This Week In Security: Watering Hole Attackception, Ransomware Trick, And More Pipeline News

In what may be a first for watering hole attacks, we’ve now seen an attack that targeted watering holes, or at least water utilities. The way this was discovered is a bit bizarre — it was found by Dragos during an investigation into the February incident at Oldsmar, Florida. A Florida contractor that specializes in water treatment runs a WordPress site that hosted a data-gathering script. The very day that the Oldsmar facility was breached, someone from that location visited the compromised website.

You probably immediately think, as the investigators did, that the visit to the website must be related to the compromise of the Oldsmar treatment plant. The timing is too suspect for it to be a coincidence, right? That’s the thing, the compromised site was only gathering browser fingerprints, seemingly later used to disguise a botnet. The attack itself was likely carried out over Teamviewer. I will note that the primary sources on this story have named Teamviewer, but call it unconfirmed. Assuming that the breach did indeed occur over that platform, then it’s very unlikely that the website visit was a factor, which is what Dragos concluded. On the other hand, it’s easy enough to imagine a scenario where the recorded IP address from the visit led to a port scan and the discovery of a VNC or remote desktop port left open. Continue reading “This Week In Security: Watering Hole Attackception, Ransomware Trick, And More Pipeline News”

Gassing Up: Understanding The Liquid Fuel Distribution Network

When someone talks about “The Grid,” as in “dropping off the grid” or “the grid is down,” we tend to think in terms of the electromagnetic aspects of the infrastructure of modern life. The mind’s eye sees The Grid as the network of wires that moves electricity from power plants to homes and businesses, or the wires, optical cables, and wireless links that form the web of data lines that have stitched the world together informatically.

The Grid isn’t just about power and data, though. A huge portion of the infrastructure of the developed world is devoted to the simple but vital task of moving liquid fuels from one place to another as efficiently and safely as possible. This fuel distribution network, comprised of pipelines, railways, and tankers trucks, is very much part of The Grid, even if it goes largely unseen and unnoticed. At least until something major happens to shift attention to it, like the recent Colonial Pipeline cyberattack.

Continue reading “Gassing Up: Understanding The Liquid Fuel Distribution Network”

Hydraulics Made Simple

Corralling electrons is great and what most of us are pretty good at, but the best projects have some kind of interface to the real world. Often, that involves some sort of fluid such as water or air moving through pipes. If you don’t grasp hydraulics intuitively, [Practical Engineering] has a video you’ll enjoy. It explains how flow and pressure work in pipes.

Granted, not every project deals with piping, but plumbing, sprinkler systems, cooling systems, and even robotics often have elements of hydraulics. In addition, as the video points out, fluid flow in a pipe is very similar to electrical current flowing through wires.

Continue reading “Hydraulics Made Simple”

Continuous Integration: What It Is And Why You Need It

If you write software, chances are you’ve come across Continuous Integration, or CI. You might never have heard of it – but you wonder what all the ticks, badges and mysterious status icons are on open-source repositories you find online. You might hear friends waxing lyrical about the merits of CI, or grumbling about how their pipeline has broken again.

Want to know what all the fuss is about? This article will explain the basic concepts of CI, but will focus on an example, since that’s the best way to understand it. Let’s dive in. Continue reading “Continuous Integration: What It Is And Why You Need It”

Getting Good At FPGAs: Real World Pipelining

Parallelism is your friend when working with FPGAs. In fact, it’s often the biggest benefit of choosing an FPGA. The dragons hiding in programmable logic usually involve timing — chaining together numerous logic gates certainly affects clock timing. Earlier, I looked at how to split up logic to take better advantage of parallelism inside an FPGA. Now I’m going to walk through a practical example by modeling some functions. Using Verilog with some fake delays we can show how it all works. You should follow along with a Verilog simulator, I’m using EDAPlayground which runs in your browser. The code for this entire article is been pre-loaded into the simulator.

If you’re used to C syntax, chances are good you’ll be able to read simple Verilog. If you already use Verilog mostly for synthesis, you may not be familiar with using it to model delays. That’s important here because the delay through gates is what motivates us to break up a lot of gates into a pipeline to start with. You use delays in test benches, but in that context they mostly just cause the simulator to pause a bit before introducing more stimulus. So it makes sense to start with a bit of background on delays.

Continue reading “Getting Good At FPGAs: Real World Pipelining”

Pipelining Digital Logic In FPGAs

When you first learn about digital logic, it probably seems like it is easy. You learn about AND and OR gates and figure that’s not very hard. However, going from a few basic gates to something like a CPU or another complex system is a whole different story. It is like going from “Hello World!” to writing an operating system. There’s a lot to understand before you can make that leap. In this set of articles, I want to talk about a way to organize more complex FPGA designs like CPUs using a technique called pipelining.

These days a complex digital logic system is likely to be on an FPGA. And part of the reason we can get fooled into thinking digital is simple is because of the modern FPGA tools. They hide a lot of complexity from you, which is great until they can’t do what you want and then you are stuck. A good example of that is where you are trying to hit a certain clock frequency. If you aren’t careful, you’ll get a complaint from the tool that you can’t meet timing constraints.

Continue reading “Pipelining Digital Logic In FPGAs”

Racing The Beam With Super Hexagon

Early game consoles like the Atari 2600 had a very, very limited amount of RAM. There wasn’t even enough RAM for all the pixels on the screen; instead, pixels were generated by the CPU as they were being drawn. It’s playing with scanlines and colorbusts with code, something we’re now calling. ‘racing the beam’ for some reason.

[Sam] is in the middle of an EE degree right now, and for a digital design class he needed to write some Verilog. At the time he was addicted to the game Super Hexagon, and the game mechanics are simple enough for an FPGA. He built his own implementation, but not one with framebuffers. He’s using a pipelined approach where each pixel’s value is calculated just a few clock cycles before it’s displayed. It vastly reduces the memory requirements, on his Altera DE1 board compared to the framebuffer approach.

Video below.

Continue reading “Racing The Beam With Super Hexagon”