you sure this will happen? last time this was promised the call back never happened

Gnanamurthy Sure Toby. You will be getting a call back from my supervisor.

Toby Seaman Okay. In the meantime im completely screwed, so I will try to find a proper version of ghost which supports .gho files on bittorrent. I guess you are happy with this since you no longer sell or supply a working version of ghost?

Gnanamurthy Okay Toby. May I have your time zone along with your telephone number and country name?

Toby Seaman Ok. thanks for your permission to download an illegal copy of Symantec ghost.

Toby Seaman My phone number is 0xxxxxxxxxxxx

Toby Seaman My country is England

Toby Seaman My Timezone is GMT

Gnanamurthy Norton does not recommend to download a pirated version from internet.

Toby Seaman It’s not pirated: you just said you don’t sell it anymore and you have utterly and completely failed to assist me in my time of need. It’s not my fault that your version 15 no longer supports .gho files. So I will find a ripped off version that works, I’ll restore my image and wait for a phone call sometime in the future from your supervisor.

Gnanamurthy Is there anything else I can help you with?

Toby Seaman I’m going to put this trsanscript on my Blog as it shows another hilarious support failing at Symantec. Please note that you have no helped me at all so far.

Gnanamurthy I can help you if you have any issues with the Norton Ghost that you have purchased. But .Gho files are created by old version of Ghost which are unsupported and there are no support documents available. So I do not have any other options.

Toby Seaman You could try to help me find out where to get my license downgraded urgently.

Gnanamurthy There is no option to downgrade the Norton Ghost license. If there are any options available , I would be happy to provide it to you.

Toby Seaman That is crazy.

Toby Seaman here is my blog post with your companies poor customer service recorded for all to see:

Toby Seaman https://turbotas.co.ukrecent-news/78-chuckles/266-bloody-symantec-are-still-rubbish.html

Gnanamurthy Is there anything else I can help you with?

Toby Seaman No, I’m busy searching the internet for an old copy of Ghost which supports .gho files. You have been no help whatsoever.

Gnanamurthy Thank you for contacting Norton support. Have a great day!

3rd January 201112th August 2019

PS3 Root Key Broken

News just in is that the Root Keys used to sign content for the PS3 has been broken by ~geohot:

erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70

This is big news as it seems that this key is built into the hardware and can’t be changed.

More info on this issue at Kotaku.

30th November 201012th August 2019

How many 27001 standards?

Please wait for a site operator to respond. You are number 1 in the queue. Your wait time will be approximately 0 minute(s) and 30 second(s).
You are now chatting with ‘Tim’
Your Issue ID for this chat is LTK16502038781X
Tim: Welcome to our Live Chat service. How can I help you? Are you or your company an ANSI Member?
you: Hi there Tim. I’m looking to buy PDF versions of ISO27001 and ISO27002 but am a bit confused.
you: there seems to be quite a few versions of both starting at $30 and rising to a few hundred on your ANSI website

you: so for example there is BS ISO/IEC 27001:2005/BS 7799-2:2005 for $144

you: and INCITS/ISO/IEC 27001-2005 for $30
you: and Information Security Package 27001 for $50
you: so I’m somewhat confused.
Tim: There are many adoptions of these standards by other standard developing organizations. The original standards have the following designations: ISO/IEC 27001:2005 for $129 and the ISO/IEC 27002:2005 for $206. Or, you could purchase the two original documents together in the “ISO/IEC 27001 and 27002 IT Security Techniques Package” at a discounted price of $295.
you: um, so what is the $30 version?
Tim: The $30 version is the INCITS adoption of the ISO/IEC 27001 and ISO/IEC 27002 standards.
you: and will be completly different?
you: or the words are the same and the header is different
Tim: We can’t say that there hasn’t been changes made to the orginal document. You will need to contact INCITS for clarification.
you: but how can it be ISO27001 if they have changed anything?
Tim: That is an agreement between ISO and INCITS. ANSI does not review the adoptions for changes. If you’re unsure of the adopted standards, we recommend purchasing the originals by ISO.
you: but on the INCITS Website it says that the INCITS version is ANSI approved. Thats’ you?
Tim: It has been ANSI approved as an adoption of the ISO/IEC 27001 and ISO/IEC 27002.
you: so that must mean that its an acceptable document
you: i.e. ANSI considered it to be not different to the ISO version?
you: I’m just trying to work out if I’m paying $99 more for the same thing.
Tim: You will need to contact INCITS to determine if any changes have been made. ANSI does not review the body of the standard when it is adopted.
you: that does not make any sense. you are saying that ANSI adopts a version of a document that might be completely different to the thing it purports to be?
Tim: ANSI does not adopt standards. INCITS adopted the ISO/IEC original document. ANSI approved the adoption but did nto review if any changes were made to the document. ANSI is not the copright holder of the document. You will need to contact INCITS if you want to find out if changes were made to the document by INCITS.
you: okay. It soundss really odd to me that from you I can buy about 5 different versions of 27001 and you don’t know whats in any of them except the ISO version.
you: I will indeed contact INCITS
Tim: Thank you. I’m sure INCITS will be able to answer your questions regarding their adoption of the ISO/IEC 27001 and ISO/IEC 27002.
you: thanks Tim. This has been my weirdest conversation for many weeks!

31st October 20106th August 2020

Rock Band 3 #FAIL

Rock Band 3: A great game idea let down by not being properly finished and by awful support. I bought this game because the blurb said that all the previous Rock Band titles supported song export. Not only is this not correct but the export features of Rock Band 2 and Lego Rock Band are broken and you cannot get these songs into Rock Band 3. Rock Band Beatles will not export at all. Couple this with the incomplete on-line experience – game linking is advertised but broken – and you have yourself a classic game to avoid for now.

As if game problems were not bad enough: the hardware is now made by Madcatz. Those are the same people that bought you Drum Kit Dampers that made drums louder and plastic drum stick which break when you play the drums. Yuck! do yourself a favour, ignore this game until the problems are fixed. Play some Guitar Hero! If you don’t have any of the RB series and simply have to buy one, buy RB the original first, it’s really cheap now and all the bugs are ironed out.

band practicing on studio — Photo by Hans Vivek on Unsplash

27th July 2010

US Copyright Office: Finally Something Smart

The US Copyright office just published their 3 yearly update to the US copyright law and they have finally seen some sense and provided some exclusions for the DMCA. This is really big news as finally there is some consumer protection provided.

Citizens in the UK we can only hope for similar sanity at some point. Read on for the details of the exclusions.

The six “classes” now exempt from prosecution under the DMCA are:

1. Defeating a lawfully obtained DVD’s encryption for the sole purpose of short, fair use in an educational setting or for criticism

2. Computer programs that allow you to run lawfully obtained software on your phone that you otherwise would not be able to run aka Jailbreaking to use Google Voice on your iPhone

3. Computer programs that allow you to use your phone on a different network aka Jailbreaking to use your iPhone on T-Mobile

4. Circumventing video game encryption (DRM) for the purposes of legitimate security testing or investigation

5. Cracking computer programs protected by dongles when the dongles become obsolete or are no longer being manufactured

6. Having an ebook be read aloud (ie for the blind) even if that book has controls built into it to prevent that sort of thing.

expect to see editorial content popping up all over the net discussing this.

See here for the Library of congress link.

30th March 201012th August 2019

HOORAY! SCO Are Finally Sunk!

After 7 years of FUD, FUD, FUD, SCO lost the most important case today: They do NOT own the copyrights to Unix. This means that all the other lawsuits will collapse almost instantly. Poof. Luckily SCO will go down the tubes too and that will be that. Excellent. Finally. Phew. http://www.novell.com/prblogs/?p=2153

12th October 2009

When Danger is an apt name!

Microsoft\Danger and T-Mobile don’t seem to have quite got the cloud concept yet. Yes it’s true that cloud users don’t have to worry about ther data – it’s all safely tucked away somewhere and your cloud provider sorts it all out.

Alas it seems that Microsoft\Danger got a bit confused during Cloud Computing 101 and went away thinking that no-one had to worry about the data. So they didn’t.

They have come clean on the T-Mobile website and told SideKick users not to turn off the devices as the data now lives nowhere else. In a cruel extra twist, the SideKick Devices are useless now as just about everything it does requires the cloud – it retains nothing at all during reboot for example.

The T-mobile article is here. In the meantime you would be right if you were really nervous about trusting these guys with your data!

It seems that the only person to show incredible foresight was the person that came up with Danger as the name of the company.

Microsoft have had a couple of years now since they acquired Danger to make the services offered resilient. Seems that they failed. Epic Fail.

Oh and BTW, Azure, Microsofts flagship cloud OS launches in a month or so. What-Could-Possibly-Go-Wrong.

8th October 200912th August 2019

Certificate Fingerprints

There have been some very nasty certificate based vulnerabilities announced recently and these amount to an attacker being able to act as MITM (Man In The Middle) on pretty much any SSL conversation. All the attacker has to do is insert themselves somewhere in your traffic chain between you and your target web site.

As these vulnerabilities turn into real exploits, you should be really really really (got the picture?) careful what sites you log into and give your personal info to.

The nature of these attacks will mean that your browser is completely fooled into thinking it is talking to the real PayPal.com or Ebay.com. When spoofed, you will most likely experience normal logon and purchasing, but your details are phished for future use. Even certificate verification checks such as CRL, OCSP Validation and path validation will work as you would expect. Nasty.

I suggest therefore that for the next few weeks, while we see how bad this really is, you check independently the certs of all sites that you need to log in to.

I have printed out the SSL certs for the sites that I use often so I can check them for myself, but you may want to use this article which has the cert hashes for 4 common sites, PayPal.com, Amazon.com, eBay.com and of course, TurboTas.co.uk.

It would be very hard for an attacker to make the fake cert match these hashes, so that’s what you need to check. Bear in mind though this web page could be MITM attacked too, so unless you know your connection to turbotas.co.uk is unspoofable, don’t trust this source either as the pictures could be replaced.

The best bet all around is for you to print out every cert you encounter for the next few weeks and every time you revisit a website, check the cert against your hard copy. read on for the certs.

Amazon.com

eBay.com

PayPal.com

TurboTas.co.uk

Google

Yahoo

8th October 2009

Amazon Kindle comes to the UK

Two years after the release in the US of the Amazon Kindle, the device finally makes its way to the UK! As from today you can buy the gadget from Amazon. this is a special version for the international market with tweaks to ensure it can get network connectivity.

It’s not all good news though – because the international version is a special build, you can only get the Kindle 2, not the DX with the nice screen. Oh well – I suppose we can’t have everything.

Also bear in mind the Orwelian remote deletion feature which Amazon got slated for earlier in ’09 and maybe you will think twice before you part with your cash.

I’ll put one on my wish list for xmas and can always delete it if the early UK reviews are not encouraging!

23rd June 2009

FOTA Breakaway Calendar

The Guardian has an article today with the proposed schedule for th Formula One Breakaway series, and it looks like a doozy with some great circuits on offer.

The full FOTA 2010 schedule, as published in The Guardian, is as follows:

7 March Buenos Aires Argentina Last hosted F1 in 1998
21 March Mexico City Mexico Last hosted F1 in 1992
11 April Jerez Spain Last hosted F1 in 1997
25 April Portimao Portugal Never hosted F1
2 May Imola San Marino Last hosted F1 in 2006
23 May Monte Carlo Monaco Current F1 host
6 June Montreal Canada Last hosted F1 in 2008
13 June Indianapolis United States Last hosted F1 in 2007
11 July Silverstone United Kingdom Current F1 host
25 July Magny-Cours France Last hosted F1 in 2008
15 August Laustizring Germany Never hosted F1
29 August Helsinki Finland Never hosted F1
12 September Monza Italy Current F1 host
26 September Abu Dhabi United Arab Emirates Current F1 host
10 October Marina Bay Singapore Current F1 host
24 October Suzuka Japan Last hosted F1 in 2006
7 November Adelaide or Surfers’ Paradise Australia Last hosted F1 in 1995/Never hosted F1

More News over the next couple of days. Todays update is that the FOTA president appeared in front of the WMSC today and told them unequivocally that the breakaway series will go ahead.

It seems like the FOTA teams are adamant that the budget savings are needed and that it;s the huge slice that F1 Commercial Rights holder gets that they want o get rid of! Roll On FOTA!

20th June 2009

Formula One Hits Self Destruct Button

The Self destruct Button was well and truly thumped last night when the deadline passed for unconditional entries into the 2010 Formula One series without all but one of the big teams being signed up for 2010.

The FIA and FOTA have been wrangling for years about the commercial, political and technical management of Formula One. This has all come to a head recently, when FIA president, Max Mosley tried to enforce a budget cap on the teams. This budget cap is perceived by Mosley to be critical to the survival of the sport as the huge largess of the teams is not considered by him to be appropriate in the present financial climate. The teams all fight back with claims that their budgets are huge due to the large volumes of rule changes which Mosley makes to try and make the sport more entertaining.

In addition to budget constraints, it is clear that Max has been trying over the last few years to homogenize the cars to a single chassis, single engine series and with most of the big manufacturers either being or being sponsored by car companies with their own engines, it is clear that this was always going to end in tears.

FOTA announced last night that they are dismayed that their arguments against the budget caps have been ignored and they announced that they would begin planning a breakaway series with immediate effect:

Silverstone, 18 June 2009 – Since the formation of FOTA last September the teams have worked together and sought to engage the FIA and commercial rights holder, to develop and improve the sport.

Unprecedented worldwide financial turmoil has inevitably placed great challenges before the F1 community. FOTA is proud that it has achieved the most substantial measures to reduce costs in the history of our sport.

In particular the manufacturer teams have provided assistance to the independent teams, a number of which would probably not be in the sport today without the FOTA initiatives. The FOTA teams have further agreed upon a substantial voluntary cost reduction that provides a sustainable model for the future.

Following these efforts all the teams have confirmed to the FIA and the commercial rights holder that they are willing to commit until the end of 2012.

The FIA and the commercial rights holder have campaigned to divide FOTA.

The wishes of the majority of the teams are ignored. Furthermore, tens of millions of dollars have been withheld from many teams by the commercial rights holder, going back as far as 2006. Despite this and the uncompromising environment, FOTA has genuinely sought compromise.

It has become clear however, that the teams cannot continue to compromise on the fundamental values of the sport and have declined to alter their original conditional entries to the 2010 World Championship.

These teams therefore have no alternative other than to commence the preparation for a new Championship which reflects the values of its participants and partners. This series will have transparent governance, one set of regulations, encourage more entrants and listen to the wishes of the fans, including offering lower prices for spectators worldwide,   partners and other important stakeholders.

The major drivers, stars, brands, sponsors, promoters and companies historically associated with the highest level of motorsport will all feature in this new series.

Note to Eds: Statement issued by FOTA on behalf of BMW-Sauber, BrawnGP, Scuderia Ferrari, McLaren-Mercedes, Red Bull Racing, Renault, Scuderia Toro Rosso, Toyota.

The FIA responded in what is becoming standard Formula One practice with the words ‘See you in Court’. At the heart of this threat are the private agreements that the FIA have direct with some of the teams to be involved in the sport in the future.

Particularly interesting is the fall from grace of Ferrari, who has previously been able to exert some kind of mystical hold over the sport, with the press release on the FIA website summing up the FIA position:

19/6/2009 The FIA’s lawyers have now examined the FOTA threat to begin a breakaway series. The actions of FOTA as a whole, and Ferrari in particular, amount to serious violations of law including willful interference with contractual relations, direct breaches of Ferrari’s legal obligations and a grave violation of competition law. The FIA will be issuing legal proceedings without delay.

So far, the spinoff series is likely to involve:

BMW Sauber;
Brawn GP;
McLaren;
Renault;
Red Bull Racing;
Ferrari;
Toro Rosso;
Toyota.

It’s not presently clear what the position of Williams is in all this. They alone of the FOTA members have submitted an unconditional entry for next year.

This may simply be that they have nothing to lose: Without a championship winning car for the last few years, this may be a great way to get back to the front of the grid if the present big guns go elsewhere.

What remains to be seen is if the breakaway series becomes the new motorsport pinnacle. With the FIA controlling budgets, technical innovation, pre season testing, engine performance and tires, the thing this is clear is that the breakaway series looks like it might be able to bring back the true innovation that in the past has bought us 6 wheels cars, side skirts and a host of other groundbreaking performance enhancing parts.

We certainly live in interesting times – May be wise not to book seats for a 2010 F1 venue just yet!

11th February 2009

UAV Build February 09 Update

Finally, a stable(ish) flight! On Sunday 8th, the UAV finally flew in a more or less stable flight in the AUTO1 position. This essentially means that the UAV controls attitude and takes directional input from the radio. The UAV interprets the RC signal and decides on the relevant bank and pitch angles. In the case of the testing this weekend, it was noted that the maximum bank and pitch angles were not sufficient to have full control of the plane. Additionally some roll oscillation was noted although given that the gyro is presently disconnected, this is not unexpected.

One significant problem came to light with this flight and that was lack of telemetry. Even thought the antenna positioning was identical to the last flight, very few data packets were exchanged with the aircraft while in flight. This is being investigated, but is likely to require a more powerful ground antenna.

Next steps are to repeat the flight with improved reception so that good data can be gathered, then to test and calibrate the attitude response of the plane using the HSI.

Once responsive flight is acheived in AUTO1, the Gyro can be re-integrated and finally, AUTO2 flight with a simple ‘Circle Home’ Mission can be attempted.

The attitude problem was discovered to be a fundamental mistake when setting up the airframe file which caused teh aicraft to believe it was upsidedown.

19th January 2009

UAV Build January 09 Update

It’s been a long time since an update on the UAV project has been forthcoming, so I thought it worth a quick post with progress.

The RC radio is now re-modified so that operation of the mode switch is on the left. I fly mode 2 and it was not the smartest descision to put the mode switch over on the right of the radio.

Test flights have shown that during the brief forays into AUTO1 (stabilised manual flight) showed a small roll oscillation and a violent nose down pitch. this issue is ongoing and is the cause of much head scratching. Telemetry data seems to show that the AHI is in a neutral position before the switch is flicked, so it’s most odd that the plane immediatly dives towards the ground. I suspect the users forum will yield suggestions.

The airframe has around six flights of ten minutes each to its name now and although some improvements have been made, the plane generally flies very well. The only mishaps have been related to the AUTO1 attempts and although these have involved close shaves, the plane is still in great shape. Aircraft now shown to fly equally well on 2 cell or 3 cell LIPO. Normal flight probably will be on 3 Cell LIPO to maximise flight time. 3 Cell pack does increase AUW and consequently approach and landind speed. Ideal prop is 8×6 and this gives good throttle response and very quiet flight.

A recent update of the GUI software has bought a massive performance improvement in the ground segment aspects. It’s not known what has triggered the improvement, simply that it runs very well indeed now. Additional GUI features will be tested over the next few weeks.

Photos of the progress are on the gallery, which is here.

22nd October 2008

Eavesdropping on Wired Keyboards from 20 Paces

Yes, you heard it right. Researchers in Switzerland have developed some attacks targetted at capturing the Radio Frequency emmissions from keyboards and using the captured RF data to work out what keys the user pressed.

Note that this attack is not against wireless keyboards, but is actually aimed at those USB and PS2 keyboards which we all use every day. Notebooks with built in keyboards are just as easily sniffed too, so there is no obvious escape from this problem.

The heart of the vulnerability is that keyboards are built so cheaply that they have absolutley no Radio Frequency sheilding at all and picking up some form of radio signal from just about any keyboard is an almost trivial excercise.

What is not trivial of course is the decoding of that signal to rebuild the users keypresses. Nevertheless, the team from the Security and Cryptography Laboratory (LASEC) in Lausanne, Switzerland have developed four similar attacks and have found that of the 11 keyboards they extensivly tested, all were suseptible to their eavedropping methods.

The key point here is that it's now pretty much mandatory to use one time passwords if you truly want to be secure.

UAV Build July 08 Update

The RC radio is now modified so that it has a three position switch for MANUAL\AUTO1\AUTO2 mode selection. This works fine although ideally the switch should be mounted on the left of the radio and not the right. Full Radio (RC) range check carried out and an initial test flight showed good telemetry data. Photos of the radio mod ar on the gallery, which is here. Full radio (modem) range tests carried out and good signal recieved at 250 Meters using standard antennas.

GCS tested on Mains inverter powers from car battery. GCS voltage converter added for video goggles.

Initial flight test carried out. One 10 minute flight proved the airframe working fine. Chosen Motor/Prop combination giving reasonable
performance on 2 cel LIPO. 3 brief attempts at AUTO1 deemed failures. Each time AUTO1 flight was attempted, the airframe rolled violently. Further ground tuning underway.

30th June 2008

UAV Build June 08 Update

The GCS is online and the airframe talks over the air to the airframe. The airframe is now complete with all components mounted. Initial tuning of the airframe file commenced involving checking the servo and sensor polarity. Changed the motor in the airframe to a unit with a bit more oomph.

20th May 2008

UAV Build May 08 Update

gcs-comms-online!

The two comms channels between the GCS and the UAV were established today. The first of these, the wired USB connection used to flash the flight plan was tested after making up the Pico blade lead. The default funjet airframe file was then modified to approximately match the aircraft and the gcs successfully flashed the airframe. Proper progress! The Project gallery is here

The second part the air to ground link was also completed today. The MaxStream USB dev board arrived today, so I was able to configure the MaxStream Xbee Pro units. The units required a firmware flash up to the latest release and the bit rate set to a sensible 57600bps as well as enabling the MaxStream API, which is used to make the communications channel more resilient. After the UAV end was removed from the USB development board and plugged into the UAV, it worked just fine. Not surprisingly, a further airframe flash was required to get the MaxStream and UART parameters correct in the airframe.

Once this was completed, I started the GCS and was most hearetened to see the Airframe messages coming in.

The next task is to get the GPS working and start installing the IR Sensors