[Mark Doner] presented on how the WISP he works for near Toledo is set up. His most important point was that 802.11 is garbage when it comes to the type of installations WISPs do. 802.11 expects the clients to adjust based on the traffic from other clients, but when all your clients are directional they won’t see each other. Mark uses Motorola’s Canopy equipment, but he also mentioned Trango and Redline as other vendors. The radios operate in the 5.7GHz band which doesn’t have any power restrictions so they can use refurbished Dish Network dishes when they’re doing long shots. For customers that are nearly at the edge of service, they have 900MHz equipment as well. Heavy fog and freezing rain have proven to be the only weather that really affects the service. For back-haul between their towers they use Dragonwave equipment. Each of the radios costs ~$350 and features GPS to determine distance and maintain sync with the AP. It was interesting to see how a good WISP operates as opposed to the flakey ones we’ve had to deal with in the past.
Author: Eliot1332 Articles
Notacon 2008: The TSA Bagcam
[algormor] gave one of the more controversial talks at Notacon. After receiving a few too many inspection slips and destroyed baggage he decided to find out what was going on behind the scenes. First, he purchased a cheap bag from Walmart with a zipable liner. To record the video, he purchased a SwannGUARD MicroDVR. It’s a palm-sized device that records 128×128 15fps video. It comes with a plastic cover that he mounted to the inside of the bag. A hole was cut for the video camera right above the badge holder. Since the camera is motion triggered, he could slide the badge up, covering the hole, to deactivate the camera. He’s taken the bag on at least four trips. So… what did the footage show?
Notacon 2008: Circuit Bending Intro
The first talk we went to at Notacon was [Sam Harmon]’s great introduction to circuit bending, the process of modifying sound generating electronics to create new musical instruments. Reed Ghazala is considered the father of circuit bending for his pioneering work starting in 1966. Sam pointed out that a “prepared piano” could be considered the non-electric precursor to circuit bending. It involves the musician placing different types of material on the piano’s components. Sam presented many different examples of where to start with circuit bending: the Casio PT-10, PAiA Theremax, Atari Punk Console. He also mentioned a couple AVR projects: AVRSYN and todbot’s Arduino work.
The session ended with [Thom Robertson] showing off the Weird Sound Generator he built and his GHX software for playing real music with a Guitar Hero controller.
Upcoming Events
We’re headed to Cleveland at the end of the week (we’ve heard rumors it rocks) and thought it would be good to list the events we’re planning on hitting in the next five months.
- Notacon / Blockparty April 4-6 Cleveland, OH – This will be a first for us, but we’re definitely excited, especially for the demoscene madness at Blockparty (like Trixter’s MONOTONE PC speaker tracker).
- ToorCon Seattle April 18-20 Seattle, WA – In its second year, this small gathering is sure to be a blast just like last year.
- The Last HOPE July 18-20 New York, NY – Our first HOPE and the last one ever.. since the hotel is being torn down.
- Black Hat US August 2-7 Las Vegas, NV – If anything gets released this year, it’ll be here.
- DefCon August 8-10 Las Vegas, NV – The first con we ever went to. It’s not the best con, but it’s always interesting.
- SIGGRAPH August 11-15 Los Angeles, CA – SIGGRAPH is where you need to be if you want to see cutting edge graphics and interaction projects. It’s a favorite of ours and a nice break from computer security.
Anything we’re missing?
UPDATE: Maker Faire May 3-4 San Mateo, CA – Can’t believe we forgot it. Thanks [pt]!
SitesCollide Podcast
A couple weeks ago Tyrel from SitesCollide interviewed me about Hack-A-Day. Have a listen to the 27 minute podcast if you’ve ever wondered how Hack-A-Day was founded or what the heck we do here. Topics include: MiniPOV3, BrainMachine, Arduino, bowling ball catapult, DMX control, and FPGA crypto cracking.
Breaking Disk Encryption With RAM Dumps
If you haven’t gotten a chance yet, do watch the video of this attack. It’s does a good job explaining the problem. Full drive encryption stores the key in RAM while the computer is powered on. The RAM’s stored data doesn’t immediately disappear when powered off, but fades over time. To recover the keys, they powered off the computer and booted from a USB disk that created an image of the RAM. You can read more about the attack here.
How can you reduce this threat? You can turn off USB booting and then put a password on the BIOS to prevent the specific activity shown in the video. Also, you can encrypt your rarely used data in a folder on the disk. They could still decrypt the disk, but they won’t get everything. I don’t think this problem will truly be fixed unless there is a fundamental change in hardware design to erase the RAM and even then it would probably only help computers that are powered off, not suspended.
The potential for this attack has always been talked about and I’m glad to see someone pull it off. I’m hoping to see future research into dumping RAM data using a USB/ExpressCard with DMA access.
ShmooCon 2008: Intercepting GSM Traffic
Back in August, [h1kari] presented an analysis of the A5 crypto spec used in GSM systems. Almost all GSM conversations in the US and Europe are encrypted using this standard. At the time they were still in the planning stages of building their rainbow table of shift register states. Today we heard an update on the progress. The whole space is 2^58 in size and would take a standard PC 33,235 years to calculate. Not being patient people they built a box containing 68 express card based FPGAs. Each one is capable of doing 72 billion operations per second. So far they’re one month into the 3 month process. Once the table is completed any person can crack a GSM conversation in 30 minutes using 1 FPGA and the 2TB table. They do have plans for building an optimal system that would be based on solid state drives and 16 FPGAs that should do the crack in just 30 seconds.
