This Week In Security: Kali Purple, Malicious Notifications, And Cybersecurity Strategy

March 17, 2023 by Jonathan Bennett 2 Comments

After a one-week hiatus, we’re back. It’s been a busy couple weeks, and up first is the release of Kali Purple. This new tool from Kali Linux is billed as an SOC-in-a-box, that follows the NIST CSF structure. That is a veritable alphabet soup of abbreviated jargon, so let’s break this down a bit. First up, SOC IAB or SOC-in-a-box is integrated software for a Security Operation Center. It’s intrusion detection, intrusion prevention, data analysis, automated system accounting and vulnerability scanning, and more. Think a control room with multiple monitors showing graphs based on current traffic, a list of protected machines, and log analysis on demand.

NIST CSF is guidance published by the National Institute of Standards and Technology, a US government agency that does quite a bit of the formal ratification of cryptography and other security standards. CSF is the CyberSecurity Framework, which among other things, breaks cybersecurity into five tasks: identify, protect, detect, respond, and recover. The framework doesn’t map perfectly to the complexities of security, but it’s what we have to work with, and Kali Purple is tailor-made for that framework.

Putting that aside, what Purple really gives you is a set of defensive and analytical tools that rival the offensive tools in the main Kali distro. Suricata, Arkime, Elastic, and more are easily deployed. The one trick that really seems to be missing is the ability to deploy Kali Purple as the edge router/firewall. The Purple deployment docs suggest an OPNSense deployment for the purpose. Regardless, it’s sure to be worthwhile to watch the ongoing development of Kali Purple.

Continue reading “This Week In Security: Kali Purple, Malicious Notifications, And Cybersecurity Strategy” →

New Study Tells Us Where To Hide When The Nukes Are Coming

January 19, 2023 by Lewin Day 70 Comments

Geopolitics is a funny thing. Decades can go by with little concern, only for old grudges to suddenly boil to the surface and get the sabers a-rattlin’. When those sabers happen to be nuclear weapons, it can be enough to have you mulling the value of a bomb shelter in your own backyard.

Yes, every time the world takes a turn for the worse, we start contemplating what we’d do in the event of a nuclear attack. It’s already common knowledge that stout reinforced concrete buildings offer more protection than other flimsier structures. However, a new study has used computer modelling to highlight the best places to hide within such a building to maximise your chances of survival.

Continue reading “New Study Tells Us Where To Hide When The Nukes Are Coming” →

Europe’s Energy Squeeze Pushes Large Hadron Collider To Halt Operations

October 31, 2022 by Lewin Day 45 Comments

Energy prices have been in the news more often than not lately, as has war. The two typically go together, as conflicts tend to impact on the supply and trade of fossil fuels.

With Europe short on gas and its citizens contemplating a cold winter, science is feeling the pinch, too. CERN has elected to shut down the Large Hadron Collider early to save electricity.

Continue reading “Europe’s Energy Squeeze Pushes Large Hadron Collider To Halt Operations” →

Your Own Engineering Workstation, With Mame

July 28, 2022 by Al Williams 19 Comments

There are some things that leave indelible impressions in your memory. One of those things, for me, was a technical presentation in 1980 I attended — by calling in a lot of favors — a presentation by HP at what is now the Stennis Space Center. I was a student and it took a few phone calls to wrangle an invite but I wound up in a state-of-the-art conference room with a bunch of NASA engineers watching HP tell us about all their latest and greatest. Not that I could afford any of it, mind you. What really caught my imagination that day was the HP9845C, a color graphics computer with a roughly $40,000 price tag. That was twice the average US salary for 1980. Now, of course, you have a much better computer — or, rather, you probably have several much better computers including your phone. But if you want to relive those days, you can actually recreate the HP9845C’s 1980-vintage graphics glory using, of all things, a game emulator.

The Machine

The HP9845C with a Colorful Soft Key Display

Keep in mind that the IBM PC was nearly two years away at this point and, even then, wouldn’t hold a candle to the HP9845C. Like many machines of its era, it ran BASIC natively — in fact, it used special microcode to run BASIC programs relatively quickly on its 16-bit 5.7 MHz CPU. The 560 x 455 pixel graphics system had its own CPU and you could max it out with a decadent 1.5 MB of RAM. (But not, alas, for $40,000 which got you — I think –128K or so.)

The widespread use of the computer mouse was still in the future, so the HP had that wonderful light pen. Mass storage was also no problem — there was a 217 kB tape drive and while earlier models had a second drive and a thermal printer optional, these were included in the color “C” model. Like HP calculators, you could slot in different ROMs for different purposes. There were other options such as a digitizer and even floppy discs.

Continue reading “Your Own Engineering Workstation, With Mame” →

It Turns Out You Can’t Just Fly A Drone Under Water

July 17, 2022 by Matthew Carlson 27 Comments

The differences between a drone and an underwater remote-operated vehicle (ROV) aren’t actually that large. Both have powerful motors that move large volumes of fluid (yes, air is a fluid), a camera, a remote, and an onboard battery. So when [RCLifeOn] got his hands on a cheap used drone, he reckoned that it could fly underwater just as well as it did in the air.

To his credit, the principle was sound, and the initial tests looked promising. However, we will spoil the ending and tell you it doesn’t work out as well as he hoped due to water leakage. He printed a case with a large panel for accessing electronics inside and an acrylic window for the camera. The panel pressed up against a gasket via the few dozen metric screws along the perimeter. Despite the design being quite whimsical, he quickly regrets the screws as getting inside is tiring on the wrists. He epoxies the hatch to the hull and drills holes to charge the battery to stop the seemingly never-ending water leaks. After its maiden journey, water got inside and fried some of the motor controllers. So for the second test run, he used what limited capabilities it had left.

Despite the project not working out how he expected, it’s a great example of how some reused parts and some 3d printing can make something entirely different. So perhaps next time, instead of throwing that broken drone away, see if it could be given just a bit of love. Possibly the propellers can be combined or make do with only three motors. Or just go the [RCLifeOn] route and make it into something new entirely.

Continue reading “It Turns Out You Can’t Just Fly A Drone Under Water” →

This Week In Security:Breaking CACs To Fix NTLM, The Biggest Leak Ever, And Fixing Firefox By Breaking It

July 8, 2022 by Jonathan Bennett 16 Comments

To start with, Microsoft’s June Security Patch has a fix for CVE-2022-26925, a Man-In-The-Middle attack against NTLM. According to NIST, this attack is actively being exploited in the wild, so it landed on the KEV (Known Exploited Vulnerabilities) Catalog. That list tracks the most important vulnerabilities to address, and triggers a mandated patch install no later than July 22nd. The quirk here is that the Microsoft Patch that fixes CVE-2022-26925 also includes a fix for a couple certificate vulnerabilities including CVE-2022-2693, Certifried. That vulnerability was one where a machine certificate could be renamed to the same as a domain controller, leading to organization-wide compromise.

The fix that rolled out in June now requires that a “strong certificate mapping” be in place to tie a user to a certificate. Having the same common name is no longer sufficient, and a secure value like the Security IDentifier (SID) must be mapped from certificate to user in Active Directory. The patch puts AD in a compatibility mode, which accepts the insecure mapping, so long as the user account predates the security certificate. This has an unintended consequence of breaking how the US Government uses CACs (Common Access Cards) to authenticate their users. Government agencies typically start their onboarding by issuing a CAC, and then establishing an AD account for that user. That makes the certificate older, which means the newest patch rejects it. Thankfully there’s a registry key that can be set, allowing the older mapping to still work, though likely with a bit of a security weakness opened up as a result. Continue reading “This Week In Security:Breaking CACs To Fix NTLM, The Biggest Leak Ever, And Fixing Firefox By Breaking It” →

SWO: An ARM Printf By Any Other Name

May 25, 2022 by Al Williams 26 Comments

I’ll confess. Although printf-style debugging has a bad rep, I find myself turning to it on occasion. Sure, printf is expensive and brings in a lot of code, but if you have the space and time to use it while debugging you can always remove it before you are finished. However, what if you don’t have an output device or you are using it for something else? If you are using most modern ARM chips, you have another option — a dedicated output channel that is used for several things, including debugging output. I decided I wanted to try that on the Blackpill running mbed, and found out it isn’t as easy as you might think. But it is possible, and when you are done reading, you’ll be able to do it, too.

I’m writing this using the STM32-specific ST-LINK hardware. If you use other JTAG devices like the BlackMagic probe, you probably already have this set up for you.

What You Get

I’ll start backward with the end result, then talk about the software, so you’ll be good and motivated by the time you get to the hardware requirements. Spoiler alert: your existing hardware might need a quick hack to make it work, although you can buy something off the shelf if you prefer.

Here is a very simple test program:


SWO_Channel debugport;  // requires #include "SWO.h"
int main() 
  {
  unsigned count=0;
  debugport.printf("\r\nHello World from SWO\r\n");
  debugport.printf("CPU SystemCoreClock is %d Hz\r\n", SystemCoreClock);

  while (1) 
    {
    led = !led; // flip LED if output is true
    ThisThread::sleep_for(rate); // sleepy time
    if (count % 10) debugport.putc('*'); else debugport.printf("%d\r\n",count); 
    count++;
    }
}

Continue reading “SWO: An ARM Printf By Any Other Name” →