This Week In Security: Kali Purple, Malicious Notifications, And Cybersecurity Strategy

March 17, 2023 by 2 Comments

After a one-week hiatus, we’re back. It’s been a busy couple weeks, and up first is the release of Kali Purple. This new tool from Kali Linux is billed as an SOC-in-a-box, that follows the NIST CSF structure. That is a veritable alphabet soup of abbreviated jargon, so let’s break this down a bit. First up, SOC IAB or SOC-in-a-box is integrated software for a Security Operation Center. It’s intrusion detection, intrusion prevention, data analysis, automated system accounting and vulnerability scanning, and more. Think a control room with multiple monitors showing graphs based on current traffic, a list of protected machines, and log analysis on demand.

NIST CSF is guidance published by the National Institute of Standards and Technology, a US government agency that does quite a bit of the formal ratification of cryptography and other security standards. CSF is the CyberSecurity Framework, which among other things, breaks cybersecurity into five tasks: identify, protect, detect, respond, and recover. The framework doesn’t map perfectly to the complexities of security, but it’s what we have to work with, and Kali Purple is tailor-made for that framework.

Putting that aside, what Purple really gives you is a set of defensive and analytical tools that rival the offensive tools in the main Kali distro. Suricata, Arkime, Elastic, and more are easily deployed. The one trick that really seems to be missing is the ability to deploy Kali Purple as the edge router/firewall. The Purple deployment docs suggest an OPNSense deployment for the purpose. Regardless, it’s sure to be worthwhile to watch the ongoing development of Kali Purple.

Continue reading “This Week In Security: Kali Purple, Malicious Notifications, And Cybersecurity Strategy”

Virgin Orbit Pauses Operations, Seeks Funding

March 17, 2023 by 6 Comments

It looks as though things may have gone from bad to worse at Virgin Orbit, the satellite carrying spin-off of Richard Branson’s space tourism company Virgin Galactic. After a disappointing launch failure earlier in the year, CNBC is now reporting the company will halt operations and furlough most employees for at least a week as it seeks new funding.

It’s no secret that company has struggled to find its footing since it was formed in 2017. On paper, it was an obvious venture — Virgin Galactic already had the White Knight Two carrier aircraft and put plenty of R&D into air-launched rockets, it would simply be a matter of swapping the crewed SpaceShipTwo vehicle for the LauncherOne orbital booster. But upgrades to the rocket eventually made it too large for the existing carrier aircraft, so the company instead purchased a Boeing 747 and modified it to lift their two-stage rocket out of the thick lower atmosphere. Continue reading “Virgin Orbit Pauses Operations, Seeks Funding”

Fish Tank Dosing Pump Built Using Pi Pico

March 17, 2023 by 5 Comments

When you’re maintaining a fish tank, it’s actually quite important to get all your basic chemistry right. Mismanage things, and you’ll kill all the helpful bacteria in the tank, or kill your fish when things get too alkaline or too acidic. To help him get things just right, [yojoebosolo] built a custom dosing pump to maintain his fishtank.

The pumps themselves are small peristaltic pumps sourced from AliExpress. They can be had for under $10 if you look hard enough. Two of these are assembled into a PLA housing. Meanwhile, the brains of the operation is a Raspberry Pi Pico. It’s charged with running the pumps to a regular schedule, ensuring that just the right amount of chemicals are delivered when they are needed. It delivers 2 mL of Kalkwasser solution into [yojoebosolo’s] reef tank every ten minutes.  The pumps are switched on and off with a simple 5V relay.

If you’ve got a delicate and complex fish tank that demands only the best, building your own dosing pump may be the way to go. Off-the-shelf versions can be expensive, after all, so sometimes it makes sense to roll your own. Video after the break.

Continue reading “Fish Tank Dosing Pump Built Using Pi Pico”

Coffee Grinder Gets Bluetooth Weighing

March 16, 2023 by 7 Comments

Some people take their coffee grinding seriously. So what do you do when the hot new grinders automatically weigh coffee, and yours doesn’t? Well, if you are like [Tech Dregs] and the rest of us, you hack your existing grinder, of course. The link is to the source code, but for a quick overview, check out the video below.

In true hacker fashion, the first order of business was to pull a load cell out of a cheap scale. Originally, he intended to reuse the processor inside, too, but it was epoxied, so it was a good excuse to use some more modules. A load cell amplifier, an OLED display, and a tiny Xiao processor, which he describes as “ridiculous.” From the context, we think he means ridiculously small in the physical sense and ridiculously powerful for such a tiny board.

With the modules, the wiring wasn’t too hard, but you still need some kind of app. Thanks to App Inventor, an Android app was a matter of gluing some blocks together in a GUI. Of course, the devil is in the details, and it took a lot of “focused cursing” to get everything working correctly.

The coffee grinder has a relay to turn the motor on and off, so that’s the point the scale needs to turn the motor on and off. Conveniently, the grinder’s PCB had an unpopulated pin header for just this purpose.

This is one of those simple projects you can use daily if you drink coffee. We are always impressed that the infrastructure exists today and that you can throw something like this together in very little time without much trouble.

WiFi hacking coffee makers is a popular Java project in these parts. Upgrading a machine can get pretty serious with PID control loops and more.

Continue reading “Coffee Grinder Gets Bluetooth Weighing”

8086 Multiply Algorithm Gets Reverse Engineered

March 16, 2023 by 10 Comments

The 8086 has been around since 1978, so it’s pretty well understood. As the namesake of the prevalent x86 architecture, it’s often studied by those looking to learn more about microprocessors in general. To this end, [Ken Shirriff] set about reverse engineering the 8086’s multiplication algorithm.

[Ken]’s efforts were achieved by using die photos of the 8086 chip. Taken under a microscope, they can be used to map out the various functional blocks of the microprocessor. The multiplication algorithm can be nutted out by looking at the arithmetic/logic unit, or ALU. However, it’s also important to understand the role that microcode plays, too. Even as far back as 1978, designers were using microcode to simplify the control logic used in microprocessors.

[Ken] breaks down his investigation into manageable chunks, exploring how the chip achieves both 8-bit and 16-bit multiplication in detail. He covers how the numbers make their way through various instructions and registers to come out with the right result in the end.

It’s a fun look at what’s going on at the ground level in a chip that’s been around since before the personal computer revolution. For any budding chip designers, it’s a great academic exercise to follow along at home. If you’ve been doing your own digging deep into CPU architectures, don’t hesitate to drop us a line!

Replacing A Clock IC’s Battery

March 16, 2023 by 23 Comments

You can find a lot of strange things inside IC packages. For example, the Dallas DS12885 and DS12887 real time clock “chips” were available in a large package with an internal battery. The problem, of course, is that batteries die. [New Old Computer Show] wanted to restore a machine that used one of these devices and was able to repair the device. You can see two videos below. In the first video, he replaces both the battery and adds an external oscillator which would be necessary for the DS12885. However, he actually had the DS12887, which has an internal oscillator, something the second video explains.

The repair used a PCB he ordered from Tindie. However, the board is only part of the problem. You also need to disconnect the dead battery which requires a Dremel and a steady hand.

Continue reading “Replacing A Clock IC’s Battery”

Taking Apart IKEA’s Latest Air Quality Sensor

March 16, 2023 by 30 Comments

Whether it’s because they’re concerned about worsening pollution or the now endemic variants of COVID-19, a whole lot of people have found themselves in the market for a home air quality monitor thee last couple of years. IKEA noted this trend awhile back, and released the VINDRIKTNING sensor to capitalize on the trend.

The device must have sold pretty well, because last month the Swedish flat-packer unveiled the considerably more capable (and more expensive) VINDSTYRKA. Now thanks to the efforts of [Oleksii Kutuzov] we’ve got a fantastic teardown of the new gadget, and some more information on the improvements IKEA made over its predecessor.

Certainly the most obvious upgrade is the addition of an LCD readout that displays temperature, humidity, and how many particulates the device detected in the air. There’s even a “traffic light” colored indicator to show at a glance how bad your air supply is. The other big change is the addition of wireless, though unlike the WiFi hacks we saw for the VINDRIKTNING, this built-in capability uses Zigbee and is designed to plug into IKEA’s own home automation ecosystem.

Speaking of those hacks, a GitHub user by the name of [MaartenL] chimes in to say they’ve managed to hook an ESP32 up to test pads on the VINDSTYRKA motherboard, allowing the parasitic microcontroller to read the device’s sensors and report their data on the network over a service like MQTT, without impacting the sensor’s normal operations. This is how the first hacks on the older VINDRIKTNING were pulled off, so sounds like a promising start.

But even if you aren’t looking to modify the device from its original configuration (how did you find this website?), it seems pretty clear the VINDSTYRKA is a well-built piece of kit that will serve you and your family well. Which is more than what could be said for some of the cheapo environmental sensors flooding the market.

Thanks to [killergeek] for the tip.