A Better Way to Plug a CPLD into a Breadboard

If you read my first post about a simple CPLD do-it-yourself project you may remember that I seriously wiffed when I made the footprint 1” wide, which was a bit too wide for common solderless breadboards. Since then I started over, having fixed the width problem, and ended up with a module that looks decidedly… cuter.

To back up a little bit, a Complex Programmable Logic Device (CPLD) is a cool piece of hardware to have in your repertoire and it can be used to learn logic or a high level design language or replace obsolete functions or chips. But a CPLD needs a little bit of support infrastructure to become usable, and that’s what I’ll be walking you through here. So if you’re interested in learning CPLDs, or just designing boards for them, read on!

Continue reading “A Better Way to Plug a CPLD into a Breadboard”

High Energy Gardening Means Nuking Plants

We live in a world transformed by our ability to manipulate the nucleus of atoms. Nuclear power plants provide abundant energy without polluting the air, yet on the other hand thousands of nuclear warheads sit in multiple countries ready to annihilate everything, even if it’s not on purpose. There are an uncountable number of other ways that humanity’s dive into nuclear chemistry has impacted the lives of people across the world, from medical imaging equipment to smoke detectors and even, surprisingly, to some of the food that we eat.

After World War 2, there was a push to find peaceful uses for atomic energy. After all, dropping two nuclear weapons on a civilian population isn’t great PR and there’s still a debate on whether or not their use was justified. Either way, however, the search was on to find other uses for atomic energy besides bombs. While most scientists turned their attention to creating a viable nuclear power station (the first of which would only come online in 1954, almost ten years after the end of World War 2), a few scientists turned their attention to something much less obvious: plants.

Continue reading “High Energy Gardening Means Nuking Plants”

One Hoss Shay and Our Society of Obsolescence

Legend has it that Henry Ford would send engineers out to junkyards all over the US looking for Fords. They were supposed to study each one they found and make note of any parts that had not failed. But it wasn’t so that he could start making all of those parts stronger. Instead, Ford allegedly used this data to determine where he could cut corners in future production runs so as not to waste money by making any part last longer than any other part.

Most things tend to break down rather than completely giving out. Usually it’s only one or two components that stop working and the rest of it is still serviceable. And this is a good thing. It’s what lets us repair PCBs or scavenge parts off them, drive our cars longer, and help save each other’s lives through organ donor programs. Can you imagine how different life would be if each part of every thing failed at the same time?

Continue reading “One Hoss Shay and Our Society of Obsolescence”

A Hackers Guide to Arts, Crafts, Food, and Music in Shenzhen

When you mention Shenzhen, many people think about electronic gadgets, cheap components, manufacturing, and technology. I’m there quite often and find that all of the technology and manufacturing related stress can be overwhelming at times. Sometimes I feel the need to escape it all so I go to markets and places that aren’t traditionally associated with technology so I can clear my head as well as expose myself to something different. It provides me with a constant source of new design ideas and also allows me to escape the persistent tech treadmill that Shenzhen runs on. There are a lot of places in Shenzhen that I consider hidden gems that don’t get a lot of press since mainstream media associates Shenzhen with either factories or technology. Here are my favorite places to window shop and de-stress in Shenzhen.

Continue reading “A Hackers Guide to Arts, Crafts, Food, and Music in Shenzhen”

VGA In Memoriam

The reports of the death of the VGA connector are greatly exaggerated. Rumors of the demise of the VGA connector has been going around for a decade now, but VGA has been remarkably resiliant in the face of its impending doom; this post was written on a nine-month old laptop connected to an external monitor through the very familiar thick cable with two blue ends. VGA is a port that can still be found on the back of millions of TVs and monitors that will be shipped this year.

This year is, however, the year that VGA finally dies. After 30 years, after being depreciated by several technologies, and after it became easy to put a VGA output on everything from an eight-pin microcontroller to a Raspberry Pi, VGA has died. It’s not supported by the latest Intel chips, and it’s hard to find a motherboard with the very familiar VGA connector.

Continue reading “VGA In Memoriam”

Beautiful and Bizarre Boards

weirdboard
An odd board (piezo coupler), fabbed by OSHPark.

Recently I’ve been getting curious about interesting PCB shapes. In the past I’ve always used simple Polygons, perhaps rounding out the corners to make the design a little more aesthetically pleasing. The board to the right was my introduction to the possibilities of oddly shaped boards. It’s designed to couple with a piezo buzzer (used as an actuator). I’ve been planning to have it fabricated out of FPC (Flexible Printed Circuits), but with fabrication being so cheap I sent it to OSHPark to see what they’d make of it. OSHPark doesn’t have hard specs around internal routing, but in my experience they’re up to try anything (and they’re quality is always great). The width of the prongs on the PCB shown is 5mm. I figured it was a risk, and that it was likely the FR4 could break, but it came back great!

This has led me to the realization that my boards could look much more exciting than they do currently, and that our highly optimized modern PCB fabrication process provides a lot of room for experimentation. This article will discuss some of the options available when creating non-traditional PCBs.

Continue reading “Beautiful and Bizarre Boards”

The Dark Arts: Meet the LulzSec Hackers

It’s difficult to say if [Aaron Barr], then CEO of software security company HBGary Federal, was in his right mind when he targeted the notorious hacking group known as Anonymous. He was trying to correlate Facebook and IRC activity to reveal the identities of the group’s key figures. In the shadowy world of black-hat hacking, getting your true identity revealed is known as getting doxed, and is something every hacker fears. Going after such a well-known group would be sure to get his struggling company some needed publicity. It would also have the most unfortunate side effect of getting the hacking groups attention as well.

DA_06
Aaron Barr

Perhaps [Aaron Barr] expected Anonymous to come after him…maybe he even welcomed the confrontation. After all, he was an ‘expert’ in software security. He ran his own security company. His CTO [Greg Hoglund] wrote a book about rootkits and maintained the website rootkits.com that boasted over 80 thousand registered users. Surely he could manage a few annoying attacks from a couple of teenage script kiddies playing on their parent’s computer. It would have been impossible for him to know how wrong he was.

It took the handful of hackers less that 24 hours to take complete control over the HBGary Federal website and databases. They also seized [Barr’s] Facebook, Twitter, Yahoo and even his World of Warcraft account. They replaced the HBGary Federal homepage with this declaration – with a link to a torrent file containing some 50,000 emails resting ominously at the bottom. At the same time, they were able to use social engineering techniques to SSH into the rootkit.com site and delete its entire contents.

It became clear that these handful of Anonymous hackers were good. Very good. This article will focus on the core of the HBGary hackers that would go on to form the elite LulzSec group. Future articles in this new and exciting Dark Arts series will focus on some of the various hacking techniques they used. Techniques including SQL injection, cross-site scripting, remote file inclusion and many others. We will keep our focus on how these techniques work and how they can be thwarted with better security practices.

LulzSec – For the Lulz

jake_davisName: Jake Davis

Alias: Topiary

Age at Arrest: 18

Hometown: Shetland Islands, Scotland

Role: Spokesperson

Twitter

[Jake Davis] – aka [Topiary] – might have been the least technically skilled of the group, but he made up for it in his ability with words. He was by far the most articulate of the group and commanded the official LulzSec Twitter feed, where he taunted the group’s victims and appeased their ever-growing fan base. [Topiary] goes back to the days of Anonymous and its origin on the popular image board 4chan. Being articulate and quick-witted, he was exceptionally good at doing prank calls while streaming them live to eager fans. His talent did not go unrecognized and the role of “mouthpiece” for Anonymous was his for the taking. Whenever a home page was defaced and replaced with an official Anonymous message, he was the author. The hacked HBGary homepage linked above was [Topiary’s] work.

Lest we leave you with the impression that [Topiary] was not a hacker, he learned a great deal of technical skills during his involvement with Anonymous and later Lulzsec. When he was arrested at his home on the Shetland Islands, he had 17 virtual machines running on an encrypted drive. His last tweet before his arrest – “You cannot arrest an idea”.

 

Name: Mustafa Al-Bassammustaffa al massam

Alias: Tflow

Age at Arrest: 16

Hometown: London, England

Role: Highly skilled coder

Twitter

[Mustafa Al-Bassam] – aka [Tflow] – was a bit socially awkward, but you would have never known it based on his demeanor in the secluded chat rooms of the Lulzsec hackers. Cool, calm and collected, [Tflow] never got involved with the many arguments that took place. The ability to check his emotions combined with advanced coding skills led his fellow hackers to believe he was much older than he really was. [Pwnsauce], another Lulzsec member whom we will not cover due to lack of information, believed he was at least 30 years old.

It was [Tflow] who first shed light on [Aaron Barr’s] plans to dox the Anonymous “leaders”. It was [Tflow] who wrote an advanced piece of code that allowed the citizens of Tunisia to get past their government’s ISP restrictions during the Arab Spring and post on social media. Let that sink in for a minute…a 16-year-old teenager had empowered an entire nation of people with a PHP script. [The Jester], a hacker who commanded a massive bot-net, once tried to hoodwink [Tflow] and his fellow hackers with a malicious script. [Tflow] took the script, reduced it from a few dozen lines to only two lines without limiting functionality, and sent it back to [The Jester] with the following note: Try this instead.

 

ryan_ackroid

Name: Ryan Ackroyd

Alias: Kayla

Age at Arrest: 24

Hometown: South Yorkshire, England

Role: Server Penetration

Twitter

[Ryan Ackroyd] was big into computer video games as a teen. He liked hacking them and hung out online with other like-minded people. A girl by the name of [Kayla] joined their circle of friends and [Ryan] enjoyed her company. A rival video game hacking group tried to hack [Ryan’s] group, and targeted the weakest link – 16-year-old [Kayla]. They destroyed her social networks and even got into her parent’s bank account. [Ryan] and his friends were furious. They all went after their rival, using the alias [Kayla] in her honor. Their retribution was so devastating that “Kayla” earned a reputation across this particular corner of the internet as someone not to cross. Over the years, the group fell apart, but [Ryan] remained and kept the alias of a 16 year old girl named [Kayla] who shouldn’t be messed with.

It was [Kayla] who socially engineered her way into rootkit.com. It was [Kayla] who discovered the SQL injection insecurity on the HBGary Federal website. She later wrote a program that scanned URLs many times per second looking for zero days. She’s a self-taught reverse engineer and was arguably the most skilled hacker on the Lulzsec team. She even had a trip wire in her apartment that wiped all hard drives when the police entered, and was branded by the courts as “highly forensically aware”. That’s legalese for “This guy knows his stuff”. She has some wise words in this reddit thread.

 

hector_monsegurName: Hector Monsegur

Alias: Sabu

Age at Arrest: 28

Hometown: New York City

Role: Leader & Skilled Hacker

Twitter

[Hector Monsegur] – aka [Sabu] – was the oldest and most mature of the Lulzsec hackers. He was the recognized leader of the group. He drove daily operations and squashed arguments. He was also a very skilled hacker himself, coming from a background of hacking government websites in his native Puerto Rico. [Sabu] was a hactivist, and believed in hacking for a social cause, while many of his team were still beholden to their 4chan/b/ days of hacking “for the lulz”. [Sabu] was not only a hacker of computers, he was a hacker of people, and highly skilled in the art of social engineering. Using his skills, he was able to steer LulzSec in the direction he wanted it to go.

[Sabu] was the first of the LulzSec hackers to get doxxed. When he was confronted by the FBI with a 100+ year prison sentence, he could not bear the idea of his kids growing up without him and turned informant. He has only recently returned to twitter, much to the annoyance of Anonymous.

Now What?

You have met the core of the LulzSec hackers. There are two more that we did not talk about due to lack of information: [Pwnsauce] and [AVUnit]. As of today, no one knows the true identity of [AVUnit]. It’s possible there are even more that we don’t know about. However, it is generally recognized that the hackers covered here were the core members.

Now that we know a little bit about the people behind some of the most remarkable hacks of modern times, we will go into detail about how they were able to carry these hacks out. If you’re looking for a “How to Hack a Website 101” tutorial, this series of articles will disappoint you. But if you want to know how these former hackers were able to do what they did, you will find this series quite enjoyable. We’re not just going to talk about the various techniques used, we’re going to understand how they work on a fundamental level. So stay tuned and keep your virtual machines on standby.

 

Sources

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency, by Parmy Olsen. ISBN-978-0316213523