Day: October 28, 2016

Not Quite 101 Uses For An ATX Power Supply

October 28, 2016 by 82 Comments

The PC power supply has been a standard of the junk box for the last couple of decades, and will probably continue to be for the foreseeable future. A product that is often built to a very high standard and which will give years of faithful service, yet which has a life of only a few years as the PC of which it is a part becomes obsolete. Over the decades it has evolved from the original PC and AT into ATX, supplying an ever-expanding range of voltage rails at increasing power levels. There have been multiple different revisions of the ATX power supply standard over the years, but they all share the same basic form factor.

So a pile of ATX supplies will probably feature in the lives of quite a few readers. Most of them will probably be old and obsolete versions of little use with today’s motherboards, so there they sit. Not small enough to ignore, yet Too Good To Throw Away. We’re going to take a look at them, try to work out what useful parts they contain, and see a few projects using them. Maybe this will provide some inspiration if you’re one of those readers with a pile of them seeking a purpose.

Continue reading “Not Quite 101 Uses For An ATX Power Supply”

Duckhunting – Stopping Rubber Ducky Attacks

October 28, 2016 by 51 Comments

One morning, a balaclava-wearing hacker walks into your office. You assume it’s a coworker, because he’s wearing a balaclava. The hacker sticks a USB drive into a computer in the cube next door. Strange command line tools show up on the screen. Minutes later, your entire company is compromised. The rogue makes a quick retreat carrying a thumb drive in hand.

This is the scenario imagined by purveyors of balaclavas and USB Rubber Duckys, tiny USB devices able to inject code, run programs, and extract data from any system. The best way — and the most common — to prevent this sort of attack is by filling the USB ports with epoxy. [pmsosa] thought there should be a software method of defense against these Rubber Duckys, so he’s created Duckhunter, a small, efficient daemon that can catch and prevent these exploits.

The Rubber Ducky attack is simply opening up a command line and spewing an attack from an emulated USB HID keyboard. If the attacker can’t open up cmd or PowerShell, the attack breaks. That’s simple enough to code, but [pmsosa] has a few more tricks up his sleeve. Duckhunter has a ‘sneaky’ countermeasure feature, where one out of every 5-7 keystrokes is blocked. To the attacker, the ‘sneaky’ countermeasure makes it look like the attack worked, where in fact it failed spectacularly.

There are a number of different attacks similar to what the Rubber Ducky can accomplish. Mousejack performs the same attack over Bluetooth. BadUSB is a little more technical, allowing anyone with access to a device’s firmware to turn your own keyboard against you. Because of the nature of the attack, Duckhunter shuts them all down.

Right now the build is only for Windows, but according to [pmsosa]’s GitHub there will be Linux and OS X versions coming.

The Pumpkin Noti-Fire

October 28, 2016 by 10 Comments

Everyone has an episode somewhere in their youth involving the use of an aerosol spray as an impromptu flamethrower. Take some mildly inebriated teenagers, given them a deodorant can and a box of matches, and sooner or later one or two of them are going to lose their eyebrows.

For most of us an amusing teenage episode is how the aerosol flamethrower remains. Not for [Mike Waddick] though, when last week’s DDoS attack on DNS infrastructure took away his ability to work his, attention turned to a Halloween project. He created a carved pumpkin that spits fire as a notification signal when a text or an email is received.

flame-testKey to the project is the Glade Automatic Spray Air Freshener. This is a battery-powered device with an aerosol can that is operated by either an electronic timer or a push-button switch. Remove the switch, and its line is revealed as an active low trigger for the spray. [Mike] replaced the switch with a line from a microcontroller and put a lit tea-light candle in front of the nozzle for fully controllable (if not entirely safe) flamethrower fun. Early tests proved the concept, so it only remained for the pumpkin to be carved and the system installed.

The microcontroller used in this case was the Lightblue Bean, though almost any similar board could have been put in its place. Notifications were processed via Bluetooth from an iPhone via ANCS (Apple Notification Center Service), which the Bean could query to trigger its fiery alerts. There is a brief video showing the device in action singeing [Mike]’s hand, which we’ve placed below the break.

Continue reading “The Pumpkin Noti-Fire”