Solving the Challenge of Tiamat's Eye

Last week at DerbyCon 5.0 the CircleCityCon folks had a booth with a challenge, the Challenge of Tiamat’s Eye. @CircleCityCon: Can you solve the Puzzle of Tiamat's Eye? Visit our booth at @DerbyCon to take the challenge! pic.twitter.com/yJzPvxOQk9 — CircleCityCon 10.0: WHODUNIT? (@CircleCityCon) September 26, 2015 The challenge consisted of the small chest pictured above containing an eye made up of blinking red LEDs. Every 30 seconds the pattern would reset....

October 3, 2015 · 3 min

Sonic IPv6 Tunnel with DD-WRT

Sonic (my home ISP) offers an IPv6 tunnel for their customers who have a service plan that does not offer native IPv6 yet. Sonic’s IPv6 tunnel operates much the same way Hurricane Electric’s Tunnel Broker does, however since the endpoint is located inside the ISP you should get better performance. Sonic even offers example configurations for configuring the IPv6 tunnel endpoint on various operating systems, but none for DD-WRT, a common aftermarket router firmware....

August 17, 2015 · 5 min

Fast and Vulnerable: A Story of Telematic Failures

I gave a presentation at WOOT 2015 demonstrating how network enabled telematic control units (TCUs) can be used to remotely control automobiles from arbitrary distance over SMS or the internet. Abstract Modern automobiles are complex distributed systems in which virtually all functionality—from acceleration and braking to lighting and HVAC — is mediated by computerized controllers. The interconnected nature of these systems raises obvious security concerns and prior work has demonstrated that a vulnerability in any single component may provide the means to compromise the system as a whole....

August 11, 2015 · 2 min

PSA: Enable server certificate revocation checking in Chrome

Recently there has been a lot of buzz about the recent Heartbleed vulnerability found in some versions of OpenSSL. The attack works due to a mistake in the server validating part of the request made by the SSL client. The popular web comic XKCD has made a great simple comic explaining how the attack works, and there are simple tools to test for vulnerable servers. But how does this affect me, a user?...

April 14, 2014 · 2 min

TRIPLEX DVRLink DVR468RW Exploit

At an internship I had a while ago one project assigned to me was to regain access to a CCTV security system which we had been locked out of for some years. (The previous manager left without leaving the password.) The DVR system was a TRIPLEX DVRLink DVR468RW, whatever that is. It seemed cheap; a small embedded computer with video in/out, a hard-drive and CD-RW drive for recording storage. The administration interface was accessed either by a web server running on the device or a desktop client you installed on your computer....

June 20, 2013 · 3 min

Getting Started with ActionBarSherlock

Update: ActionBarSherlock is no longer necessary. The latest Google Support Library includes appcompat which is a better solution. ActionBarSherlock is an Android support library designed to allow you to use the ActionBar which was introduced in Android 3.0 Honeycomb with older devices, back to Android 2.1 Eclair. This allows your applications to have a modern looking interface, even on older devices whose API does not support the new features. To get started using ActionBarSherlock in Eclipse follow these steps....

June 11, 2013 · 3 min

How to Compile a Linux Kernel for Android

A while ago I was working on building a custom kernel for my Android phone. Once you get the source the compilation process is not as straightforward as I hoped. Here are the steps required to get from the kernel source to a flashable image for your phone. Get a copy of the build toolchain and Linux kernel for your device First download a copy of the pre-build toolchain from git....

May 27, 2013 · 3 min

Adding Hibernate to the CrunchBang Linux shutdown menu

By default CrunchBang Linux does not have hibernation support enabled in the shutdown menu. The reason for being excluded is likely because not all computers support hibernation. However most modern computers will support it. To add a hibernation option just download this file and place it in the bin directory of your home folder: “~/bin/” and make it executable with: chmod +x cb-exit cb-exit Gist If you want to test your system to see if it can handle hibernation run the following command....

May 25, 2013 · 1 min

PHP Karaoke Queue

A while ago I decided that I needed some more JavaScript/AJAX experience, and what better way to get it than to use it to solve an existing problem. Every now and then my apartment hosts karaoke nights, we have a lot of songs, enough to fill a 4-inch binder. Searching for songs was a pain. In order to find the song’s ID code to give to the DJ you must search through pages of songs and artists that were in no particular order....

May 25, 2013 · 1 min

SMS DOS: Cellphone Denial Of Service via text messages

A while ago I wondered how well modern cellphones could handle a flood of text messages. So I created a simple python program to test just that. The program works by sending emails to a SMS Gateway which will forward the message to the phone in the form of a text message. I tested my program on two devices, my modern HTC Incredible running Android and my aging LG Chocolate dumb-phone....

March 11, 2012 · 2 min