A surprising number of projects here are in some way influenced by the webcomic xkcd, but usually not as directly as this. Comic 350, “Network” is the tale of a very odd stickman who keeps multiple VMs running an unprotected, old version of Windows. Between the VMs, they have virtually every virus and are, effectively, a computer virus aquarium.
Now it’s a real thing, and best of all, it’s open to the Internet for normal humans to view, complete with screencaps of all seven nodes updated every 30 seconds, the ability to view all processes on each node, and anyone on the Internet can upload any file to a node. All the files uploaded to the nodes are executed, so you get to see in real-time what the effects of “1TB_of_porn_this_took_a_while_to_upload.exe” are on node 3.
The idea of a virus aquarium is cool, but this actually gets much, much more interesting when the project metas itself. Every 24 hours, a virus scanner runs on each node. As of right now, all the nodes are clean making this not a virus aquarium, but a script kiddie aquarium. On at least one node, TeamViewer is running but your guess is as good as mine as to how anyone will get that working.
Continue reading “xkcd’s Virus Aquarium Made Real”
[Cyber Explorer] recently ditched his collection of physical computers acting as servers by virtualizing the lot of them. But with every change there’s a drawback. Although it wasn’t too hard for him to set up the virtual machines, he did end up spending quite a bit of time trying to improve the bandwidth. Luckily he posted an article chronicling all of the VM tweaks he used to improve the system.
The experience involves both a Windows 8 machine, as well as a some Linux boxes meaning there’s something here for everybody. At each step in the process he performs some throughput tests to see how the boxes are performing. Tweaks are numerous, but include trying out different Ethernet drivers, making sure all modules are up to date, squashing at least one bug, and giving jumbo-frames a try.
[Clifford Wolf] wrote in to let us know about a project he recently completed called EmbedVM. It’s a virtual machine for AVR microcontrollers. The package has a relatively small overhead, taking up about 3kB of program memory. The VM can execute 74,000 instructions per second, and runs asynchronously from the microcontroller. As [Clifford] demonstrates in the videos after the break, this can be handy for preloading commands to prevent slowdown during heavy VM processor loads.
The snippet in the image above is an example program written in the C-like VM code which will play some [Rick Astley] on a speaker. This code can be run from RAM, EEPROM, or even external storage like an SD card. Recently there was a supplemental compiler project that even takes Python code and compiles it into VM byte-code. What a nice abstraction tool for making inexpensive microcontroller-based designs easily programmable for those that have a bit of Python experience.
If you don’t recognize the name, [Clifford Wolf] is also the author of OpenSCAD, a tool that is quite popular with 3D printing.
Continue reading “Virtual Machine for microcontrollers lets you run Python on AVR chips”
Capture the Flag (CTF) is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. Every team gets an identical virtual machine image. The VM has a set of custom written services that are known to be vulnerable. The teams work to secure their image while simultaneously exploiting services on the machines of other teams. A scoring server monitors the match as it progresses and awards points to teams for keeping their services up and also for stealing data from their competitors.
The Chaos Communication Congress in Berlin December 27-30, 2008 will host a CTF competition. Most CTF matches are done head to head in the same room. While 25C3 will have local teams, it will also be wide open for international teams to compete remotely. Remote teams will host their own images on a VPN with the other competitors. Now is a good time to register and familiarize yourself with the scoring system. It will certainly be interesting to see how this competition plays out now that teams that can’t make the trip can still compete.