What to Do When the Botnet Comes Knocking

“It was a cold and windy night, but the breeze of ill omen blowing across the ‘net was colder. The regular trickle of login attempts suddenly became a torrent of IP addresses, all trying to break into the back-end of the Joomla site I host. I poured another cup of joe, it was gonna be a long night.”

Tech noir aside, there was something odd going on. I get an email from that web-site each time there is a failed login. The occasional login attempt isn’t surprising, but this was multiple attempts per minute, all from different IP addresses. Looking at the logs, I got the feeling they were pulling usernames and passwords from one of the various database dumps, probably also randomly seeding information from the Whois database on my domain.

Continue reading “What to Do When the Botnet Comes Knocking”

Milspec Teardown: AH-64A Apache Data Entry Panel

It’s time once again to see how those tax dollars are spent, this time in the form of a “Data Entry Keyboard” manufactured by Hughes Helicopters. This device was built circa 1986 or so, and was used in the AH-64A Apache. Specifically, this panel would have been located by the gunner’s left knee, and served as a general purpose input device for the Apache’s Fire Control System. Eventually the Apache was upgraded with a so-called “glass cockpit”; consolidating various vehicle functions into a handful of multi-purpose digital displays. As such, this particular device became obsolete and was pulled from the active Apache fleet.

The military vehicle aficionados out there may know that while the Apache is currently a product of Boeing, it was originally designed by Hughes Helicopter. In 1984, McDonnell Douglas purchased Hughes Helicopter and took over production of the Apache, and then McDonnell Douglas themselves were merged with Boeing in 1997.

So it’s somewhat interesting that this device bears the name of Hughes Helicopter, as of the time it was manufactured, they would have been known as McDonnell Douglas Helicopter Systems. Presumably they had to work through existing stock of components that already had Hughes branding on them, leaving some transitional examples such as this one.

But you didn’t come here for a history lesson on the American military-industrial complex, you want to know about the hardware itself. So let’s crack it open to see what we can learn about this piece of aviation history.

Continue reading “Milspec Teardown: AH-64A Apache Data Entry Panel”

OptionsBleed – Apache bleeds in uncommon configuration

[Hanno Böck] recently uncovered a vulnerability in Apache webserver, affecting Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27. This bug only affects Apache servers with a certain configuration in .htaccess file. Dubbed Optionsbleed, this vulnerability is a use after free error in Apache HTTP that causes a corrupted Allow header to be replied by the webserver in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain sensitive information. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.

Unlike the famous Heartbleed bug in the past, Optionsbleed leaks only small chunks of memory and more importantly only affects a small number of hosts by default. Nevertheless, shared hosting environments that allow for .htaccess file changes can be quite sensitive to it, as a rogue .htaccess file from one user can potentially bleed info for the whole server. Scanning the Alexa Top 1 Million revealed 466 hosts with corrupted Allow headers, so it seems the impact is not huge so far.

The bug appears if a webmaster tries to use the “Limit” directive with an invalid HTTP method. We decided to test this behaviour with a simple .htaccess file like this:

Continue reading “OptionsBleed – Apache bleeds in uncommon configuration”

Bread Online is a Bread Maker for the Internet of Things

An engineering student at the University of Western Macedonia has just added another appliance to the ever-growing list of Internet enabled things. [Panagiotis] decided to modify an off-the-shelf bread maker to enable remote control via the Internet.

[Panagiotis] had to remove pretty much all of the original control circuitry for this device. The original controller was replaced with an Arduino Uno R3 and an Ethernet shield. The temperature sensor also needed to be replaced, since [Panagiotis] could not find any official documentation describing the specifications of the original. Luckily, the heating element and mixer motor were able to be re-used.

A few holes were drilled into the case to make room for the Ethernet connector as well as a USB connector. Two relays were used to allow the Arduino to switch the heating element and mixer motor on and off. The front panel of the bread maker came with a simple LCD screen and a few control buttons. Rather than let those go to waste, they were also wired into the Arduino.

The Arduino bread maker can be controlled via a web site that runs on a separate server. The website is coded with PHP and runs on Apache. It has a simple interface that allows the user to specify several settings including how much bread is being cooked as well as the desired darkness of the bread. The user can then schedule the bread maker to start. Bread Online also comes with an “offline” mode so that it can be used locally without the need for a computer or web browser. Be sure to check out the video demonstration below. Continue reading “Bread Online is a Bread Maker for the Internet of Things”

Upgrading a Laminator for Toner Transfer PCBs

If you need a circuit board now, you’re probably looking at a toner transfer process; all you need to make a PCB is a copper clad board, a laser printer, some special paper, and the usual etching chemicals. The quality of these boards is highly dependant on the quality of transferring toner to the copper, and getting the process right is as much an art as it is a science. A clothes iron is the easy way of transferring the toner to the board, but if you’re looking for repeatability, you’ll probably want a laminator.

Laminators, too, also vary in quality. The king of toner transfer laminators is the Apache AL13P. With four heated rollers and a steel chassis, it’s enough to do some serious heating. [mosaicmerc] came up with an amazing mod for his Apache laminator that takes all the guesswork out of the settings, and does it all in one pass for maximum repeatability and PCB quality.

The Apache laminator in question is a beast of a machine that drives four rollers with a synchronous motor and also has a ‘reverse’ button that sends the laminations out the front end of the printer. Stock, a toner transfer PCB would require dozens of passes through the Apache, but [merc]’s mod takes care of everything for you.

The addition that makes this possible is a small board with a PIC12 microcontroller. This microcontroller connects the motor driver board and the display interface together, triggering the reverse button to move the board 5/8″ forward and 1/2″ back, giving the laminator an effective speed reduction of 12:1. This method also has the bonus of not tampering with the motor or control circuitry, and allows for multiple passes in the same run.

With this modification, the Apache AL13P becomes the perfect solution to transferring toner to a piece of copper, with the ability to transfer 10mil traces on 1oz copper. The board also offers some other features like thermal sensor failure shutdown and a cool-down mode that overrides the heater. If you’re looking for an easy way to step up your toner transfer PCBs, you can’t do much better than this mod.

Playing DVDs on an iPad

[Harrison Jackson] figured out how to add DVD playback to an iPad. It doesn’t require a jailbreak, or any hardware modifications to your prized tablet. The work is done with some server-side processing and played back through the browser.

The popular open-source multimedia player VLC has the ability to encode from the command line during playback. [Harry’s] option flag mastery of the program allows him to convert a DVD to a 320×240 format that is iPad friendly. But this alone doesn’t get the video any closer to being on the iDevice. You’ll need to be running a webserver that can stream video. This example is on OSX, but since he’s using an Apache server it should be simple to reproduce on any Unix variant. Once you’ve enabled m3u8 files in the Apache mime-types, the iPad browser can be pointed to the file address VLC is kicking out and you’ll be watching a movie in no time.

We’ve wondered about replacing our home theater front-end with an ATV 2 running XBMC but the thought of having no optical drive in the living room requires some contemplation. If this becomes a feasible option (that isn’t downscaled from DVD quality) it will be a no-brainer to make that jump.

Don’t miss the demo video after the break. Full instruction are in the comment section of that clip.

Continue reading “Playing DVDs on an iPad”

The basics of controlling an Arduino with PHP

You can easily add Internet-based control for your Arduino if it is close enough to your server to be connected via USB. This tutorial will give the basics you need to get it working.

The gist of this method involves a webpage that includes PHP elements. When one of those elements is manipulated, a command is sent via serial connection to the Arduino which then reacts based on what it received. This example uses an Ubuntu box that is running an Apache server. The Arduino sketch sets up the serial connection and then listens for incoming traffic. Whenever it receives a non-zero character an LED will blink. On the server side of things you’ll need to make sure that the system user that runs Apache (www-data) has permission to write to a serial port.

This base example may seem extremely simple, but there’s no end to what you can build on top of it. Different PHP events can be added to push new commands over the serial connection with matching test conditions added to the sketch.

[Thanks Jarryd]