This device connects to the parallel port and was intended for use with MS-DOS systems (no wonder there’s no longer support from the company). The board uses logic chips to add read and write function. So the first step was to analyze how they connect together and come up with a set of commands. While at it he also made some changes to the board to bring the voltage more in spec and ensure the logic levels on the parallel port met the correct voltages.
His plan was to use the board with a Linux system so the parallel port interface can stay. He used what he learned from the hardware inspection to write his own interface in C++. It works with a chip he was able to use under the MS-DOS software, but he hasn’t gotten it to work with the chip that sparked this adventure. If you’re familiar with how the AT29C040A works please consider lending a hand.
[Geordy] wanted to use some IDE devices but he didn’t have an interface card for his XT system, which can’t handle 16-bit IDE. He looked around for 8-bit ISA controllers but they were hard to find and quite expensive. Lucky for him there’s an open source project that makes a solution to this problem. The XTIDE project brought together a group of vintage computing enthusiasts to design this ISA card. [Geordy] was even able to order a professional PCB from one of the forum members. He ordered the parts an soldered it together, costing about $30 total. He had a friend help him burn the code to the EEPROM but that’s easy enough to do with an Arduino, Bus Pirate, or one of several other methods. Now his grand plans at installing DOS 6.22 have been realized.
The software end of things is a curious conglomeration but considering the hardware constraints [Daniel] made some great choices. He’s using MS-DOS along with LxPic for slide shows and Mplayer for video. The rest of the software gets him up on the home network and enables IR remote control via LIRC. All o this makes for a beautiful product (video after the break includes some Doom footage) and the package is pulling just 40W when in use.
[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.
A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.
While we’re sure that just about everyone has heard about the conflict between Russia and Georgia, few have probably heard about the role of cyber attacks in the conflict. Shortly before Russia’s armed response, Georgian state web servers were attacked by individuals assumed to be Russian hackers. This attack almost completely obliterated Georgia’s online presence by shutting down the website for the Ministry of Defense, and the Central Government’s main site. The Russian attackers seem to be using some form of sustained DDoS to keep many Georgian sites offline. In an effort to preserve some web presence, the Georgian Government transferred [President Mikheil Saakashvili]’s site to a US hosting provider in Atlanta. The Ministry of Foreign Affairs even created a BlogSpot page after their website initially went down. While politically motivated DDoS attacks have not been rare in past months, this seems to be the first time where the attacking party can be clearly identified. This seems to be the start of a trend where the unconventional methods of cyber warfare are used to gain an advantage over the enemy.
While in Vancouver, Canada for CanSecWest we had a chance to catch up with [Marc]. He showed off a very simple Denial-of-Service attack that works for most commercial RFID reader systems. He worked out this physical DoS with [Adam Laurie], whose RFID work we featured last year.