Memcached Servers Abused For DDoS Attacks

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway.  And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

What Are Those Hieroglyphics on Your Laptop Charger?

Look on the back of your laptop charger and you’ll find a mess of symbols and numbers. We’d bet you’ve looked at them before and gleaned little or no understanding from what they’re telling you.

These symbols are as complicated as the label on the tag of your shirt that have never taught you anything about doing laundry. They’re the marks of standardization and bureaucracy, and dozens of countries basking in the glow of money made from issuing certificates.

The switching power supply is the foundation of many household electronics — obviously not just laptops — and thus they’re a necessity worldwide. If you can make a power supply that’s certified in most countries, your market is enormous and you only have to make a single device, possibly with an interchangeable AC cord for different plug types. And of course, symbols that have meaning in just about any jurisdiction.

In short, these symbols tell you everything important about your power supply. Here’s what they mean.

Continue reading “What Are Those Hieroglyphics on Your Laptop Charger?”

Amazon Echo Dot Upgraded to Retro Futuristic Look

It takes a surprising amount of planning and work if you want something to look old. [vemeT5ak] wanted the Echo Dot sitting on his desk to fit a different aesthetic motivated by a 1940s Canadian radio. Armed with Solidworks, a Tormach CNC, and some woodworking tools at Sector67 hackerspace, he built a retro-futuristic case for the Amazon Alexa-enabled gadget. Future and past meet thanks to the design and material appearance of the metal grille and base molding wrapping the wood radio case. The finishing touch is of course the ring of blue light which still shines through from the Echo itself.

A short USB extension cable connects the Echo Dot to the back of the enclosure, and the cavernous inside plus ample holes provide a nice rich sound.

It took about 15 hours of modeling, scaling, and tweaking in Solidworks with an interesting design specification in mind: single-bit operation. This single-bit is not in the electrical sense, but refers to the CNC milling operation. All pieces are cut with a 1/4″ end mill, without any tool changes. Metal pieces were milled from 6061 aluminum and the hickory case (with burgundy stain) was mostly cut on a table saw, but the holes were CNC machined.

What looks like an otherwise perfect build has a single flaw that eats up [vemeT5ak]’s soul; the Echo Dot has a draft angle that wasn’t considered during modeling, and the hole is ever so slightly too wide, meaning it didn’t press fit perfectly flush. Fortunately it’s not noticeable behind the metal grill, and unless you knew (please help keep his dirty little secret), you would think everything turned out perfectly.

It turns out building a case for the Echo Dot is challenging for a few reasons; the rubbery material on the bottom doesn’t allow anything to stick to it, and the sides are smooth and featureless with a taper that makes it difficult to lock it in. Many cases resort to clipping over the top to hold it in place. Others install it into a fish or a furby.

Yellowing: the Plastic Equivalent of a Sunburn

Your fancy white electronic brick of consumer electronics started off white, but after some time it yellowed and became brittle. This shouldn’t have happened; plastic is supposed to last forever. It turns out that plastic enclosures are vulnerable to the same things as skin, and the effects are similar. When they are stared at by the sun, the damage is done even though it might not be visible to you for quite some time.

Continue reading “Yellowing: the Plastic Equivalent of a Sunburn”

Fail of The Week — Accidental Demagnetization

There’s a trick in the world of plastic enclosures. The threaded insert is a small cylinder of metal with threads on the inside and a rough edge on the outside. To make a plastic part with a hole for securely connecting bolts that can be repeatedly screwed without destroying the plastic, you take the threaded insert and press it (usually with the help of a soldering iron to heat the insert)  into a hole that’s slightly smaller than the insert. The heat melts the plastic a little bit and allows for the insert to go inside. Then when it cools the insert is snugly inside the plastic, and you can attach circuit boards or other plastic parts using a bolt without stripping the screw or the insert. We’ve seen Hackaday’s [Joshua Vasquez] installing threaded inserts with an iron, as well as in a few other projects.

This trick is neat. And I’ve now proven that it does not work with neodymium magnets.

Continue reading “Fail of The Week — Accidental Demagnetization”

Active Discussion About Passive Components

People talk about active and passive components like they are two distinct classes of electronic parts. When sourcing components on a BOM, you have the passives, which are the little things that are cheaper than a dime a dozen, and then the rest that make up the bulk of the cost. Diodes and transistors definitely fall into the cheap little things category, but aren’t necessarily passive components, so what IS the difference?

Continue reading “Active Discussion About Passive Components”

LEGO-compatible Electronics Kits Everywhere!

Within the last few years, a lot of companies have started with the aim to disrupt the educational electronics industry using their LEGO-compatible sets. Now they’re ubiquitous, and fighting each other for their slice of space in your child’s box of bricks. What’s going on here?

Raison D’Être

The main reason for LEGO-compatibility is familiarity. Parents and children get LEGO. They have used it. They already have a bunch. When it comes to leveling up and learning about electronics, it makes sense to do that by adding on to a thing they already know and understand, and it means they can continue to play with and get more use from their existing sets. The parent choosing between something that’s LEGO-compatible and a completely separate ecosystem like littleBits (or Capsela) sees having to set aside all the LEGO and buy all new plastic parts and learn the new ecosystem, which is a significant re-investment. littleBits eventually caught on and started offering adapter plates, and that fact demonstrates how much demand there is to stick with the studs.

Continue reading “LEGO-compatible Electronics Kits Everywhere!”