[TrendMicro] are reporting that yet another IoT botnet is emerging. This new botnet had been dubbed Persirai and targets IP cameras. Most of the victims don’t even realize their camera has access to the Internet 24/7 in the first place.
Trend Micro, have found 1,000 IP cameras of different models that have been exploited by Persirai so far. There are at least another 120,000 IP cameras that the botnet could attack using the same method. The problem starts with the IP cameras exposing themselves by default on TCP Port 81 as a web server — never a great idea.
Most IP cameras use Universal Plug and Play, which allows them to open ports from inside the router and start a web server without much in the way of security checks. This paints a giant target in cyber space complete with signs asking to be exploited. After logging into a vulnerable device the attacker can perform a command injection attack which in turn points gets the camera to download further malware.
The exploit runs in memory only, so once it has been rebooted it should all be fine again until your next drive by malware download. Check your devices, because even big named companies make mistakes. IoT is turning into a battlefield. We just hope that with all these attacks, botnets, and hacks the promise of the IoT idea isn’t destroyed because of lazy coders.
Part of feature image from Wikipedia, Creative Commons license.
There’s an old saying: “I don’t know what programming language scientists and engineers will use in the 22nd century, but I know it will be called FORTRAN.” FORTRAN was among the first real programming languages and, along with LISP, one of the oldest still in common use. If you are one of those that still loves FORTRAN, you no longer have to be left out of the Web development craze thanks to Fortran.io.
Naturally, the Fortran.io site is served by — what else — FORTRAN. The system allows for Jade templates, SQLite databases, and other features aimed at serving up web pages. The code is hosted on GitHub, and you can find several examples there, as well.
If you’ve ever wanted to do formatted I/O to a web page, here’s your chance. Come to think of it, why not? We’ve seen servers in BASIC and even in Linux shell script. Of course, today’s FORTRAN isn’t the one we learned back in the 1970’s (we assume if you didn’t learn about FORTRAN in the 1970’s, you quit reading this post a while back… prove us wrong and show us your FORTRAN projects).
The Apple II was the machine that many say launched Apple as a company. As with many popular computers of the 1980s, the Apple II maintains a steady following to this day who continue to develop new hardware and software to keep the platform alive.
[deater] had scored an Uthernet II Ethernet interface for his Apple IIe, based off the venerable W5100 chipset. He decided to have some fun and wrote a webserver for the Apple II in BASIC. The program sets up the Ethernet card with a series of PEEKs and POKEs, and then listens out for incoming packets before responding with the requisite data loaded from floppy disk.
The server can deal with HTML, text, and even JPEG and PNG images. It’s even compliant with RFC 2324. It does suffer from some limitations however — the disk format used can only hold 140 kB, it can only serve an 8kB file at a time, and due to using a lot of string manipulation in the code, is painstakingly slow.
Before you get too excited, the machine is running on a local network only, so you can’t check it out from here. However, [deater] has kindly released the source code if you wish to run it for yourself.
If you’re thirsty for more 8-bit action, check out this Apple II playing animated GIFs.
You want to put your credit card number into a web site. You know to look for a secure web site. But what does that really prove? And now that so many electronic projects have Web servers (ok, I’ll say it… the Internet of Things), do you need to secure your web server?
There was a time when getting a secure certificate (at least one that was meaningful) cost a pretty penny. However, a new initiative backed by some major players (like Cisco, Google, Mozilla, and many others) wants to give you a free SSL certificate. One reason they can afford to do this is they have automated the verification process so the cost to provide a certificate is very low.
Continue reading “Anti-Hack: Free Automated SSL Certificates”
Lots of people have developed their own systems for automating the growth of plants. Keeping the environment under tight control leads to better yield, and computers are better than humans at remembering to water the plants regularly. [Kyle] is into growing mushrooms (the legal, edible type) and automating things. This led to his system for automated mushroom cultivation.
We’ve seen an automated system for growing fungi before, but [Kyle]’s project is a bit bigger. He’s built a sealed room for growing mushrooms. The room is sealed with a plastic sheet, using magnetic strips to create a doorway. Within the room, a heater, humidifier, and circulation fan control the environment. Temperature, humidity, and dew point in the chamber are constantly monitored and adjusted as necessary.
The entire system is controlled with a Raspberry Pi and custom software, which is available on Github. GNUPlot is used to generate graphs, which are accessible through a web server. The web interface also allows the parameters of the chamber to be tweaked remotely. Based on the settings, the Raspberry Pi controls a set of relays to keep the chamber in an ideal state.
We’ve written lot about the ESP8266 lately, but people keep finding more awesome uses for this inexpensive module. [Martin] decided that using the ESP8266 with an external microcontroller was overkill, and decided to implement his project entirely on the module with a built-in web server.
[Martin] started out with the ESP8266 web server firmware developed by [sprite_tm]. This firmware provides a basic web server that supports multiple connections and simple CGI scripts right on the module. The web server firmware opens up a ton of possibilities with CGI scripting. When booting up in AP mode, you can even connect the ESP8266 to another access point right from the your browser.
[Martin] decided to connect a DHT22 temperature/humidity sensor to the module as a proof of concept. He used a DHT22 library written for the ESP8266 to read data from the sensor, and wrote a CGI script to display the data on a web page. [Martin] also added buttons to control a GPIO pin as a proof of concept. He posted his source code and a binary (see the end of his post) so you can try out his application and mod it for your own project.
We’re no strangers to home automation projects around here, but it’s not often that you see one described in this much detail. [Paul] designed a custom home automation system with four teammates for an undergraduate thesis project.
The system is broken into two main components; the server and the peripherals. The team designed their peripherals from early prototypes of an upcoming ArduIMU v4 measurement unit. They removed all of the default sensors to keep costs down and reduce assembly time. The units can them be hooked up to various peripherals such as temperature sensors, mains relays, RGB color strips, etc.
The central management of the system is performed using a web-based user interface. The web server runs on Java, and interacts with the peripherals wirelessly. Basic messages can be sent back and forth to either read the state of the peripherals or to change the state. As far as the user is concerned, these messages appear as simple triggers and actions. This makes it very simple to program the peripherals using if, then, else logic.
The main project page is a very brief summary of what appears to be a very well documented project. The team has made available their 182 page final report (pdf), which goes into the nitty-gritty details of the project. Also, be sure to watch the demonstration video below. Continue reading “Home Automation with a Custom Wireless Sensor Network”