Self-waking computer for DIY cloud storage

self-waking-cloud-storage

[Dominic] decided to take control of his cloud storage by switching to OwnCloud. Unlike most cloud storage solutions, this isn’t a company offering you free space. It’s an open source software package which your run on your own machine. [Dom] didn’t want to leave his box running 24/7 as it would be unused the majority of the time. So he hacked this router to switch on the computer whenever he tries to access the storage.

Obviously this is a Wake-On-Lan type of situation, but the hardware he has chosen to use doesn’t include those features. Since he already had this TP-Link 703n on hand he decided to use it as a controller for the computer. His method is quite clever. The router is running a script that monitors the computer and the bandwidth it’s using. When traffic from the network stops, the router will issue a shutdown command within just a few minutes. It then assigns itself the computer’s IP address so that it can listen for incoming requests and use the relay on that breadboard to turn the box back on. Obviously running the embedded system is much more efficient than having an entire computer turned on all the time, and it’s WiFi capabilities mean no cords to run to the home network.

A look at the (now patched) security of [Kim Dotcom's] MEGA cloud storage service

mega-cloud-storage-security

MEGA is a new, encrypted cloud storage system founded by [Kim Dotcom] of MegaUpload fame. They’re selling privacy in that the company won’t have the means to decrypt the data stored by users of its service. As with any software project, their developers are rapidly making improvements to the user interface and secure underpinnings. But it’s fun when we get some insight about possible security problems. It sounds like the issue [Marcan] wrote about has been fixed, but we still had a great time reading his post.

The article focuses on the hashes that the website uses to validate data being sucked in from non-SSL sources using some JavaScript. Those insecure sources are a CDN so this type of verification is necessary to make sure that the third-party network hasn’t been compromised as part of an attack on the MEGA site. The particular security issue came when the hashes were generated using CBC-MAC. [Marcan] asserts that this protocol is not adequate for the application it’s being used for and goes on to post a proof-of-concept on how the messages can be forged while retaining a hash that will validate as authentic.

[Thanks Christian]