The software end of things is a curious conglomeration but considering the hardware constraints [Daniel] made some great choices. He’s using MS-DOS along with LxPic for slide shows and Mplayer for video. The rest of the software gets him up on the home network and enables IR remote control via LIRC. All o this makes for a beautiful product (video after the break includes some Doom footage) and the package is pulling just 40W when in use.
[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]‘s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.
A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.
While we’re sure that just about everyone has heard about the conflict between Russia and Georgia, few have probably heard about the role of cyber attacks in the conflict. Shortly before Russia’s armed response, Georgian state web servers were attacked by individuals assumed to be Russian hackers. This attack almost completely obliterated Georgia’s online presence by shutting down the website for the Ministry of Defense, and the Central Government’s main site. The Russian attackers seem to be using some form of sustained DDoS to keep many Georgian sites offline. In an effort to preserve some web presence, the Georgian Government transferred [President Mikheil Saakashvili]‘s site to a US hosting provider in Atlanta. The Ministry of Foreign Affairs even created a BlogSpot page after their website initially went down. While politically motivated DDoS attacks have not been rare in past months, this seems to be the first time where the attacking party can be clearly identified. This seems to be the start of a trend where the unconventional methods of cyber warfare are used to gain an advantage over the enemy.
While in Vancouver, Canada for CanSecWest we had a chance to catch up with [Marc]. He showed off a very simple Denial-of-Service attack that works for most commercial RFID reader systems. He worked out this physical DoS with [Adam Laurie], whose RFID work we featured last year.